From: Arne Fitzenreiter <git@ipfire.org>
To: ipfire-scm@lists.ipfire.org
Subject: [git.ipfire.org] IPFire 2.x development tree branch, core134, created. c6e032e13d5d1eff16189c50229f00522835aae5
Date: Sat, 22 Jun 2019 07:50:00 +0100 [thread overview]
Message-ID: <20190622065001.3F36084FDBF@people01.i.ipfire.org> (raw)
[-- Attachment #1: Type: text/plain, Size: 14307 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, core134 has been created
at c6e032e13d5d1eff16189c50229f00522835aae5 (commit)
- Log -----------------------------------------------------------------
commit c6e032e13d5d1eff16189c50229f00522835aae5
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Sat Jun 22 08:47:55 2019 +0200
finish core134
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit c8ee8f37d401a16db0a3a784301f94b71964860c
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Fri Jun 21 01:39:42 2019 +0100
Update contributors
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 92f6c5ed861c9e7597cf8e882d96277a8b40e494
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Fri Jun 21 01:38:59 2019 +0100
core134: Ship updated firewall initscript
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 7866fa2513693d7bde786c2924b1118f0488c30c
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Fri Jun 21 01:38:22 2019 +0100
core134: Ship updated bind
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit f3959d13e858f4768f45244a3792851acda740d8
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Fri Jun 21 14:31:26 2019 +0200
bind: Update to 9.11.8
For Details see:
https://downloads.isc.org/isc/bind9/9.11.8/RELEASE-NOTES-bind-9.11.8.html
"Security Fixes
A race condition could trigger an assertion failure when a large number
of incoming packets were being rejected.
This flaw is disclosed in CVE-2019-6471. [GL #942]"
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 1722701a9aab07e1a96ae25d2cedcbac403ddb76
Author: Alexander Marx <alexander.marx(a)ipfire.org>
Date: Thu Jun 20 07:04:30 2019 +0200
BUG12015: Redirecting to Captive portal does not work after IPFire restart
When the Captive portal is enabled, the needed firewall rules are applied. But when restarting IPFire,
the rules are not applied because there is no call to do so.
Added call to captivectrl in the initscrip 'firewall'.
Fixes: #12015
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 744f16e45a9d7923f99ee8ce6e2cbebda131824c
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Fri Jun 21 11:58:58 2019 +0200
core134: ship core133 late fixes again
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 70dd356329f2f5617a0f4572d15c2d6ae94e1c6f
Merge: 3a8fef331 0dd16f404
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Thu Jun 20 09:35:59 2019 +0200
Merge remote-tracking branch 'origin/master' into next
commit 3a8fef331dd2950705c1d32ec314fa72a84463d9
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Thu Jun 20 09:33:17 2019 +0200
kernel: remove RPi DMA allignment revert
TODO: test if RPi works without now or if we need to
revert more of the allignment patches.
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 70590cef482e17063838e62ad1aad349ef1133b5
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Wed Jun 19 21:01:29 2019 +0200
Kernel: update to 4.14.128
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 4b64da2914c53c4fad16341c17fc23b88f356f4e
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Jun 18 22:35:23 2019 +0100
core134: Ship updated vim
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit beac38454154ceb878c9f73dd9834f3324f086be
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Wed Jun 19 13:24:06 2019 +0200
Remove old vim 7.4 data
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 98f55e136fe482f8c191ba5c541887ce2d0007ec
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Wed Jun 19 13:24:05 2019 +0200
vim: Update to 8.1
Please note:
If this gets merged, the update process must deal with the otherwise remaining
files in '/usr/share/vim74' (~16 MB).
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit d3e88203308ea22105d12d6ebfb08f81e0efbdc8
Author: Stéphane Pautrel <stephane.pautrel(a)gmail.com>
Date: Tue Jun 18 20:01:23 2019 +0100
Update French translation
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit a04eedfe7da2719452d6f683c05ca644cda71195
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Tue Jun 18 18:49:46 2019 +0200
core134: add kernel to updater
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 15ca18a3d9efbe8879e8b22f1f72eaeb596ca2f9
Merge: 82c279a51 7516e8b7f
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Tue Jun 18 18:42:02 2019 +0200
Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next
commit 82c279a518613a2a9ba200e14629c0171d0c4233
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Tue Jun 18 18:41:19 2019 +0200
kernel: update to 4.14.127
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 1a129822af7e4e574ee5ca8e6c973b560d563324
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Tue Jun 18 14:36:02 2019 +0200
linux-pae: fix grub.conf creation on pv machines
on some systems it seems that grub2 and it config also exist.
commit 7516e8b7f1edff1ff59c1e8ac3f342c66bada85d
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Jun 18 09:13:21 2019 +0100
core134: Ship changed general-functions.pl
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit cc724c142aa71d9e33d923599f31ec19bd2072e2
Author: Alexander Marx <alexander.marx(a)ipfire.org>
Date: Tue Jun 18 09:55:35 2019 +0200
BUG12070: Its not possible to use the underscore in email addresses
Using IPFire's Mailservice does not allow to enter a senders mail address with the underscore.
