From: git@ipfire.org
To: ipfire-scm@lists.ipfire.org
Subject: [git.ipfire.org] IPFire 2.x development tree branch, core104, created. 0c29a8ab5843a2f04c070b400e2ccd3de0a4f8a2
Date: Wed, 17 Aug 2016 19:47:48 +0100 [thread overview]
Message-ID: <20160817184749.1A3D21081BA6@git01.ipfire.org> (raw)
[-- Attachment #1: Type: text/plain, Size: 56057 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, core104 has been created
at 0c29a8ab5843a2f04c070b400e2ccd3de0a4f8a2 (commit)
- Log -----------------------------------------------------------------
commit 0c29a8ab5843a2f04c070b400e2ccd3de0a4f8a2
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Wed Aug 17 20:37:07 2016 +0200
kernel: add hyper-v: mark tsc unstable patch
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 3bf2f1822d654e98d5341c1134479b04edcc8db2
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Wed Aug 17 19:52:09 2016 +0200
kernel: update to 3.14.76
this kernel has important tcp and ext4 fixes.
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit d1d60e001a1123e115fe0f262690fcbd79ecdcfd
Merge: 6bc2225 40607f8
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Wed Aug 17 19:51:01 2016 +0200
Merge branch 'core104' into next
commit 6bc2225a5dc26c9de683c59dcdc1b92ff6ce3267
Author: Jonatan Schlag <jonatan.schlag(a)ipfire.org>
Date: Sun Aug 14 11:25:01 2016 +0200
Libvirt: load vhost_net before libvirtd start.
If the kernel module vhot_net is loaded, the performance of virtio
networking is better then without vhost_net.
So the module is loaded before libvirtd ist started to get the benefit
of vhost_net.
Signed-off-by: Jonatan Schlag <jonatan.schlag(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 62be0cda19fe2a18b08141916f73ff8209ead737
Author: Jonatan Schlag <jonatan.schlag(a)ipfire.org>
Date: Sun Aug 14 11:10:36 2016 +0200
Libvirt: fix configuration options
Adds a missed - to -without-dbus and -with-interface.
Signed-off-by: Jonatan Schlag <jonatan.schlag(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 0296bbea84ae3fc1d85d4b9249490c02f602b7ea
Author: Jonatan Schlag <jonatan.schlag(a)ipfire.org>
Date: Sun Aug 14 10:55:38 2016 +0200
Libvirt: enable storage-fs
Fixes: 11154
Signed-off-by: Jonatan Schlag <jonatan.schlag(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 40607f812638f5abd7b4b2313e7e6c1e61502f33
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Sun Aug 7 17:08:44 2016 +0200
core104: revert adding customservices.
simply adding may use id's twice if the user has
added other services so we don't update this files.
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit bf8378e4b7593916b83fd5dfb517708bbdb67101
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Sun Aug 7 13:09:39 2016 +0200
dnsmasq 2.76: latest patches (013-014)
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 678a797077eb4026a26126c98944edd67dbd99fe
Author: Jonatan Schlag <jonatan.schlag(a)ipfire.org>
Date: Sun Aug 7 15:29:44 2016 +0200
Add new package libusbredir
This package adds support for the use redirection of spice.
It is now possible to attach USB devices of the host where the spice
client run to the virtual machine.
The binary is not needed for this functionality and that's why they is
not shipped with the package
This feature is also enabled in qemu.
Signed-off-by: Jonatan Schlag <jonatan.schlag(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 2493a758239e07c9af39510c0745ad9bf38aa688
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Sat Aug 6 12:21:42 2016 +0200
set version to core104
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit e2f8251726f7b4b567021a8631f153e014442f0c
Merge: 1159f71 2b47cc2
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Sat Aug 6 12:11:46 2016 +0200
Merge remote-tracking branch 'origin/master' into next
commit 1159f711c8676d63ce9e2d100790031385eb01e3
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Sat Aug 6 12:09:44 2016 +0200
core104: add changed files
customservices and openssh.
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 1cd62a8d3dd6b340adb2208761f46d2d0de8f672
Author: Jonatan Schlag <jonatan.schlag(a)ipfire.org>
Date: Wed Aug 3 09:47:13 2016 +0200
Libvirt: Remove delay from start command in install.sh
Fixes: #11152
Signed-off-by: Jonatan Schlag <jonatan.schlag(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit c3afb9c65d4e9108db64cf8f3fc2e234e846380e
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Sat Jul 23 23:03:14 2016 +0200
dnsmasq 2.76: latest patches from upstream (010-012)
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 3a4a8b055b56e22d9176486ce77abb1e26a0647e
Author: Jonatan Schlag <jonatan.schlag(a)ipfire.org>
Date: Tue Aug 2 14:01:05 2016 +0200
Libvirt: Add backup
The directory /etc/libvirt is backed up on uninstallation and is
restored on installation.
Alle Files in /var are commented in the rootfile so they are not
removed on uninstallation.
Because of the fact that the directories are not shipped with the
package they were created at installation time.
The permissions of 3 directories are changed because the qemu user is
nobody and the qemu group is kvm, so the permissions must be nobody:kvm
Fixes: #11151
Signed-off-by: Jonatan Schlag <jonatan.schlag(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 4b8f1ffb319303c1f70bcaa987803ddb328a6e94
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Aug 2 16:06:35 2016 +0100
openssh: Update to 7.3p1
Includes various security fixes:
* sshd(8): Mitigate a potential denial-of-service attack against
the system's crypt(3) function via sshd(8). An attacker could
send very long passwords that would cause excessive CPU use in
crypt(3). sshd(8) now refuses to accept password authentication
requests of length greater than 1024 characters. Independently
reported by Tomas Kuthan (Oracle), Andres Rojas and Javier Nieto.
* sshd(8): Mitigate timing differences in password authentication
that could be used to discern valid from invalid account names
when long passwords were sent and particular password hashing
algorithms are in use on the server. CVE-2016-6210, reported by
EddieEzra.Harari at verint.com
* ssh(1), sshd(8): Fix observable timing weakness in the CBC padding
oracle countermeasures. Reported by Jean Paul Degabriele, Kenny
Paterson, Torben Hansen and Martin Albrecht. Note that CBC ciphers
are disabled by default and only included for legacy compatibility.
* ssh(1), sshd(8): Improve operation ordering of MAC verification for
Encrypt-then-MAC (EtM) mode transport MAC algorithms to verify the
MAC before decrypting any ciphertext. This removes the possibility
of timing differences leaking facts about the plaintext, though no
such leakage has been observed. Reported by Jean Paul Degabriele,
Kenny Paterson, Torben Hansen and Martin Albrecht.
* sshd(8): (portable only) Ignore PAM environment vars when
UseLogin=yes. If PAM is configured to read user-specified
environment variables and UseLogin=yes in sshd_config, then a
hostile local user may attack /bin/login via LD_PRELOAD or
similar environment variables set via PAM. CVE-2015-8325,
found by Shayan Sadigh.
Fixes: #11160
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 80a474183e6c730da89e96a3d7719534c252a06b
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Aug 2 12:43:01 2016 +0100
Improve wording of the Guardian translations
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit f62bd2742cdfd2d2af8c6b77a526e6fe92f2d27b
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Aug 2 12:18:45 2016 +0100
Update translation
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit afc0f6e8849c6b9bed5005a05c8c4a526b63e06d
Merge: de56278 e73a5ce
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Aug 2 12:18:29 2016 +0100
Merge remote-tracking branch 'stevee/guardian-2.0' into next
commit de5627819ba5b7381b446606512eb7b4793fca88
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Sun Jul 31 19:43:26 2016 +0200
htop: Update to 2.0.2
For details, see:
http://hisham.hm/htop/index.php?page=downloads
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit e73a5ce77a518e1c83bab5e59702b76f2b80d655
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sat Jul 30 11:31:08 2016 +0200
guardian: Update to the tagged release version.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 65a61d88c8a9d73c3315f4ea07a0d5f714ceb2d4
Merge: 9a300ee 0c265f5
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Fri Jul 29 18:58:56 2016 +0200
Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next
commit 9a300ee8b5d142f1b3d7a47be64be03151493067
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Fri Jul 29 18:57:49 2016 +0200
core104: ship screen
old binary is linked against libshadow.0*
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 6a5b83f80d4f0ad34597b46e90d4dfbc567de4a0
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Fri Jul 29 15:40:30 2016 +0200
Core 104: Add for guardian changed files to core update.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit dcb6493a0cc32211c713615465ddf39bc3c1916f
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Fri Jul 29 13:29:13 2016 +0200
initscripts: Drop guardian related code from snort initscript.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit a27c40a05bda1e3dc64954c0550ec32bc84c6763
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Fri Jul 29 13:25:28 2016 +0200
ids.cgi: Drop guardian related code.
Guardian competely will be managed by it's own CGI.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 3b8ad4fde998ada617708a1c175e0039dd75194a
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Fri Jul 29 13:21:08 2016 +0200
guardian-legacy: Drop old guardian related files.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit dadee76d7be1b5f1d1ab9c100e8e4e4929aea3ff
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Fri Jul 29 13:16:11 2016 +0200
guardian.cgi: Fix path to snort alert file.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 5cbfa0140c0f97e077957e351c1fbfd943ed3450
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Tue Jul 19 20:17:11 2016 +0200
log.dat: Added entry for 'guardian'
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit a11aaa91b36761f07f05db5cc1a3efd27cf0bf88
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Mon Jul 4 11:49:39 2016 +0200
guardian: Update to 2.0.
Update guardian to the re-written version.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit f617f21cc0661a74e452d61d299742b4634eef99
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Wed Jul 13 09:37:30 2016 +0200
guardian.cgi: Prevent from using "syslog" and "debug".
When using syslog as log facility and debug as log mode,
syslog does not log anything.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit efd9c5ffb45579b4ff3c323f1f19689caa8fe50a
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sat Jul 2 10:21:52 2016 +0200
guardian.cgi: Also generate ignore file when building the configuration.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 8651c94e9a03116fcb9d4226b1457c4307a9dee7
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Wed Jun 29 09:39:39 2016 +0200
Language file update.
