This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via c73a75cb70d4e66c37ea4cc6ba5c4b114308ef2e (commit) via 5db2b07c890b526cfe4c032c7123f11016ae4744 (commit) via dd24668627fd9ee1c8ef912840904a556e5a690b (commit) via c5b441a4e62004171ed5957254a1322c7a4431a3 (commit) via 64300f2212afbc083b3a0b926904cc62079432bc (commit) via 2071b2964fed10cbcf62bd2d7da3b7e718f8a88f (commit) via f3d7ce3b5d83222c78bc2b246f6afd5766af4dc9 (commit) via 4fb7b188434b69a7dc6c5e40e827f6a8f389a86f (commit) via e705636a854de570987817d2f847bec980db928f (commit) via 0698daa3fb935ede4c027e8b507e7b3106391a86 (commit) via de9e44e82daa1e650a38e3cb5235a59caaedb66b (commit) via 935da8b7a22fc3cc365c21d3bdd11f93cebcc2f9 (commit) via b6d47f727a5726cedcc3dc3ec8aa540c34a2597e (commit) via 4a9fe2eaaa45e25428ce72f0076c0a38fe9b291a (commit) via ee4c8d28e493862cb630e79b7ffadd6807b465fa (commit) via 89941c3d131176a2cbc81f18dda2ab8a312e4aa0 (commit) via 456aad9443bade55b2e8ef337191729c02632aed (commit) via 8c43d1481a99743ce23d8b92879ea04f7e0153c1 (commit) via 7f7cbd68b8fc15de7d8a10569684611704f005b7 (commit) via 664eac84834676fd0bd64b7a90c93e4c612a860c (commit) via fdad4cf48f53556086fea1965b3e79b2c68ed3d5 (commit) via 83338946dc2121d1f0d332d4e5f2f13b1bf078d5 (commit) via 38c1be257f5d740a502112ee8eae3566d8f2ac4e (commit) from a4f29a53477951513a7621f52c313541e87bf735 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit c73a75cb70d4e66c37ea4cc6ba5c4b114308ef2e Merge: 5db2b07c89 a4f29a5347 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Feb 14 19:07:30 2024 +0000
Merge remote-tracking branch 'origin/next' into next
commit 5db2b07c890b526cfe4c032c7123f11016ae4744 Merge: c5b441a4e6 dd24668627 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Feb 14 19:06:35 2024 +0000
Merge branch 'master' into next
commit c5b441a4e62004171ed5957254a1322c7a4431a3 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Feb 14 19:04:48 2024 +0000
core185: Ship unbound and BIND again
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 64300f2212afbc083b3a0b926904cc62079432bc Merge: 935da8b7a2 2071b2964f Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Feb 14 19:03:52 2024 +0000
Merge branch 'master' into next
commit 935da8b7a22fc3cc365c21d3bdd11f93cebcc2f9 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Feb 14 11:52:36 2024 +0000
The IPFire time service has moved to time.ipfire.org
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit b6d47f727a5726cedcc3dc3ec8aa540c34a2597e Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Feb 14 11:51:33 2024 +0000
make.sh: Bump toolchain version
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
-----------------------------------------------------------------------
Summary of changes: config/cfgroot/graphs.pl | 237 ++++++++++++++------- config/rootfiles/common/bind | 14 +- config/rootfiles/common/unbound | 2 +- .../{oldcore/100 => core/185}/filelists/bind | 0 .../{oldcore/106 => core/185}/filelists/unbound | 0 config/rootfiles/core/185/update.sh | 1 + .../185 => oldcore/183}/filelists/aarch64/glibc | 0 .../oldcore/{131 => 183}/filelists/libhtp | 0 .../185 => oldcore/183}/filelists/riscv64/glibc | 0 .../{core/185 => oldcore/183}/filelists/suricata | 0 .../185 => oldcore/183}/filelists/x86_64/glibc | 0 config/rootfiles/oldcore/183/update.sh | 5 +- .../rootfiles/oldcore/{100 => 184}/filelists/bind | 0 config/rootfiles/oldcore/184/filelists/files | 1 + .../oldcore/{106 => 184}/filelists/unbound | 0 config/rootfiles/oldcore/184/update.sh | 1 + lfs/bind | 6 +- lfs/unbound | 6 +- make.sh | 2 +- src/initscripts/system/unbound | 2 +- src/installer/dracut-module/70-dhcpcd.exe | 2 +- 21 files changed, 182 insertions(+), 97 deletions(-) copy config/rootfiles/{oldcore/100 => core/185}/filelists/bind (100%) copy config/rootfiles/{oldcore/106 => core/185}/filelists/unbound (100%) copy config/rootfiles/{core/185 => oldcore/183}/filelists/aarch64/glibc (100%) copy config/rootfiles/oldcore/{131 => 183}/filelists/libhtp (100%) copy config/rootfiles/{core/185 => oldcore/183}/filelists/riscv64/glibc (100%) copy config/rootfiles/{core/185 => oldcore/183}/filelists/suricata (100%) copy config/rootfiles/{core/185 => oldcore/183}/filelists/x86_64/glibc (100%) copy config/rootfiles/oldcore/{100 => 184}/filelists/bind (100%) copy config/rootfiles/oldcore/{106 => 184}/filelists/unbound (100%)
Difference in files: diff --git a/config/cfgroot/graphs.pl b/config/cfgroot/graphs.pl index a23e49c980..96c6c26ead 100644 --- a/config/cfgroot/graphs.pl +++ b/config/cfgroot/graphs.pl @@ -13,7 +13,7 @@ # This program is distributed in the hope that it will be useful, # # but WITHOUT ANY WARRANTY; without even the implied warranty of # # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # +# GNU General Public License for more details. #update.sh # # # You should have received a copy of the GNU General Public License # # along with this program. If not, see http://www.gnu.org/licenses/. # @@ -676,84 +676,163 @@ sub updatevpnn2ngraph {
sub updatefwhitsgraph { my $period = $_[0]; - RRDs::graph( - @GRAPH_ARGS, - "-", - "--start", - "-1".$period, - "-r", - "-t ".$Lang::tr{'firewall hits per'}." ".$Lang::tr{$period."-graph"}, - "-v ".$Lang::tr{'bytes per second'}, - "--color=SHADEA".$color{"color19"}, - "--color=SHADEB".$color{"color19"}, - "--color=BACK".$color{"color21"}, - "DEF:output=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYOUT/ipt_bytes-DROP_OUTPUT.rrd:value:AVERAGE", - "DEF:input=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYIN/ipt_bytes-DROP_INPUT.rrd:value:AVERAGE", - "DEF:forward=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYFWD/ipt_bytes-DROP_FORWARD.rrd:value:AVERAGE", - "DEF:newnotsyn=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-NEWNOTSYN/ipt_bytes-DROP_NEWNOTSYN.rrd:value:AVERAGE", - "DEF:portscan=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-PSCAN/ipt_bytes-DROP_PScan.rrd:value:AVERAGE", - "DEF:spoofedmartian=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-SPOOFED_MARTIAN/ipt_bytes-DROP_SPOOFED_MARTIAN.rrd:value:AVERAGE", - "DEF:hostilein=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-HOSTILE_DROP_IN/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE", - "DEF:hostileout=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-HOSTILE_DROP_OUT/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE", - "DEF:hostilelegacy=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-HOSTILE_DROP/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE", - - # This creates a new combined hostile segment. - # Previously we did not split into incoming/outgoing, but we cannot go back in time. This CDEF will take the values - # from the old RRD database unless those are UNKNOWN (i.e. we started collected IN/OUT). If the values are unknown, - # we replace them with them sum of IN + OUT. - "CDEF:hostile=hostilelegacy,UN,hostilein,hostileout,+,hostilelegacy,IF", - - "COMMENT:".sprintf("%-26s",$Lang::tr{'caption'}), - "COMMENT:".sprintf("%15s",$Lang::tr{'maximal'}), - "COMMENT:".sprintf("%15s",$Lang::tr{'average'}), - "COMMENT:".sprintf("%14s",$Lang::tr{'minimal'}), - "COMMENT:".sprintf("%15s",$Lang::tr{'current'})."\j", - "AREA:output".$color{"color25"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}." (OUTPUT)"), - "GPRINT:output:MAX:%8.1lf %sBps", - "GPRINT:output:AVERAGE:%8.1lf %sBps", - "GPRINT:output:MIN:%8.1lf %sBps", - "GPRINT:output:LAST:%8.1lf %sBps\j", - "STACK:forward".$color{"color23"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}." (FORWARD)"), - "GPRINT:forward:MAX:%8.1lf %sBps", - "GPRINT:forward:AVERAGE:%8.1lf %sBps", - "GPRINT:forward:MIN:%8.1lf %sBps", - "GPRINT:forward:LAST:%8.1lf %sBps\j", - "STACK:input".$color{"color24"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}." (INPUT)"), - "GPRINT:input:MAX:%8.1lf %sBps", - "GPRINT:input:AVERAGE:%8.1lf %sBps", - "GPRINT:input:MIN:%8.1lf %sBps", - "GPRINT:input:LAST:%8.1lf %sBps\j", - "STACK:newnotsyn".$color{"color14"}."A0:".sprintf("%-25s","NewNotSYN"), - "GPRINT:newnotsyn:MAX:%8.1lf %sBps", - "GPRINT:newnotsyn:AVERAGE:%8.1lf %sBps", - "GPRINT:newnotsyn:MIN:%8.1lf %sBps", - "GPRINT:newnotsyn:LAST:%8.1lf %sBps\j", - "STACK:portscan".$color{"color16"}."A0:".sprintf("%-25s",$Lang::tr{'portscans'}), - "GPRINT:portscan:MAX:%8.1lf %sBps", - "GPRINT:portscan:AVERAGE:%8.1lf %sBps", - "GPRINT:portscan:MIN:%8.1lf %sBps", - "GPRINT:portscan:LAST:%8.1lf %sBps\j", - "STACK:spoofedmartian".$color{"color12"}."A0:".sprintf("%-25s",$Lang::tr{'spoofed or martians'}), - "GPRINT:spoofedmartian:MAX:%8.1lf %sBps", - "GPRINT:spoofedmartian:AVERAGE:%8.1lf %sBps", - "GPRINT:spoofedmartian:MIN:%8.1lf %sBps", - "GPRINT:spoofedmartian:LAST:%8.1lf %sBps\j", - "STACK:hostilein".$color{"color13"}."A0:".sprintf("%-25s",$Lang::tr{'hostile networks in'}), - "GPRINT:hostilein:MAX:%8.1lf %sBps", - "GPRINT:hostilein:AVERAGE:%8.1lf %sBps", - "GPRINT:hostilein:MIN:%8.1lf %sBps", - "GPRINT:hostilein:LAST:%8.1lf %sBps\j", - "STACK:hostileout".$color{"color25"}."A0:".sprintf("%-25s",$Lang::tr{'hostile networks out'}), - "GPRINT:hostileout:MAX:%8.1lf %sBps", - "GPRINT:hostileout:AVERAGE:%8.1lf %sBps", - "GPRINT:hostileout:MIN:%8.1lf %sBps", - "GPRINT:hostileout:LAST:%8.1lf %sBps\j", - "LINE:hostile#000000A0:".sprintf("%-25s",$Lang::tr{'hostile networks total'}), - "GPRINT:hostile:MAX:%8.1lf %sBps", - "GPRINT:hostile:AVERAGE:%8.1lf %sBps", - "GPRINT:hostile:MIN:%8.1lf %sBps", - "GPRINT:hostile:LAST:%8.1lf %sBps\j", - ); + if ( -e "$mainsettings{'RRDLOG'}/collectd/localhost/iptables-filter-HOSTILE_DROP/ipt_bytes-DROP_HOSTILE.rrd" ) { + RRDs::graph( + @GRAPH_ARGS, + "-", + "--start", + "-1".$period, + "-r", + "-t ".$Lang::tr{'firewall hits per'}." ".$Lang::tr{$period."-graph"}, + "-v ".$Lang::tr{'bytes per second'}, + "--color=SHADEA".$color{"color19"}, + "--color=SHADEB".$color{"color19"}, + "--color=BACK".$color{"color21"}, + "DEF:output=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYOUT/ipt_bytes-DROP_OUTPUT.rrd:value:AVERAGE", + "DEF:input=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYIN/ipt_bytes-DROP_INPUT.rrd:value:AVERAGE", + "DEF:forward=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYFWD/ipt_bytes-DROP_FORWARD.rrd:value:AVERAGE", + "DEF:newnotsyn=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-NEWNOTSYN/ipt_bytes-DROP_NEWNOTSYN.rrd:value:AVERAGE", + "DEF:portscan=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-PSCAN/ipt_bytes-DROP_PScan.rrd:value:AVERAGE", + "DEF:spoofedmartian=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-SPOOFED_MARTIAN/ipt_bytes-DROP_SPOOFED_MARTIAN.rrd:value:AVERAGE", + "DEF:hostilein=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-HOSTILE_DROP_IN/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE", + "DEF:hostileout=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-HOSTILE_DROP_OUT/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE", + "DEF:hostilelegacy=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-HOSTILE_DROP/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE", + + # This creates a new combined hostile segment. + # Previously we did not split into incoming/outgoing, but we cannot go back in time. This CDEF will take the values + # from the old RRD database if it exists and if those values are UNKNOWN (time period after Hostile was split into In and Out), + # we replace them with the sum of IN + OUT. + "CDEF:hostile=hostilelegacy,UN,hostilein,hostileout,+,hostilelegacy,IF", + + "COMMENT:".sprintf("%-26s",$Lang::tr{'caption'}), + "COMMENT:".sprintf("%15s",$Lang::tr{'maximal'}), + "COMMENT:".sprintf("%15s",$Lang::tr{'average'}), + "COMMENT:".sprintf("%14s",$Lang::tr{'minimal'}), + "COMMENT:".sprintf("%15s",$Lang::tr{'current'})."\j", + "AREA:output".$color{"color25"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}." (OUTPUT)"), + "GPRINT:output:MAX:%8.1lf %sBps", + "GPRINT:output:AVERAGE:%8.1lf %sBps", + "GPRINT:output:MIN:%8.1lf %sBps", + "GPRINT:output:LAST:%8.1lf %sBps\j", + "STACK:forward".$color{"color23"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}." (FORWARD)"), + "GPRINT:forward:MAX:%8.1lf %sBps", + "GPRINT:forward:AVERAGE:%8.1lf %sBps", + "GPRINT:forward:MIN:%8.1lf %sBps", + "GPRINT:forward:LAST:%8.1lf %sBps\j", + "STACK:input".$color{"color24"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}." (INPUT)"), + "GPRINT:input:MAX:%8.1lf %sBps", + "GPRINT:input:AVERAGE:%8.1lf %sBps", + "GPRINT:input:MIN:%8.1lf %sBps", + "GPRINT:input:LAST:%8.1lf %sBps\j", + "STACK:newnotsyn".$color{"color14"}."A0:".sprintf("%-25s","NewNotSYN"), + "GPRINT:newnotsyn:MAX:%8.1lf %sBps", + "GPRINT:newnotsyn:AVERAGE:%8.1lf %sBps", + "GPRINT:newnotsyn:MIN:%8.1lf %sBps", + "GPRINT:newnotsyn:LAST:%8.1lf %sBps\j", + "STACK:portscan".$color{"color16"}."A0:".sprintf("%-25s",$Lang::tr{'portscans'}), + "GPRINT:portscan:MAX:%8.1lf %sBps", + "GPRINT:portscan:AVERAGE:%8.1lf %sBps", + "GPRINT:portscan:MIN:%8.1lf %sBps", + "GPRINT:portscan:LAST:%8.1lf %sBps\j", + "STACK:spoofedmartian".$color{"color12"}."A0:".sprintf("%-25s",$Lang::tr{'spoofed or martians'}), + "GPRINT:spoofedmartian:MAX:%8.1lf %sBps", + "GPRINT:spoofedmartian:AVERAGE:%8.1lf %sBps", + "GPRINT:spoofedmartian:MIN:%8.1lf %sBps", + "GPRINT:spoofedmartian:LAST:%8.1lf %sBps\j", + "STACK:hostilein".$color{"color13"}."A0:".sprintf("%-25s",$Lang::tr{'hostile networks in'}), + "GPRINT:hostilein:MAX:%8.1lf %sBps", + "GPRINT:hostilein:AVERAGE:%8.1lf %sBps", + "GPRINT:hostilein:MIN:%8.1lf %sBps", + "GPRINT:hostilein:LAST:%8.1lf %sBps\j", + "STACK:hostileout".$color{"color25"}."A0:".sprintf("%-25s",$Lang::tr{'hostile networks out'}), + "GPRINT:hostileout:MAX:%8.1lf %sBps", + "GPRINT:hostileout:AVERAGE:%8.1lf %sBps", + "GPRINT:hostileout:MIN:%8.1lf %sBps", + "GPRINT:hostileout:LAST:%8.1lf %sBps\j", + "LINE:hostile#000000A0:".sprintf("%-25s",$Lang::tr{'hostile networks total'}), + "GPRINT:hostile:MAX:%8.1lf %sBps", + "GPRINT:hostile:AVERAGE:%8.1lf %sBps", + "GPRINT:hostile:MIN:%8.1lf %sBps", + "GPRINT:hostile:LAST:%8.1lf %sBps\j", + ); + }else{ + RRDs::graph( + @GRAPH_ARGS, + "-", + "--start", + "-1".$period, + "-r", + "-t ".$Lang::tr{'firewall hits per'}." ".$Lang::tr{$period."-graph"}, + "-v ".$Lang::tr{'bytes per second'}, + "--color=SHADEA".$color{"color19"}, + "--color=SHADEB".$color{"color19"}, + "--color=BACK".$color{"color21"}, + "DEF:output=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYOUT/ipt_bytes-DROP_OUTPUT.rrd:value:AVERAGE", + "DEF:input=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYIN/ipt_bytes-DROP_INPUT.rrd:value:AVERAGE", + "DEF:forward=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYFWD/ipt_bytes-DROP_FORWARD.rrd:value:AVERAGE", + "DEF:newnotsyn=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-NEWNOTSYN/ipt_bytes-DROP_NEWNOTSYN.rrd:value:AVERAGE", + "DEF:portscan=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-PSCAN/ipt_bytes-DROP_PScan.rrd:value:AVERAGE", + "DEF:spoofedmartian=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-SPOOFED_MARTIAN/ipt_bytes-DROP_SPOOFED_MARTIAN.rrd:value:AVERAGE", + "DEF:hostilein=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-HOSTILE_DROP_IN/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE", + "DEF:hostileout=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-HOSTILE_DROP_OUT/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE", + + # This creates a new combined hostile segment. + # If we started collecting IN/OUT, ie the old single Hostile RRD database is not available then this CDEF will take the values + # from the sum of IN + OUT. + "CDEF:hostile=hostilein,hostileout,+", + + "COMMENT:".sprintf("%-26s",$Lang::tr{'caption'}), + "COMMENT:".sprintf("%15s",$Lang::tr{'maximal'}), + "COMMENT:".sprintf("%15s",$Lang::tr{'average'}), + "COMMENT:".sprintf("%14s",$Lang::tr{'minimal'}), + "COMMENT:".sprintf("%15s",$Lang::tr{'current'})."\j", + "AREA:output".$color{"color25"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}." (OUTPUT)"), + "GPRINT:output:MAX:%8.1lf %sBps", + "GPRINT:output:AVERAGE:%8.1lf %sBps", + "GPRINT:output:MIN:%8.1lf %sBps", + "GPRINT:output:LAST:%8.1lf %sBps\j", + "STACK:forward".$color{"color23"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}." (FORWARD)"), + "GPRINT:forward:MAX:%8.1lf %sBps", + "GPRINT:forward:AVERAGE:%8.1lf %sBps", + "GPRINT:forward:MIN:%8.1lf %sBps", + "GPRINT:forward:LAST:%8.1lf %sBps\j", + "STACK:input".$color{"color24"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}." (INPUT)"), + "GPRINT:input:MAX:%8.1lf %sBps", + "GPRINT:input:AVERAGE:%8.1lf %sBps", + "GPRINT:input:MIN:%8.1lf %sBps", + "GPRINT:input:LAST:%8.1lf %sBps\j", + "STACK:newnotsyn".$color{"color14"}."A0:".sprintf("%-25s","NewNotSYN"), + "GPRINT:newnotsyn:MAX:%8.1lf %sBps", + "GPRINT:newnotsyn:AVERAGE:%8.1lf %sBps", + "GPRINT:newnotsyn:MIN:%8.1lf %sBps", + "GPRINT:newnotsyn:LAST:%8.1lf %sBps\j", + "STACK:portscan".$color{"color16"}."A0:".sprintf("%-25s",$Lang::tr{'portscans'}), + "GPRINT:portscan:MAX:%8.1lf %sBps", + "GPRINT:portscan:AVERAGE:%8.1lf %sBps", + "GPRINT:portscan:MIN:%8.1lf %sBps", + "GPRINT:portscan:LAST:%8.1lf %sBps\j", + "STACK:spoofedmartian".$color{"color12"}."A0:".sprintf("%-25s",$Lang::tr{'spoofed or martians'}), + "GPRINT:spoofedmartian:MAX:%8.1lf %sBps", + "GPRINT:spoofedmartian:AVERAGE:%8.1lf %sBps", + "GPRINT:spoofedmartian:MIN:%8.1lf %sBps", + "GPRINT:spoofedmartian:LAST:%8.1lf %sBps\j", + "STACK:hostilein".$color{"color13"}."A0:".sprintf("%-25s",$Lang::tr{'hostile networks in'}), + "GPRINT:hostilein:MAX:%8.1lf %sBps", + "GPRINT:hostilein:AVERAGE:%8.1lf %sBps", + "GPRINT:hostilein:MIN:%8.1lf %sBps", + "GPRINT:hostilein:LAST:%8.1lf %sBps\j", + "STACK:hostileout".$color{"color25"}."A0:".sprintf("%-25s",$Lang::tr{'hostile networks out'}), + "GPRINT:hostileout:MAX:%8.1lf %sBps", + "GPRINT:hostileout:AVERAGE:%8.1lf %sBps", + "GPRINT:hostileout:MIN:%8.1lf %sBps", + "GPRINT:hostileout:LAST:%8.1lf %sBps\j", + "LINE:hostile#000000A0:".sprintf("%-25s",$Lang::tr{'hostile networks total'}), + "GPRINT:hostile:MAX:%8.1lf %sBps", + "GPRINT:hostile:AVERAGE:%8.1lf %sBps", + "GPRINT:hostile:MIN:%8.1lf %sBps", + "GPRINT:hostile:LAST:%8.1lf %sBps\j", + ); + } $ERROR = RRDs::error; return "Error in RRD::graph for firewallhits: ".$ERROR."\n" if $ERROR; } diff --git a/config/rootfiles/common/bind b/config/rootfiles/common/bind index 230b2e595f..96859c8db4 100644 --- a/config/rootfiles/common/bind +++ b/config/rootfiles/common/bind @@ -271,24 +271,24 @@ usr/bin/nsupdate #usr/include/pk11/site.h #usr/include/pkcs11 #usr/include/pkcs11/pkcs11.h -usr/lib/libbind9-9.16.45.so +usr/lib/libbind9-9.16.48.so #usr/lib/libbind9.la #usr/lib/libbind9.so -usr/lib/libdns-9.16.45.so +usr/lib/libdns-9.16.48.so #usr/lib/libdns.la #usr/lib/libdns.so -usr/lib/libirs-9.16.45.so +usr/lib/libirs-9.16.48.so #usr/lib/libirs.la #usr/lib/libirs.so -usr/lib/libisc-9.16.45.so +usr/lib/libisc-9.16.48.so #usr/lib/libisc.la #usr/lib/libisc.so -usr/lib/libisccc-9.16.45.so +usr/lib/libisccc-9.16.48.so #usr/lib/libisccc.la #usr/lib/libisccc.so -usr/lib/libisccfg-9.16.45.so +usr/lib/libisccfg-9.16.48.so #usr/lib/libisccfg.la #usr/lib/libisccfg.so -usr/lib/libns-9.16.45.so +usr/lib/libns-9.16.48.so #usr/lib/libns.la #usr/lib/libns.so diff --git a/config/rootfiles/common/unbound b/config/rootfiles/common/unbound index 78c5a31ae2..1badd605ab 100644 --- a/config/rootfiles/common/unbound +++ b/config/rootfiles/common/unbound @@ -11,7 +11,7 @@ etc/unbound/unbound.conf #usr/lib/libunbound.la #usr/lib/libunbound.so usr/lib/libunbound.so.8 -usr/lib/libunbound.so.8.1.23 +usr/lib/libunbound.so.8.1.24 #usr/lib/pkgconfig/libunbound.pc usr/sbin/unbound usr/sbin/unbound-anchor diff --git a/config/rootfiles/core/185/filelists/bind b/config/rootfiles/core/185/filelists/bind new file mode 120000 index 0000000000..48a0ebaefd --- /dev/null +++ b/config/rootfiles/core/185/filelists/bind @@ -0,0 +1 @@ +../../../common/bind \ No newline at end of file diff --git a/config/rootfiles/core/185/filelists/unbound b/config/rootfiles/core/185/filelists/unbound new file mode 120000 index 0000000000..66adf09242 --- /dev/null +++ b/config/rootfiles/core/185/filelists/unbound @@ -0,0 +1 @@ +../../../common/unbound \ No newline at end of file diff --git a/config/rootfiles/core/185/update.sh b/config/rootfiles/core/185/update.sh index beb061f4ab..3321567e36 100644 --- a/config/rootfiles/core/185/update.sh +++ b/config/rootfiles/core/185/update.sh @@ -53,6 +53,7 @@ ldconfig # Start services telinit u /etc/init.d/suricata restart +/etc/init.d/unbound restart
# This update needs a reboot... #touch /var/run/need_reboot diff --git a/config/rootfiles/oldcore/183/filelists/aarch64/glibc b/config/rootfiles/oldcore/183/filelists/aarch64/glibc new file mode 120000 index 0000000000..d13849ff91 --- /dev/null +++ b/config/rootfiles/oldcore/183/filelists/aarch64/glibc @@ -0,0 +1 @@ +../../../../common/aarch64/glibc \ No newline at end of file diff --git a/config/rootfiles/oldcore/183/filelists/libhtp b/config/rootfiles/oldcore/183/filelists/libhtp new file mode 120000 index 0000000000..676e2c5e87 --- /dev/null +++ b/config/rootfiles/oldcore/183/filelists/libhtp @@ -0,0 +1 @@ +../../../common/libhtp \ No newline at end of file diff --git a/config/rootfiles/oldcore/183/filelists/riscv64/glibc b/config/rootfiles/oldcore/183/filelists/riscv64/glibc new file mode 120000 index 0000000000..36b731f7dd --- /dev/null +++ b/config/rootfiles/oldcore/183/filelists/riscv64/glibc @@ -0,0 +1 @@ +../../../../common/riscv64/glibc \ No newline at end of file diff --git a/config/rootfiles/oldcore/183/filelists/suricata b/config/rootfiles/oldcore/183/filelists/suricata new file mode 120000 index 0000000000..f671f69933 --- /dev/null +++ b/config/rootfiles/oldcore/183/filelists/suricata @@ -0,0 +1 @@ +../../../common/suricata \ No newline at end of file diff --git a/config/rootfiles/oldcore/183/filelists/x86_64/glibc b/config/rootfiles/oldcore/183/filelists/x86_64/glibc new file mode 120000 index 0000000000..1119099669 --- /dev/null +++ b/config/rootfiles/oldcore/183/filelists/x86_64/glibc @@ -0,0 +1 @@ +../../../../common/x86_64/glibc \ No newline at end of file diff --git a/config/rootfiles/oldcore/183/update.sh b/config/rootfiles/oldcore/183/update.sh index 77446311a0..6d1e1fd253 100644 --- a/config/rootfiles/oldcore/183/update.sh +++ b/config/rootfiles/oldcore/183/update.sh @@ -113,6 +113,9 @@ ldconfig # Filesytem cleanup /usr/local/bin/filesystem-cleanup
+# Relaunch init +telinit u + # Apply local configuration to sshd_config /usr/local/bin/sshctrl
@@ -143,7 +146,7 @@ fi if grep -q "ENABLED=on" /var/ipfire/vpn/settings; then /etc/rc.d/init.d/ipsec start fi - +/etc/init.d/suricata restart
# Rebuild initial ramdisks dracut --regenerate-all --force diff --git a/config/rootfiles/oldcore/184/filelists/bind b/config/rootfiles/oldcore/184/filelists/bind new file mode 120000 index 0000000000..48a0ebaefd --- /dev/null +++ b/config/rootfiles/oldcore/184/filelists/bind @@ -0,0 +1 @@ +../../../common/bind \ No newline at end of file diff --git a/config/rootfiles/oldcore/184/filelists/files b/config/rootfiles/oldcore/184/filelists/files index dc8a1b28fe..2b0e4df076 100644 --- a/config/rootfiles/oldcore/184/filelists/files +++ b/config/rootfiles/oldcore/184/filelists/files @@ -4,3 +4,4 @@ srv/web/ipfire/cgi-bin/optionsfw.cgi srv/web/ipfire/cgi-bin/vpnmain.cgi usr/lib/firewall/rules.pl var/ipfire/graphs.pl +etc/collectd.conf diff --git a/config/rootfiles/oldcore/184/filelists/unbound b/config/rootfiles/oldcore/184/filelists/unbound new file mode 120000 index 0000000000..66adf09242 --- /dev/null +++ b/config/rootfiles/oldcore/184/filelists/unbound @@ -0,0 +1 @@ +../../../common/unbound \ No newline at end of file diff --git a/config/rootfiles/oldcore/184/update.sh b/config/rootfiles/oldcore/184/update.sh index 024c44be7f..3bf38ff8b2 100644 --- a/config/rootfiles/oldcore/184/update.sh +++ b/config/rootfiles/oldcore/184/update.sh @@ -81,6 +81,7 @@ telinit u /etc/init.d/vnstat start /etc/init.d/collectd restart /etc/init.d/suricata restart +/etc/init.d/unbound restart if [ -f /var/ipfire/proxy/enable ]; then /etc/init.d/squid start fi diff --git a/lfs/bind b/lfs/bind index 63e642ca89..271f8ab53b 100644 --- a/lfs/bind +++ b/lfs/bind @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2024 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -25,7 +25,7 @@
include Config
-VER = 9.16.45 +VER = 9.16.48
THISAPP = bind-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -43,7 +43,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 2b6cea5e5b510780fb144cf9fce5fbec4adc6a2bb2186646f95afb4aa486edc326106519f149e600aec373238d55c06dfe7ac65f41016453a0967a28ec67ad7e +$(DL_FILE)_BLAKE2 = 4a503b45df412c435cb0f75b54ee1270140cccce7ecc159cdf3e0e3cbd3c0a0866b7472782f20aacf130f57df12d20a102ac6979498138ce00a2655806d003e7
install : $(TARGET)
diff --git a/lfs/unbound b/lfs/unbound index 22bb2e1ceb..b852f75b9b 100644 --- a/lfs/unbound +++ b/lfs/unbound @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2024 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 1.19.0 +VER = 1.19.1
THISAPP = unbound-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 66ec2b1cd32ac5930c088c73e884bc1fb4d35526a0c89bdbe209defd3e78326ce9b3c1a523fc1ab28b8fdf0e457280d5de7b300cf560c15d875f460bc361f5c7 +$(DL_FILE)_BLAKE2 = a48c5b9493eb0a9aa2171956e08677e1cfb7c49b53731c1b05f9192434c4d815eba972aab110ba0ee25fee1e7a57192c8b48e59bb21fb76ad7fd1c7d2d260012
install : $(TARGET)
diff --git a/make.sh b/make.sh index ab7e0911fc..7b56b7fc8a 100755 --- a/make.sh +++ b/make.sh @@ -35,7 +35,7 @@ GIT_BRANCH="$(git rev-parse --abbrev-ref HEAD)" # Git Branch GIT_TAG="$(git tag | tail -1)" # Git Tag GIT_LASTCOMMIT="$(git rev-parse --verify HEAD)" # Last commit
-TOOLCHAINVER=20231206 +TOOLCHAINVER=20240210
# use multicore and max compression ZSTD_OPT="-T0 --ultra -22" diff --git a/src/initscripts/system/unbound b/src/initscripts/system/unbound index 04e43fbce0..24d9256380 100644 --- a/src/initscripts/system/unbound +++ b/src/initscripts/system/unbound @@ -288,7 +288,7 @@ fix_time_if_dns_fails() { fi
# Try to sync time with a known time server - boot_mesg "DNS not functioning... Trying to sync time with ntp.ipfire.org (81.3.27.46)..." + boot_mesg "DNS not functioning... Trying to sync time with time.ipfire.org (81.3.27.46)..." loadproc /usr/local/bin/settime 81.3.27.46 }
diff --git a/src/installer/dracut-module/70-dhcpcd.exe b/src/installer/dracut-module/70-dhcpcd.exe index d801c8adad..b9693198d9 100755 --- a/src/installer/dracut-module/70-dhcpcd.exe +++ b/src/installer/dracut-module/70-dhcpcd.exe @@ -48,7 +48,7 @@ case "${reason}" in make_resolvconf
# Set time - ntpdate "ntp.ipfire.org" + ntpdate "time.ipfire.org" ;;
EXPIRE|FAIL|IPV4LL|NAK|NOCARRIER|RELEASE|STOP)
hooks/post-receive -- IPFire 2.x development tree