The function used to verify that is used from general-functions.pl.
Now the function 'validemail' allows the underscore in the address.
Fixes: #12070
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 82899ad1ce895d3b2348b6c7eb6179096e3724aa
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Mon Jun 17 17:40:37 2019 +0100
core134: Ship updated unbound
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 2f278de868f0a62f03bf6f32d76309a0c1d8f9fe
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Mon Jun 17 21:11:00 2019 +0200
unbound: Update to 1.9.2
For details see:
https://nlnetlabs.nl/pipermail/unbound-users/2019-June/011632.html
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 1307df22574f5c4a04b79510b181e17fa33bad5d
Merge: f5662122b faec909e1
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Sat Jun 15 18:09:06 2019 +0200
Merge branch 'master' into next
commit f5662122b5d5e1dba35d8de599597ac9f1870623
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Fri Jun 14 22:09:47 2019 +0200
hyperscan: increase min RAM per buildprocess to 1GB
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 527078e439fc7376c3a7da3ae8551c853e99e2b7
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed Jun 12 17:25:13 2019 +0100
core134: Ship updated OpenSSL
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 69772b7dda05726077fa5c70e86f41169a91534f
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Mon Jun 10 18:55:00 2019 +0000
OpenSSL: lower priority for CBC ciphers in default cipherlist
In order to avoid CBC ciphers as often as possible (they contain
some known vulnerabilities), this changes the OpenSSL default
ciphersuite to:
TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD
TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD
ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384
ECDHE-ECDSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=Camellia(256) Mac=SHA384
ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384
ECDHE-RSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=Camellia(256) Mac=SHA384
ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256
ECDHE-ECDSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=Camellia(128) Mac=SHA256
ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256
ECDHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=Camellia(128) Mac=SHA256
DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD
DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256
DHE-RSA-CAMELLIA256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA256
DHE-RSA-AES128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(128) Mac=SHA256
DHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA256
ECDHE-ECDSA-AES256-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1
ECDHE-ECDSA-AES128-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA1
ECDHE-RSA-AES256-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1
ECDHE-RSA-AES128-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1
DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1
DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA1
DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1
DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA1
AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD
AES128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(128) Mac=AEAD
AES256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA256
CAMELLIA256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA256
AES128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA256
CAMELLIA128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=Camellia(128) Mac=SHA256
AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
CAMELLIA256-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA1
AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1
CAMELLIA128-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(128) Mac=SHA1
Since TLS servers usually override the clients' preference with their
own, this will neither break existing setups nor introduce huge
differences in the wild. Unfortunately, CBC ciphers cannot be disabled
at all, as they are still used by popular web sites.
TLS 1.3 ciphers will be added implicitly and can be omitted in the
ciphersting. Chacha20/Poly1305 is preferred over AES-GCM due to missing
AES-NI support for the majority of installations reporting to Fireinfo
(see https://fireinfo.ipfire.org/processors for details, AES-NI support
is 28.22% at the time of writing).
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit ce46df9b83d15033156845e19e9a386e52a0a1cd
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed Jun 12 17:18:23 2019 +0100
Start Core Update 134
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit e263c29c929e69e345833f436d4958d88264020c
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed Jun 12 17:14:28 2019 +0100
unbound: Make some zones type-transparent
If we remove other records (like MX) from the response, we won't
be able to send mail to those hosts any more.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 91056adea5d6e203f41e7743443eb61ed2b885cf
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed Jun 12 17:11:32 2019 +0100
unbound: Add yandex.com to safe search feature
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 043e7aa50ff36e65eb0d6a341b09301ce25795f0
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Jun 13 11:12:07 2019 +0100
unbound: safe search: Resolve hosts at startup
unbound is not able to expand CNAMEs in local-data. Therefore we
have to do it manually at startup.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
-----------------------------------------------------------------------
hooks/post-receive
--
IPFire 2.x development tree
reply other threads:[~2019-06-22 6:50 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190622065001.3F36084FDBF@people01.i.ipfire.org \
--to=git@ipfire.org \
--cc=ipfire-scm@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox