This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree". The branch, core111 has been created at 488c7e7e31d52387609a3ee8b29015158d7ecaf3 (commit) - Log ----------------------------------------------------------------- commit 488c7e7e31d52387609a3ee8b29015158d7ecaf3 Author: Michael Tremer Date: Thu May 18 11:55:20 2017 +0100 core111: Ship updated cpio Signed-off-by: Michael Tremer commit 42661bf875f609f13e0757a9838a70d07aa57269 Author: Michael Tremer Date: Tue Apr 25 11:13:04 2017 +0200 cpio: Update to 2.12 FTBFS on aarch64 Signed-off-by: Michael Tremer commit 8c31790a2f706ff05471e864ecde7853fec0cb3a Author: Michael Tremer Date: Thu Apr 13 19:16:25 2017 +0200 ccache: Cleanup makefile Signed-off-by: Michael Tremer commit b4b62a341450b085fd95b4f5f8ce4da09bec4327 Author: Michael Tremer Date: Thu Apr 13 19:02:21 2017 +0200 make.sh: Set TOOLCHAIN=1 in toolchain stage This allows better lfs files and fewer ifdefs in toolchain stage. Signed-off-by: Michael Tremer commit e467a2f274cdff830b5d3646ed9c9ac5a117940d Author: Michael Tremer Date: Thu Apr 13 19:01:28 2017 +0200 make.sh: Adjust toolchain PATH in lfsmake1 instead of globally Signed-off-by: Michael Tremer commit fdfddd64620ea6fcb109f50633c304f14a354b4d Author: Michael Tremer Date: Sat Apr 8 12:12:42 2017 +0200 kernel headers: Install correct headers for all architectures Signed-off-by: Michael Tremer commit 70ba2380d3088a4384abd25893d2d93828b627b0 Author: Michael Tremer Date: Wed Apr 12 11:38:42 2017 +0200 fake-environ: Fix typos Signed-off-by: Michael Tremer commit 3f9ecfdc27263ed0c419a3500112411f5c07b08c Author: Michael Tremer Date: Fri May 5 14:10:36 2017 +0200 make.sh: Show last lines of log when build aborts Signed-off-by: Michael Tremer commit a0ab2f880e9dd8809b327b9245fb36cd7cb9b67e Author: Michael Tremer Date: Thu May 18 11:47:07 2017 +0100 Start Core Update 111 Signed-off-by: Michael Tremer commit 12b0a9da205108e5ce706913ff4c9553e58284f9 Merge: 844e542 2a77d2a Author: Michael Tremer Date: Thu May 18 11:24:41 2017 +0100 Merge remote-tracking branch 'origin/master' into next commit 844e542e60d0f1b01546a1e81d5b35b96ce9eba1 Merge: 59b2133 c335b0c Author: Michael Tremer Date: Thu May 18 11:22:20 2017 +0100 Merge remote-tracking branch 'ms/wlanclient' into next commit c335b0cd8edb800795cf1b4422043ef3c24a036b Author: Michael Tremer Date: Tue May 16 16:02:25 2017 +0200 index.cgi: Show WiFi properties on front page Signed-off-by: Michael Tremer commit 0628d956a7cc1d952b236494de0559cbea52c0ff Author: Michael Tremer Date: Tue May 16 15:05:25 2017 +0200 WiFi: Show EAP status on wireless client page This patch adds some status information so that we know what authentication an access point is using. Signed-off-by: Michael Tremer commit 59b2133892ca3592da4aaa92e57bb38ba924191b Author: Michael Tremer Date: Tue May 16 11:33:40 2017 +0100 tor: Update to 0.3.0.7 Fixes various security vulnerabilities of medium severity in the relay component. Signed-off-by: Michael Tremer commit a7f7657c4b2282e3f3f33e1dfb7c4d4a963ad713 Author: Gabriel Rolland Date: Thu May 4 10:28:35 2017 +0200 Italian translations in it.pl after 110 Missing or incorrect translations. Signed-off-by: Michael Tremer commit 5e06cb2778c66096d4b4f2cf443f45e3d126c6bb Author: Matthias Fischer Date: Fri May 5 23:22:30 2017 +0200 web-user-interface: Fix for rootfile Added 'back.png' for Firewall-GUI Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit 86282bdc7dc7a45872558866aadbb780fcd12f43 Author: Michael Tremer Date: Fri May 5 12:02:21 2017 +0100 vpnmain.cgi: Fix typo Signed-off-by: Michael Tremer commit f2c94780088c6b172e63493705906142dbad0727 Author: Michael Tremer Date: Fri May 5 11:31:36 2017 +0100 wlan client: Generate wpa_supplicant configuration file for EAP Signed-off-by: Michael Tremer commit 19f0fa5694d9224c128ff362673c42e9b169351c Author: Michael Tremer Date: Fri May 5 11:17:06 2017 +0100 wlan client: Allow configuration of EAP-PEAP and EAP-TTLS on web user interface Signed-off-by: Michael Tremer commit 415cbcecfae2330a8c4211dc4c17e8a98ee4f64b Author: Matthias Fischer Date: Sun Apr 30 12:59:23 2017 +0200 GUI: Some simple FW-Log cosmetics I altered 'showrequestfromcountry.dat', 'showrequestfromip.dat' and 'showrequestfromport.dat' in the same manner as the 'Loggraphs'-Pages in commit Each 'Details'-page got a unique title. Furthermore, I added a 'Back'-Button to go back to the previous page. For this, I used 'back.png' from 'wio' (thanks Stephan! ;-) ) since I found no other appropriate image. 'ipinfo.cgi' got a centered 'Back'-Button, too. Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit 057aaf42b6c6f82eb14808b5167eec703bcc4989 Author: Matthias Fischer Date: Fri Apr 28 21:29:58 2017 +0200 BUG 11305: Suggested fix for '/var/log/btmp' permissions Fixes BUG 11305, for details see: https://bugzilla.ipfire.org/show_bug.cgi?id=11305 Best, Matthias Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit 094a27c8f9bf39b5b5b6df1a28d976d9f52e776f Author: Michael Tremer Date: Sun Apr 30 13:09:51 2017 +0100 unbound: Update dnssec-status file The status file was not updated when DNSSEC was disabled before and has been enabled after which always caused the webif to show that DNSSEC was disabled. Fixes #11315 Signed-off-by: Michael Tremer commit b5fe050fce03a7ee2547a1162452c8211d2eea8d Author: Matthias Fischer Date: Mon Apr 24 20:56:29 2017 +0200 unbound: Update to 1.6.2 For details see: http://www.unbound.net/download.html Best, Matthias Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit 07002f2bca7efd49d8baea0dadf193a29f27604b Author: Matthias Fischer Date: Tue Apr 25 21:08:32 2017 +0200 bind: Update to 9.11.1 For details see: https://ftp.isc.org/isc/bind9/9.11.1/RELEASE-NOTES-bind-9.11.1.html "Security Fixes rndc "" could trigger an assertion failure in named. This flaw is disclosed in (CVE-2017-3138). [RT #44924] Some chaining (i.e., type CNAME or DNAME) responses to upstream queries could trigger assertion failures. This flaw is disclosed in CVE-2017-3137. [RT #44734] dns64 with break-dnssec yes; can result in an assertion failure. This flaw is disclosed in CVE-2017-3136. [RT #44653] If a server is configured with a response policy zone (RPZ) that rewrites an answer with local data, and is also configured for DNS64 address mapping, a NULL pointer can be read triggering a server crash. This flaw is disclosed in CVE-2017-3135. [RT #44434] A coding error in the nxdomain-redirect feature could lead to an assertion failure if the redirection namespace was served from a local authoritative data source such as a local zone or a DLZ instead of via recursive lookup. This flaw is disclosed in CVE-2016-9778. [RT #43837] named could mishandle authority sections with missing RRSIGs, triggering an assertion failure. This flaw is disclosed in CVE-2016-9444. [RT #43632] named mishandled some responses where covering RRSIG records were returned without the requested data, resulting in an assertion failure. This flaw is disclosed in CVE-2016-9147. [RT #43548] named incorrectly tried to cache TKEY records which could trigger an assertion failure when there was a class mismatch. This flaw is disclosed in CVE-2016-9131. [RT #43522] It was possible to trigger assertions when processing responses containing answers of type DNAME. This flaw is disclosed in CVE-2016-8864. [RT #43465] Added the ability to specify the maximum number of records permitted in a zone (max-records #;). This provides a mechanism to block overly large zone transfers, which is a potential risk with slave zones from other parties, as described in CVE-2016-6170. [RT #42143] Bug Fixes A synthesized CNAME record appearing in a response before the associated DNAME could be cached, when it should not have been. This was a regression introduced while addressing CVE-2016-8864. [RT #44318] named could deadlock if multiple changes to NSEC/NSEC3 parameters for the same zone were being processed at the same time. [RT #42770] named could trigger an assertion when sending NOTIFY messages. [RT #44019] Referencing a nonexistent zone in a response-policy statement could cause an assertion failure during configuration. [RT #43787] rndc addzone could cause a crash when attempting to add a zone with a type other than master or slave. Such zones are now rejected. [RT #43665] named could hang when encountering log file names with large apparent gaps in version number (for example, when files exist called "logfile.0", "logfile.1", and "logfile.1482954169"). This is now handled correctly. [RT #38688] If a zone was updated while named was processing a query for nonexistent data, it could return out-of-sync NSEC3 records causing potential DNSSEC validation failure. [RT #43247]" Best, Matthias Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit abd12bd073dd0be74d97e2f204027f2a4346549a Author: Matthias Fischer Date: Tue Apr 25 21:13:17 2017 +0200 nano: Update to 2.8.1 For details see: https://www.nano-editor.org/news.php Best, Matthias Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit 3d5c499e0ca73c9a787815b8894d6cfcb0416a1b Author: Matthias Fischer Date: Fri Apr 28 08:17:33 2017 +0200 logrotate: Update to 3.12.1 For details see: https://github.com/logrotate/logrotate/blob/master/ChangeLog.md Best, Matthias Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit f3dfb261c8c78f7806bcf215646f9d3618d151f5 Author: Michael Tremer Date: Fri Apr 28 13:03:46 2017 +0100 OpenVPN: Mark SHA1 as weak Signed-off-by: Michael Tremer commit 7090074557516deaaff9b1a84f4f8beec6c4dadd Author: Michael Tremer Date: Fri Apr 28 13:01:41 2017 +0100 OpenVPN: Use SHA512 by default This will break compatibility with old clients like Windows XP, but these are too old now to be supported. SHA1 is considered to be weak and should not be used any more Signed-off-by: Michael Tremer commit 0e8f275e80d8ad517019f7c0f8349a5a16ea9f1b Author: Matthias Fischer Date: Sat Apr 22 18:17:27 2017 +0200 vnstat: Update to 1.17 For details see: http://humdi.net/vnstat/CHANGES Please note - this commit is based on: http://git.ipfire.org/?p=people/mfischer/ipfire-2.x.git;a=commit;h=f92c3ef6b97d4bd5e3db9c6c783ab0059016b211 1.15 was running here since then, upgrading to 1.17 showed no problems so far. Best, Matthias Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit d55d05b6cb6bb3ddb7fde20d975cf4f9546afedf Author: Matthias Fischer Date: Tue Jul 12 12:56:42 2016 +0200 vnstat: Update to 1.15 Changelog: http://humdi.net/vnstat/CHANGES I had to add some 'configure'-lines to build this - nevertheless: its working. ;-) 'vnstat.conf' needed some additional 'sed'-lines, too. Please review, test and confirm. Best, Matthias Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit 1bea8be2ce2ce0c4ee2a07bcffb978f4ea07ab89 Author: Matthias Fischer Date: Fri Apr 21 22:37:28 2017 +0200 GUI: Some simple FW-Log cosmetics Fixed the 'details'-Button in 'firewalllogcountry.dat' by adding missing translation string. Each 'Loggraphs'-Page got a unique title and a new heading for the corresponding diagram. Just cosmetics... Best, Matthias Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit 723d1d911ff717ac43c24738960e76fca11c4cbd Author: Matthias Fischer Date: Fri Apr 21 19:00:21 2017 +0200 unbound 1.6.1: Linking against libevent2 Hi, this was triggered by unbound-users(a)unbound.net - it seems that the 'configure'-option '--with-libevent-support' is not enough: ***SNIP*** ... When building unbound with --with-libevent support, the make install phase should also call make unbound-event-install or else unbound-event.h does not get installed and the header file for using the unbound event functionality is not available. ... This install is triggered by the option --enable-event-api. Just enabling --with-libevent does not trigger the install by itself. Best regards, Wouter ... ***SNAP*** I built 'unbound' this way - its running without any problems so far. Best, Matthias Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit 1fab4edfa690b410a255b9dd1d896178512e03d5 Author: Michael Tremer Date: Thu Apr 20 13:00:42 2017 +0100 IPsec: Show status in WUI when VPN is connecting This is helpful when debugging on-demand connections when you can see if strongswan tries to connect or is still idle. Signed-off-by: Michael Tremer commit c94d1976d3bf2fd760834a0093eeb286a90c8fdd Author: Michael Tremer Date: Thu Apr 20 12:53:53 2017 +0100 IPsec: Mark MODP<=1024 and MD5 as broken and SHA1 as weak Since we somehow have to support these algorithms this patch adds some information for the user that it is very strongly discouraged to use them in production. Signed-off-by: Michael Tremer commit 2c2cf3918bee850ede133562ae1c42bf8c73ef68 Author: Michael Tremer Date: Thu Apr 20 12:44:27 2017 +0100 IPsec: Allow using MODP-768 in proposal MODP-768 is broken but some systems out there (for example old Cisco ASAs) do not support anything better. Hence it is better to allow this instead of using no VPN at all. Signed-off-by: Michael Tremer commit 1e645047b23939036c5aa4c86c0709c8b128a906 Author: Matthias Fischer Date: Mon Apr 10 00:35:50 2017 +0200 libevent2: Update to 2.1.8-stable Contains lots of build- and bugfixes since 2.0.22 - for details see: https://raw.githubusercontent.com/libevent/libevent/release-2.1.8-stable/ChangeLog Best, Matthias Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit 4d376982163c134907415d44778af2a1f03b1485 Author: Matthias Fischer Date: Wed Apr 19 15:26:06 2017 +0200 Revert "gdbm: update to 1.13" This reverts commit dc539daf8823ef97c931f12b514453c25e867c45. With "gdbm-Update to 1.13", 'php 5.3.27' failed to build. Best, Matthias Signed-off-by: Michael Tremer commit b7d071af817c11b6daf54abfeea82360185208f3 Author: Matthias Fischer Date: Wed Apr 19 10:10:05 2017 +0200 php 5.3.27: Source format improvements Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit 4c6b2034921fcfbff5fc92ab567c56c47fe99137 Author: Marcel Lorenz Date: Tue Apr 18 14:56:05 2017 +0200 git: update to 2.12.1 Signed-off-by: Marcel Lorenz Signed-off-by: Michael Tremer commit 77cdccf4c0a2b1c0a2b8d6e4aab86fbcbd5439b9 Author: Matthias Fischer Date: Sun Apr 16 23:01:33 2017 +0200 BUG 11318: Fix deletion of temporary files from IPTables-GUI For details see: https://bugzilla.ipfire.org/show_bug.cgi?id=11318 Temporary files for 'iptables', 'iptablesmangle' and 'iptablesnat' created by 'iptables.cgi' were not deleted after use but stayed in '/srv/weg/ipfire/html/'. As a workaround I changed 'getipstat.c' to create these files in '/var/tmp' and the "open (file..." and "rm" commands in 'iptables.cgi'. Works here. Best, Matthias Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit ac69a292a8b41224b31e7dd8c0335e3d9b604129 Author: Matthias Fischer Date: Mon Apr 17 14:25:59 2017 +0200 libevent2-compat: newpackage Keeps older packages that have been linked against this version of libevent2 working. Best, Matthias Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit d68ead3decfdcc4ca4a1413e33f3c47270799836 Author: Matthias Fischer Date: Mon Apr 17 00:16:02 2017 +0200 Fix for guardian-CGI: As a result of fixing BUG11318 This is necessary because commit bf1985fae5baca327fcded31264f45638442f02e changes the place where temporary files from 'iptables' are stored. Some typos where fixed, too. Best, Matthias Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit 935f05065e79ec06b529a44631ffcf50199d8cf0 Author: Michael Tremer Date: Mon Apr 17 12:36:49 2017 +0100 Rootfile update Signed-off-by: Michael Tremer commit 52883a8e9efd1a9949fc1d4419800f4728cd5466 Author: Jonatan Schlag Date: Sun Apr 16 19:36:22 2017 +0200 Build python3-libvirt only on i586 and x86_64 Libvirt is build only on these arches and the bindings make only with libvirt sense so we should build them only on these two arches too. Signed-off-by: Jonatan Schlag Signed-off-by: Michael Tremer commit fd15f250e8e7d372cc767ec4482fe3b64a23dc39 Author: Jonatan Schlag Date: Sat Apr 15 15:56:22 2017 +0200 Add package python3-libvirt This new package provides the python3 bindings for libvirt. Signed-off-by: Jonatan Schlag Signed-off-by: Michael Tremer commit dc539daf8823ef97c931f12b514453c25e867c45 Author: Marcel Lorenz Date: Sun Apr 16 19:35:50 2017 +0200 gdbm: update to 1.13 Signed-off-by: Marcel Lorenz Signed-off-by: Michael Tremer commit ae3b38d473ae6929fd61b42513f4e636cabe55f0 Author: Jonatan Schlag Date: Sat Apr 15 15:48:54 2017 +0200 Update python3 to 3.6.1 Signed-off-by: Jonatan Schlag Signed-off-by: Michael Tremer commit 6db46712114eb663688d7ddb988afec47677a90e Author: Matthias Fischer Date: Sun Apr 16 14:13:33 2017 +0200 ipset: Update to 6.32 Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit e1fb40529c3b843ba97868c0928c23db715f9db9 Author: Matthias Fischer Date: Sun Apr 16 14:38:46 2017 +0200 coreutils: Update to 8.27 Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit 8e5116af265d59d09808ea5a6e77fbfb19646f73 Author: Jonatan Schlag Date: Sat Apr 15 14:01:30 2017 +0200 Update libvirt to 3.1.0 This patch update the libvirt library to version 3.1.0 We can not update to the latest version in the moment because version 3.2.0 has a annoying bug. Signed-off-by: Jonatan Schlag Signed-off-by: Michael Tremer commit 91c35e4838b4e059c67240bb54cd32eefd105da3 Author: Matthias Fischer Date: Sun Apr 16 14:11:10 2017 +0200 bind: Update to 9.11.0-P5 For details see: https://ftp.isc.org/isc/bind9/9.11.0-P5/RELEASE-NOTES-bind-9.11.0-P5.html "BIND 9.11.0-P5 addresses the security issues described in CVE-2017-3136, CVE-2017-3137, and CVE-2017-3138, and updates the built-in trusted keys for the root zone. Security Fixes rndc "" could trigger an assertion failure in named. This flaw is disclosed in (CVE-2017-3138). [RT #44924] Some chaining (i.e., type CNAME or DNAME) responses to upstream queries could trigger assertion failures. This flaw is disclosed in CVE-2017-3137. [RT #44734] dns64 with break-dnssec yes; can result in an assertion failure. This flaw is disclosed in CVE-2017-3136. [RT #44653] If a server is configured with a response policy zone (RPZ) that rewrites an answer with local data, and is also configured for DNS64 address mapping, a NULL pointer can be read triggering a server crash. This flaw is disclosed in CVE-2017-3135. [RT #44434] A coding error in the nxdomain-redirect feature could lead to an assertion failure if the redirection namespace was served from a local authoritative data source such as a local zone or a DLZ instead of via recursive lookup. This flaw is disclosed in CVE-2016-9778. [RT #43837] named could mishandle authority sections with missing RRSIGs, triggering an assertion failure. This flaw is disclosed in CVE-2016-9444. [RT #43632] named mishandled some responses where covering RRSIG records were returned without the requested data, resulting in an assertion failure. This flaw is disclosed in CVE-2016-9147. [RT #43548] named incorrectly tried to cache TKEY records which could trigger an assertion failure when there was a class mismatch. This flaw is disclosed in CVE-2016-9131. [RT #43522] It was possible to trigger assertions when processing responses containing answers of type DNAME. This flaw is disclosed in CVE-2016-8864. [RT #43465] Bug Fixes A synthesized CNAME record appearing in a response before the associated DNAME could be cached, when it should not have been. This was a regression introduced while addressing CVE-2016-8864. [RT #44318] Best, Matthias Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit 4d8d78169fd108b526aa85a204dee080f277228a Author: Matthias Fischer Date: Thu Apr 13 09:08:21 2017 +0200 cups-filters: Fix for lfs-file (dropped avahi package) Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit 076ad71576609f66f9a99cf4c14c75dbcd1a8220 Author: Michael Tremer Date: Wed Apr 12 17:35:43 2017 +0100 avahi: Drop package The daemon locks up when starting up in avahi_log_info() and probably the other logging functions, too. Since avahi is not really used a lot in the distribution, has been in testing for four years and has virtually no users I am going to drop it instead of wasting time on fixing this. Signed-off-by: Michael Tremer commit 7cbdd31d6e3e15be0b6856ab792b4edf7678cbb5 Author: Michael Tremer Date: Tue Apr 11 14:26:57 2017 +0100 graphs.pl: Fix HTML syntax error The missing ' caused that a different URL was called Signed-off-by: Michael Tremer commit 30b980a84dd89aea8d49ad5d93b2b033c38f48e8 Author: Matthias Fischer Date: Mon Apr 10 14:10:28 2017 +0200 kbd 1.12: Update for rootfile Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit a696f575104e9bca3ae6df6d36f01b9a63c6c70c Author: Matthias Fischer Date: Sun Apr 9 18:19:49 2017 +0200 rrdtool 1.6.0: fix for rootfile Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit f0c71e72b0f84400127d7ebc9e34f2805ebbec81 Author: Michael Tremer Date: Tue Apr 11 14:11:16 2017 +0100 ltrace: New package Signed-off-by: Michael Tremer commit c4f3b29a9de4ced24110c39f818afd59c977d296 Author: Michael Tremer Date: Tue Apr 11 14:10:53 2017 +0100 elfutils: Update rootfile Signed-off-by: Michael Tremer commit 015640d67161b27e729e6bc31b32eb838afd5060 Author: Michael Tremer Date: Tue Apr 11 13:05:53 2017 +0100 elfutils: New package Signed-off-by: Michael Tremer commit 778979f630b0157f7bcee40087a80dae6076c4b4 Author: Michael Tremer Date: Tue Apr 11 13:05:22 2017 +0100 dbus: Update to 1.11.12 Signed-off-by: Michael Tremer commit a0168f9fca199e78bf88ab263deaec3a2c8e977e Author: Timo Eissler Date: Fri Apr 7 21:59:40 2017 +0200 nmap: remove uninstall_ndiff from rootfile Signed-off-by: Timo Eissler Signed-off-by: Michael Tremer commit b3ee263b07d24c115614e2d5ceb909f1afe10c80 Author: Michael Tremer Date: Thu Apr 6 19:12:06 2017 +0100 QoS: Enable IMQ multi queueing This increases throughput when QoS is activated since now all available CPU cores will be used Signed-off-by: Michael Tremer commit d0755f4cb2e8d1d1332f6624b6d8d7adf0db9192 Author: Michael Tremer Date: Thu Apr 6 19:00:45 2017 +0100 Rootfile update Signed-off-by: Michael Tremer commit e4d7dc1ea473e655adf0b72c6c7bb9eea91b50aa Author: Michael Tremer Date: Thu Apr 6 12:52:10 2017 +0100 dhcp: Fix extracting bundled BIND package Signed-off-by: Michael Tremer commit 4a3940a15fcec5977955be1aadd2f46075b401b4 Author: Marcel Lorenz Date: Fri Mar 17 15:50:03 2017 +0100 gcc: update to 4.9.4 This is only a bugfix release https://gcc.gnu.org/gcc-4.9/changes.html Signed-off-by: Marcel Lorenz Signed-off-by: Michael Tremer commit a8c2aae946a5184f89baec9f5fd4f68bd3e9ddd4 Author: Marcel Lorenz Date: Fri Mar 17 16:00:04 2017 +0100 mpfr: update to 3.1.5 Signed-off-by: Marcel Lorenz Signed-off-by: Michael Tremer commit fcab4e5f187a370f5e72be0226560f83b50a5b65 Author: Marcel Lorenz Date: Fri Mar 17 15:26:06 2017 +0100 gmp: update to 6.1.2 Signed-off-by: Marcel Lorenz Signed-off-by: Michael Tremer commit a309f3b5c387a436df4c44ef4e7bf48d832a279a Author: Marcel Lorenz Date: Fri Mar 17 15:20:07 2017 +0100 pcre: update to 8.40 Signed-off-by: Marcel Lorenz Signed-off-by: Michael Tremer commit 85ca3a529baffa6ce20c27eca31a4877d2d52b69 Author: Marcel Lorenz Date: Fri Mar 17 15:11:12 2017 +0100 rrdtool: update to 1.6.0 Signed-off-by: Marcel Lorenz Signed-off-by: Michael Tremer commit e9dae64ea1788d181ea482315642cc196576d21a Author: Marcel Lorenz Date: Fri Mar 17 16:11:36 2017 +0100 pkg-config: update to 0.29.1 Signed-off-by: Marcel Lorenz Signed-off-by: Michael Tremer commit f4574da97a680b7467506fec52fe7954a00bcb48 Author: Marcel Lorenz Date: Fri Mar 17 16:16:57 2017 +0100 nmap: update to 7.40 Signed-off-by: Marcel Lorenz Signed-off-by: Michael Tremer commit f155baa6f034f8935337578afd33cdc30fd37760 Author: Marcel Lorenz Date: Fri Mar 17 16:23:13 2017 +0100 m4: update to 1.4.18 Signed-off-by: Marcel Lorenz Signed-off-by: Michael Tremer commit e0e3f3a3e7520a4fdfacf543698c4a96871aed9e Author: Marcel Lorenz Date: Sat Mar 18 11:16:16 2017 +0100 acpid: update to 2.0.28 Signed-off-by: Marcel Lorenz Signed-off-by: Michael Tremer commit 6c96150b453b7ad81d329c5fbaedb39afbed6715 Author: Marcel Lorenz Date: Sat Mar 18 11:25:05 2017 +0100 unzip: update to 60 Signed-off-by: Marcel Lorenz Signed-off-by: Michael Tremer commit 49e3621c32f02b90e69c1249778dd8a818566e53 Author: Michael Tremer Date: Thu Apr 6 10:04:34 2017 +0100 gzip: Drop patch that is no longer applied Signed-off-by: Michael Tremer commit 3b7a290523569bf7d083ae988060a527b7fa5998 Author: Marcel Lorenz Date: Sat Mar 18 11:30:31 2017 +0100 gzip: update to 1.8 Signed-off-by: Marcel Lorenz Signed-off-by: Michael Tremer commit 361cc1bd0c102d2a0ec79943b0bad0ef106412ce Author: Marcel Lorenz Date: Wed Mar 22 12:41:55 2017 +0100 file: update to 5.30 Signed-off-by: Marcel Lorenz Signed-off-by: Michael Tremer commit 176ba83d49b7fa1ce4c5989ed64778cd91e2d9e6 Author: Matthias Fischer Date: Wed Apr 5 17:44:55 2017 +0200 logwatch 7.4.3: next fix, output for 'lm_sensors' was missing Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit cd31b51ea57d49fc406db3ce2a0e906454c8c48d Author: Matthias Fischer Date: Wed Apr 5 13:42:14 2017 +0200 logwatch 7.4.3: some more fixes for rootfile Hi, 'eximstats', 'zz-sys' and 'resolver'-files were missing. Best, Matthias Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit 2dbfc4020d18e65b525104b13891921411cb6322 Author: Daniel Weismüller Date: Wed Apr 5 12:25:16 2017 +0200 netsnmpd: added lmsensors and some other mibs Signed-off-by: Daniel Weismüller Signed-off-by: Michael Tremer commit 9bc2e596d0805171e5a25e1be33fdcd9c114066d Author: Michael Tremer Date: Wed Apr 5 12:16:52 2017 +0100 IPsec: Include Curve 25519 in default proposal Signed-off-by: Michael Tremer commit 64056cae466b49993af8fe831731d2eed77f683a Author: Michael Tremer Date: Wed Apr 5 12:15:20 2017 +0100 IPsec: Allow selecting Curve 25519 as group type Signed-off-by: Michael Tremer commit 1ef80c435225c6bd35df4d510b728ea6bfad772a Author: Michael Tremer Date: Wed Apr 5 12:08:39 2017 +0100 strongswan: Update to version 5.5.2 Introduces support for Curve25519 for IKE as defined by RFC8031. Signed-off-by: Michael Tremer commit 570d54fd84ead452753ac7fd498c7ee760caa3ff Author: Michael Tremer Date: Wed Apr 5 11:42:55 2017 +0100 IPsec: Drop SHA1 and MODP<=1536 from proposed ciphers IPsec is still proposing to use SHA1 and MODP-1536 or MODP-1024 when initiating a connection. These are considered weak although many off-the-shelf hardware is still using this as defaults. This patch disables those algorithms and additionally changes default behaviour to only accept the configured cipher suites. This might create some interoperability issues, but increases security of IPFire-to-IPFire IPsec connections. Signed-off-by: Michael Tremer commit 4f6790a7e48c1c5bf52ad53c060ef6f3274bd5a1 Author: Michael Tremer Date: Wed Apr 5 10:33:49 2017 +0100 ipsecctrl: Reload IPsec block rules after connection is deleted Signed-off-by: Michael Tremer commit 3fa1cb5f35dd59fed503211898662c5cf22c3c97 Author: Matthias Fischer Date: Tue Apr 4 12:45:12 2017 +0200 logwatch: Update to 7.4.3 Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit 9d8574996e7833f8a009cc4012990c2fcc8113cc Author: Matthias Fischer Date: Tue Apr 4 12:38:33 2017 +0200 logwatch 7.4.1: another fix for rootfile Hi, similar to: http://git.ipfire.org/?p=people/mfischer/ipfire-2.x.git;a=commit;h=9f46e637ac345509ff75248d1087b1bff117ff20 A missing '#' for "usr/share/logwatch/default.conf/services" in rootfile. Best, Matthias Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit 31b34f950912478f8594f41cdf20dc715b15bc34 Author: Matthias Fischer Date: Tue Apr 4 00:46:38 2017 +0200 logwatch 7.4.1: fix for rootfile Hi, One missing '#' and all underlying 'services' in 'usr/share/logwatch/scripts/services' are installed. 147 files are active, but it should be only 33. Best, Matthias Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer ----------------------------------------------------------------------- hooks/post-receive -- IPFire 2.x development tree