This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree". The branch, core127 has been created at 06ac824331726523e90607f472b822a9b50d156b (commit) - Log ----------------------------------------------------------------- commit 06ac824331726523e90607f472b822a9b50d156b Author: Arne Fitzenreiter Date: Wed Jan 16 22:31:43 2019 +0100 core127: set pakfire version to 127 Signed-off-by: Arne Fitzenreiter commit f0092a6e3e246846caa55458364514064f2c5103 Author: Michael Tremer Date: Sun Jan 13 12:50:26 2019 +0100 keepalived: Move change of conntrack sysctl option into package The setting cannot be set on the default system because the ip_vs module is not loaded by default and there is no reason to load it just because we would be able to set the setting. Signed-off-by: Michael Tremer commit d499e86b168ca1267b6155496cbefa11ec11b916 Author: Michael Tremer Date: Sun Jan 13 12:28:10 2019 +0100 GeoIP: Add accidentially removed paths to database Signed-off-by: Michael Tremer commit 5cf83d56fa06a2e04e70db4aba4a0fb4195a5157 Author: Michael Tremer Date: Sun Jan 13 11:53:41 2019 +0100 firewall-lib.pl: Fix incorrect path to geoip-functions.pl Signed-off-by: Michael Tremer commit f622fd8ed09d60b627da3589d91b9fc8d6a77393 Author: Arne Fitzenreiter Date: Sat Jan 12 20:01:00 2019 +0100 linux-initrd: fix build of uInit on aarch64 Signed-off-by: Arne Fitzenreiter commit 00f9dcd91d5edbd7ae3acd0d731c0d415079bae5 Author: Arne Fitzenreiter Date: Sat Jan 12 09:04:23 2019 +0100 core127: fix xtables kmod rootfiles for arm32 builds Signed-off-by: Arne Fitzenreiter commit f69aca76ea22dfac13f41225545d8c403e5327f7 Author: Matthias Fischer Date: Fri Jan 11 14:41:57 2019 +0100 xtables 3.2: Fix for rootfile Found during the test builds... Best, Matthias Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit 0ca3baedfc623a968c7e38c356352b4f64c9f695 Author: Stefan Schantl Date: Fri Jan 11 10:05:24 2019 +0100 Revert "geoip-functions.pl: Re-write code to lookup the iso country code of a given IP-address." Enhanching the code to fix the lookup will rapidely slow down the lookup speed. Because using the GeoIP2 module is no option ( the reasons have been described in the commit message which will now reverted), we have decided to temporary switch back to the old module until a nice solution has been found. This reverts commit ff21ff90d24de0f648d24bb906c45738b81ce67a. Signed-off-by: Stefan Schantl Signed-off-by: Michael Tremer commit f107bb39c53266cd7b2f70c8875dbc07221aeeab Author: Stefan Schantl Date: Fri Jan 11 10:05:23 2019 +0100 Revert "GeoIP: Drop legacy GeoIP perl module." This reverts commit 9d1708e081d7e7ba490db3620509dcce29cb0ae8. Signed-off-by: Stefan Schantl Signed-off-by: Michael Tremer commit 035f6c75aed2165a8ecd92571c48daf07edf4ab5 Author: Matthias Fischer Date: Fri Jan 11 01:32:37 2019 +0100 xtables-addons: Fix typo in lfs Just some typos... Best, Matthias Signed-off-by: Matthias Fischer Signed-off-by: Stefan Schantl Signed-off-by: Michael Tremer commit 01db691a1ebd569afdc0d9304a67b4e048708b84 Author: Michael Tremer Date: Thu Jan 10 22:48:25 2019 +0000 Bump kernel version to ship a new PAE kernel Signed-off-by: Michael Tremer commit 06fd3467d1fce5aa56dd255a686c2e46090e2edf Author: Michael Tremer Date: Thu Jan 10 22:46:31 2019 +0000 core127: Ship updated kernel modules for xtables Signed-off-by: Michael Tremer commit a04ec923897debb91c72b4c6223586ca0f1c7486 Author: Michael Tremer Date: Thu Jan 10 22:43:45 2019 +0000 core127: Ship updated firewall functions library Signed-off-by: Michael Tremer commit 8ff42d82c4ab2d5743b1fdcd076249c7b2e51794 Author: Stefan Schantl Date: Thu Jan 10 20:40:04 2019 +0100 firewall-lib.pl: Use get_geoip_locations from geoip-functions.pl Signed-off-by: Stefan Schantl Signed-off-by: Michael Tremer commit 30c59cbb0b370a0fd1470087a94d91b35d4e54a3 Author: Stefan Schantl Date: Thu Jan 10 20:40:03 2019 +0100 geoip-locations.pl: Add get_geoip_locations(). This function is used to get all available GeoIP locations. The functions returns them as array, sorted in alphabetical order. Reference #11959 Signed-off-by: Stefan Schantl Signed-off-by: Michael Tremer commit e3429b4aad01ad011792d00570a3190d0058e7ff Author: Matthias Fischer Date: Thu Jan 10 15:30:49 2019 +0100 clamav: Update to 0.101.1 For details see: https://blog.clamav.net/2019/01/clamav-01011-patch-has-been-released.html Best, Matthias Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit 11de35622f930cdf9cd64a786a832076ee251672 Author: Michael Tremer Date: Mon Jan 7 01:32:46 2019 +0000 core127: Ship updated tar Signed-off-by: Michael Tremer commit 042a5fe60a51277d3d1c717c207858dce1d28ff1 Author: Matthias Fischer Date: Thu Jan 10 14:29:22 2019 +0100 tar: Update to 1.31, including fix for bug #11958 For details see: http://savannah.gnu.org/forum/forum.php?forum_id=9344 "- Fix heap-buffer-overrun with --one-top-level. - Support for zstd compression. - The -K option interacts properly with member names given in the command line. - Fix CVE-2018-20482" This patch was reverted because 'tar 1.31' crashed when installing PakFire packages with the option '--no-overwrite-dir'. See: https://bugzilla.ipfire.org/show_bug.cgi?id=11958 Included is now a patch from https://savannah.gnu.org/bugs/?55413, which seems to fix this issue. The test cases given in https://savannah.gnu.org/bugs/?55413#comment1 ran without problems. As always, please check and confirm. Best, Matthias Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit d381c56dc82e10ce01e68bb24b197dce0fa10580 Author: Michael Tremer Date: Mon Jan 7 01:28:38 2019 +0000 core127: Ship updated GeoIP functions Signed-off-by: Michael Tremer commit ff21ff90d24de0f648d24bb906c45738b81ce67a Author: Stefan Schantl Date: Thu Jan 10 13:00:17 2019 +0100 geoip-functions.pl: Re-write code to lookup the iso country code of a given IP-address. Drop the usage of the old legacy GeoIP perl module which was not able to handle the new GeoLite2 databases. Write some code to directly access the databases and extract the required data. Usage of the GeoIP2 perl module would provide a lot of more functionality which is not used/needed. Unfortunately ir requires at lot of additional perl modules which are not available on IPFire and would only be build and shipped for this module. Buildig all of them will slow down the entire build process, mess up the system and requires a lot more space on disk. Fixes #11962. Signed-off-by: Stefan Schantl Signed-off-by: Michael Tremer commit 9d1708e081d7e7ba490db3620509dcce29cb0ae8 Author: Stefan Schantl Date: Thu Jan 10 13:00:16 2019 +0100 GeoIP: Drop legacy GeoIP perl module. The legacy GeoIP perl module cannot handle the new GeoLite2 databases provided from maxmind and therefore needs to be dropped. Reference #11960 Signed-off-by: Stefan Schantl Signed-off-by: Michael Tremer commit b76a8a008dca77f8ea9b68c95b2d04e074dfef64 Author: Stefan Schantl Date: Thu Jan 10 13:00:15 2019 +0100 xt_geoip_update: Adjust script to download and use the GeoLite2 database Fixes #11961. Signed-off-by: Stefan Schantl Signed-off-by: Michael Tremer commit a77870146fcf1e4575a9a0e59a85a10674599e91 Author: Stefan Schantl Date: Thu Jan 10 13:00:14 2019 +0100 xtables-addons: Use shipped xt_geoip_build Use the shipped xt_geoip_build directly instead of holding a copy in our GIT. Reference #11959 Signed-off-by: Stefan Schantl Signed-off-by: Michael Tremer commit 9f6849b3adfcc8eb91549427f531bdeb89f6d750 Author: Stefan Schantl Date: Thu Jan 10 13:00:13 2019 +0100 xtables-addons: Update to 3.2 Reference #11959 Signed-off-by: Stefan Schantl Signed-off-by: Michael Tremer commit 4ed2162324a40bc19faf9e3cf698b8f03d256434 Author: Michael Tremer Date: Mon Jan 7 00:34:30 2019 +0000 perl-Net-CIDR-Lite: Make rootfile work on other arches Signed-off-by: Michael Tremer commit 045d54c324ac17edc9074b14c5a1a3187b78c2c3 Author: Michael Tremer Date: Mon Jan 7 00:31:46 2019 +0000 perl-Net-CIDR-Lite: Fix whitespace Signed-off-by: Michael Tremer commit 985741db6140464fe2f74ab76bc94223862eb6ce Author: Stefan Schantl Date: Thu Jan 10 13:00:12 2019 +0100 perl-Net-CIDR-Lite: New package. This is a runtime dependency of the xt_geoip_build perl script shipped by xtables-addons in version 3.2. Reference #11960. Signed-off-by: Stefan Schantl Signed-off-by: Michael Tremer commit af2cc3be64d82d35978590b316a46b5b206afa0d Author: Michael Tremer Date: Sun Jan 6 21:33:43 2019 +0000 IPVS: Enable connection tracking by default Signed-off-by: Michael Tremer commit 5321fcbff33f69e98f87bd0a354bab53e2a830bf Author: Michael Tremer Date: Sun Jan 6 09:00:47 2019 +0000 Backup conntrackd's configuration file Signed-off-by: Michael Tremer commit 7d5caee6bdbb44b688b579f9b1836bd5a3d0d619 Author: Michael Tremer Date: Sun Jan 6 08:59:25 2019 +0000 Add initscript for conntrackd The daemon will be started by default when a configuration file exists. Signed-off-by: Michael Tremer commit ae5b9c5ad5fafbb42e2d7f8201f4cbcc995bfcc4 Author: Michael Tremer Date: Sun Jan 6 07:03:08 2019 +0000 Update translations Signed-off-by: Michael Tremer commit e26a5c488556579d1bd639b50adbc31da450e70c Author: Matthias Fischer Date: Tue Jan 8 14:14:41 2019 +0100 Fix typo in 'html/cgi-bin/logs.cgi/log.dat' Translation string uses capital letter: 'Captive' => 'Captive Portal', Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit e0c4ed1783d665d6f341d00e506395c507198807 Author: Michael Tremer Date: Tue Jan 8 16:14:01 2019 +0100 core127: Ship updated proxy.cgi and regenerate configuration Signed-off-by: Michael Tremer commit ce1f04ee404bc373169cd2e8efa7804206bc85de Author: Michael Tremer Date: Tue Jan 8 16:09:46 2019 +0100 proxy: Allow selecting throttled bandwidth in MBit/s Signed-off-by: Michael Tremer commit c2f1b8183c5f4eb335e89676b46b11eb460b3b89 Author: Michael Tremer Date: Tue Jan 8 16:02:05 2019 +0100 proxy: Suggest modern defaults for cache memory and disk Signed-off-by: Michael Tremer commit cdd4cf4094df9562f53e175ece8f0bcc4a1cf2f1 Author: Michael Tremer Date: Tue Jan 8 16:00:05 2019 +0100 proxy: Drop support for throttling only certain mime types Signed-off-by: Michael Tremer commit d68e150e865c86f8a8f784da242701215325abad Author: Michael Tremer Date: Tue Jan 8 15:54:56 2019 +0100 proxy: Drop web browser check This is neither reliable nor up to date and is therefore removed Signed-off-by: Michael Tremer commit a1018d86ae3d01342758b93e6782735f7b3aa47f Author: Michael Tremer Date: Tue Jan 8 15:49:18 2019 +0100 proxy: Set authentication TTL for NTLM authentication also Signed-off-by: Michael Tremer commit 6df2d5288768ba0557b3070a52b20db95f3b88fa Author: Michael Tremer Date: Tue Jan 8 15:48:32 2019 +0100 proxy: Use correct authentication cache TTL for AD Signed-off-by: Michael Tremer commit fa286b133085da2776087d7890b57f96a400cc58 Author: Michael Tremer Date: Tue Jan 8 15:46:20 2019 +0100 proxy: Use entered setting for auth children for AD Signed-off-by: Michael Tremer commit 5c2a76f7b3799b78e2d9fb33d5f3d7d408b8314b Author: Michael Tremer Date: Tue Jan 8 15:44:19 2019 +0100 proxy: Use correct realm for AD authentication Signed-off-by: Michael Tremer commit dc637f087fe07ab26ae1dee00133da69bab5e6a1 Author: Michael Tremer Date: Tue Jan 8 15:37:00 2019 +0100 proxy: Remove AUTH_IPCACHE_TTL This is potentially dangerous to set larger than zero. Authentication is perfomed on basis of IP addresses which is not a good idea at all. Signed-off-by: Michael Tremer commit ea72700a3b5f53680b218e9261593806bdc5f7d4 Author: Michael Tremer Date: Tue Jan 8 15:27:54 2019 +0100 proxy: Drop NTLM authentication This is the authentication againt NT 4.0 style domain controllers. squid has dropped support for this in the 4.5 release and nobody should be using these old domain controllers any more. Signed-off-by: Michael Tremer commit eedca6e36c1131ce5542da5ccbfbb5667648c024 Author: Michael Tremer Date: Tue Jan 8 03:33:37 2019 +0100 squid: Run as many redirectors as we have CPU cores This makes sure that we use the optimal ratio of memory and CPU usage. Signed-off-by: Michael Tremer Tested-by: Daniel Weismüller Tested-by: Matthias Fischer commit 1a3323f2e6aa4ebe701f2e61a6829c8bedb7eb10 Author: Daniel Weismüller Date: Tue Oct 30 12:06:59 2018 +0100 BUG 11786 - squid: Remove setting for filter processes the number of Squid processes I added a function to determine the number of cores. Now the number of squid processes will be equal to the number of logical cores. Further I removed the possibility of changing the number of squid processes in the proxy.cgi Signed-off-by: Daniel Weismüller Signed-off-by: root commit 79b89b90e4b9425e29551bd8ceb8a85cd224c62d Author: Michael Tremer Date: Sat Jan 5 21:12:24 2019 +0000 Revert "core127: Ship updated tar" This reverts commit 9ab1c9302c01f11010d0cb87a66366361465461e. Signed-off-by: Michael Tremer commit d09cb651b5e829db009d5f0bfeb13acf353bc041 Author: Michael Tremer Date: Sat Jan 5 21:11:44 2019 +0000 Revert "tar: Update to 1.31" This reverts commit bb473fd1d6e97785dee70ceb75f9b898f92fc507. tar crashes when used with --no-overwrite-dir. See #11958. Signed-off-by: Michael Tremer commit 0cd3eab3ae87f31e3d928eb2f800e3abaf1896bf Author: Michael Tremer Date: Sat Jan 5 21:11:14 2019 +0000 core127: Ship updated snort Signed-off-by: Michael Tremer commit d01b31914a69c5e1edf9a059b1fd6b8e5a90ec84 Author: Matthias Fischer Date: Sat Jan 5 10:40:08 2019 +0100 snort: Update to 2.9.12 For details see: Release notes: https://snort.org/downloads/snort/release_notes_2.9.12.txt Changelog: https://snort.org/downloads/snort/changelog_2.9.12.txt Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit 1338e08d0d10300a279ece4e7b4673b20209679b Author: Arne Fitzenreiter Date: Sun Jan 6 16:29:57 2019 +0100 core127: ship framebuffer.conf blacklist the file is generated at kernel build and in core126 the module commpression was changed to xz so the list was empty. Signed-off-by: Arne Fitzenreiter commit 0708b3b343e5eec032c17157255f5543baf9e8d1 Author: Arne Fitzenreiter Date: Sun Jan 6 15:53:27 2019 +0100 core127: remove double files from armv5tel filelist Signed-off-by: Arne Fitzenreiter commit 5e6f343b7d60abad53248532cd451bb9f81af84c Author: Arne Fitzenreiter Date: Sun Jan 6 15:51:53 2019 +0100 python: update to 2.7.15 Signed-off-by: Arne Fitzenreiter commit b15309e9d14baff65f70b3954ec337944ee1d3bd Author: Arne Fitzenreiter Date: Sat Jan 5 13:47:31 2019 +0100 transmission: update to 2.94 Signed-off-by: Arne Fitzenreiter commit 9ab1c9302c01f11010d0cb87a66366361465461e Author: Michael Tremer Date: Fri Jan 4 02:43:06 2019 +0000 core127: Ship updated tar Signed-off-by: Michael Tremer commit bb473fd1d6e97785dee70ceb75f9b898f92fc507 Author: Matthias Fischer Date: Fri Jan 4 18:54:49 2019 +0100 tar: Update to 1.31 For details see: http://savannah.gnu.org/forum/forum.php?forum_id=9344 "- Fix heap-buffer-overrun with --one-top-level. - Support for zstd compression. - The -K option interacts properly with member names given in the command line. - Fix CVE-2018-20482" Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit 7f90513e611040a99422b951884062e14271adc4 Author: Michael Tremer Date: Thu Jan 3 16:28:00 2019 +0000 Update translations Signed-off-by: Michael Tremer commit 1183d50b731d6b276b26fc4d8fc680c483cb6b70 Author: Peter Müller Date: Thu Jan 3 17:57:32 2019 +0100 fix SSH port description in WebUI again Fixes #11881. Signed-off-by: Peter Müller Signed-off-by: Michael Tremer commit 2aff684f37afc08d6fa4520188e460e888cee2d8 Author: Michael Tremer Date: Thu Jan 3 15:12:39 2019 +0000 libvirt: The package no longer depends on jansson Signed-off-by: Michael Tremer commit 3407695fbcbe525d7bb860f2f796c6947b201b9c Author: Stéphane Pautrel Date: Thu Jan 3 15:02:53 2019 +0000 Update of French translation This improves the translation and enhances consistency in many places. Signed-off-by: Michael Tremer commit cd309fe6a2f4b319272f94bd448fb17fce23b8fd Author: Michael Tremer Date: Thu Jan 3 14:58:47 2019 +0000 Update translations Signed-off-by: Michael Tremer commit 0a12cd70393d3ee6f64e3d81422212eab55468f9 Author: Matthias Fischer Date: Wed Dec 26 14:37:25 2018 +0100 dnsforward.cgi: fix for language string Hi, In https://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff;h=1a26564e95b5694337e51860544e7775d35055f3 the language string 'dnsforward forward_server' => 'DNS-Server', was deleted and replaced by 'dnsforward forward_servers' => 'DNS-Server', IMHO this leads to an empty string in 'dnsforward.cgi', line 223: ... $Lang::tr{'dnsforward forward_server'}: * ... I changed this line... Best, Matthias Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit 6e1aa54da0e172bf931ef13a3e1c7ad6de9b5a20 Author: Matthias Fischer Date: Thu Dec 27 01:57:18 2018 +0100 attr 2.4.47: Update for rootfile Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit 34ad12b165639d86f9a9709dc264cbd36c1bd2ca Author: Michael Tremer Date: Thu Jan 3 14:53:34 2019 +0000 core127: Ship updated VPN CGI files Signed-off-by: Michael Tremer commit e6f7f8e7ba0e716acede7f6cadf9a284d115440b Author: Erik Kapfer Date: Thu Jan 3 03:57:16 2019 +0100 database_attribute: Deliver/create index.txt.attr Fixes #11904 Since OpenSSL-1.1.0x the database attribute file for IPSec and OpenVPN wasn´t created while initial PKI generation. OpenVPN delivered an error message but IPSec did crashed within the first attempt. This problem persists also after X509 deletion and new generation. index.txt.attr will now be delivered by the system but also deleted and recreated while setting up a new x509. Signed-off-by: Michael Tremer commit 4c83d9fbdcf137c126d0b5ed0935dbe18c9733f3 Author: Matthias Fischer Date: Wed Jan 2 16:43:42 2019 +0100 mc: Update to 4.8.22 For details see: http://midnight-commander.org/wiki/NEWS-4.8.22 Best, Matthias Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit cdaad0cdd33e63232fe8939644825619576b6be3 Author: Michael Tremer Date: Wed Jan 2 16:24:39 2019 +0000 libvirt: Bump package version Signed-off-by: Michael Tremer commit c86d893830560165e065cd44ee44f13c2d7e97a7 Author: Matthias Fischer Date: Tue Jan 1 18:39:03 2019 +0100 squid: Update to 4.5 For details see: http://www.squid-cache.org/Versions/v4/changesets/ Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit 13827014fcee7d3094529feb2be17513602e5421 Author: Michael Tremer Date: Mon Dec 31 00:36:23 2018 +0000 core127: Ship updated wget Signed-off-by: Michael Tremer commit 49deea707bc6db5683ecc139070d5c83b89b7c48 Author: Matthias Fischer Date: Thu Dec 27 18:16:35 2018 +0100 wget: Update to 1.20.1 This is a bugfix release: "due to some privacy issues in default settings of Wget, we introduce this bugfix release. The --xattr option (saving original URL and Referer into extended file attributes) was introduced and enabled by default since Wget 1.19. It possibly saved - possibly unrecognized by the user - credentials, access tokes etc that were included in the requested URL. We changed three details as a countermeasure, see below in the NEWS section. With Best Regards, Tim ... NEWS * Changes in Wget 1.20.1 ** --xattr is no longer default since it introduces privacy issues. ** --xattr saves the Referer as scheme/host/port, user/pw/path/query/fragment are no longer saved to prevent privacy issues. ** --xattr saves the Original URL without user/password to prevent privacy issues." Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit 4c76d08b2a1ef5ac9ff8b546c0d887e342adec1c Author: Arne Fitzenreiter Date: Wed Jan 2 15:33:16 2019 +0100 kernel: fix generation of framebuffer blacklist modules are now xz compressed. Signed-off-by: Arne Fitzenreiter commit 67c9261257542c09407f54280e3b4e764c24ebaa Author: Arne Fitzenreiter Date: Fri Dec 28 16:05:38 2018 +0100 mpd: add soxr dependency Signed-off-by: Arne Fitzenreiter commit f1f40274a095f0c5173a69767d9efa647e9f1a8a Author: Arne Fitzenreiter Date: Sun Dec 23 11:12:15 2018 +0100 u-boot: fix x86 builds Signed-off-by: Arne Fitzenreiter commit e978f0429f7f33d8eb1051b7089962d52b306792 Author: Michael Tremer Date: Wed Dec 19 23:38:48 2018 +0000 keepalived: Fix incorrect path in initscript This path to keepalived was just incorrect and therefore the daemon could not easily be reloaded. Signed-off-by: Michael Tremer commit ae84d3745de4235efbe7cf13e9d8542df916083d Author: Arne Fitzenreiter Date: Thu Dec 20 08:04:22 2018 +0100 u-boot: fix typo in boot.scr fix serial console output on RPi3 B+ at aarch64 Signed-off-by: Arne Fitzenreiter commit 6f1f51ba1c9e211946bb7b829bd7362ff61ecae7 Author: Michael Tremer Date: Wed Dec 19 21:01:20 2018 +0100 core127: Ship DNS forwarding settings Signed-off-by: Michael Tremer commit f33d28978d0014e956fb98c6dc42d79fb1a7d3d6 Author: Michael Tremer Date: Wed Dec 19 21:00:21 2018 +0100 unbound: Use correct parameter for IP addresses and hostnames Signed-off-by: Michael Tremer commit cb8a25e5ec4c045f634ba585012f2edf09e6be29 Author: Michael Tremer Date: Wed Dec 19 20:47:41 2018 +0100 DNS Forwarding: Let UI accept hostnames, too Signed-off-by: Michael Tremer commit 1a26564e95b5694337e51860544e7775d35055f3 Author: Michael Tremer Date: Wed Dec 19 20:42:46 2018 +0100 DNS Forwarding: Allow passing multiple name servers (separated by comma) Signed-off-by: Michael Tremer commit c9ae511ecf3caea0836b06211ca49d3fec4bf6b8 Author: Michael Tremer Date: Wed Dec 19 20:23:59 2018 +0100 unbound: Allow forwarding to multiple servers at the same time Signed-off-by: Michael Tremer commit 086bb132ec3155b9221cee5acf307fabfb7515b6 Author: Michael Tremer Date: Wed Dec 19 18:55:23 2018 +0000 ipvsadm: Update to 1.29 Signed-off-by: Michael Tremer commit 4af8d6964beb8abc822bada4b8dc1474a098514e Author: Michael Tremer Date: Wed Dec 19 15:42:23 2018 +0000 pcre: Enable JIT This is now possible because we no longer run grsecurity-enabled kernels. The performance of PCRE increases dramatically and applications like the IDS benefit hugely: https://blog.inliniac.net/2011/10/12/suricata-and-pcre-performance/ Signed-off-by: Michael Tremer commit 909549b1d6af51a8b18d4fc799370b32bf7861ce Author: Jonatan Schlag Date: Thu Dec 13 17:02:44 2018 +0000 Update libvirt to version 4.10 This partially fixes #11941 as libvirt now states clearly that seccomp needs to be disabled Signed-off-by: Jonatan Schlag Signed-off-by: Michael Tremer commit 452e537092ba0310dab68e5aeaac4c96fbc4a409 Author: Michael Tremer Date: Tue Dec 18 22:32:07 2018 +0000 core127: Ship updated squid Signed-off-by: Michael Tremer commit a2bcb4135bc7b64a54c06f12a0e577830ecf3ebf Author: Matthias Fischer Date: Thu Dec 13 18:40:24 2018 +0100 squid: Update to 4.4 (stable) For details see: http://www.squid-cache.org/Versions/v4/changesets/ In July 2018, 'squid 4' was "released for production use", see: https://wiki.squid-cache.org/Squid-4 "The features have been set and large code changes are reserved for later versions." I've tested almost all 4.x-versions and patch series before with good results. Right now, 4.4 is running here with no seen problems together with 'squidclamav', 'squidguard' and 'privoxy'. I too would declare this version stable. Best, Matthias Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit 27801da08916e6826f99c2c51461d53f403aaf5b Author: erik.kapfer Date: Fri Dec 14 12:43:00 2018 +0100 unbound: Add TFO support for unbound For further informations, see https://tools.ietf.org/html/rfc7413 Signed-off-by: erik.kapfer Signed-off-by: Michael Tremer commit cab2314ac41105e678be25ba379f58ec43f2ee9e Author: Matthias Fischer Date: Fri Dec 14 21:20:15 2018 +0100 bind: Update to 9.11.5-P1 For details see: http://ftp.isc.org/isc/bind9/9.11.5-P1/RELEASE-NOTES-bind-9.11.5-P1.html Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit a38eb040bfcad9372bca895029d974b587aa011b Author: Michael Tremer Date: Tue Dec 18 22:28:59 2018 +0000 sqlite: Update to 3.26.0 Signed-off-by: Michael Tremer commit 57c04aa49db6b93dee562477ce9fec5141c787a6 Author: Michael Tremer Date: Sun Dec 16 22:23:50 2018 +0000 Revert "make.sh: Build in ramdisk" This reverts commit 6174b7b1c72cd5141e04ac2621eef90d86987a91. This had absolutely no effect on build time or rather made it slower. So this is being reverted to save ourselves the RAM. Signed-off-by: Michael Tremer commit 6174b7b1c72cd5141e04ac2621eef90d86987a91 Author: Michael Tremer Date: Sun Dec 16 16:50:13 2018 +0000 make.sh: Build in ramdisk This is an experimental change that I want to trial to speed up the nightly builds. The build environment will be mounted in a ramdisk and the build will be performed in there. This will hopefully reduce IO on the (slow) replicated disks. If there is no significant performance gain from this, this commit will be reverted. To enable this, USE_RAMDISK must be set to 1 in .config. Signed-off-by: Michael Tremer commit 53ac9dd222aac232b35d0c1ce453eaf4cacc3419 Author: Matthias Fischer Date: Wed Dec 12 20:41:54 2018 +0100 unbound: Update to 1.8.3 For details see: https://nlnetlabs.nl/svn/unbound/tags/release-1.8.3/doc/Changelog "Fix dns64 allocation in wrong region for returned internal queries." Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit edff2bb85107c411d890b0ad4c55305fd9297566 Author: Michael Tremer Date: Thu Dec 13 13:11:01 2018 +0000 core127: Ship updated grub It doesn't need to be re-installed because no system with that configuration should exist right now. Signed-off-by: Michael Tremer commit 848ac6900974f8ac3718c0ea4febec6e56954823 Author: Stefan Schantl Date: Thu Dec 13 12:52:50 2018 +0100 grub: xfs: Accept filesystem with sparse inodes Signed-off-by: Stefan Schantl Tested-by: Stefan Schantl Signed-off-by: Michael Tremer commit 81e1e80e38609e01f98af649ee38e064420bab3d Author: Michael Tremer Date: Wed Dec 12 11:34:12 2018 +0000 AWS: Prefer red* or eth* when importing configuration This change is necessary to make sure that the script prefers are link with internet access. That would usually be red (after the second boot) or eth* (on the first boot). That allows (and ensures) that we can install packages in the user-data script. Signed-off-by: Michael Tremer commit 58e840bd96d6f7e34d332d8b18c95857ced5ca1d Author: Michael Tremer Date: Tue Dec 11 20:43:24 2018 +0000 installer: Intialize part_boot_efi_idx This variable was not initialized on systems where EFI was not in use. Therefore the generated parted command line was not valid and caused the installation to abort. Signed-off-by: Michael Tremer commit de4f303186927ad1a7a8ff1ec221583d0f8ca047 Author: Michael Tremer Date: Tue Dec 11 19:46:10 2018 +0000 core127: Ship updated unbound Signed-off-by: Michael Tremer commit 707846392ee8108d15095d7bc5ee1f43a967053f Author: Matthias Fischer Date: Sat Dec 8 18:13:23 2018 +0100 unbound: Update to 1.8.2 For details see: https://nlnetlabs.nl/projects/unbound/download/ Best, Matthias Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit 5df66de303e799537e73c590ead94950f24f38ca Author: Matthias Fischer Date: Sat Dec 8 18:21:19 2018 +0100 clamav: Update to 0.101.0 For details see: https://blog.clamav.net/ Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit 8b02a92fe73e16538940aa030e4bcb389cce7f67 Author: Michael Tremer Date: Tue Dec 11 19:41:31 2018 +0000 core127: Ship updated fireinfo Signed-off-by: Michael Tremer commit 66f7b646cd6bf3a1f34d2ad998caad90f3c6c4fc Author: Michael Tremer Date: Tue Dec 11 19:41:09 2018 +0000 Start Core Update 127 Signed-off-by: Michael Tremer commit 7e17de5f863a96d2f4e67fd27daeade3b1b1d471 Author: Michael Tremer Date: Tue Dec 11 19:38:21 2018 +0000 fireinfo: Add authentication for upstream proxies Signed-off-by: Michael Tremer commit adde1ca8ce1588997936f5b22687525a2e6637b2 Merge: c519be422 ed4bbe44d Author: Arne Fitzenreiter Date: Tue Dec 11 08:01:59 2018 +0100 Merge branch 'master' into next commit c519be42262c629abac86fb251a3f3921d42310d Author: Michael Tremer Date: Mon Dec 10 00:36:04 2018 +0000 haproxy: Create/restore backup when package is installed/uninstalled Fixes: #11946 Signed-off-by: Michael Tremer ----------------------------------------------------------------------- hooks/post-receive -- IPFire 2.x development tree