From: Michael Tremer <git@ipfire.org>
To: ipfire-scm@lists.ipfire.org
Subject: [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 527078e439fc7376c3a7da3ae8551c853e99e2b7
Date: Thu, 13 Jun 2019 13:01:31 +0100 [thread overview]
Message-ID: <20190613120132.A82BF84FDC0@people01.i.ipfire.org> (raw)
[-- Attachment #1: Type: text/plain, Size: 27322 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via 527078e439fc7376c3a7da3ae8551c853e99e2b7 (commit)
via 69772b7dda05726077fa5c70e86f41169a91534f (commit)
via ce46df9b83d15033156845e19e9a386e52a0a1cd (commit)
via e263c29c929e69e345833f436d4958d88264020c (commit)
via 91056adea5d6e203f41e7743443eb61ed2b885cf (commit)
from 043e7aa50ff36e65eb0d6a341b09301ce25795f0 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 527078e439fc7376c3a7da3ae8551c853e99e2b7
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed Jun 12 17:25:13 2019 +0100
core134: Ship updated OpenSSL
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 69772b7dda05726077fa5c70e86f41169a91534f
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon Jun 10 18:55:00 2019 +0000
OpenSSL: lower priority for CBC ciphers in default cipherlist
In order to avoid CBC ciphers as often as possible (they contain
some known vulnerabilities), this changes the OpenSSL default
ciphersuite to:
TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD
TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD
ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384
ECDHE-ECDSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=Camellia(256) Mac=SHA384
ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384
ECDHE-RSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=Camellia(256) Mac=SHA384
ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256
ECDHE-ECDSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=Camellia(128) Mac=SHA256
ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256
ECDHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=Camellia(128) Mac=SHA256
DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD
DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256
DHE-RSA-CAMELLIA256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA256
DHE-RSA-AES128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(128) Mac=SHA256
DHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA256
ECDHE-ECDSA-AES256-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1
ECDHE-ECDSA-AES128-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA1
ECDHE-RSA-AES256-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1
ECDHE-RSA-AES128-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1
DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1
DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA1
DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1
DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA1
AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD
AES128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(128) Mac=AEAD
AES256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA256
CAMELLIA256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA256
AES128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA256
CAMELLIA128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=Camellia(128) Mac=SHA256
AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
CAMELLIA256-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA1
AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1
CAMELLIA128-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(128) Mac=SHA1
Since TLS servers usually override the clients' preference with their
own, this will neither break existing setups nor introduce huge
differences in the wild. Unfortunately, CBC ciphers cannot be disabled
at all, as they are still used by popular web sites.
TLS 1.3 ciphers will be added implicitly and can be omitted in the
ciphersting. Chacha20/Poly1305 is preferred over AES-GCM due to missing
