This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree". The branch, core104 has been created at 0c29a8ab5843a2f04c070b400e2ccd3de0a4f8a2 (commit) - Log ----------------------------------------------------------------- commit 0c29a8ab5843a2f04c070b400e2ccd3de0a4f8a2 Author: Arne Fitzenreiter Date: Wed Aug 17 20:37:07 2016 +0200 kernel: add hyper-v: mark tsc unstable patch Signed-off-by: Arne Fitzenreiter commit 3bf2f1822d654e98d5341c1134479b04edcc8db2 Author: Arne Fitzenreiter Date: Wed Aug 17 19:52:09 2016 +0200 kernel: update to 3.14.76 this kernel has important tcp and ext4 fixes. Signed-off-by: Arne Fitzenreiter commit d1d60e001a1123e115fe0f262690fcbd79ecdcfd Merge: 6bc2225 40607f8 Author: Arne Fitzenreiter Date: Wed Aug 17 19:51:01 2016 +0200 Merge branch 'core104' into next commit 6bc2225a5dc26c9de683c59dcdc1b92ff6ce3267 Author: Jonatan Schlag Date: Sun Aug 14 11:25:01 2016 +0200 Libvirt: load vhost_net before libvirtd start. If the kernel module vhot_net is loaded, the performance of virtio networking is better then without vhost_net. So the module is loaded before libvirtd ist started to get the benefit of vhost_net. Signed-off-by: Jonatan Schlag Signed-off-by: Michael Tremer commit 62be0cda19fe2a18b08141916f73ff8209ead737 Author: Jonatan Schlag Date: Sun Aug 14 11:10:36 2016 +0200 Libvirt: fix configuration options Adds a missed - to -without-dbus and -with-interface. Signed-off-by: Jonatan Schlag Signed-off-by: Michael Tremer commit 0296bbea84ae3fc1d85d4b9249490c02f602b7ea Author: Jonatan Schlag Date: Sun Aug 14 10:55:38 2016 +0200 Libvirt: enable storage-fs Fixes: 11154 Signed-off-by: Jonatan Schlag Signed-off-by: Michael Tremer commit 40607f812638f5abd7b4b2313e7e6c1e61502f33 Author: Arne Fitzenreiter Date: Sun Aug 7 17:08:44 2016 +0200 core104: revert adding customservices. simply adding may use id's twice if the user has added other services so we don't update this files. Signed-off-by: Arne Fitzenreiter commit bf8378e4b7593916b83fd5dfb517708bbdb67101 Author: Matthias Fischer Date: Sun Aug 7 13:09:39 2016 +0200 dnsmasq 2.76: latest patches (013-014) Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit 678a797077eb4026a26126c98944edd67dbd99fe Author: Jonatan Schlag Date: Sun Aug 7 15:29:44 2016 +0200 Add new package libusbredir This package adds support for the use redirection of spice. It is now possible to attach USB devices of the host where the spice client run to the virtual machine. The binary is not needed for this functionality and that's why they is not shipped with the package This feature is also enabled in qemu. Signed-off-by: Jonatan Schlag Signed-off-by: Michael Tremer commit 2493a758239e07c9af39510c0745ad9bf38aa688 Author: Arne Fitzenreiter Date: Sat Aug 6 12:21:42 2016 +0200 set version to core104 Signed-off-by: Arne Fitzenreiter commit e2f8251726f7b4b567021a8631f153e014442f0c Merge: 1159f71 2b47cc2 Author: Arne Fitzenreiter Date: Sat Aug 6 12:11:46 2016 +0200 Merge remote-tracking branch 'origin/master' into next commit 1159f711c8676d63ce9e2d100790031385eb01e3 Author: Arne Fitzenreiter Date: Sat Aug 6 12:09:44 2016 +0200 core104: add changed files customservices and openssh. Signed-off-by: Arne Fitzenreiter commit 1cd62a8d3dd6b340adb2208761f46d2d0de8f672 Author: Jonatan Schlag Date: Wed Aug 3 09:47:13 2016 +0200 Libvirt: Remove delay from start command in install.sh Fixes: #11152 Signed-off-by: Jonatan Schlag Signed-off-by: Michael Tremer commit c3afb9c65d4e9108db64cf8f3fc2e234e846380e Author: Matthias Fischer Date: Sat Jul 23 23:03:14 2016 +0200 dnsmasq 2.76: latest patches from upstream (010-012) Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit 3a4a8b055b56e22d9176486ce77abb1e26a0647e Author: Jonatan Schlag Date: Tue Aug 2 14:01:05 2016 +0200 Libvirt: Add backup The directory /etc/libvirt is backed up on uninstallation and is restored on installation. Alle Files in /var are commented in the rootfile so they are not removed on uninstallation. Because of the fact that the directories are not shipped with the package they were created at installation time. The permissions of 3 directories are changed because the qemu user is nobody and the qemu group is kvm, so the permissions must be nobody:kvm Fixes: #11151 Signed-off-by: Jonatan Schlag Signed-off-by: Michael Tremer commit 4b8f1ffb319303c1f70bcaa987803ddb328a6e94 Author: Michael Tremer Date: Tue Aug 2 16:06:35 2016 +0100 openssh: Update to 7.3p1 Includes various security fixes: * sshd(8): Mitigate a potential denial-of-service attack against the system's crypt(3) function via sshd(8). An attacker could send very long passwords that would cause excessive CPU use in crypt(3). sshd(8) now refuses to accept password authentication requests of length greater than 1024 characters. Independently reported by Tomas Kuthan (Oracle), Andres Rojas and Javier Nieto. * sshd(8): Mitigate timing differences in password authentication that could be used to discern valid from invalid account names when long passwords were sent and particular password hashing algorithms are in use on the server. CVE-2016-6210, reported by EddieEzra.Harari at verint.com * ssh(1), sshd(8): Fix observable timing weakness in the CBC padding oracle countermeasures. Reported by Jean Paul Degabriele, Kenny Paterson, Torben Hansen and Martin Albrecht. Note that CBC ciphers are disabled by default and only included for legacy compatibility. * ssh(1), sshd(8): Improve operation ordering of MAC verification for Encrypt-then-MAC (EtM) mode transport MAC algorithms to verify the MAC before decrypting any ciphertext. This removes the possibility of timing differences leaking facts about the plaintext, though no such leakage has been observed. Reported by Jean Paul Degabriele, Kenny Paterson, Torben Hansen and Martin Albrecht. * sshd(8): (portable only) Ignore PAM environment vars when UseLogin=yes. If PAM is configured to read user-specified environment variables and UseLogin=yes in sshd_config, then a hostile local user may attack /bin/login via LD_PRELOAD or similar environment variables set via PAM. CVE-2015-8325, found by Shayan Sadigh. Fixes: #11160 Signed-off-by: Michael Tremer commit 80a474183e6c730da89e96a3d7719534c252a06b Author: Michael Tremer Date: Tue Aug 2 12:43:01 2016 +0100 Improve wording of the Guardian translations Signed-off-by: Michael Tremer commit f62bd2742cdfd2d2af8c6b77a526e6fe92f2d27b Author: Michael Tremer Date: Tue Aug 2 12:18:45 2016 +0100 Update translation Signed-off-by: Michael Tremer commit afc0f6e8849c6b9bed5005a05c8c4a526b63e06d Merge: de56278 e73a5ce Author: Michael Tremer Date: Tue Aug 2 12:18:29 2016 +0100 Merge remote-tracking branch 'stevee/guardian-2.0' into next commit de5627819ba5b7381b446606512eb7b4793fca88 Author: Matthias Fischer Date: Sun Jul 31 19:43:26 2016 +0200 htop: Update to 2.0.2 For details, see: http://hisham.hm/htop/index.php?page=downloads Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit e73a5ce77a518e1c83bab5e59702b76f2b80d655 Author: Stefan Schantl Date: Sat Jul 30 11:31:08 2016 +0200 guardian: Update to the tagged release version. Signed-off-by: Stefan Schantl commit 65a61d88c8a9d73c3315f4ea07a0d5f714ceb2d4 Merge: 9a300ee 0c265f5 Author: Arne Fitzenreiter Date: Fri Jul 29 18:58:56 2016 +0200 Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next commit 9a300ee8b5d142f1b3d7a47be64be03151493067 Author: Arne Fitzenreiter Date: Fri Jul 29 18:57:49 2016 +0200 core104: ship screen old binary is linked against libshadow.0* Signed-off-by: Arne Fitzenreiter commit 6a5b83f80d4f0ad34597b46e90d4dfbc567de4a0 Author: Stefan Schantl Date: Fri Jul 29 15:40:30 2016 +0200 Core 104: Add for guardian changed files to core update. Signed-off-by: Stefan Schantl commit dcb6493a0cc32211c713615465ddf39bc3c1916f Author: Stefan Schantl Date: Fri Jul 29 13:29:13 2016 +0200 initscripts: Drop guardian related code from snort initscript. Signed-off-by: Stefan Schantl commit a27c40a05bda1e3dc64954c0550ec32bc84c6763 Author: Stefan Schantl Date: Fri Jul 29 13:25:28 2016 +0200 ids.cgi: Drop guardian related code. Guardian competely will be managed by it's own CGI. Signed-off-by: Stefan Schantl commit 3b8ad4fde998ada617708a1c175e0039dd75194a Author: Stefan Schantl Date: Fri Jul 29 13:21:08 2016 +0200 guardian-legacy: Drop old guardian related files. Signed-off-by: Stefan Schantl commit dadee76d7be1b5f1d1ab9c100e8e4e4929aea3ff Author: Stefan Schantl Date: Fri Jul 29 13:16:11 2016 +0200 guardian.cgi: Fix path to snort alert file. Signed-off-by: Stefan Schantl commit 5cbfa0140c0f97e077957e351c1fbfd943ed3450 Author: Matthias Fischer Date: Tue Jul 19 20:17:11 2016 +0200 log.dat: Added entry for 'guardian' Signed-off-by: Matthias Fischer Signed-off-by: Stefan Schantl commit a11aaa91b36761f07f05db5cc1a3efd27cf0bf88 Author: Stefan Schantl Date: Mon Jul 4 11:49:39 2016 +0200 guardian: Update to 2.0. Update guardian to the re-written version. Signed-off-by: Stefan Schantl commit f617f21cc0661a74e452d61d299742b4634eef99 Author: Stefan Schantl Date: Wed Jul 13 09:37:30 2016 +0200 guardian.cgi: Prevent from using "syslog" and "debug". When using syslog as log facility and debug as log mode, syslog does not log anything. Signed-off-by: Stefan Schantl commit efd9c5ffb45579b4ff3c323f1f19689caa8fe50a Author: Stefan Schantl Date: Sat Jul 2 10:21:52 2016 +0200 guardian.cgi: Also generate ignore file when building the configuration. Signed-off-by: Stefan Schantl commit 8651c94e9a03116fcb9d4226b1457c4307a9dee7 Author: Stefan Schantl Date: Wed Jun 29 09:39:39 2016 +0200 Language file update. Add guardian related strings to the german language file. Signed-off-by: Stefan Schantl commit 8afd763e702fc1e711e5544ab4246ec1b59ea7cb Author: Stefan Schantl Date: Thu Feb 18 18:17:24 2016 +0100 perl-Net-IP: New package The perl-Net-IP module provides various methods for validating and calculating IP-addresses (both IP protocols supported) and is a runtime dependency of guardian 2.0. Signed-off-by: Stefan Schantl commit 65c61b574f9f4e461418b26fa0f5e3780c1a019a Author: Stefan Schantl Date: Tue Oct 7 19:24:11 2014 +0200 perl-common-sense: New package. This is a runtime dependency for perl-inotify2. Signed-off-by: Stefan Schantl commit 7f218a58ba2537d04dd3a661f0a57f55fe8484b1 Author: Stefan Schantl Date: Tue Oct 7 19:25:11 2014 +0200 perl-inotify2: New package. This module contains inotify bindings for perl, used by the extendend guardian. Signed-off-by: Stefan Schantl commit 06f261cfb973edfc4b633afdd8060d001076aa99 Author: Stefan Schantl Date: Mon Jun 27 12:54:44 2016 +0200 Language file update. Add new guardian related strings. Signed-off-by: Stefan Schantl commit 2daa1f5bb230cff536067280545dff60f2fecaa8 Author: Stefan Schantl Date: Mon Jun 27 12:52:39 2016 +0200 guardian.cgi: Show/Hide options using Java Script. The options for configuring the log file location and snort alert priority level now dynamically will be displayed or hidden if the desired options or feature is not used. Signed-off-by: Stefan Schantl commit 2d17c6e6b8d6b0f8bb9711ead293e3f6abc73ede Author: Stefan Schantl Date: Thu Jun 23 15:54:19 2016 +0200 guardian.cgi: Add support for selecting the used firewall action. This will allow to choose between DROP and REJECT if guardian blocks an attackers address. Fixes #10xxx. Signed-off-by: Stefan Schantl commit 1cc653239fd4d1a8c589082ea6706d76de9dd55a Author: Stefan Schantl Date: Tue Jun 21 10:05:01 2016 +0200 guardian.cgi: Use new feature of ignore file inclusion. Add support and usage of the recently introduced feature of including other files in the ignore file to add the red related IP-addresses to the ignore list on IPFire systems. Also use reload-ignore-list feature instead of reloading the whole configuration on ignore list modifications. Signed-off-by: Stefan Schantl commit c880c2cb8a922bb1132871dad96e079b7b98442b Author: Stefan Schantl Date: Fri Apr 29 11:54:53 2016 +0200 guardian.cgi: Create config and ignore file if they does not exist. Signed-off-by: Stefan Schantl commit 62fd0e6fc7c946f2c9f11d34062c555d95e8a272 Author: Stefan Schantl Date: Fri Apr 29 11:06:40 2016 +0200 guardian.cgi: Prevent from blocking the used DNS servers. Signed-off-by: Stefan Schantl commit c232e3489ada10b19ca00f675f2e7a930e9164a5 Author: Stefan Schantl Date: Fri Apr 29 11:06:06 2016 +0200 guardian.cgi: Use private subfunction for gateway and DNS server detection. Signed-off-by: Stefan Schantl commit 97849142bd882820c336bec357b62381cae8a5c4 Author: Stefan Schantl Date: Fri Apr 29 10:55:32 2016 +0200 guardian.cgi: Add function to generate the guardian.ignore file. This function is responsible for collecting all required data, like the green, blue, orange (if the interfaces are available), red, gateway and used DNS server IP-addresses. It will add als these addresses and the configured and enabled user-defined ignored addresses/networks to the ignore file of guardian to prevent from blocking any of them. Note: The IPFire and RED inteface related addresses also will be added to the ignore file, even if there is no user-defined entry in the list. Signed-off-by: Stefan Schantl commit 7edbe063742d0c65e2f229dc366da8b18ea41482 Author: Stefan Schantl Date: Fri Apr 29 09:09:25 2016 +0200 guardian.cgi: Use ignored config file. The CGI now uses an own ignored configuration file for storing host addresses and/or subnets which should be ignored by guardian. This allows to add remarks for them and to enable or disable each entry individally at any time. Signed-off-by: Stefan Schantl commit 891ba055f2ece97941bfe3801ec4e33114b583d1 Author: Stefan Schantl Date: Thu Feb 25 11:22:19 2016 +0100 guardian.cgi: Use "getipstat" binary. Rework the GetBlockedHosts() to use the "getipstat" binary instead of the not longer available "guardianctrl" binary. Signed-off-by: Stefan Schantl commit af6856afc470656283347c86106c76d4ba3a6f49 Author: Stefan Schantl Date: Wed Feb 24 12:41:12 2016 +0100 guardian.cgi: Send commands through socket connection. The guardianctrl binary does not longer exists, use the Guardian::Socket module to send various commands by using the provided socket client. Signed-off-by: Stefan Schantl commit 52958991040571d3154345612c6adc38b31973bb Author: Stefan Schantl Date: Wed Feb 24 12:12:11 2016 +0100 guardian.cgi: Adjust code for generating the config file. The config file format and values have been changed, so the code to do the generation has to be adjusted. Signed-off-by: Stefan Schantl commit d5305379985e5f33a5639a7f4ebb8fa5ab48290f Author: Stefan Schantl Date: Wed Feb 24 09:27:10 2016 +0100 guardian.cgi: Drop option for configure the path to the snort alertfile. Signed-off-by: Stefan Schantl commit 723648ac92c18e9b8e43ccc138fab9c0c1224f54 Author: Stefan Schantl Date: Wed Feb 24 09:19:39 2016 +0100 guardian.cgi: Rename hash keys for enabled modules. Rename the hash key names of enabled parser modules, (services which should be monitored by guardian) to keep the same name sheme than in the guardian config file. Signed-off-by: Stefan Schantl commit b5f7d90327dc8ecc346bac6f758d752d2b510e78 Author: Stefan Schantl Date: Wed Feb 24 08:59:42 2016 +0100 guardian.cgi: Adjust CGI to use Locale::Codes::Country. The module has been renamed some time ago. Signed-off-by: Stefan Schantl commit eff1feb8c7d4ed98d24ed2119dbee8da3185ec05 Author: Stefan Schantl Date: Sat Feb 28 12:33:12 2015 +0100 guardian.cgi: Disable debugging. Signed-off-by: Stefan Schantl commit b1597f879c0e897c7bf9fdb256d178857055c61e Author: Matthias Fischer Date: Sat Feb 28 11:57:33 2015 +0100 guardian.cgi: Suppress warnings for ${Header::colourgreen} variable. Reference #10748. Signed-off-by: Stefan Schantl commit 6a153ecdaca6ea9a04d69ba7790e88e44479eca2 Author: Matthias Fischer Date: Sat Feb 28 11:54:58 2015 +0100 guardian.cgi: Fix unititalized value "GUARDIAN_ENABLE_OWNCLOUD". When the owncloud addon is not installed, this value was not initialized correctly. Reference #10748. Signed-off-by: Stefan Schantl commit 922ddf0ef64d977422653d4346f57a9f71c6ea4e Author: Matthias Fischer Date: Sat Feb 28 11:52:33 2015 +0100 guardian.cgi: Use variable $pid instead of array element. This will prevent from a lot of perl suggestions in the apache error log. Reference #10748. Signed-off-by: Stefan Schantl commit bfb860ceb797fd9e74601f0accdf5d87193f78c0 Author: Stefan Schantl Date: Sat Jan 24 18:41:37 2015 +0100 guardian.cgi: Fix path to meta-owncloud. Signed-off-by: Stefan Schantl commit 28981fac68e0c86dbdb2faf0bde1fd3d538fb50f Author: Stefan Schantl Date: Sat Jan 17 10:15:12 2015 +0100 guardian.cgi: Add configure options for owncloud. The related options only will be displayed when the owncloud addon has been installed. Signed-off-by: Stefan Schantl commit 36dbcf2e43d77678cfe96ee8f58f01dc0c33f69c Author: Stefan Schantl Date: Sat Nov 1 13:42:53 2014 +0100 guardian.cgi: Allways read-in settings. Signed-off-by: Stefan Schantl commit c973d6da105f1e83423ee8d66b25a934262b069d Author: Stefan Schantl Date: Tue Oct 28 21:53:27 2014 +0100 guardian.cgi: Some more input validation. Signed-off-by: Stefan Schantl commit 473c7257215a905d6eac7fe892b46038f534737b Author: Stefan Schantl Date: Mon Oct 27 21:12:03 2014 +0100 guardian.cgi: Correct indentation when writing out the config file. Signed-off-by: Stefan Schantl commit 4a7fc9f6349f56d8f0409a1cbb3df693944a2810 Author: Stefan Schantl Date: Mon Oct 27 21:06:58 2014 +0100 guardian.cgi: Add dropdown for PriorityLevel selection. Signed-off-by: Stefan Schantl commit 96655fa6b7712d586d9ce6a11e7b2f2c47ea2c7d Author: Stefan Schantl Date: Mon Oct 27 20:16:42 2014 +0100 guardian.cgi: Fix and improve input validation. Signed-off-by: Stefan Schantl commit f8c3bfe050776a702c0f7134d21e07569a2b8d50 Author: Stefan Schantl Date: Tue Oct 21 21:55:07 2014 +0200 guardian.cgi: Reload guardian if config or the ignorelist changes. Signed-off-by: Stefan Schantl commit a35a066845d17c5cc1ebc03bb9f01e844ea20689 Author: Stefan Schantl Date: Sun Oct 19 19:58:45 2014 +0200 guardian.cgi: Add option to configure the BlockCount. Some small code fixes. Signed-off-by: Stefan Schantl commit 06ff7e28d7993d02be4e4a87bfc959b3bb375346 Author: Stefan Schantl Date: Sun Oct 19 16:46:38 2014 +0200 guardian.cgi: Accidently hardcoded some descriptions. Signed-off-by: Stefan Schantl commit 7899718f04b1a7e1288c12a49444f3e0312214d9 Author: Stefan Schantl Date: Sun Oct 19 16:43:32 2014 +0200 guardian.cgi: Add dropdown to select the used loglevel. Signed-off-by: Stefan Schantl commit a67b3e2dc53d24c7a25c4f053c4ae2e6368da1b0 Author: Stefan Schantl Date: Sun Oct 19 14:01:48 2014 +0200 guardian.cgi: Remove code for options which have been dropped from guardian. Guardian does not longer require the information for the red interface from the configfile. Guardian does not longer support a targetfile. Signed-off-by: Stefan Schantl commit 26fcd31e1f68e279c6882e9d1998f3079cc4be19 Author: Stefan Schantl Date: Sun Oct 19 13:57:30 2014 +0200 guardian.cgi: Add options to enable/disable some built-in functions from guardian. This commit allows to enable or disable the monitoring of the snort alertfile and to switch off the blocking of SSH and HTTPD Brute-force attempts. Signed-off-by: Stefan Schantl commit d2fea55e0930cdc2715855297734dd65857718fb Author: Stefan Schantl Date: Sat Aug 9 10:35:32 2014 +0200 guardian.cgi: Remove code for Blockinterfaces. We don't need this code anymore because we dropped interface support from guardian. Signed-off-by: Stefan Schantl commit 1d5702a7c3e4de0700d08c2e45a1a2891f777fa9 Author: Stefan Schantl Date: Sat Jul 5 15:09:50 2014 +0200 guardian.cgi: Connect subboxes with input elements to the main boxes. Signed-off-by: Stefan Schantl commit 5f462919d9fe730aaca4e0a0e1751df9a3b7d936 Author: Stefan Schantl Date: Mon Jun 30 17:59:28 2014 +0200 guardian.cgi: Sort blocked IP addresses. Signed-off-by: Stefan Schantl commit 8b8413e566334bfdb62776d31427cfb1162e4a36 Author: Stefan Schantl Date: Sun Jun 8 12:47:58 2014 +0200 guardian.cgi: Add hyperlink to ipinfo page for blocked hosts. Signed-off-by: Stefan Schantl commit 7f7285911c65776b061a9a2df018fec66eef064c Author: Stefan Schantl Date: Tue Jun 3 22:36:32 2014 +0200 guardian.cgi: Autodetect the used interface for red. Signed-off-by: Stefan Schantl commit 01dbccb11e113497809d74356d2d3467982a5681 Author: Stefan Schantl Date: Sun Jun 1 17:24:23 2014 +0200 guardian.cgi: New page to configure and interact with guardian. Signed-off-by: Stefan Schantl commit 0c265f57175644c55431490a2aa10b860eabc26d Author: Michael Tremer Date: Thu Jul 28 10:46:21 2016 +0100 nginx: Update to 1.8.1 Signed-off-by: Michael Tremer commit de2ee80d4ffb0d3d6a219223d1a2e0c85e6ad8c9 Author: Arne Fitzenreiter Date: Fri Jul 29 07:18:37 2016 +0200 kernel: update arm buildfix patch Signed-off-by: Arne Fitzenreiter commit 5a53d5947d29a65240a9a60e10101bc567638f0f Author: Arne Fitzenreiter Date: Thu Jul 28 18:12:13 2016 +0200 core104: add kernel to updater Signed-off-by: Arne Fitzenreiter commit bde891d1b133a8a28d487cf163ff639d989f6d9a Author: Arne Fitzenreiter Date: Thu Jul 28 18:01:32 2016 +0200 kernel: update to 3.14.74 Signed-off-by: Arne Fitzenreiter commit c5c12c9c81bd8ef085a5453fe39e53df100915c3 Author: Arne Fitzenreiter Date: Thu Jul 28 18:00:50 2016 +0200 backports: add upstream driver fixes. Signed-off-by: Arne Fitzenreiter commit 0eccc8a97c59a3ad86c9370f4cfd844e63da8d2e Author: Alexander Marx Date: Tue Jul 26 14:40:45 2016 +0200 Firewall: Add Services SSMTP and submission Signed-off-by: Alexander Marx Signed-off-by: Michael Tremer commit 24159f095246659fed4bb581384fa91784d3359e Author: Matthias Fischer Date: Fri Jul 22 22:23:24 2016 +0200 nano 2.6.1: fix in rootfile Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit c48a24dc14da1322dae72511c3e4c021602cf005 Author: Michael Tremer Date: Wed Jul 20 16:49:11 2016 +0100 core104: Include recent changes Signed-off-by: Michael Tremer commit f00699e8bb9f820f1be200a40d987b749cd278dd Author: Alf Høgemark Date: Thu Jul 14 13:14:55 2016 +0200 Change case of the unit "bit" from "Bit" to "bit" in web UI The correct case for "kilobit" is "kilobit", not "kiloBit". And the same applies for Mbit, Gbit etc. Reference is https://en.wikipedia.org/wiki/Kilobit This commit changes the texts used in the web UI, so that it correctly displays as "bit", "kbit", "Mbit" etc. This fixes bugzilla item 10918. Signed-off-by: Alf Høgemark Signed-off-by: Michael Tremer commit 5261a13d3c2f5bec97c837713720c98a3a4c161b Author: Matthias Fischer Date: Mon Jul 18 11:50:45 2016 +0200 nano: Update to 2.6.1 Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit 3b7d73d1d40b11b1eaf2ae48ebd22ef4cb587ff1 Author: Michael Tremer Date: Tue Jul 19 15:01:05 2016 +0100 Fix potential HTTPoxy vulnerability https://httpoxy.org/ Signed-off-by: Michael Tremer commit 71f578bbfc43b5cf5b6480f00ca4536bd4155143 Author: Michael Tremer Date: Tue Jul 12 14:51:18 2016 +0100 freeradius: New package Signed-off-by: Michael Tremer commit ccb35c191fe91611a8bb8d755acddccd5f803051 Author: Jonatan Schlag Date: Tue Jul 5 11:56:52 2016 +0200 Update qemu to version 2.6 This patch update qemu to version 2.6 For changelogs see: http://wiki.qemu.org/ChangeLog/2.5 http://wiki.qemu.org/ChangeLog/2.6 Qemu try to built with bluez, but before version 2.6 bluez was not used by qemu on IPFire, so I think it is better to disable bluez because nobody needs it before version 2.6 and our bluez is not the latest version so I think this will cause more problems than benefits. Signed-off-by: Jonatan Schlag Signed-off-by: Michael Tremer commit d4641215c788c54c36a7e3b3c056a1f4566af513 Author: Jonatan Schlag Date: Sat Jul 16 12:18:52 2016 +0200 Update spice to version 0.12.8 This is an security update. Recent were 2 serious security vulnerabilities published. This patch update spice to a version which is not vulnerable. Changelog: Changes in 0.12.8: ================== * Fixes for CVE-2016-0749 and CVE-2016-2150 Changes in 0.12.7: ================== * spice-server will now send TCP keepalive probes on the TCP connections it uses. This can prevent unwanted idle disconnections if proxies are used between the client and the host. * Fix important memory usage when the webdav channel is used * Do not disconnect when the client requests an unsupported compression type * Fix a few race conditions * Fix display glitch when using XSpice * Improve help string for 'replay -s' * Fix crashes in corner cases (buggy spice-html5 + win10, vnc + SPICE port configured, USB webcam redirection over a slow link) * Fix various compilation warning when building on 32 bit machines * Some fixes for big-endian machines, more work is likely to be needed * Do not build static libraries by default, this can be reenabled with --enable-static * Fix small leak in MJPEG code Signed-off-by: Jonatan Schlag Signed-off-by: Michael Tremer commit 5fb41958ce9ca71f4eee6d71f932de5a696b6e54 Author: Michael Tremer Date: Sat Jul 16 11:24:41 2016 +0100 libtiff: Bump release Signed-off-by: Michael Tremer commit 25bb3677e9090d05aa64abdbaad97ae1efae3af2 Author: Marcel Lorenz Date: Fri Jul 15 19:13:07 2016 +0200 libtiff: update to 4.0.6 The pak version from spandsp sane and foomatic are increased by one to ship packages build against new libtiff. A compat is not needed http://www.remotesensing.org/libtiff/v4.0.6.html Signed-off-by: Marcel Lorenz Reviewed-by: Jonatan Schlag Signed-off-by: Michael Tremer commit 035e2b4a9b843601b0af484d37c91fc3048f0ab7 Author: Michael Tremer Date: Sat Jul 16 10:57:04 2016 +0100 core104: Ship recently updated which Signed-off-by: Michael Tremer commit 10f8c6f421e0d635dfa303b71b7e7a2cb1694424 Author: Marcel Lorenz Date: Fri Jul 15 18:42:46 2016 +0200 which: update to 2.21 Signed-off-by: Marcel Lorenz Signed-off-by: Michael Tremer commit fb686fdef34743853f618d0b816a8e678c7c8540 Author: Jonatan Schlag Date: Fri Jul 15 17:27:15 2016 +0200 Update spice-protocol to 0.12.11 Signed-off-by: Jonatan Schlag Signed-off-by: Michael Tremer commit f5194e7a38d63fc9769dbd35eb1941a49ff716b3 Author: Michael Tremer Date: Fri Jul 15 11:08:56 2016 +0100 kernel: Fix broken syntax in configuration file Signed-off-by: Michael Tremer commit eb03f0178286ba0c049f4ef15b47d7e9ca60cc75 Author: Michael Tremer Date: Fri Jul 15 09:55:49 2016 +0100 Build bzip2 before pcre pcre is now depending on bzip2 Signed-off-by: Michael Tremer commit b61fe3f404035488e051929336d2b5159c8cb313 Author: Jonatan Schlag Date: Fri Jul 15 10:28:17 2016 +0200 Fix in libvirt install.sh/uninstall.sh The libvirt daemon was not started after installation because the initscritp is named 'libvirtd' not like the package 'libvirt'. The same problem appear in the uninstall.sh. The service was not stopped. Signed-off-by: Jonatan Schlag Signed-off-by: Michael Tremer commit 19a4317093718fc057d1a84d577593aaaee5c42e Author: Michael Tremer Date: Thu Jul 14 23:36:49 2016 +0100 core104: Ship recently updated packages Signed-off-by: Michael Tremer commit aa3ff233c2895c0f0aa32d957e7403b108e9fb2b Author: Marcel Lorenz Date: Sun Jun 26 09:58:14 2016 +0200 acpid: update to 2.0.26 Signed-off-by: Marcel Lorenz Signed-off-by: Michael Tremer commit 602696704cb13d91c87f99fd54e891040418540b Author: Marcel Lorenz Date: Sun Jun 26 09:42:04 2016 +0200 pcre: update to 8.39 http://www.pcre.org/original/changelog.txt Signed-off-by: Marcel Lorenz Signed-off-by: Michael Tremer commit c11dfb92959d60cb73092c8a740c7eabe03a09e0 Author: Marcel Lorenz Date: Sun Jun 26 10:02:54 2016 +0200 popt: update to 1.16 Signed-off-by: Marcel Lorenz Signed-off-by: Michael Tremer commit 2a53bafffe1313eec256e5466924f35d8976532d Author: Marcel Lorenz Date: Sun Jun 26 10:07:44 2016 +0200 curl: update to 7.49.1 https://curl.haxx.se/changes.html#7_49_1 Signed-off-by: Marcel Lorenz Signed-off-by: Michael Tremer commit 6ec0831ae9716497276e33c4bef3dc4500d75d9e Author: Marcel Lorenz Date: Sun Jun 26 10:08:58 2016 +0200 iputils: update to s20160308 Signed-off-by: Marcel Lorenz Signed-off-by: Michael Tremer commit 2249bb1d52f36a69aad36384e60de4a4c63b0fda Author: Marcel Lorenz Date: Sun Jun 26 10:38:18 2016 +0200 acl: update to 2.2.52 Signed-off-by: Marcel Lorenz Signed-off-by: Michael Tremer commit 04251def7f2a4f823ce5384298eb85c09676fb79 Author: Marcel Lorenz Date: Sun Jun 26 10:33:03 2016 +0200 libcap: update to 2.25 Signed-off-by: Marcel Lorenz Signed-off-by: Michael Tremer commit cc97d7b417a44749be1568478173b799a7dc5ff9 Author: Michael Tremer Date: Wed Jul 13 16:55:29 2016 +0100 collectd: Ignore *phys, macvtap* and vnet* interfaces Signed-off-by: Michael Tremer commit 2b47cc27e3fbb6478a8729bc3c8fcffa7df3538a Author: Arne Fitzenreiter Date: Wed Jul 13 13:33:21 2016 +0200 bump package version of corrupted paks. I had uploaded the wrong arch of this paks so bump version to fix this in pakfire. Signed-off-by: Arne Fitzenreiter commit a4fdc176429a03fb47f851a9767c93f8b3a19259 Author: Matthias Fischer Date: Tue Jul 12 12:37:19 2016 +0200 dnsmasq 2.76: latest patches from upstream (004-009) Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit 754efda13126e16c951f4051df6cfc9926fca490 Author: Matthias Fischer Date: Sat Jul 9 12:27:37 2016 +0200 dnsmasq 2.76: latest patches from upstream (001-003) Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit afc14499a725d2d7d6f363d6859492dc74b3300b Author: Arne Fitzenreiter Date: Mon Jul 11 16:27:58 2016 +0200 p7zip: add CVE-2016-2334 and CVE-2016-2335 patches Signed-off-by: Arne Fitzenreiter commit d0d869b022b7cc1f103227579c9175d9b2bd167b Merge: 7959134 913a442 Author: Arne Fitzenreiter Date: Mon Jul 11 15:39:53 2016 +0200 Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next commit 7959134a5564345adb1f16b42cf3d7666be9aa42 Author: Arne Fitzenreiter Date: Mon Jul 11 10:42:51 2016 +0200 kernel: disable amd ccp support ccp based trng of the apu2 produce none random data. Aes accleration is also not used because IPFire prefere AES-NI if this is supported. Signed-off-by: Arne Fitzenreiter commit 913a442a2aad8f359462d2dbaa8f29a69ed3ebd6 Author: Michael Tremer Date: Sat Jul 2 12:18:38 2016 +0200 Fix compound nouns for mail service feature Signed-off-by: Michael Tremer commit 795147c7d97b5fc691c6528bb5754f2b917a49c7 Author: Arne Fitzenreiter Date: Thu Jun 30 20:29:40 2016 +0200 kernel: arm7-multi: enable ohci_hcd needed for usb1.1 support on BananaPi Signed-off-by: Arne Fitzenreiter commit 484e62046ee462af0c102a131b0c7d47ae7f33e8 Author: Arne Fitzenreiter Date: Wed Jun 29 17:04:28 2016 +0200 kernel: update to 3.14.74 Signed-off-by: Arne Fitzenreiter commit 01e38218c9193c9747ae9fca2a48345ff262af9e Author: Arne Fitzenreiter Date: Wed Jun 29 17:00:29 2016 +0200 backports: r8152 add lenovo and nvidia usb id this id's are blacklisted in new cdc_ether module because the r8152 module should used but the 3.14 module not know this id's. Signed-off-by: Arne Fitzenreiter commit dc2e0320d3bfdaf0f2c51f6ed7297c3140806482 Author: Michael Tremer Date: Mon Jun 27 23:18:39 2016 +0100 core104: Ship updated libarchive Signed-off-by: Michael Tremer commit a3cab8134a87712723a5a4a76e0e5deee4b02864 Author: Marcel Lorenz Date: Sun Jun 26 09:27:58 2016 +0200 libarchive: update to 3.2.1 Fixes CVE-2016-4301 Libarchive mtree parse_device Code Execution Vulnerability Signed-off-by: Marcel Lorenz Signed-off-by: Michael Tremer commit f7029f205713edc6f523c58685e2f420b5d2852e Author: Stefan Schantl Date: Wed Jun 22 14:19:24 2016 +0200 core 104: Add updated snort. Signed-off-by: Stefan Schantl commit fee796dcb761b70911644311e7dba98f7727cb79 Author: Stefan Schantl Date: Wed Jun 22 14:18:36 2016 +0200 core 104: Add changed ids.cgi. Signed-off-by: Stefan Schantl commit b1e8c4b521d8b8759c63985812f17d7c23ffe753 Author: Stefan Schantl Date: Wed Jun 22 14:13:49 2016 +0200 snort: Rootfile update. Rootfile update for snort 2.9.8.2 which has been overlocked in commit 5a5e5f04a7cb2a6c39be2a53205d42b99ab80885. Signed-off-by: Stefan Schantl commit 60ef4f6704c5a0cc2d971dccc90f81d4f0a051ce Author: Stefan Schantl Date: Tue Jun 21 12:02:49 2016 +0200 Add updated ddns to core 104. Signed-off-by: Stefan Schantl commit 312ba20037df7db21abaeb4fcf5ee687d9c90dbe Author: Stefan Schantl Date: Tue Jun 21 11:59:18 2016 +0200 ddns: Update to version 010. This update fixes some smaller issues on various dynamic DNS providers and adds support for DuckDNS as new provider. Signed-off-by: Stefan Schantl commit 59232d72251e46011b92501b7538bfe24e869ffa Merge: 3a376d9 96aeacd Author: Stefan Schantl Date: Tue Jun 21 10:08:07 2016 +0200 Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next commit 96aeacd808bbde03997e7d699bed16605095c8a8 Author: Jonatan Schlag Date: Fri Jun 17 13:06:41 2016 +0200 Change the default qemu user and group of libvirt Changes the libvirt user to nobody and the group to kvm this is a bit safer as to use root for both. Signed-off-by: Jonatan Schlag Signed-off-by: Michael Tremer commit 5cc7ae0926454f93998f7c25b931dae7eec0539d Author: Jonatan Schlag Date: Fri Jun 17 13:06:40 2016 +0200 Qemu: add a group kvm to access /dev/kvm eaiser As a normal user, it is not possible to use qemu with KVM. This is bad because it is better when it is possible to start the machine with a less privileged user. To achieve this a group KVM is created and the access to /dev/kvm is allowed for this group. So every user in this group can use qemu with KVM. This change is also useful for libvirt because the VMs can be started with user nobody and group kvm. Signed-off-by: Jonatan Schlag Signed-off-by: Michael Tremer commit 1dd61e0594e92155642039d3229e1505f8aea937 Author: Michael Tremer Date: Sun Jun 19 09:54:32 2016 +0100 Rootfile update Signed-off-by: Michael Tremer commit 0204a3c5bff8b22c880b2fb181814a25c2c3e3b9 Author: Michael Tremer Date: Fri Jun 17 13:07:10 2016 +0100 core104: Ship updated shadow-utils and remove old files Signed-off-by: Michael Tremer commit 4787315b6e67b486e813292d45402ee3890a3e7b Author: Marcel Lorenz Date: Sat Mar 19 08:10:25 2016 +0100 shadow: update to 4.2.1 The "groups" from the coreutils package is used (/usr/bin/groups) Signed-off-by: Marcel Lorenz Signed-off-by: Michael Tremer commit 1bddfa5abf7a970bb6a1df90271bc6e2c67154a5 Author: Michael Tremer Date: Thu Jun 16 09:34:24 2016 +0100 core104: Ship updated pakfire functions.sh Signed-off-by: Michael Tremer commit e6fd1f2d3876aae2c37051fce718f68712fdee4a Author: Jonatan Schlag Date: Fri Jun 10 10:13:41 2016 +0200 Fix in pakfire functions.sh The if statement in line 89 and 99 are useless with the -e conditional expression because it returns true if the path ist a regular file or a directory. So "/etc/init.d/ " returns true and "/etc/init.d/avahi" return also true, but the statement should return only true if we have a regular file. So -f if the right conditional expression, and we only try to execute the init script if the path "/etc/init.d/${1}" points to a regular file. Signed-off-by: Jonatan Schlag Signed-off-by: Michael Tremer commit 77d989a66726dfe8282d00eec25f1cca80aca118 Author: Jonatan Schlag Date: Fri Jun 10 10:57:13 2016 +0200 Change the default libvirt remote user to libvirt-remote It is possible to communicate per ssh via a socket with libvirt. It is not a good idea to do this as root, so the remote user is now libvirt-remote. Only this user or users in the group libvirt-remote can communicate with the socket. The user libvirt-remote is created without a password. The users have to set a password for this user after installation. Signed-off-by: Jonatan Schlag Signed-off-by: Michael Tremer commit 6c2720cac6c4d807e7608d10d15349854714a8e0 Author: Michael Tremer Date: Thu Jun 16 09:28:34 2016 +0100 core104: Add ntp update Signed-off-by: Michael Tremer commit 6ce32b1d84a539bae4503fbfe0cb043edb919265 Author: Matthias Fischer Date: Tue Jun 14 12:44:48 2016 +0200 ntp: Update to 4.2.8p8 It addresses 1 high- and 4 low--severity security issues, 4 bugfixes, and contains other improvements over 4.2.8p7. For a complete list, see: http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit 51f69a46533e2ed7a9c29de23b9ec791d27cc80b Author: Matthias Fischer Date: Sun May 1 12:29:02 2016 +0200 ntp: Update to 4.2.8p7 It addresses 11 low- and medium-severity security issues, 16 bugfixes, and contains other improvements over 4.2.8p6. For a complete list, see: http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit 2e45b1125bc54f5376b57905541cd1309364579a Author: Matthias Fischer Date: Sat Feb 6 23:37:50 2016 +0100 ntp: Update to 4.2.8p6 "...addresses 9 low- and medium-severity security issues, 10 bugfixes, and contains other improvements over 4.2.8p5." For a complete list, see: http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit 44285d92a297f27310b3bf4de3d5c0af15a82462 Author: Michael Tremer Date: Thu Jun 16 09:26:55 2016 +0100 core104: Add wget update Signed-off-by: Michael Tremer commit e072f094e6fcb20a718caaef91ba9766258e2377 Author: Matthias Fischer Date: Tue Jun 14 12:33:00 2016 +0200 wget: Update to 1.18 Excerpt from annoncement: "This version fixes a security vulnerability (CVE-2016-4971) present in all old versions of wget. The vulnerability was discovered by Dawid Golunski which were reported to us by Beyond Security's SecuriTeam. On a server redirect from HTTP to a FTP resource, wget would trust the HTTP server and uses the name in the redirected URL as the destination filename. This behaviour was changed and now it works similarly as a redirect from HTTP to another HTTP resource so the original name is used as the destination file. To keep the previous behaviour the user must provide --trust-server-names." Best, Mat-backfromholidays-thias Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit 6118218c192bdd0a957e787114190bfc9c440da0 Author: Matthias Fischer Date: Mon Feb 8 14:10:57 2016 +0100 wget: Update to 1.17.1 Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit b6c0145236385bcef7b3fa016f2884f64a2bc9f0 Author: Michael Tremer Date: Thu Jun 16 09:24:22 2016 +0100 Start Core Update 104 Signed-off-by: Michael Tremer commit 3a376d999ecf485803c270e3d9d6f767c0378ba9 Author: Matthias Fischer Date: Sun May 1 07:35:32 2016 +0200 snort 2.9.8.2: update snort download url Update for http://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=0aff7b81965c06756ff42482ef0aa3ccfa68bf8f Update url is set to 'snortrules-snapshot-2982.tar.gz' Signed-off-by: Matthias Fischer Signed-off-by: Stefan Schantl commit 5a5e5f04a7cb2a6c39be2a53205d42b99ab80885 Author: Matthias Fischer Date: Fri Apr 1 08:40:00 2016 +0200 snort: Update to 2.9.8.2 Release notes: 2016-03-09 - Snort 2.9.8.2 [*] New additions * Future-flow and DNS API exposed to lua detector. * Double VLAN tagging support. [*] Improvements * Performance improvements to AppID. * Stability improvements to file and ftp_telnet preprocessor. * Fixed several issues with SDF and obfuscation. * Resolved an issue of improper handling of malformed DNS host in AppID. * HTTP PAF accepts all tokens between method and version strings in a request URI. * Resolved snort build issue with "--disable-perfprofiling" configure option. * Enhanced mime parsing by adding support for detecting files after unknown headers and no headers. * Fixed issue with gzip decompression. If the server response specifies Content-Encoding as GZIP, but no Content-Length field for HTTP ver 1.0. * End of Header(EOH) identification for HTTP response header spanning multiple packets. * Improved packet reassembly for HTTP. * Fixed Flash LZMA decompression issue. For details see: https://www.snort.org/downloads/snort/changelog_2.9.8.2.txt Signed-off-by: Matthias Fischer Signed-off-by: Stefan Schantl commit 00c2bfe89b236ebbd0306d19965c9087b3aaf485 Author: Matthias Fischer Date: Fri Dec 11 19:38:26 2015 +0100 snort 2.9.8.0: Updated rootfile snort 2.9.8.0: Updated rootfile Signed-off-by: Matthias Fischer Signed-off-by: Stefan Schantl commit cf074eb256e1254f3463f62d3e1893cca56ca2ff Author: Matthias Fischer Date: Thu Dec 10 07:40:18 2015 +0100 snort: Update to 2.9.8.0 snort: Update to 2.9.8.0 Release notes: https://snort.org/downloads/snort/release_notes_2.9.8.0.txt Changelog: https://snort.org/downloads/snort/changelog_2.9.8.0.txt Signed-off-by: Matthias Fischer Signed-off-by: Stefan Schantl ----------------------------------------------------------------------- hooks/post-receive -- IPFire 2.x development tree