Add guardian related strings to the german language file.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 8afd763e702fc1e711e5544ab4246ec1b59ea7cb
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Thu Feb 18 18:17:24 2016 +0100
perl-Net-IP: New package
The perl-Net-IP module provides various methods for validating
and calculating IP-addresses (both IP protocols supported) and
is a runtime dependency of guardian 2.0.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 65c61b574f9f4e461418b26fa0f5e3780c1a019a
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Tue Oct 7 19:24:11 2014 +0200
perl-common-sense: New package.
This is a runtime dependency for perl-inotify2.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 7f218a58ba2537d04dd3a661f0a57f55fe8484b1
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Tue Oct 7 19:25:11 2014 +0200
perl-inotify2: New package.
This module contains inotify bindings for perl, used by the extendend guardian.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 06f261cfb973edfc4b633afdd8060d001076aa99
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Mon Jun 27 12:54:44 2016 +0200
Language file update.
Add new guardian related strings.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 2daa1f5bb230cff536067280545dff60f2fecaa8
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Mon Jun 27 12:52:39 2016 +0200
guardian.cgi: Show/Hide options using Java Script.
The options for configuring the log file location and
snort alert priority level now dynamically will be
displayed or hidden if the desired options or feature
is not used.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 2d17c6e6b8d6b0f8bb9711ead293e3f6abc73ede
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Thu Jun 23 15:54:19 2016 +0200
guardian.cgi: Add support for selecting the used firewall action.
This will allow to choose between DROP and REJECT if guardian blocks an
attackers address.
Fixes #10xxx.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 1cc653239fd4d1a8c589082ea6706d76de9dd55a
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Tue Jun 21 10:05:01 2016 +0200
guardian.cgi: Use new feature of ignore file inclusion.
Add support and usage of the recently introduced feature of
including other files in the ignore file to add
the red related IP-addresses to the ignore list on IPFire
systems.
Also use reload-ignore-list feature instead of reloading the
whole configuration on ignore list modifications.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit c880c2cb8a922bb1132871dad96e079b7b98442b
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Fri Apr 29 11:54:53 2016 +0200
guardian.cgi: Create config and ignore file if they does not exist.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 62fd0e6fc7c946f2c9f11d34062c555d95e8a272
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Fri Apr 29 11:06:40 2016 +0200
guardian.cgi: Prevent from blocking the used DNS servers.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit c232e3489ada10b19ca00f675f2e7a930e9164a5
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Fri Apr 29 11:06:06 2016 +0200
guardian.cgi: Use private subfunction for gateway and DNS server detection.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 97849142bd882820c336bec357b62381cae8a5c4
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Fri Apr 29 10:55:32 2016 +0200
guardian.cgi: Add function to generate the guardian.ignore file.
This function is responsible for collecting all required data,
like the green, blue, orange (if the interfaces are available),
red, gateway and used DNS server IP-addresses.
It will add als these addresses and the configured and enabled
user-defined ignored addresses/networks to the ignore file of
guardian to prevent from blocking any of them.
Note:
The IPFire and RED inteface related addresses also will be added
to the ignore file, even if there is no user-defined entry in the
list.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 7edbe063742d0c65e2f229dc366da8b18ea41482
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Fri Apr 29 09:09:25 2016 +0200
guardian.cgi: Use ignored config file.
The CGI now uses an own ignored configuration file for
storing host addresses and/or subnets which should be
ignored by guardian.
This allows to add remarks for them and to enable or disable
each entry individally at any time.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 891ba055f2ece97941bfe3801ec4e33114b583d1
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Thu Feb 25 11:22:19 2016 +0100
guardian.cgi: Use "getipstat" binary.
Rework the GetBlockedHosts() to use the "getipstat" binary
instead of the not longer available "guardianctrl" binary.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit af6856afc470656283347c86106c76d4ba3a6f49
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Wed Feb 24 12:41:12 2016 +0100
guardian.cgi: Send commands through socket connection.
The guardianctrl binary does not longer exists, use
the Guardian::Socket module to send various commands
by using the provided socket client.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 52958991040571d3154345612c6adc38b31973bb
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Wed Feb 24 12:12:11 2016 +0100
guardian.cgi: Adjust code for generating the config file.
The config file format and values have been changed, so the
code to do the generation has to be adjusted.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit d5305379985e5f33a5639a7f4ebb8fa5ab48290f
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Wed Feb 24 09:27:10 2016 +0100
guardian.cgi: Drop option for configure the path to the snort alertfile.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 723648ac92c18e9b8e43ccc138fab9c0c1224f54
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Wed Feb 24 09:19:39 2016 +0100
guardian.cgi: Rename hash keys for enabled modules.
Rename the hash key names of enabled parser modules,
(services which should be monitored by guardian) to
keep the same name sheme than in the guardian config
file.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit b5f7d90327dc8ecc346bac6f758d752d2b510e78
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Wed Feb 24 08:59:42 2016 +0100
guardian.cgi: Adjust CGI to use Locale::Codes::Country.
The module has been renamed some time ago.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit eff1feb8c7d4ed98d24ed2119dbee8da3185ec05
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sat Feb 28 12:33:12 2015 +0100
guardian.cgi: Disable debugging.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit b1597f879c0e897c7bf9fdb256d178857055c61e
Author: Matthias Fischer <fischerm(a)ipfire.org>
Date: Sat Feb 28 11:57:33 2015 +0100
guardian.cgi: Suppress warnings for ${Header::colourgreen} variable.
Reference #10748.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 6a153ecdaca6ea9a04d69ba7790e88e44479eca2
Author: Matthias Fischer <fischerm(a)ipfire.org>
Date: Sat Feb 28 11:54:58 2015 +0100
guardian.cgi: Fix unititalized value "GUARDIAN_ENABLE_OWNCLOUD".
When the owncloud addon is not installed, this value was not
initialized correctly.
Reference #10748.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 922ddf0ef64d977422653d4346f57a9f71c6ea4e
Author: Matthias Fischer <fischerm(a)ipfire.org>
Date: Sat Feb 28 11:52:33 2015 +0100
guardian.cgi: Use variable $pid instead of array element.
This will prevent from a lot of perl suggestions in the
apache error log.
Reference #10748.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit bfb860ceb797fd9e74601f0accdf5d87193f78c0
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sat Jan 24 18:41:37 2015 +0100
guardian.cgi: Fix path to meta-owncloud.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 28981fac68e0c86dbdb2faf0bde1fd3d538fb50f
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sat Jan 17 10:15:12 2015 +0100
guardian.cgi: Add configure options for owncloud.
The related options only will be displayed when the owncloud addon
has been installed.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 36dbcf2e43d77678cfe96ee8f58f01dc0c33f69c
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sat Nov 1 13:42:53 2014 +0100
guardian.cgi: Allways read-in settings.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit c973d6da105f1e83423ee8d66b25a934262b069d
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Tue Oct 28 21:53:27 2014 +0100
guardian.cgi: Some more input validation.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 473c7257215a905d6eac7fe892b46038f534737b
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Mon Oct 27 21:12:03 2014 +0100
guardian.cgi: Correct indentation when writing out the config file.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 4a7fc9f6349f56d8f0409a1cbb3df693944a2810
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Mon Oct 27 21:06:58 2014 +0100
guardian.cgi: Add dropdown for PriorityLevel selection.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 96655fa6b7712d586d9ce6a11e7b2f2c47ea2c7d
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Mon Oct 27 20:16:42 2014 +0100
guardian.cgi: Fix and improve input validation.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit f8c3bfe050776a702c0f7134d21e07569a2b8d50
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Tue Oct 21 21:55:07 2014 +0200
guardian.cgi: Reload guardian if config or the ignorelist changes.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit a35a066845d17c5cc1ebc03bb9f01e844ea20689
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sun Oct 19 19:58:45 2014 +0200
guardian.cgi: Add option to configure the BlockCount.
Some small code fixes.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 06ff7e28d7993d02be4e4a87bfc959b3bb375346
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sun Oct 19 16:46:38 2014 +0200
guardian.cgi: Accidently hardcoded some descriptions.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 7899718f04b1a7e1288c12a49444f3e0312214d9
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sun Oct 19 16:43:32 2014 +0200
guardian.cgi: Add dropdown to select the used loglevel.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit a67b3e2dc53d24c7a25c4f053c4ae2e6368da1b0
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sun Oct 19 14:01:48 2014 +0200
guardian.cgi: Remove code for options which have been dropped from guardian.
Guardian does not longer require the information for the red interface from
the configfile.
Guardian does not longer support a targetfile.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 26fcd31e1f68e279c6882e9d1998f3079cc4be19
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sun Oct 19 13:57:30 2014 +0200
guardian.cgi: Add options to enable/disable some built-in functions from guardian.
This commit allows to enable or disable the monitoring of the snort alertfile
and to switch off the blocking of SSH and HTTPD Brute-force attempts.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit d2fea55e0930cdc2715855297734dd65857718fb
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sat Aug 9 10:35:32 2014 +0200
guardian.cgi: Remove code for Blockinterfaces.
We don't need this code anymore because we dropped interface support
from guardian.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 1d5702a7c3e4de0700d08c2e45a1a2891f777fa9
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sat Jul 5 15:09:50 2014 +0200
guardian.cgi: Connect subboxes with input elements to the main boxes.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 5f462919d9fe730aaca4e0a0e1751df9a3b7d936
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Mon Jun 30 17:59:28 2014 +0200
guardian.cgi: Sort blocked IP addresses.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 8b8413e566334bfdb62776d31427cfb1162e4a36
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sun Jun 8 12:47:58 2014 +0200
guardian.cgi: Add hyperlink to ipinfo page for blocked hosts.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 7f7285911c65776b061a9a2df018fec66eef064c
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Tue Jun 3 22:36:32 2014 +0200
guardian.cgi: Autodetect the used interface for red.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 01dbccb11e113497809d74356d2d3467982a5681
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Sun Jun 1 17:24:23 2014 +0200
guardian.cgi: New page to configure and interact with guardian.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 0c265f57175644c55431490a2aa10b860eabc26d
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Jul 28 10:46:21 2016 +0100
nginx: Update to 1.8.1
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit de2ee80d4ffb0d3d6a219223d1a2e0c85e6ad8c9
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Fri Jul 29 07:18:37 2016 +0200
kernel: update arm buildfix patch
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 5a53d5947d29a65240a9a60e10101bc567638f0f
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Thu Jul 28 18:12:13 2016 +0200
core104: add kernel to updater
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit bde891d1b133a8a28d487cf163ff639d989f6d9a
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Thu Jul 28 18:01:32 2016 +0200
kernel: update to 3.14.74
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit c5c12c9c81bd8ef085a5453fe39e53df100915c3
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Thu Jul 28 18:00:50 2016 +0200
backports: add upstream driver fixes.
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 0eccc8a97c59a3ad86c9370f4cfd844e63da8d2e
Author: Alexander Marx <alexander.marx(a)ipfire.org>
Date: Tue Jul 26 14:40:45 2016 +0200
Firewall: Add Services SSMTP and submission
Signed-off-by: Alexander Marx <alexander.marx(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 24159f095246659fed4bb581384fa91784d3359e
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Fri Jul 22 22:23:24 2016 +0200
nano 2.6.1: fix in rootfile
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit c48a24dc14da1322dae72511c3e4c021602cf005
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed Jul 20 16:49:11 2016 +0100
core104: Include recent changes
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit f00699e8bb9f820f1be200a40d987b749cd278dd
Author: Alf Høgemark <alf(a)i100.no>
Date: Thu Jul 14 13:14:55 2016 +0200
Change case of the unit "bit" from "Bit" to "bit" in web UI
The correct case for "kilobit" is "kilobit", not "kiloBit".
And the same applies for Mbit, Gbit etc.
Reference is https://en.wikipedia.org/wiki/Kilobit
This commit changes the texts used in the web UI, so
that it correctly displays as "bit", "kbit", "Mbit" etc.
This fixes bugzilla item 10918.
Signed-off-by: Alf Høgemark <alf(a)i100.no>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 5261a13d3c2f5bec97c837713720c98a3a4c161b
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Mon Jul 18 11:50:45 2016 +0200
nano: Update to 2.6.1
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 3b7d73d1d40b11b1eaf2ae48ebd22ef4cb587ff1
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Jul 19 15:01:05 2016 +0100
Fix potential HTTPoxy vulnerability
https://httpoxy.org/
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 71f578bbfc43b5cf5b6480f00ca4536bd4155143
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Jul 12 14:51:18 2016 +0100
freeradius: New package
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit ccb35c191fe91611a8bb8d755acddccd5f803051
Author: Jonatan Schlag <jonatan.schlag(a)ipfire.org>
Date: Tue Jul 5 11:56:52 2016 +0200
Update qemu to version 2.6
This patch update qemu to version 2.6
For changelogs see:
http://wiki.qemu.org/ChangeLog/2.5
http://wiki.qemu.org/ChangeLog/2.6
Qemu try to built with bluez, but before version 2.6 bluez was not used
by qemu on IPFire, so I think it is better to disable bluez because
nobody needs it before version 2.6 and our bluez is not the latest
version so I think this will cause more problems than benefits.
Signed-off-by: Jonatan Schlag <jonatan.schlag(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit d4641215c788c54c36a7e3b3c056a1f4566af513
Author: Jonatan Schlag <jonatan.schlag(a)ipfire.org>
Date: Sat Jul 16 12:18:52 2016 +0200
Update spice to version 0.12.8
This is an security update.
Recent were 2 serious security vulnerabilities published.
This patch update spice to a version which is not vulnerable.
Changelog:
Changes in 0.12.8:
==================
* Fixes for CVE-2016-0749 and CVE-2016-2150
Changes in 0.12.7:
==================
* spice-server will now send TCP keepalive probes on the TCP connections
it
uses. This can prevent unwanted idle disconnections if proxies are
used
between the client and the host.
* Fix important memory usage when the webdav channel is used
* Do not disconnect when the client requests an unsupported compression
type
* Fix a few race conditions
* Fix display glitch when using XSpice
* Improve help string for 'replay -s'
* Fix crashes in corner cases (buggy spice-html5 + win10, vnc + SPICE
port
configured, USB webcam redirection over a slow link)
* Fix various compilation warning when building on 32 bit machines
* Some fixes for big-endian machines, more work is likely to be needed
* Do not build static libraries by default, this can be reenabled with
--enable-static
* Fix small leak in MJPEG code
Signed-off-by: Jonatan Schlag <jonatan.schlag(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 5fb41958ce9ca71f4eee6d71f932de5a696b6e54
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sat Jul 16 11:24:41 2016 +0100
libtiff: Bump release
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 25bb3677e9090d05aa64abdbaad97ae1efae3af2
Author: Marcel Lorenz <marcel.lorenz(a)ipfire.org>
Date: Fri Jul 15 19:13:07 2016 +0200
libtiff: update to 4.0.6
The pak version from spandsp sane and foomatic are increased by one
to ship packages build against new libtiff.
A compat is not needed
http://www.remotesensing.org/libtiff/v4.0.6.html
Signed-off-by: Marcel Lorenz <marcel.lorenz(a)ipfire.org>
Reviewed-by: Jonatan Schlag <jonatan.schlag(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 035e2b4a9b843601b0af484d37c91fc3048f0ab7
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sat Jul 16 10:57:04 2016 +0100
core104: Ship recently updated which
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 10f8c6f421e0d635dfa303b71b7e7a2cb1694424
Author: Marcel Lorenz <marcel.lorenz(a)ipfire.org>
Date: Fri Jul 15 18:42:46 2016 +0200
which: update to 2.21
Signed-off-by: Marcel Lorenz <marcel.lorenz(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit fb686fdef34743853f618d0b816a8e678c7c8540
Author: Jonatan Schlag <jonatan.schlag(a)ipfire.org>
Date: Fri Jul 15 17:27:15 2016 +0200
Update spice-protocol to 0.12.11
Signed-off-by: Jonatan Schlag <jonatan.schlag(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit f5194e7a38d63fc9769dbd35eb1941a49ff716b3
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Fri Jul 15 11:08:56 2016 +0100
kernel: Fix broken syntax in configuration file
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit eb03f0178286ba0c049f4ef15b47d7e9ca60cc75
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Fri Jul 15 09:55:49 2016 +0100
Build bzip2 before pcre
pcre is now depending on bzip2
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit b61fe3f404035488e051929336d2b5159c8cb313
Author: Jonatan Schlag <jonatan.schlag(a)ipfire.org>
Date: Fri Jul 15 10:28:17 2016 +0200
Fix in libvirt install.sh/uninstall.sh
The libvirt daemon was not started after installation because the
initscritp is named 'libvirtd' not like the package 'libvirt'.
The same problem appear in the uninstall.sh. The service was not
stopped.
Signed-off-by: Jonatan Schlag <jonatan.schlag(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 19a4317093718fc057d1a84d577593aaaee5c42e
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Jul 14 23:36:49 2016 +0100
core104: Ship recently updated packages
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit aa3ff233c2895c0f0aa32d957e7403b108e9fb2b
Author: Marcel Lorenz <marcel.lorenz(a)ipfire.org>
Date: Sun Jun 26 09:58:14 2016 +0200
acpid: update to 2.0.26
Signed-off-by: Marcel Lorenz <marcel.lorenz(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 602696704cb13d91c87f99fd54e891040418540b
Author: Marcel Lorenz <marcel.lorenz(a)ipfire.org>
Date: Sun Jun 26 09:42:04 2016 +0200
pcre: update to 8.39
http://www.pcre.org/original/changelog.txt
Signed-off-by: Marcel Lorenz <marcel.lorenz(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit c11dfb92959d60cb73092c8a740c7eabe03a09e0
Author: Marcel Lorenz <marcel.lorenz(a)ipfire.org>
Date: Sun Jun 26 10:02:54 2016 +0200
popt: update to 1.16
Signed-off-by: Marcel Lorenz <marcel.lorenz(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 2a53bafffe1313eec256e5466924f35d8976532d
Author: Marcel Lorenz <marcel.lorenz(a)ipfire.org>
Date: Sun Jun 26 10:07:44 2016 +0200
curl: update to 7.49.1
https://curl.haxx.se/changes.html#7_49_1
Signed-off-by: Marcel Lorenz <marcel.lorenz(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 6ec0831ae9716497276e33c4bef3dc4500d75d9e
Author: Marcel Lorenz <marcel.lorenz(a)ipfire.org>
Date: Sun Jun 26 10:08:58 2016 +0200
iputils: update to s20160308
Signed-off-by: Marcel Lorenz <marcel.lorenz(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 2249bb1d52f36a69aad36384e60de4a4c63b0fda
Author: Marcel Lorenz <marcel.lorenz(a)ipfire.org>
Date: Sun Jun 26 10:38:18 2016 +0200
acl: update to 2.2.52
Signed-off-by: Marcel Lorenz <marcel.lorenz(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 04251def7f2a4f823ce5384298eb85c09676fb79
Author: Marcel Lorenz <marcel.lorenz(a)ipfire.org>
Date: Sun Jun 26 10:33:03 2016 +0200
libcap: update to 2.25
Signed-off-by: Marcel Lorenz <marcel.lorenz(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit cc97d7b417a44749be1568478173b799a7dc5ff9
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed Jul 13 16:55:29 2016 +0100
collectd: Ignore *phys, macvtap* and vnet* interfaces
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 2b47cc27e3fbb6478a8729bc3c8fcffa7df3538a
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Wed Jul 13 13:33:21 2016 +0200
bump package version of corrupted paks.
I had uploaded the wrong arch of this paks so bump version to fix this
in pakfire.
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit a4fdc176429a03fb47f851a9767c93f8b3a19259
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Tue Jul 12 12:37:19 2016 +0200
dnsmasq 2.76: latest patches from upstream (004-009)
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 754efda13126e16c951f4051df6cfc9926fca490
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Sat Jul 9 12:27:37 2016 +0200
dnsmasq 2.76: latest patches from upstream (001-003)
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit afc14499a725d2d7d6f363d6859492dc74b3300b
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Mon Jul 11 16:27:58 2016 +0200
p7zip: add CVE-2016-2334 and CVE-2016-2335 patches
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit d0d869b022b7cc1f103227579c9175d9b2bd167b
Merge: 7959134 913a442
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Mon Jul 11 15:39:53 2016 +0200
Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next
commit 7959134a5564345adb1f16b42cf3d7666be9aa42
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Mon Jul 11 10:42:51 2016 +0200
kernel: disable amd ccp support
ccp based trng of the apu2 produce none random data.
Aes accleration is also not used because IPFire prefere
AES-NI if this is supported.
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 913a442a2aad8f359462d2dbaa8f29a69ed3ebd6
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sat Jul 2 12:18:38 2016 +0200
Fix compound nouns for mail service feature
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 795147c7d97b5fc691c6528bb5754f2b917a49c7
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Thu Jun 30 20:29:40 2016 +0200
kernel: arm7-multi: enable ohci_hcd
needed for usb1.1 support on BananaPi
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 484e62046ee462af0c102a131b0c7d47ae7f33e8
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Wed Jun 29 17:04:28 2016 +0200
kernel: update to 3.14.74
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 01e38218c9193c9747ae9fca2a48345ff262af9e
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Wed Jun 29 17:00:29 2016 +0200
backports: r8152 add lenovo and nvidia usb id
this id's are blacklisted in new cdc_ether module
because the r8152 module should used but the
3.14 module not know this id's.
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit dc2e0320d3bfdaf0f2c51f6ed7297c3140806482
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Mon Jun 27 23:18:39 2016 +0100
core104: Ship updated libarchive
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit a3cab8134a87712723a5a4a76e0e5deee4b02864
Author: Marcel Lorenz <marcel.lorenz(a)ipfire.org>
Date: Sun Jun 26 09:27:58 2016 +0200
libarchive: update to 3.2.1
Fixes CVE-2016-4301
Libarchive mtree parse_device Code Execution Vulnerability
Signed-off-by: Marcel Lorenz <marcel.lorenz(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit f7029f205713edc6f523c58685e2f420b5d2852e
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Wed Jun 22 14:19:24 2016 +0200
core 104: Add updated snort.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit fee796dcb761b70911644311e7dba98f7727cb79
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Wed Jun 22 14:18:36 2016 +0200
core 104: Add changed ids.cgi.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit b1e8c4b521d8b8759c63985812f17d7c23ffe753
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Wed Jun 22 14:13:49 2016 +0200
snort: Rootfile update.
Rootfile update for snort 2.9.8.2 which has been overlocked in
commit 5a5e5f04a7cb2a6c39be2a53205d42b99ab80885.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 60ef4f6704c5a0cc2d971dccc90f81d4f0a051ce
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Tue Jun 21 12:02:49 2016 +0200
Add updated ddns to core 104.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 312ba20037df7db21abaeb4fcf5ee687d9c90dbe
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Tue Jun 21 11:59:18 2016 +0200
ddns: Update to version 010.
This update fixes some smaller issues on various dynamic DNS
providers and adds support for DuckDNS as new provider.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 59232d72251e46011b92501b7538bfe24e869ffa
Merge: 3a376d9 96aeacd
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Tue Jun 21 10:08:07 2016 +0200
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next
commit 96aeacd808bbde03997e7d699bed16605095c8a8
Author: Jonatan Schlag <jonatan.schlag(a)ipfire.org>
Date: Fri Jun 17 13:06:41 2016 +0200
Change the default qemu user and group of libvirt
Changes the libvirt user to nobody and the group to kvm this is a bit
safer as to use root for both.
Signed-off-by: Jonatan Schlag <jonatan.schlag(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 5cc7ae0926454f93998f7c25b931dae7eec0539d
Author: Jonatan Schlag <jonatan.schlag(a)ipfire.org>
Date: Fri Jun 17 13:06:40 2016 +0200
Qemu: add a group kvm to access /dev/kvm eaiser
As a normal user, it is not possible to use qemu with KVM. This is bad
because it is better when it is possible to start the machine with a
less privileged user. To achieve this a group KVM is created and the
access to /dev/kvm is allowed for this group. So every user in this
group can use qemu with KVM.
This change is also useful for libvirt because the VMs can be started
with user nobody and group kvm.
Signed-off-by: Jonatan Schlag <jonatan.schlag(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 1dd61e0594e92155642039d3229e1505f8aea937
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sun Jun 19 09:54:32 2016 +0100
Rootfile update
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 0204a3c5bff8b22c880b2fb181814a25c2c3e3b9
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Fri Jun 17 13:07:10 2016 +0100
core104: Ship updated shadow-utils and remove old files
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 4787315b6e67b486e813292d45402ee3890a3e7b
Author: Marcel Lorenz <marcel.lorenz(a)ipfire.org>
Date: Sat Mar 19 08:10:25 2016 +0100
shadow: update to 4.2.1
The "groups" from the coreutils package is used (/usr/bin/groups)
Signed-off-by: Marcel Lorenz <marcel.lorenz(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 1bddfa5abf7a970bb6a1df90271bc6e2c67154a5
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Jun 16 09:34:24 2016 +0100
core104: Ship updated pakfire functions.sh
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit e6fd1f2d3876aae2c37051fce718f68712fdee4a
Author: Jonatan Schlag <jonatan.schlag(a)ipfire.org>
Date: Fri Jun 10 10:13:41 2016 +0200
Fix in pakfire functions.sh
The if statement in line 89 and 99 are useless with the -e
conditional expression because it returns true if the path ist a
regular file or a directory.
So "/etc/init.d/ " returns true and "/etc/init.d/avahi" return also true,
but the statement should return only true if we have a regular file.
So -f if the right conditional expression, and we only try to execute
the init script if the path "/etc/init.d/${1}" points to a regular file.
Signed-off-by: Jonatan Schlag <jonatan.schlag(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 77d989a66726dfe8282d00eec25f1cca80aca118
Author: Jonatan Schlag <jonatan.schlag(a)ipfire.org>
Date: Fri Jun 10 10:57:13 2016 +0200
Change the default libvirt remote user to libvirt-remote
It is possible to communicate per ssh via a socket with libvirt. It is
not a good idea to do this as root, so the remote user is now
libvirt-remote. Only this user or users in the group libvirt-remote can
communicate with the socket.
The user libvirt-remote is created without a password. The users have to
set a password for this user after installation.
Signed-off-by: Jonatan Schlag <jonatan.schlag(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 6c2720cac6c4d807e7608d10d15349854714a8e0
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Jun 16 09:28:34 2016 +0100
core104: Add ntp update
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 6ce32b1d84a539bae4503fbfe0cb043edb919265
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Tue Jun 14 12:44:48 2016 +0200
ntp: Update to 4.2.8p8
It addresses 1 high- and 4 low--severity security issues, 4 bugfixes,
and contains other improvements over 4.2.8p7.
For a complete list, see:
http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 51f69a46533e2ed7a9c29de23b9ec791d27cc80b
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Sun May 1 12:29:02 2016 +0200
ntp: Update to 4.2.8p7
It addresses 11 low- and medium-severity security issues, 16 bugfixes,
and contains other improvements over 4.2.8p6.
For a complete list, see:
http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 2e45b1125bc54f5376b57905541cd1309364579a
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Sat Feb 6 23:37:50 2016 +0100
ntp: Update to 4.2.8p6
"...addresses 9 low- and medium-severity security issues, 10 bugfixes,
and contains other improvements over 4.2.8p5."
For a complete list, see:
http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 44285d92a297f27310b3bf4de3d5c0af15a82462
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Jun 16 09:26:55 2016 +0100
core104: Add wget update
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit e072f094e6fcb20a718caaef91ba9766258e2377
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Tue Jun 14 12:33:00 2016 +0200
wget: Update to 1.18
Excerpt from annoncement:
"This version fixes a security vulnerability (CVE-2016-4971) present in
all old versions of wget. The vulnerability was discovered by Dawid
Golunski which were reported to us by Beyond Security's SecuriTeam.
On a server redirect from HTTP to a FTP resource, wget would trust the
HTTP server and uses the name in the redirected URL as the destination
filename.
This behaviour was changed and now it works similarly as a redirect from
HTTP to another HTTP resource so the original name is used as
the destination file. To keep the previous behaviour the user must
provide --trust-server-names."
Best,
Mat-backfromholidays-thias
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 6118218c192bdd0a957e787114190bfc9c440da0
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Mon Feb 8 14:10:57 2016 +0100
wget: Update to 1.17.1
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit b6c0145236385bcef7b3fa016f2884f64a2bc9f0
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Jun 16 09:24:22 2016 +0100
Start Core Update 104
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 3a376d999ecf485803c270e3d9d6f767c0378ba9
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Sun May 1 07:35:32 2016 +0200
snort 2.9.8.2: update snort download url
Update for
http://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=0aff7b81965c06756ff42482ef0aa3ccfa68bf8f
Update url is set to 'snortrules-snapshot-2982.tar.gz'
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 5a5e5f04a7cb2a6c39be2a53205d42b99ab80885
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Fri Apr 1 08:40:00 2016 +0200
snort: Update to 2.9.8.2
Release notes:
2016-03-09 - Snort 2.9.8.2
[*] New additions
* Future-flow and DNS API exposed to lua detector.
* Double VLAN tagging support.
[*] Improvements
* Performance improvements to AppID.
* Stability improvements to file and ftp_telnet preprocessor.
* Fixed several issues with SDF and obfuscation.
* Resolved an issue of improper handling of malformed DNS host
in AppID.
* HTTP PAF accepts all tokens between method and version strings
in a request URI.
* Resolved snort build issue with "--disable-perfprofiling" configure
option.
* Enhanced mime parsing by adding support for detecting files
after unknown headers and no headers.
* Fixed issue with gzip decompression. If the server response specifies
Content-Encoding as GZIP, but no Content-Length field for HTTP ver 1.0.
* End of Header(EOH) identification for HTTP response header spanning multiple
packets.
* Improved packet reassembly for HTTP.
* Fixed Flash LZMA decompression issue.
For details see:
https://www.snort.org/downloads/snort/changelog_2.9.8.2.txt
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit 00c2bfe89b236ebbd0306d19965c9087b3aaf485
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Fri Dec 11 19:38:26 2015 +0100
snort 2.9.8.0: Updated rootfile
snort 2.9.8.0: Updated rootfile
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
commit cf074eb256e1254f3463f62d3e1893cca56ca2ff
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Thu Dec 10 07:40:18 2015 +0100
snort: Update to 2.9.8.0
snort: Update to 2.9.8.0
Release notes: https://snort.org/downloads/snort/release_notes_2.9.8.0.txt
Changelog: https://snort.org/downloads/snort/changelog_2.9.8.0.txt
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
-----------------------------------------------------------------------
hooks/post-receive
--
IPFire 2.x development tree
reply other threads:[~2016-08-17 18:47 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160817184749.1A3D21081BA6@git01.ipfire.org \
--to=git@ipfire.org \
--cc=ipfire-scm@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox