From mboxrd@z Thu Jan 1 00:00:00 1970 From: Arne Fitzenreiter To: ipfire-scm@lists.ipfire.org Subject: [git.ipfire.org] IPFire 2.x development tree branch, core124, created. 0f2186725ef5cd62d1482b4482e20a6295ebf2ad Date: Fri, 21 Sep 2018 14:29:27 +0100 Message-ID: <20180921132927.B91111081BD3@git01.ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============2553058253515044876==" List-Id: --===============2553058253515044876== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree". The branch, core124 has been created at 0f2186725ef5cd62d1482b4482e20a6295ebf2ad (commit) - Log ----------------------------------------------------------------- commit 0f2186725ef5cd62d1482b4482e20a6295ebf2ad Author: Arne Fitzenreiter Date: Fri Sep 21 15:26:52 2018 +0200 core124: finish updater =20 Signed-off-by: Arne Fitzenreiter commit e2a3147fe5b43f89084cbea25ae174ffe6c6232c Author: Arne Fitzenreiter Date: Fri Sep 21 15:18:24 2018 +0200 arm: boot.scr: add setting to edit fdt via uEnv.txt =20 Signed-off-by: Arne Fitzenreiter commit 4eedf6793b5dc5c6f3d91fb1db0b32a3fc40c24d Author: Arne Fitzenreiter Date: Thu Sep 20 20:03:26 2018 +0200 rebuild-initrd: update for grub2 =20 this was was not used for years because we usually ship a prebuild ramdisk so this incompatiblity was not noticed long time... =20 Signed-off-by: Arne Fitzenreiter commit bdf9df742caf803272f7a34cadc9d7dc4ea17a78 Author: Arne Fitzenreiter Date: Thu Sep 20 19:51:43 2018 +0200 kernel: update to 4.14.71 =20 Signed-off-by: Arne Fitzenreiter commit 5210b5879ba1bf2c3836bf54c4e3a50fa1b0c6f2 Author: Michael Tremer Date: Thu Sep 20 14:54:02 2018 +0100 core124: Ship updated iproute2 =20 Signed-off-by: Michael Tremer commit b1bfe61711ac678632118180c06a34deeab96a24 Author: Matthias Fischer Date: Tue Sep 18 19:35:10 2018 +0200 iproute2: Update to 4.18.0 =20 Triggered by https://bugzilla.ipfire.org/show_bug.cgi?id=3D11866 ;-) =20 For details see: https://lwn.net/Articles/762515/ =20 Best, Matthias =20 Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit 37d7f3801877b3330465b1a20cfba2fc4987e610 Author: Michael Tremer Date: Thu Sep 20 14:52:17 2018 +0100 core124: Ship updated openssh package =20 Signed-off-by: Michael Tremer commit 74189c1d5519c077c43fe123e6e3a3d39176e1fb Author: Matthias Fischer Date: Mon Sep 10 19:38:17 2018 +0200 openssh: Update to 7.8p1 =20 For details see: http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ChangeLog =20 I didn't find an official lfs-patch for openssl-1.1-compatibility, so I used the patch from here: https://git.archlinux.org/svntogit/packages.git/plain/trunk/openssl-1.1.0= .patch?h=3Dpackages/openssh =20 Building ran without any errors. =20 I tested with both machines (test on Core 120 - and productive - on Core = 122) and found no errors so far: =20 ... [root(a)ipfiretest ~]# ssh -V OpenSSH_7.8p1, OpenSSL 1.1.0h 27 Mar 2018 ... =20 ... root(a)ipfire: / # ssh -V OpenSSH_7.8p1, OpenSSL 1.1.0h 27 Mar 2018 ... =20 All ssh-connections ran fine but I'm not REALLY sure if this is sufficien= t for anyone else. =20 Could someone please check and confirm!? =20 Best, Matthias =20 Signed-off-by: Matthias Fischer Tested-by: Peter M=C3=BCller Signed-off-by: Michael Tremer commit 1d2fe90cc8952879835c3694a6cb8c45b097013c Author: Michael Tremer Date: Thu Sep 20 14:51:13 2018 +0100 core124: Ship updated OpenSSH configuration =20 Signed-off-by: Michael Tremer commit bd0686f441cf09a2041e1647de6e0dffda590409 Author: Michael Tremer Date: Thu Sep 20 14:50:25 2018 +0100 ssh: Remove AuthenticationMethods directive =20 This is only setting something that is default anyways and prevents sshd from starting if one of the listed methods is not activated. =20 Signed-off-by: Michael Tremer commit 07da1af688135710960e6deb9049a3fab6cb6e81 Author: Peter M=C3=BCller Date: Mon Sep 10 17:52:23 2018 +0200 use custom SSH server configuration in LFS file =20 Include OpenSSH server configuration file during build. =20 Signed-off-by: Peter M=C3=BCller Signed-off-by: Michael Tremer commit 38485efafba2936ca3856e1324cca2044a13e85b Author: Peter M=C3=BCller Date: Mon Sep 10 17:52:22 2018 +0200 add hardened SSH server configuration =20 In order to harden OpenSSH server in IPFire, using the upstream default c= onfiguration and edit it via sed commands in LFS file is error-prone and does not scal= e. =20 Thereof we ship a custom and more secure OpenSSH server configuration whi= ch is copied into the image during build time. =20 The fourth version of this patch disables password authentication by default, since this is required by some cloud hosters in order to apply the image. Further, this method is less secure than pubkey authentication. =20 Non-AEAD ciphers have been re-added to provide compatibility to older RHEL systems. =20 Fixes #11750 Fixes #11751 Partially fixes #11538 =20 Signed-off-by: Peter M=C3=BCller Cc: Marcel Lorenz Cc: Michael Tremer Signed-off-by: Michael Tremer commit a6c190818a15342db5d91f4219587aa08f692173 Author: Michael Tremer Date: Thu Sep 20 14:21:41 2018 +0100 backup: Fix deleting backup files =20 Signed-off-by: Arne Fitzenreiter Signed-off-by: Michael Tremer commit 06131f41e4a186ed7a70e8ef4f002d63cc16707a Author: Arne Fitzenreiter Date: Mon Sep 17 07:44:55 2018 +0200 kernel: arm32-bit: update rootfiles =20 Signed-off-by: Arne Fitzenreiter commit 362ac1ed61edb4ab8ddd510be13402b00d979d90 Author: Arne Fitzenreiter Date: Sun Sep 16 14:28:47 2018 +0200 kernel: update to 4.14.70 =20 Signed-off-by: Arne Fitzenreiter commit a834285d1ba8cd4314cb9fd8218b0bc2bcfe68d4 Author: Arne Fitzenreiter Date: Sat Sep 15 15:58:13 2018 +0200 kernel: arm: enable chacha poly =20 fixes: #11855 todo: add rootfiles for arm 32-bit =20 Signed-off-by: Arne Fitzenreiter commit 276692f3783c865cb5049d19b306fe56bdc43e60 Author: Arne Fitzenreiter Date: Sat Sep 15 15:49:10 2018 +0200 core124: add kernel files to updater =20 Signed-off-by: Arne Fitzenreiter commit 088b7f4f3f6be2ccc082d26214bbc9daf86879bc Author: Michael Tremer Date: Thu Sep 13 14:45:05 2018 +0100 core124: Ship updated unbound =20 Signed-off-by: Michael Tremer commit 76e26c7f69dab295682452ff260e0e17335957de Author: Matthias Fischer Date: Tue Sep 11 20:07:14 2018 +0200 unbound: Update to 1.8.0 =20 For details see: =20 https://nlnetlabs.nl/svn/unbound/tags/release-1.8.0/doc/Changelog =20 and =20 https://nlnetlabs.nl/projects/unbound/download/ =20 Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit 0023f8a92b000d8714cc2dc8a9379f0fd0b965af Author: Michael Tremer Date: Thu Sep 13 14:41:21 2018 +0100 core124: Ship updated backup.cgi =20 Signed-off-by: Michael Tremer commit b8fdc7398ce7ae1852e019e2f8773f95125619ed Author: Michael Tremer Date: Thu Sep 13 14:37:51 2018 +0100 static-routes: Make it clear that we are reloading routes =20 When RED is brought down, we will reload all static routes. =20 Signed-off-by: Michael Tremer commit 614764e58af6dd710658fd072ed9b3a1b51f805a Author: Michael Tremer Date: Thu Aug 30 10:28:45 2018 +0100 backup: Sanitise content of ADDON variable =20 References: #11830 =20 Signed-off-by: Michael Tremer commit 7f6257e0a475681ff243ead159cafee2e03f6265 Author: Michael Tremer Date: Thu Aug 30 10:20:06 2018 +0100 backup: Sanitise FILE parameter =20 This parameter was passed to some shell commands without any sanitisation which allowed an attacker who was authenticated to the web UI to download arbitrary files from some directories and delete any file from the filesystem. =20 References: #11830 =20 Signed-off-by: Michael Tremer commit 924b48c7890ef573c1400474ef92951fb9cf3ded Author: Arne Fitzenreiter Date: Wed Sep 12 21:04:07 2018 +0200 kernel: update to 4.14.69 =20 Signed-off-by: Arne Fitzenreiter commit eee037b8902c3163850069f302479e7733966bd0 Author: Peter M=C3=BCller Date: Mon Sep 10 19:52:21 2018 +0200 update disclaimer in LFS files =20 Most of these files still used old dates and/or domain names for contact mail addresses. This is now replaced by an up-to-date copyright line. =20 Just some housekeeping... :-) =20 Signed-off-by: Peter M=C3=BCller Signed-off-by: Michael Tremer commit 063de1600bbad5566764f6bc88f15260e2fe1288 Author: Michael Tremer Date: Mon Sep 10 18:23:27 2018 +0100 core124: Ship CA certificates =20 Signed-off-by: Michael Tremer commit 05a89532d79d031895dd8dab0193b951f8072934 Author: Peter M=C3=BCller Date: Mon Sep 10 18:25:40 2018 +0200 update ca-certificates CA bundle =20 Update the CA certificates list to what Mozilla NSS ships currently. =20 The original file can be retrieved from: https://hg.mozilla.org/mozilla-central/raw-file/tip/security/nss/lib/ckfw= /builtins/certdata.txt =20 Signed-off-by: Peter M=C3=BCller Signed-off-by: Michael Tremer commit cc3e41cb8b0b7d713ce15a7177d1bbda7778b2ca Author: Peter M=C3=BCller Date: Mon Sep 10 16:29:09 2018 +0200 use custom SSH client configuration in LFS file =20 Include OpenSSH client configuration file during build. =20 Signed-off-by: Peter M=C3=BCller Signed-off-by: Michael Tremer commit edea6ec5a4ee9a75afcf69c65178089f6a928105 Author: Peter M=C3=BCller Date: Mon Sep 10 16:29:08 2018 +0200 add hardened SSH client configuration =20 Introduce a custom OpenSSH client configuration file for IPFire. Some people use it as a jumping host, so applying hardening options system-wide improves security. =20 Cryptography setup is the same as for OpenSSH server configuration. =20 The second version of this patch re-adds some non-AEAD cipher suites which are needed for connecting to older RHEL systems. =20 Partially fixes #11751 =20 Signed-off-by: Peter M=C3=BCller Signed-off-by: Michael Tremer commit 0762dcc4e86937ae2f00d09d449563eb12563b9c Author: Michael Tremer Date: Mon Sep 10 16:35:25 2018 +0100 core124: Ship updated unbound configuration and restart daemon =20 Signed-off-by: Michael Tremer commit 8a0585837c4f743676a27ad16212a68b8fb4172b Author: Peter M=C3=BCller Date: Mon Sep 10 16:21:26 2018 +0200 Unbound: Use aggressive NSEC =20 This avoids some needless lookups to destination domains with a very high NXDOMAIN rate and reduces load on upstream servers. =20 See https://nlnetlabs.nl/documentation/unbound/unbound.conf/ for further details. =20 Signed-off-by: Peter M=C3=BCller Signed-off-by: Michael Tremer commit 4e4128faacab7a25e5845faffefa2b2b2128eff7 Author: Peter M=C3=BCller Date: Mon Sep 10 16:21:25 2018 +0200 Unbound: Use caps for IDs =20 Attempt to detect DNS spoofing attacks by inserting 0x20-encoded random bits into upstream queries. Upstream documentation claims it to be an experimental implementation, it did not cause any trouble on productive systems here. =20 See https://nlnetlabs.nl/documentation/unbound/unbound.conf/ for further details. =20 Signed-off-by: Peter M=C3=BCller Signed-off-by: Michael Tremer commit ffba3c98bac2675f19f32541f5e1ebe61419e7bd Author: Peter M=C3=BCller Date: Mon Sep 10 16:21:24 2018 +0200 Unbound: Enable DNS cache poisoning mitigation =20 By default, Unbound neither keeps track of the number of unwanted replies nor initiates countermeasures if they become too large (DNS cache poisoning). =20 This sets the maximum number of tolerated unwanted replies to 1M, causing the cache to be flushed afterwards. (Upstream documentation recommends 10M as a threshold, but this turned out to be ineffective against attacks in the wild.) =20 See https://nlnetlabs.nl/documentation/unbound/unbound.conf/ for details. This version of the patch uses 1M as threshold instead of 5M and supersedes the first and second version. =20 Signed-off-by: Peter M=C3=BCller Signed-off-by: Michael Tremer commit 4ca0cb33543e780f02142cd70b18bb341d2eabad Author: Michael Tremer Date: Mon Sep 10 16:30:52 2018 +0100 core124: Ship updated redirect page template =20 Signed-off-by: Michael Tremer commit b67e79a4f15bcb8f2e9d525169d9c51611fe6c7e Author: Peter M=C3=BCller Date: Mon Sep 10 16:15:44 2018 +0200 embed background image in redirect template =20 Embed the IPFire background image into the redirect template directly via CSS instead of loading it from somewhere else. This is necessary because of Content Security Policy (CSP). =20 This patch inserts the base64 encoded image during build so nothing needs to be updated twice in case background image changes. =20 It supersedes first to fourth version of this patch and has been successfully tested during a clean build. =20 Fixes #11650 =20 Signed-off-by: Peter M=C3=BCller Signed-off-by: Michael Tremer commit a0d612be7ac96cff5dc988f89054db49420c14b8 Author: Michael Tremer Date: Sun Sep 9 18:27:56 2018 +0100 core124: Rebuild initrd =20 This script was missing in the last update and therefore no microcodes were included. =20 Signed-off-by: Michael Tremer commit 505b886d0d8cbe5448a9998ff88c6636b8e50245 Author: Michael Tremer Date: Sun Sep 9 17:48:14 2018 +0100 core124: Apply changed sysctl.conf =20 Signed-off-by: Michael Tremer commit d5fe33228311d47490536bee370297a7c735f9d6 Author: Peter M=C3=BCller Date: Thu Aug 16 17:29:58 2018 +0200 do not expose kernel address spaces even to privileged users =20 Change this setting from 1 to 2 so kernel addresses are not displayed even if a user has CAPS_SYSLOG privileges. =20 See also: - https://lwn.net/Articles/420403/ - https://tails.boum.org/contribute/design/kernel_hardening/ =20 Signed-off-by: Peter M=C3=BCller Signed-off-by: Michael Tremer commit 65ae069c213a7fcd36d7857b15d863804984948d Author: Michael Tremer Date: Sun Sep 9 17:43:53 2018 +0100 core124: Ship updated rng-tools =20 Signed-off-by: Michael Tremer commit fd0a0384f07b399e9cb4cf46b4c5722b809ffe6a Author: Michael Tremer Date: Sun Sep 9 17:42:17 2018 +0100 rng-tools: Update to 6.4 =20 Also add a patch that keeps RDRAND enabled on i586 =20 Signed-off-by: Michael Tremer Fixes: #11853 commit 3da2a66193ce8e3f92d3c29be95a4076a4fa0274 Author: Michael Tremer Date: Fri Aug 31 11:08:53 2018 +0100 aws: Don't update the system on first boot =20 This will violate AWS policy and therefore had to be removed. =20 Signed-off-by: Michael Tremer commit fd313a1ae690ce95d91802fea0d94d85da084fd8 Merge: aa61d769b 574a71177 Author: Arne Fitzenreiter Date: Wed Aug 29 07:43:06 2018 +0200 Merge branch 'master' into next commit aa61d769b7f5eca23c7744590dfa18c1ef1d7c36 Author: Michael Tremer Date: Mon Aug 27 07:34:28 2018 +0100 core124: Ship latest pakfire changes =20 Signed-off-by: Michael Tremer commit 06d55142e51b270d3f7f4e8ee69cc6260e87b3f7 Author: Michael Tremer Date: Mon Aug 27 07:29:19 2018 +0100 pakfire: Remove any reference to counter.py =20 The concept has been retired a very log time ago and the web service only responds with 200 what ever it is being sent. =20 Signed-off-by: Michael Tremer commit e32591e7bfa07c5d72688cf37d86df0bea6740f6 Author: Michael Tremer Date: Mon Aug 27 07:23:03 2018 +0100 pakfire: Remove mirror health check =20 This is not really necessary because pakfire will automatically failover to the next mirror anyways and that a mirror responds to an ICMP echo request doesn't necessarily mean that it can deliver the requested file. =20 Signed-off-by: Michael Tremer commit 973ffc2987afd070c95974bbebfd5c3973ca3db0 Author: Michael Tremer Date: Fri Aug 24 12:25:59 2018 +0100 core124: Ship updated ntp package =20 Signed-off-by: Michael Tremer commit db5360ee9a6d10483666c8ea6fd12b665b40f93d Author: Matthias Fischer Date: Thu Aug 23 21:07:04 2018 +0200 ntp: Update to 4.2.8p12 =20 For details see: http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities =20 Best, Matthias =20 Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit b31d55a79d4c2771b36a209227da7cf99c8606a7 Author: Michael Tremer Date: Fri Aug 24 11:45:44 2018 +0100 core124: Ship updated fwhosts.cgi =20 Signed-off-by: Michael Tremer commit 2754623fa9842d80cdd8341f06536b0940f4aeea Author: Alexander Marx Date: Fri Aug 24 10:06:30 2018 +0200 BUG11825: firewall: Renaming a network/host group doesn't update rules =20 Code only changed field 6 of hash (target group) and not field 4 (source = group). Also if using geoip it was only field 4 of hash (source group) and not fi= eld 6 of hash (target group) Added new code that changes both fields to reflect the change in the fire= wallrules immediately. =20 fixes: #11825 =20 Signed-off-by: Alexander Marx Signed-off-by: Michael Tremer commit aec1925bea763d7dff55ed43d26bdb06acd2e07c Author: Michael Tremer Date: Thu Aug 23 17:34:50 2018 +0100 IPsec: Show connected status for waiting connections that are active =20 Signed-off-by: Michael Tremer commit 366b40c740bd61e412be23dcc987619b243b9c7b Author: Michael Tremer Date: Thu Aug 23 11:17:23 2018 +0100 setup: Don't write any mount errors over the GUI =20 Signed-off-by: Michael Tremer commit 95b87f39ac309eb352dca6adbccfcff631bfe914 Author: Michael Tremer Date: Wed Aug 22 13:36:23 2018 +0100 localnet: Set FQDN without using domainname command =20 Signed-off-by: Michael Tremer commit 702f0ba8357aa11ccee4cf7c43efd5d8f362a343 Author: Michael Tremer Date: Wed Aug 22 14:46:53 2018 +0100 core124: Ship updated firewall.cgi =20 Signed-off-by: Michael Tremer commit d303638793c2ad21e296289eadc4ec3584bd215d Author: Alexander Marx Date: Wed Aug 22 11:23:16 2018 +0200 BUG11805: Firewall rule with source orange and target firewall-interface-= orange not possible =20 Now its possible to create a rule with orange source and target orange in= terface of the firewall. =20 Fixes: #11805 =20 Signed-off-by: Alexander Marx Signed-off-by: Michael Tremer commit 7141cb1ee4fab26771319fc5cf61f454f321bcaf Author: Michael Tremer Date: Wed Aug 22 14:17:15 2018 +0100 core124: Fix typo in rootfile =20 Signed-off-by: Michael Tremer commit 8e11e1e8692265d6e5e6f94a6e6f9b0386ca664c Author: Michael Tremer Date: Wed Aug 22 14:06:53 2018 +0100 core124: Ship updated AWS setup scripts =20 Signed-off-by: Michael Tremer commit 84cd9b91627e3b70240c944e4424905c46b9e72c Author: Michael Tremer Date: Wed Aug 22 14:05:43 2018 +0100 Drop the network-trigger script =20 This is done at boot time and doesn't normally need to be done again. =20 On AWS or in the setup, renaming any network interfaces is being handled automatically. =20 Signed-off-by: Michael Tremer commit f3d59d2c94f3757bd10b74577c85740cd094ccee Author: Michael Tremer Date: Wed Aug 22 14:02:43 2018 +0100 firstsetup: There is no need to restart udev here =20 All network interfaces are renamed accordingly in setup =20 Signed-off-by: Michael Tremer commit c5465a94533beee243d447e92bc31ee8d4a40ca5 Author: Michael Tremer Date: Wed Aug 22 14:00:39 2018 +0100 aws: Let udev rename all network interfaces =20 Signed-off-by: Michael Tremer commit caf5dcb1e741d93c686c2db0df6f2615bdc68c19 Author: Matthias Fischer Date: Tue Aug 21 18:27:02 2018 +0200 nano: Update to 2.9.8 =20 For details see: https://www.nano-editor.org/news.php =20 Best, Matthias =20 Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit 0ff9099443994b167e4ddc4a4912328e6c40e241 Author: Michael Tremer Date: Tue Aug 21 15:06:22 2018 +0100 core124: Ship updated backup include/exclude files =20 Signed-off-by: Michael Tremer commit f868ccb7632e56fa9038b72d9adb3fe4a4c88cea Author: Michael Tremer Date: Tue Aug 21 15:05:40 2018 +0100 backup: Add root's SSH keys and settings =20 Signed-off-by: Michael Tremer commit 9b0618c09f634358415e963cfa618b3fafdcce0e Author: Michael Tremer Date: Tue Aug 21 15:05:13 2018 +0100 backup: Add custom squid configuration files =20 Signed-off-by: Michael Tremer commit 7486e30eebc5f7d6f456274ac82191987135f2e1 Author: Michael Tremer Date: Tue Aug 21 11:32:04 2018 +0100 backup: Order incldue/exclude alphabetically =20 Nothing has been added or removed =20 Signed-off-by: Michael Tremer commit 3b81e38a08c7433c1462d01b26754913752d6c4e Author: Arne Fitzenreiter Date: Mon Aug 20 16:22:20 2018 +0200 gcc: x86_64 add libspp to rootfile =20 Signed-off-by: Arne Fitzenreiter commit 943cfcc311aa64e0aab62ff3e42c15e9b2e3fc65 Author: Matthias Fischer Date: Thu Aug 16 20:56:03 2018 +0200 bind: Update to 9.11.4-P1 =20 Fixes CVE-2018-5740 and CVE-2018-5738. =20 For details see: http://ftp.isc.org/isc/bind9/9.11.4-P1/RELEASE-NOTES-bind-9.11.4-P1.html =20 Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit c6b97a06812abf52e5db9a5355f402062c9825cc Author: Michael Tremer Date: Thu Aug 16 18:55:49 2018 +0100 core124: Ship updated pciutils =20 Signed-off-by: Michael Tremer commit 70e4a5b2769370975a9261f4bbfc27b118503a6f Author: Peter M=C3=BCller Date: Thu Aug 16 17:10:58 2018 +0200 pciutils: update to 3.5.6 =20 The third version of this patch superseds the first and second one which were broken due to bugs in the MUAs GPG implementation. =20 Signed-off-by: Peter M=C3=BCller Signed-off-by: Michael Tremer commit c708276290e2be0818aba0c6d7ae558d703c56dd Author: Michael Tremer Date: Thu Aug 16 18:54:41 2018 +0100 core124: Ship updated ids.cgi =20 Signed-off-by: Michael Tremer commit 5ed6cdd9200ef1f4e59ed14ee5d0a9845473a8a1 Author: Peter M=C3=BCller Date: Thu Aug 16 17:09:41 2018 +0200 download ET IDS rules via HTTPS =20 The Emerging Threats ruleset server supports HTTPS. It should be used for downloading the ruleset in IPFire, too. =20 This also needs to be applied on the upcoming ids.cgi file for Suricata which I will do in a second patch. =20 The third version of this patch superseds the first and second one which were broken due to bugs in the MUAs GPG implementation. =20 Signed-off-by: Peter M=C3=BCller Signed-off-by: Michael Tremer commit f0d62e2f53569832d8ea742d6342cd111a5ef572 Author: Peter M=C3=BCller Date: Thu Aug 16 17:08:04 2018 +0200 Postfix: update to 3.3.1 =20 This updates Postfix to recent 3.3.x series, which contains some new features. Release announcement available at http://www.postfix.org/announcements/postfix-3.3.1.html =20 The third version of this patch superseds the first and second one which were broken due to bugs in the MUAs GPG implementation. =20 Signed-off-by: Peter M=C3=BCller Signed-off-by: Michael Tremer commit 8098a76b5267f316464cbf3febd1f22a109c4c6a Author: Michael Tremer Date: Thu Aug 16 13:05:47 2018 +0100 core124: Ship updated bind =20 Signed-off-by: Michael Tremer commit d8106d993d2f3d518dd543958aa9dd73a587a50b Author: Matthias Fischer Date: Sun Jul 22 17:11:53 2018 +0200 bind: Update to 9.11.4 =20 For details see: http://ftp.isc.org/isc/bind9/9.11.4/RELEASE-NOTES-bind-9.11.4.html =20 Best, Matthias =20 Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit 1233d81f21dfa68749051358c74d200ec161e549 Author: Michael Tremer Date: Thu Aug 16 13:02:56 2018 +0100 core124: Don't re-generate the initrd =20 Signed-off-by: Michael Tremer commit 4c01f489f60f7b4b1fb8ad8784efddf378036338 Author: Michael Tremer Date: Thu Aug 16 13:02:37 2018 +0100 core124: Re-install bootloader during update =20 Signed-off-by: Michael Tremer commit de0566323f35d5384f08fc04c1aae3a481295b88 Author: Michael Tremer Date: Thu Aug 16 13:01:01 2018 +0100 core124: Ship EFI changes =20 Signed-off-by: Michael Tremer commit 046ef135e667e8727d0826891004870d980a2feb Merge: d5461580a 87589bce0 Author: Michael Tremer Date: Thu Aug 16 12:49:13 2018 +0100 Merge remote-tracking branch 'origin/efi' into next commit d5461580a5c54e689c260fb90347ba6be8bc38a3 Author: Michael Tremer Date: Thu Aug 16 12:47:55 2018 +0100 core124: Ship update localnet init script =20 Signed-off-by: Michael Tremer commit 264f34546f2196c7a2459fa8fadb1fd4dbb1f948 Author: Michael Tremer Date: Thu Aug 16 12:47:06 2018 +0100 Start Core Update 124 =20 Signed-off-by: Michael Tremer commit 242cfc339509245763fcb7eb4657870689146ad3 Author: Michael Tremer Date: Thu Aug 16 12:42:25 2018 +0100 localnet: Properly format and quote variables =20 Signed-off-by: Michael Tremer commit 5b9f387d5929a3e14e159f7d008d0eba0a586059 Author: Michael Tremer Date: Thu Aug 16 12:41:52 2018 +0100 localnet: Correctly set domain name =20 Signed-off-by: Michael Tremer commit 87589bce0019b92911fab529b3a010a50cbdaa04 Author: Michael Tremer Date: Tue Jul 31 16:36:09 2018 +0100 backup: Make backup ISO bootable on EFI =20 Signed-off-by: Michael Tremer commit de7c8df83e23e82a4b757b6283ae06d2cd8eb14f Author: Michael Tremer Date: Wed Jul 25 10:54:35 2018 +0100 cdrom: Move list of EFI modules to lfs/cdrom =20 Signed-off-by: Michael Tremer commit 0efda7ac67d7e16c555bc6d07d1808a8480fa94b Author: Michael Tremer Date: Mon Jul 23 23:10:36 2018 +0100 cdrom: Re-order arguments again =20 Signed-off-by: Michael Tremer commit 5d657243cf2c0e68412003ac9e8cb76a1c967a5f Author: Michael Tremer Date: Sun Jul 22 22:31:30 2018 +0100 cdrom: The order of arguments for mkisofs seems to be relevant =20 Signed-off-by: Michael Tremer commit 5dd9140a4477ea6f295936ee723ae3097f11810c Author: Arne Fitzenreiter Date: Sun Jul 22 13:41:38 2018 +0200 grub: apply vga fallback disable patch again =20 on some systems (e.g. J1900 based) grub detects a too low resolution and use it. This is no problem in grub itself but the kernel not render the consoles in this mode. =20 Signed-off-by: Arne Fitzenreiter commit 948d660c10d8f384484bc0cc4a9391a55a5c570c Author: Arne Fitzenreiter Date: Sat Jul 21 16:39:46 2018 +0200 syslinux: update i586 rootfile =20 Signed-off-by: Arne Fitzenreiter commit 9023689d739e040b3e881886a19a6502b24c237f Author: Arne Fitzenreiter Date: Sat Jul 21 16:33:29 2018 +0200 flash-images: fix partition layout on i586 =20 Signed-off-by: Arne Fitzenreiter commit a570226765f6774c3eece1006b462d20d0b991f9 Merge: 12034118d 011204d96 Author: Michael Tremer Date: Fri Jul 20 12:47:20 2018 +0000 Merge branch 'next' into efi commit 12034118dd0cf631efef85edc5d0944055a7ef5f Author: Michael Tremer Date: Fri Jul 20 11:59:00 2018 +0000 installer: Run install-bootloader script instead of own code =20 This allows us to keep the GRUB installation routine in one place only. =20 Signed-off-by: Michael Tremer commit 6cf5a533f50256e961023bed8300eef178ac398f Author: Michael Tremer Date: Fri Jul 20 11:53:55 2018 +0000 partresize: Remove debugging line =20 Signed-off-by: Michael Tremer commit 43829df3bbc85e0bbdddbafeb91fd2fe6bccb6de Author: Michael Tremer Date: Fri Jul 20 11:53:24 2018 +0000 partresize: Only regenerate configuration instead of re-installing GRUB =20 This should not be necessary =20 Signed-off-by: Michael Tremer commit befc0404976287adfd52f76dd9c3a4ab6afe2ab9 Author: Michael Tremer Date: Fri Jul 20 11:51:50 2018 +0000 Move update-bootloader script into installer =20 Signed-off-by: Michael Tremer commit eadde44b05294152f88eeeb2401622dac6fd0f00 Author: Michael Tremer Date: Fri Jul 20 11:47:35 2018 +0000 update-bootloader: Allow passing device to install GRUB on =20 Signed-off-by: Michael Tremer commit c1397b7ab39e6ddeed64e3c63ff7012f5659df84 Author: Michael Tremer Date: Fri Jul 20 11:34:55 2018 +0000 update-bootloader: Extend script to support EFI =20 Signed-off-by: Michael Tremer commit 46a4581db662d70e781d59782d2e24a4c2968968 Author: Arne Fitzenreiter Date: Fri Jul 20 12:24:49 2018 +0100 flash-image: use FAT for /boot partition on aarch64 =20 Signed-off-by: Arne Fitzenreiter commit f8f4ef0795753b7cfbb7ef18def75e147ee7303d Merge: 3deac294f 413149f80 Author: Arne Fitzenreiter Date: Thu Jul 19 18:15:50 2018 +0100 Merge branch 'next' into efi =20 Signed-off-by: Arne Fitzenreiter =20 Conflicts: config/kernel/kernel.config.aarch64-ipfire commit 3deac294f5760a00e42eec0265ded0b10e9291ee Author: Michael Tremer Date: Mon Jul 16 22:35:21 2018 +0100 cdrom: mkisofs seems to not like the order of the arguments =20 Signed-off-by: Michael Tremer commit 479d82d1b8e20b63ed645ce8fdaae9d418c180b6 Author: Michael Tremer Date: Mon Jul 16 22:31:11 2018 +0100 Rootfile update =20 We don't have EFI on i586 =20 Signed-off-by: Michael Tremer commit 37dc79434ad752c7115c01aa26264c933e9de647 Author: Michael Tremer Date: Sat Jul 14 14:05:09 2018 +0100 kernel: Enable EFI on aarch64 =20 Signed-off-by: Michael Tremer commit a5c92f50bfcecb8496216c82b41d4dd4b7d78635 Author: Michael Tremer Date: Thu Jul 12 13:59:07 2018 +0100 flash-images: Only install grub for EFI on aarch64 =20 Signed-off-by: Michael Tremer commit 092bc105e4ccde0743fabb18f4891aebd5747c5a Author: Michael Tremer Date: Thu Jul 12 10:39:57 2018 +0100 cdrom: Run isohybrid only when we have syslinux =20 Signed-off-by: Michael Tremer commit a1eb7761991af6515bd3b08f598454c7720119f8 Author: Michael Tremer Date: Tue Jul 10 18:10:14 2018 +0100 cdrom: Fix building GRUB image for aarch64 =20 Signed-off-by: Michael Tremer commit 4790db5f9509befbaa2d379a854bddd49d09f497 Author: Michael Tremer Date: Tue Jul 10 15:34:30 2018 +0100 cdrom: Install ISOLINUX only on some architectures =20 Signed-off-by: Michael Tremer commit 0ce1e4906e0f9db3c5ef4c1e9dd53449cc1d63d9 Author: Michael Tremer Date: Tue Jul 10 14:38:21 2018 +0100 cdrom: Install iPXE only on x86 =20 Signed-off-by: Michael Tremer commit b7407ccad54e5d5d5b4a83073fb1ccdbcfa5b85e Author: Michael Tremer Date: Thu Jul 5 23:29:20 2018 +0100 cdrom: Install memtest only on x86 =20 Signed-off-by: Michael Tremer commit 701c891b40dc7e115f7359b26babab86ba36602c Author: Michael Tremer Date: Thu Jun 21 15:53:38 2018 +0100 Build efibootmgr and efivars only for x86_64 and aarch64 =20 Signed-off-by: Michael Tremer commit 7c80f8c5cc517e4c39824f038cd3867518e4f262 Author: Michael Tremer Date: Sun Jun 17 22:49:14 2018 +0100 syslinux: Update to 6.04-pre1 =20 Signed-off-by: Michael Tremer commit e3a3af3c5d1e49d8f86e82500ad7df5f5b2a3b33 Author: Michael Tremer Date: Sun Jun 17 18:18:25 2018 +0100 installer: Install GRUB in removable mode as well =20 This allows that a system will boot IPFire even when no boot entry is configured in the EFI BIOS =20 Signed-off-by: Michael Tremer commit 7dc7880ddacc97f9e2393d2155f12384c6a3ad11 Author: Michael Tremer Date: Sun Jun 17 18:16:26 2018 +0100 installer: Always install EFI bootloader on x86_64 and aarch64 =20 Signed-off-by: Michael Tremer commit 8fbadfc7a31a224c6b339e45ffe2f0041c8f7ec8 Author: Michael Tremer Date: Sun Jun 17 18:15:08 2018 +0100 installer: Create a flag that marks if EFI support is available =20 Signed-off-by: Michael Tremer commit f096a2ea9871ab087e36cd0044a3875d03b98799 Author: Michael Tremer Date: Wed Jun 13 23:21:58 2018 +0100 flash-image+cdrom: Execute ARMv5-specific code on ARMv5 =20 Signed-off-by: Michael Tremer commit 2c49856ead5c553dde1e8888b6de0937b3f3d00a Author: Michael Tremer Date: Wed Jun 13 23:05:44 2018 +0100 Rootfile update for parted =20 Signed-off-by: Michael Tremer commit b62f71f7f21752d3f919aaed9378826c36e5731c Author: Michael Tremer Date: Mon Jun 11 18:32:42 2018 +0100 Build GRUB on aarch64 =20 Signed-off-by: Michael Tremer commit 3755e358098f303df3f5f7effe47f6e354c8b733 Author: Michael Tremer Date: Mon Jun 11 17:13:40 2018 +0100 make.sh: Build popt earlier =20 efivars depends on it and since it is a very common library without any dependencies, we can build it very early =20 Signed-off-by: Michael Tremer commit 8a06ff80c4e2daf597ec4ea6542854183351880d Author: Michael Tremer Date: Mon Jun 11 10:32:28 2018 +0100 grub: Don't explicitely set the font =20 Signed-off-by: Michael Tremer commit 92e782332c88a3adc375f39d8183f031ccfe272a Author: Michael Tremer Date: Mon Jun 11 10:31:29 2018 +0100 installer: Add support to install on EFI systems =20 Signed-off-by: Michael Tremer commit 4c2343931cc01bf1594d9e9ef194a7ab87c7298a Author: Michael Tremer Date: Mon Jun 11 10:17:54 2018 +0100 parted: Update to 3.2 =20 Signed-off-by: Michael Tremer commit b89c7379f9891a35845a2c1402c86392c4c5800d Author: Michael Tremer Date: Thu Jun 7 23:31:13 2018 +0100 flash-images: Make EFI partition 32MB =20 Signed-off-by: Michael Tremer commit 89e79c50c7e497dd7fa8eb5f451fbafa8abb72e6 Author: Michael Tremer Date: Thu Jun 7 23:18:08 2018 +0100 flash-images: Cleanup partitioning code =20 No functional changes =20 Signed-off-by: Michael Tremer commit 8662e981738a22b780f6062900489dfe42c403a3 Author: Michael Tremer Date: Thu Jun 7 22:22:02 2018 +0100 flash-images: Mark the /boot partition as bootable =20 Before, the ESP was marked as bootable which isn't necessary =20 Signed-off-by: Michael Tremer commit 7d456c39710018b92ad7668e407f058924ff13b1 Author: Michael Tremer Date: Thu Jun 7 22:18:32 2018 +0100 flash-image: Use grub-install to install GRUB in EFI mode =20 Signed-off-by: Michael Tremer commit 2f329aab2700e7a36afcc32a047c44057b4f334a Author: Michael Tremer Date: Thu Jun 7 22:17:34 2018 +0100 flash-image: Mark the EFI system partition as such =20 Signed-off-by: Michael Tremer commit dfb0084e355885908d80b6544bd86fe5c0c1aba2 Author: Michael Tremer Date: Thu Jun 7 22:17:05 2018 +0100 flash-image: Remove any other GRUB configuration files in EFI mode =20 Signed-off-by: Michael Tremer commit 24e811b03acb228b71227430c98d48bd1e3ad9ab Author: Michael Tremer Date: Thu Jun 7 22:15:58 2018 +0100 grub: Don't install an empty EFI configuration file =20 Signed-off-by: Michael Tremer commit fd80e500dfff0f8d5f6ec4a417b7c9fe423779b0 Author: Michael Tremer Date: Thu Jun 7 15:33:48 2018 +0100 Add efibootmgr and efivar =20 These packages are required to manage EFI boot options =20 Signed-off-by: Michael Tremer commit b6a0fd583981787fb50a2eae43d34393215eeb95 Author: Michael Tremer Date: Thu May 31 15:24:51 2018 +0100 cdrom: Select installation as default =20 Signed-off-by: Michael Tremer commit 5fb499f13b3eb8b25c55f113851f25bc9ac91e17 Author: Michael Tremer Date: Thu May 31 15:24:39 2018 +0100 installer: Detect if we are running in EFI mode =20 Signed-off-by: Michael Tremer commit 6b44fee76f2f086b8ac5378e1fdcf1fc000b70e6 Author: Michael Tremer Date: Thu May 31 15:08:53 2018 +0100 cdrom: Keep the EFI image on the ISO9660 file system as well =20 This allows systems to boot the EFI bootloader from the CDROM file system instead of using the FAT filesystem which is for USB keys. =20 Signed-off-by: Michael Tremer commit 5765b49bff0c3bcd60d1624c1bb159ce47085183 Author: Michael Tremer Date: Thu May 31 14:57:12 2018 +0100 cdrom: Add grub.cfg that allows to install IPFire =20 Signed-off-by: Michael Tremer commit 582aba05344e161a2ecbed81eef19005a80289ed Author: Michael Tremer Date: Thu May 31 13:47:47 2018 +0100 Enable EFI on aarch64 =20 Signed-off-by: Michael Tremer commit 5f387a1b8630c73cd0d573961356f579fd5520e4 Author: Michael Tremer Date: Thu May 31 13:46:56 2018 +0100 cdrom: Install GRUB into EFI image =20 This will start GRUB on EFI systems when booting from CD =20 Signed-off-by: Michael Tremer commit f4330e19b18589a75422d4d1bb34db4b95d02375 Author: Michael Tremer Date: Thu May 31 12:46:01 2018 +0100 Fix syntax error in lfs/cdrom =20 Signed-off-by: Michael Tremer commit b661333e3a4359c4dcf7cf68a7537fe84ecdee34 Author: Michael Tremer Date: Thu May 31 11:01:08 2018 +0100 syslinux: FTBFS with newer ld =20 Signed-off-by: Michael Tremer commit 78dd680dfa04b6197488d18c3badbe4fe15c711c Author: Michael Tremer Date: Thu May 31 11:00:43 2018 +0100 make.sh: cdrkit required cmake to build =20 Signed-off-by: Michael Tremer commit 308af080f665e7a43d6ad5aeae8383a7dc34bb0e Author: Michael Tremer Date: Wed May 30 15:43:30 2018 +0100 grub: Build new version in EFI mode =20 Signed-off-by: Michael Tremer commit ba3cbb0cfbf41c05185caa1f42b985738ff218bc Author: Michael Tremer Date: Wed May 30 15:23:57 2018 +0100 Adjust variables that have been renamed =20 Signed-off-by: Michael Tremer commit 7b4323c66ee5e639c841cced6503544c520374e9 Author: Michael Tremer Date: Tue May 29 20:14:59 2018 +0100 cdrom: Simplify commands that author the ISO image =20 Signed-off-by: Michael Tremer commit 5f52a95646b6e2f9aa13cd8b38ed1b22484470f7 Author: Michael Tremer Date: Fri Oct 16 23:57:18 2015 +0200 cdrom: Build EFI-enabled ISO image =20 Signed-off-by: Michael Tremer commit 72d40cfddde09c4db8249ab7dec74e12c0664a6c Author: Michael Tremer Date: Fri Oct 16 23:56:45 2015 +0200 Config: Have a simple configuration variable that enables EFI =20 Signed-off-by: Michael Tremer commit df261337933e0532cd7c88658f11070771fa18f7 Author: Michael Tremer Date: Fri Oct 16 23:52:09 2015 +0200 syslinux: Update to 6.03 =20 Signed-off-by: Michael Tremer commit 8a9605840cbfc095b94320d21f14b211e81c3af9 Author: Michael Tremer Date: Sat Oct 3 21:32:12 2015 +0200 Remove dvdrtools for cdrkit =20 Signed-off-by: Michael Tremer commit 0268380764dc5cc33541643e603b32ce513ab963 Author: Michael Tremer Date: Sat Oct 3 20:25:34 2015 +0200 ipfire-netboot: Ship EFI image =20 Signed-off-by: Michael Tremer commit 7fbbd2aebc014bdd86e527b94418e8201c82ce42 Author: Michael Tremer Date: Sat Sep 19 23:17:02 2015 +0200 Enable EFI on x86_64 =20 Signed-off-by: Michael Tremer commit 784cd5cbd7f4b7ad3d0cda1411b8eb1e038ffc7e Author: Michael Tremer Date: Sat Aug 22 21:18:18 2015 +0100 Enhance the flash image to support EFI =20 Signed-off-by: Michael Tremer ----------------------------------------------------------------------- hooks/post-receive -- IPFire 2.x development tree --===============2553058253515044876==--