AES-NI support for the majority of installations reporting to Fireinfo
(see https://fireinfo.ipfire.org/processors for details, AES-NI support
is 28.22% at the time of writing).
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit ce46df9b83d15033156845e19e9a386e52a0a1cd
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed Jun 12 17:18:23 2019 +0100
Start Core Update 134
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit e263c29c929e69e345833f436d4958d88264020c
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed Jun 12 17:14:28 2019 +0100
unbound: Make some zones type-transparent
If we remove other records (like MX) from the response, we won't
be able to send mail to those hosts any more.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 91056adea5d6e203f41e7743443eb61ed2b885cf
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed Jun 12 17:11:32 2019 +0100
unbound: Add yandex.com to safe search feature
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
config/rootfiles/core/{133 => 134}/exclude | 0
config/rootfiles/{oldcore/113 => core/134}/filelists/files | 2 +-
.../{oldcore/100 => core/134}/filelists/i586/openssl-sse2 | 0
config/rootfiles/core/{133 => 134}/filelists/openssl | 0
config/rootfiles/{oldcore/130 => core/134}/update.sh | 9 ++-------
config/rootfiles/{core => oldcore}/133/exclude | 0
.../{core => oldcore}/133/filelists/aarch64/binutils | 0
config/rootfiles/{core => oldcore}/133/filelists/aarch64/gcc | 0
.../rootfiles/{core => oldcore}/133/filelists/aarch64/glibc | 0
.../{core => oldcore}/133/filelists/armv5tel/binutils | 0
.../rootfiles/{core => oldcore}/133/filelists/armv5tel/gcc | 0
.../rootfiles/{core => oldcore}/133/filelists/armv5tel/glibc | 0
config/rootfiles/{core => oldcore}/133/filelists/bind | 0
config/rootfiles/{core => oldcore}/133/filelists/files | 0
.../rootfiles/{core => oldcore}/133/filelists/i586/binutils | 0
config/rootfiles/{core => oldcore}/133/filelists/i586/gcc | 0
config/rootfiles/{core => oldcore}/133/filelists/i586/glibc | 0
.../rootfiles/{core => oldcore}/133/filelists/i586/hyperscan | 0
.../{core => oldcore}/133/filelists/ids-ruleset-sources | 0
config/rootfiles/{core => oldcore}/133/filelists/knot | 0
config/rootfiles/{core => oldcore}/133/filelists/openssl | 0
config/rootfiles/{core => oldcore}/133/filelists/pam | 0
config/rootfiles/{core => oldcore}/133/filelists/rrdtool | 0
config/rootfiles/{core => oldcore}/133/filelists/squid | 0
config/rootfiles/{core => oldcore}/133/filelists/strongswan | 0
config/rootfiles/{core => oldcore}/133/filelists/suricata | 0
.../rootfiles/{core => oldcore}/133/filelists/wpa_supplicant | 0
.../{core => oldcore}/133/filelists/x86_64/binutils | 0
config/rootfiles/{core => oldcore}/133/filelists/x86_64/gcc | 0
.../rootfiles/{core => oldcore}/133/filelists/x86_64/glibc | 0
.../{core => oldcore}/133/filelists/x86_64/hyperscan | 0
config/rootfiles/{core => oldcore}/133/update.sh | 0
lfs/openssl | 2 +-
make.sh | 2 +-
src/initscripts/system/unbound | 12 ++++++++----
...herlist.patch => openssl-1.1.1c-default-cipherlist.patch} | 8 ++++----
36 files changed, 17 insertions(+), 18 deletions(-)
copy config/rootfiles/core/{133 => 134}/exclude (100%)
copy config/rootfiles/{oldcore/113 => core/134}/filelists/files (66%)
copy config/rootfiles/{oldcore/100 => core/134}/filelists/i586/openssl-sse2 (100%)
copy config/rootfiles/core/{133 => 134}/filelists/openssl (100%)
copy config/rootfiles/{oldcore/130 => core/134}/update.sh (93%)
rename config/rootfiles/{core => oldcore}/133/exclude (100%)
rename config/rootfiles/{core => oldcore}/133/filelists/aarch64/binutils (100%)
rename config/rootfiles/{core => oldcore}/133/filelists/aarch64/gcc (100%)
rename config/rootfiles/{core => oldcore}/133/filelists/aarch64/glibc (100%)
rename config/rootfiles/{core => oldcore}/133/filelists/armv5tel/binutils (100%)
rename config/rootfiles/{core => oldcore}/133/filelists/armv5tel/gcc (100%)
rename config/rootfiles/{core => oldcore}/133/filelists/armv5tel/glibc (100%)
rename config/rootfiles/{core => oldcore}/133/filelists/bind (100%)
rename config/rootfiles/{core => oldcore}/133/filelists/files (100%)
rename config/rootfiles/{core => oldcore}/133/filelists/i586/binutils (100%)
rename config/rootfiles/{core => oldcore}/133/filelists/i586/gcc (100%)
rename config/rootfiles/{core => oldcore}/133/filelists/i586/glibc (100%)
rename config/rootfiles/{core => oldcore}/133/filelists/i586/hyperscan (100%)
rename config/rootfiles/{core => oldcore}/133/filelists/ids-ruleset-sources (100%)
rename config/rootfiles/{core => oldcore}/133/filelists/knot (100%)
rename config/rootfiles/{core => oldcore}/133/filelists/openssl (100%)
rename config/rootfiles/{core => oldcore}/133/filelists/pam (100%)
rename config/rootfiles/{core => oldcore}/133/filelists/rrdtool (100%)
rename config/rootfiles/{core => oldcore}/133/filelists/squid (100%)
rename config/rootfiles/{core => oldcore}/133/filelists/strongswan (100%)
rename config/rootfiles/{core => oldcore}/133/filelists/suricata (100%)
rename config/rootfiles/{core => oldcore}/133/filelists/wpa_supplicant (100%)
rename config/rootfiles/{core => oldcore}/133/filelists/x86_64/binutils (100%)
rename config/rootfiles/{core => oldcore}/133/filelists/x86_64/gcc (100%)
rename config/rootfiles/{core => oldcore}/133/filelists/x86_64/glibc (100%)
rename config/rootfiles/{core => oldcore}/133/filelists/x86_64/hyperscan (100%)
rename config/rootfiles/{core => oldcore}/133/update.sh (100%)
rename src/patches/{openssl-1.1.1a-default-cipherlist.patch => openssl-1.1.1c-default-cipherlist.patch} (66%)
Difference in files:
diff --git a/config/rootfiles/core/133/exclude b/config/rootfiles/core/134/exclude
similarity index 100%
rename from config/rootfiles/core/133/exclude
rename to config/rootfiles/core/134/exclude
diff --git a/config/rootfiles/core/134/filelists/files b/config/rootfiles/core/134/filelists/files
new file mode 100644
index 000000000..25ade1735
--- /dev/null
+++ b/config/rootfiles/core/134/filelists/files
@@ -0,0 +1,5 @@
+etc/system-release
+etc/issue
+etc/rc.d/init.d/unbound
+srv/web/ipfire/cgi-bin/credits.cgi
+var/ipfire/langs
diff --git a/config/rootfiles/core/134/filelists/i586/openssl-sse2 b/config/rootfiles/core/134/filelists/i586/openssl-sse2
new file mode 120000
index 000000000..f424713d6
--- /dev/null
+++ b/config/rootfiles/core/134/filelists/i586/openssl-sse2
@@ -0,0 +1 @@
+../../../../common/i586/openssl-sse2
\ No newline at end of file
diff --git a/config/rootfiles/core/133/filelists/openssl b/config/rootfiles/core/134/filelists/openssl
similarity index 100%
rename from config/rootfiles/core/133/filelists/openssl
rename to config/rootfiles/core/134/filelists/openssl
diff --git a/config/rootfiles/core/134/update.sh b/config/rootfiles/core/134/update.sh
new file mode 100644
index 000000000..30fe9c529
--- /dev/null
+++ b/config/rootfiles/core/134/update.sh
@@ -0,0 +1,60 @@
+#!/bin/bash
+############################################################################
+# #
+# This file is part of the IPFire Firewall. #
+# #
+# IPFire is free software; you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation; either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# IPFire is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with IPFire; if not, write to the Free Software #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
+# #
+# Copyright (C) 2019 IPFire-Team <info(a)ipfire.org>. #
+# #
+############################################################################
+#
+. /opt/pakfire/lib/functions.sh
+/usr/local/bin/backupctrl exclude >/dev/null 2>&1
+
+core=134
+
+# Remove old core updates from pakfire cache to save space...
+for (( i=1; i<=$core; i++ )); do
+ rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire
+done
+
+# Stop services
+
+# Extract files
+extract_files
+
+# update linker config
+ldconfig
+
+# Update Language cache
+/usr/local/bin/update-lang-cache
+
+# Start services
+/etc/init.d/unbound restart
+
+# Finish
+/etc/init.d/fireinfo start
+sendprofile
+
+# Update grub config to display new core version
+if [ -e /boot/grub/grub.cfg ]; then
+ grub-mkconfig -o /boot/grub/grub.cfg
+fi
+
+sync
+
+# Don't report the exitcode last command
+exit 0
diff --git a/config/rootfiles/oldcore/133/exclude b/config/rootfiles/oldcore/133/exclude
new file mode 100644
index 000000000..b22159878
--- /dev/null
+++ b/config/rootfiles/oldcore/133/exclude
@@ -0,0 +1,28 @@
+boot/config.txt
+boot/grub/grub.cfg
+boot/grub/grubenv
+etc/alternatives
+etc/collectd.custom
+etc/default/grub
+etc/ipsec.conf
+etc/ipsec.secrets
+etc/ipsec.user.conf
+etc/ipsec.user.secrets
+etc/localtime
+etc/shadow
+etc/snort/snort.conf
+etc/ssl/openssl.cnf
+etc/sudoers
+etc/sysconfig/firewall.local
+etc/sysconfig/rc.local
+etc/udev/rules.d/30-persistent-network.rules
+srv/web/ipfire/html/proxy.pac
+var/ipfire/dma
+var/ipfire/time
+var/ipfire/ovpn
+var/lib/alternatives
+var/log/cache
+var/log/dhcpcd.log
+var/log/messages
+var/state/dhcp/dhcpd.leases
+var/updatecache
diff --git a/config/rootfiles/core/133/filelists/aarch64/binutils b/config/rootfiles/oldcore/133/filelists/aarch64/binutils
similarity index 100%
rename from config/rootfiles/core/133/filelists/aarch64/binutils
rename to config/rootfiles/oldcore/133/filelists/aarch64/binutils
diff --git a/config/rootfiles/core/133/filelists/aarch64/gcc b/config/rootfiles/oldcore/133/filelists/aarch64/gcc
similarity index 100%
rename from config/rootfiles/core/133/filelists/aarch64/gcc
rename to config/rootfiles/oldcore/133/filelists/aarch64/gcc
diff --git a/config/rootfiles/core/133/filelists/aarch64/glibc b/config/rootfiles/oldcore/133/filelists/aarch64/glibc
similarity index 100%
rename from config/rootfiles/core/133/filelists/aarch64/glibc
rename to config/rootfiles/oldcore/133/filelists/aarch64/glibc
diff --git a/config/rootfiles/core/133/filelists/armv5tel/binutils b/config/rootfiles/oldcore/133/filelists/armv5tel/binutils
similarity index 100%
rename from config/rootfiles/core/133/filelists/armv5tel/binutils
rename to config/rootfiles/oldcore/133/filelists/armv5tel/binutils
diff --git a/config/rootfiles/core/133/filelists/armv5tel/gcc b/config/rootfiles/oldcore/133/filelists/armv5tel/gcc
similarity index 100%
rename from config/rootfiles/core/133/filelists/armv5tel/gcc
rename to config/rootfiles/oldcore/133/filelists/armv5tel/gcc
diff --git a/config/rootfiles/core/133/filelists/armv5tel/glibc b/config/rootfiles/oldcore/133/filelists/armv5tel/glibc
similarity index 100%
rename from config/rootfiles/core/133/filelists/armv5tel/glibc
rename to config/rootfiles/oldcore/133/filelists/armv5tel/glibc
diff --git a/config/rootfiles/core/133/filelists/bind b/config/rootfiles/oldcore/133/filelists/bind
similarity index 100%
rename from config/rootfiles/core/133/filelists/bind
rename to config/rootfiles/oldcore/133/filelists/bind
diff --git a/config/rootfiles/core/133/filelists/files b/config/rootfiles/oldcore/133/filelists/files
similarity index 100%
rename from config/rootfiles/core/133/filelists/files
rename to config/rootfiles/oldcore/133/filelists/files
diff --git a/config/rootfiles/core/133/filelists/i586/binutils b/config/rootfiles/oldcore/133/filelists/i586/binutils
similarity index 100%
rename from config/rootfiles/core/133/filelists/i586/binutils
rename to config/rootfiles/oldcore/133/filelists/i586/binutils
diff --git a/config/rootfiles/core/133/filelists/i586/gcc b/config/rootfiles/oldcore/133/filelists/i586/gcc
similarity index 100%
rename from config/rootfiles/core/133/filelists/i586/gcc
rename to config/rootfiles/oldcore/133/filelists/i586/gcc
diff --git a/config/rootfiles/core/133/filelists/i586/glibc b/config/rootfiles/oldcore/133/filelists/i586/glibc
similarity index 100%
rename from config/rootfiles/core/133/filelists/i586/glibc
rename to config/rootfiles/oldcore/133/filelists/i586/glibc
diff --git a/config/rootfiles/core/133/filelists/i586/hyperscan b/config/rootfiles/oldcore/133/filelists/i586/hyperscan
similarity index 100%
rename from config/rootfiles/core/133/filelists/i586/hyperscan
rename to config/rootfiles/oldcore/133/filelists/i586/hyperscan
diff --git a/config/rootfiles/core/133/filelists/ids-ruleset-sources b/config/rootfiles/oldcore/133/filelists/ids-ruleset-sources
similarity index 100%
rename from config/rootfiles/core/133/filelists/ids-ruleset-sources
rename to config/rootfiles/oldcore/133/filelists/ids-ruleset-sources
diff --git a/config/rootfiles/core/133/filelists/knot b/config/rootfiles/oldcore/133/filelists/knot
similarity index 100%
rename from config/rootfiles/core/133/filelists/knot
rename to config/rootfiles/oldcore/133/filelists/knot
diff --git a/config/rootfiles/oldcore/133/filelists/openssl b/config/rootfiles/oldcore/133/filelists/openssl
new file mode 120000
index 000000000..e011a9266
--- /dev/null
+++ b/config/rootfiles/oldcore/133/filelists/openssl
@@ -0,0 +1 @@
+../../../common/openssl
\ No newline at end of file
diff --git a/config/rootfiles/core/133/filelists/pam b/config/rootfiles/oldcore/133/filelists/pam
similarity index 100%
rename from config/rootfiles/core/133/filelists/pam
rename to config/rootfiles/oldcore/133/filelists/pam
diff --git a/config/rootfiles/core/133/filelists/rrdtool b/config/rootfiles/oldcore/133/filelists/rrdtool
similarity index 100%
rename from config/rootfiles/core/133/filelists/rrdtool
rename to config/rootfiles/oldcore/133/filelists/rrdtool
diff --git a/config/rootfiles/core/133/filelists/squid b/config/rootfiles/oldcore/133/filelists/squid
similarity index 100%
rename from config/rootfiles/core/133/filelists/squid
rename to config/rootfiles/oldcore/133/filelists/squid
diff --git a/config/rootfiles/core/133/filelists/strongswan b/config/rootfiles/oldcore/133/filelists/strongswan
similarity index 100%
rename from config/rootfiles/core/133/filelists/strongswan
rename to config/rootfiles/oldcore/133/filelists/strongswan
diff --git a/config/rootfiles/core/133/filelists/suricata b/config/rootfiles/oldcore/133/filelists/suricata
similarity index 100%
rename from config/rootfiles/core/133/filelists/suricata
rename to config/rootfiles/oldcore/133/filelists/suricata
diff --git a/config/rootfiles/core/133/filelists/wpa_supplicant b/config/rootfiles/oldcore/133/filelists/wpa_supplicant
similarity index 100%
rename from config/rootfiles/core/133/filelists/wpa_supplicant
rename to config/rootfiles/oldcore/133/filelists/wpa_supplicant
diff --git a/config/rootfiles/core/133/filelists/x86_64/binutils b/config/rootfiles/oldcore/133/filelists/x86_64/binutils
similarity index 100%
rename from config/rootfiles/core/133/filelists/x86_64/binutils
rename to config/rootfiles/oldcore/133/filelists/x86_64/binutils
diff --git a/config/rootfiles/core/133/filelists/x86_64/gcc b/config/rootfiles/oldcore/133/filelists/x86_64/gcc
similarity index 100%
rename from config/rootfiles/core/133/filelists/x86_64/gcc
rename to config/rootfiles/oldcore/133/filelists/x86_64/gcc
diff --git a/config/rootfiles/core/133/filelists/x86_64/glibc b/config/rootfiles/oldcore/133/filelists/x86_64/glibc
similarity index 100%
rename from config/rootfiles/core/133/filelists/x86_64/glibc
rename to config/rootfiles/oldcore/133/filelists/x86_64/glibc
diff --git a/config/rootfiles/core/133/filelists/x86_64/hyperscan b/config/rootfiles/oldcore/133/filelists/x86_64/hyperscan
similarity index 100%
rename from config/rootfiles/core/133/filelists/x86_64/hyperscan
rename to config/rootfiles/oldcore/133/filelists/x86_64/hyperscan
diff --git a/config/rootfiles/core/133/update.sh b/config/rootfiles/oldcore/133/update.sh
similarity index 100%
rename from config/rootfiles/core/133/update.sh
rename to config/rootfiles/oldcore/133/update.sh
diff --git a/lfs/openssl b/lfs/openssl
index 9f9e7a684..47bd4aff0 100644
--- a/lfs/openssl
+++ b/lfs/openssl
@@ -117,7 +117,7 @@ $(subst %,%_MD5,$(objects)) :
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.1.1a-default-cipherlist.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.1.1c-default-cipherlist.patch
# Apply our CFLAGS
cd $(DIR_APP) && sed -i Configure \
diff --git a/make.sh b/make.sh
index cdf5bbed7..5b1e0ed99 100755
--- a/make.sh
+++ b/make.sh
@@ -26,7 +26,7 @@ NAME="IPFire" # Software name
SNAME="ipfire" # Short name
# If you update the version don't forget to update backupiso and add it to core update
VERSION="2.23" # Version number
-CORE="133" # Core Level (Filename)
+CORE="134" # Core Level (Filename)
PAKFIRE_CORE="133" # Core Level (PAKFIRE)
GIT_BRANCH=`git rev-parse --abbrev-ref HEAD` # Git Branch
SLOGAN="www.ipfire.org" # Software slogan
diff --git a/src/initscripts/system/unbound b/src/initscripts/system/unbound
index e797079c4..34b3e06fd 100644
--- a/src/initscripts/system/unbound
+++ b/src/initscripts/system/unbound
@@ -711,13 +711,13 @@ write_safe_search_conf() {
echo "server:"
# Bing
- echo " local-zone: www.bing.com transparent"
+ echo " local-zone: bing.com transparent"
for address in $(resolve "strict.bing.com"); do
echo " local-data: \"www.bing.com ${LOCAL_TTL} IN A ${address}\""
done
# DuckDuckGo
- echo " local-zone: duckduckgo.com transparent"
+ echo " local-zone: duckduckgo.com typetransparent"
for address in $(resolve "safe.duckduckgo.com"); do
echo " local-data: \"duckduckgo.com ${LOCAL_TTL} IN A ${address}\""
done
@@ -733,8 +733,12 @@ write_safe_search_conf() {
done
# Yandex
- echo " local-zone: yandex.ru transparent"
- echo " local-data: \"yandex.ru A 213.180.193.56\""
+ for domain in yandex.com yandex.ru; do
+ echo " local-zone: ${domain} typetransparent"
+ for address in $(resolve "familysearch.${domain}"); do
+ echo " local-data: \"${domain} ${LOCAL_TTL} IN A ${address}\""
+ done
+ done
# YouTube
echo " local-zone: youtube.com transparent"
diff --git a/src/patches/openssl-1.1.1a-default-cipherlist.patch b/src/patches/openssl-1.1.1c-default-cipherlist.patch
similarity index 66%
rename from src/patches/openssl-1.1.1a-default-cipherlist.patch
rename to src/patches/openssl-1.1.1c-default-cipherlist.patch
index dfe156bf5..72f6ce3b1 100644
--- a/src/patches/openssl-1.1.1a-default-cipherlist.patch
+++ b/src/patches/openssl-1.1.1c-default-cipherlist.patch
@@ -1,11 +1,12 @@
---- openssl-1.1.1.orig/include/openssl/ssl.h 2018-09-11 14:48:23.000000000 +0200
-+++ openssl-1.1.1/include/openssl/ssl.h 2018-11-05 16:55:03.935513159 +0100
+diff -Naur openssl-1.1.1c.orig/include/openssl/ssl.h openssl-1.1.1c/include/openssl/ssl.h
+--- openssl-1.1.1c.orig/include/openssl/ssl.h 2019-06-10 20:41:21.209140012 +0200
++++ openssl-1.1.1c/include/openssl/ssl.h 2019-06-10 20:42:26.733973129 +0200
@@ -170,11 +170,11 @@
* an application-defined cipher list string starts with 'DEFAULT'.
* This applies to ciphersuites for TLSv1.2 and below.
*/
-# define SSL_DEFAULT_CIPHER_LIST "ALL:!COMPLEMENTOFDEFAULT:!eNULL"
-+# define SSL_DEFAULT_CIPHER_LIST "TLSv1.3:CHACHA20:HIGH:+DH:+aRSA:+SHA:+kRSA:!aNULL:!eNULL:!SRP:!PSK:!DSS:!AESCCM"
++# define SSL_DEFAULT_CIPHER_LIST "CHACHA20:HIGH:+aRSA:+SHA384:+SHA256:+DH:+SHA:+kRSA:!eNULL:!aNULL:!PSK:!SRP:!AESCCM:!DSS"
/* This is the default set of TLSv1.3 ciphersuites */
# if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
-# define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \
@@ -15,4 +16,3 @@
"TLS_AES_128_GCM_SHA256"
# else
# define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \
-
hooks/post-receive
--
IPFire 2.x development tree
reply other threads:[~2019-06-13 12:01 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190613120132.A82BF84FDC0@people01.i.ipfire.org \
--to=git@ipfire.org \
--cc=ipfire-scm@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox