From mboxrd@z Thu Jan 1 00:00:00 1970 From: Arne Fitzenreiter To: ipfire-scm@lists.ipfire.org Subject: [git.ipfire.org] IPFire 2.x development tree branch, core134, created. c6e032e13d5d1eff16189c50229f00522835aae5 Date: Sat, 22 Jun 2019 07:50:00 +0100 Message-ID: <20190622065001.3F36084FDBF@people01.i.ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============5961143236328933445==" List-Id: --===============5961143236328933445== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree". The branch, core134 has been created at c6e032e13d5d1eff16189c50229f00522835aae5 (commit) - Log ----------------------------------------------------------------- commit c6e032e13d5d1eff16189c50229f00522835aae5 Author: Arne Fitzenreiter Date: Sat Jun 22 08:47:55 2019 +0200 finish core134 =20 Signed-off-by: Arne Fitzenreiter commit c8ee8f37d401a16db0a3a784301f94b71964860c Author: Michael Tremer Date: Fri Jun 21 01:39:42 2019 +0100 Update contributors =20 Signed-off-by: Michael Tremer commit 92f6c5ed861c9e7597cf8e882d96277a8b40e494 Author: Michael Tremer Date: Fri Jun 21 01:38:59 2019 +0100 core134: Ship updated firewall initscript =20 Signed-off-by: Michael Tremer commit 7866fa2513693d7bde786c2924b1118f0488c30c Author: Michael Tremer Date: Fri Jun 21 01:38:22 2019 +0100 core134: Ship updated bind =20 Signed-off-by: Michael Tremer commit f3959d13e858f4768f45244a3792851acda740d8 Author: Matthias Fischer Date: Fri Jun 21 14:31:26 2019 +0200 bind: Update to 9.11.8 =20 For Details see: https://downloads.isc.org/isc/bind9/9.11.8/RELEASE-NOTES-bind-9.11.8.html =20 "Security Fixes A race condition could trigger an assertion failure when a large numb= er of incoming packets were being rejected. This flaw is disclosed in CVE-2019-6471. [GL #942]" =20 Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit 1722701a9aab07e1a96ae25d2cedcbac403ddb76 Author: Alexander Marx Date: Thu Jun 20 07:04:30 2019 +0200 BUG12015: Redirecting to Captive portal does not work after IPFire restart =20 When the Captive portal is enabled, the needed firewall rules are applied= . But when restarting IPFire, the rules are not applied because there is no call to do so. Added call to captivectrl in the initscrip 'firewall'. =20 Fixes: #12015 =20 Signed-off-by: Michael Tremer commit 744f16e45a9d7923f99ee8ce6e2cbebda131824c Author: Arne Fitzenreiter Date: Fri Jun 21 11:58:58 2019 +0200 core134: ship core133 late fixes again =20 Signed-off-by: Arne Fitzenreiter commit 70dd356329f2f5617a0f4572d15c2d6ae94e1c6f Merge: 3a8fef331 0dd16f404 Author: Arne Fitzenreiter Date: Thu Jun 20 09:35:59 2019 +0200 Merge remote-tracking branch 'origin/master' into next commit 3a8fef331dd2950705c1d32ec314fa72a84463d9 Author: Arne Fitzenreiter Date: Thu Jun 20 09:33:17 2019 +0200 kernel: remove RPi DMA allignment revert =20 TODO: test if RPi works without now or if we need to revert more of the allignment patches. =20 Signed-off-by: Arne Fitzenreiter commit 70590cef482e17063838e62ad1aad349ef1133b5 Author: Arne Fitzenreiter Date: Wed Jun 19 21:01:29 2019 +0200 Kernel: update to 4.14.128 =20 Signed-off-by: Arne Fitzenreiter commit 4b64da2914c53c4fad16341c17fc23b88f356f4e Author: Michael Tremer Date: Tue Jun 18 22:35:23 2019 +0100 core134: Ship updated vim =20 Signed-off-by: Michael Tremer commit beac38454154ceb878c9f73dd9834f3324f086be Author: Matthias Fischer Date: Wed Jun 19 13:24:06 2019 +0200 Remove old vim 7.4 data =20 Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit 98f55e136fe482f8c191ba5c541887ce2d0007ec Author: Matthias Fischer Date: Wed Jun 19 13:24:05 2019 +0200 vim: Update to 8.1 =20 Please note: If this gets merged, the update process must deal with the otherwise rema= ining files in '/usr/share/vim74' (~16 MB). =20 Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit d3e88203308ea22105d12d6ebfb08f81e0efbdc8 Author: St=C3=A9phane Pautrel Date: Tue Jun 18 20:01:23 2019 +0100 Update French translation =20 Signed-off-by: Michael Tremer commit a04eedfe7da2719452d6f683c05ca644cda71195 Author: Arne Fitzenreiter Date: Tue Jun 18 18:49:46 2019 +0200 core134: add kernel to updater =20 Signed-off-by: Arne Fitzenreiter commit 15ca18a3d9efbe8879e8b22f1f72eaeb596ca2f9 Merge: 82c279a51 7516e8b7f Author: Arne Fitzenreiter Date: Tue Jun 18 18:42:02 2019 +0200 Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next commit 82c279a518613a2a9ba200e14629c0171d0c4233 Author: Arne Fitzenreiter Date: Tue Jun 18 18:41:19 2019 +0200 kernel: update to 4.14.127 =20 Signed-off-by: Arne Fitzenreiter commit 1a129822af7e4e574ee5ca8e6c973b560d563324 Author: Arne Fitzenreiter Date: Tue Jun 18 14:36:02 2019 +0200 linux-pae: fix grub.conf creation on pv machines =20 on some systems it seems that grub2 and it config also exist. commit 7516e8b7f1edff1ff59c1e8ac3f342c66bada85d Author: Michael Tremer Date: Tue Jun 18 09:13:21 2019 +0100 core134: Ship changed general-functions.pl =20 Signed-off-by: Michael Tremer commit cc724c142aa71d9e33d923599f31ec19bd2072e2 Author: Alexander Marx Date: Tue Jun 18 09:55:35 2019 +0200 BUG12070: Its not possible to use the underscore in email addresses =20 Using IPFire's Mailservice does not allow to enter a senders mail address= with the underscore. The function used to verify that is used from general-functions.pl. Now the function 'validemail' allows the underscore in the address. =20 Fixes: #12070 =20 Signed-off-by: Michael Tremer commit 82899ad1ce895d3b2348b6c7eb6179096e3724aa Author: Michael Tremer Date: Mon Jun 17 17:40:37 2019 +0100 core134: Ship updated unbound =20 Signed-off-by: Michael Tremer commit 2f278de868f0a62f03bf6f32d76309a0c1d8f9fe Author: Matthias Fischer Date: Mon Jun 17 21:11:00 2019 +0200 unbound: Update to 1.9.2 =20 For details see: https://nlnetlabs.nl/pipermail/unbound-users/2019-June/011632.html =20 Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit 1307df22574f5c4a04b79510b181e17fa33bad5d Merge: f5662122b faec909e1 Author: Arne Fitzenreiter Date: Sat Jun 15 18:09:06 2019 +0200 Merge branch 'master' into next commit f5662122b5d5e1dba35d8de599597ac9f1870623 Author: Arne Fitzenreiter Date: Fri Jun 14 22:09:47 2019 +0200 hyperscan: increase min RAM per buildprocess to 1GB =20 Signed-off-by: Arne Fitzenreiter commit 527078e439fc7376c3a7da3ae8551c853e99e2b7 Author: Michael Tremer Date: Wed Jun 12 17:25:13 2019 +0100 core134: Ship updated OpenSSL =20 Signed-off-by: Michael Tremer commit 69772b7dda05726077fa5c70e86f41169a91534f Author: Peter M=C3=BCller Date: Mon Jun 10 18:55:00 2019 +0000 OpenSSL: lower priority for CBC ciphers in default cipherlist =20 In order to avoid CBC ciphers as often as possible (they contain some known vulnerabilities), this changes the OpenSSL default ciphersuite to: =20 TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=3Dany Au=3Dany Enc=3DCHACHA= 20/POLY1305(256) Mac=3DAEAD TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=3Dany Au=3Dany Enc=3DAESGCM(256)= Mac=3DAEAD TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=3Dany Au=3Dany Enc=3DAESGCM(128)= Mac=3DAEAD ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=3DECDH Au=3DECDSA Enc=3DCHAC= HA20/POLY1305(256) Mac=3DAEAD ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=3DECDH Au=3DECDSA Enc=3DAESG= CM(256) Mac=3DAEAD ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=3DECDH Au=3DECDSA Enc=3DAESG= CM(128) Mac=3DAEAD ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=3DECDH Au=3DRSA Enc=3DCHACHA2= 0/POLY1305(256) Mac=3DAEAD ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=3DECDH Au=3DRSA Enc=3DAESGCM(= 256) Mac=3DAEAD ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=3DECDH Au=3DRSA Enc=3DAESGCM(= 128) Mac=3DAEAD ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=3DECDH Au=3DECDSA Enc=3DAES(256)= Mac=3DSHA384 ECDHE-ECDSA-CAMELLIA256-SHA384 TLSv1.2 Kx=3DECDH Au=3DECDSA Enc=3DCam= ellia(256) Mac=3DSHA384 ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=3DECDH Au=3DRSA Enc=3DAES(256) M= ac=3DSHA384 ECDHE-RSA-CAMELLIA256-SHA384 TLSv1.2 Kx=3DECDH Au=3DRSA Enc=3DCamell= ia(256) Mac=3DSHA384 ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=3DECDH Au=3DECDSA Enc=3DAES(128)= Mac=3DSHA256 ECDHE-ECDSA-CAMELLIA128-SHA256 TLSv1.2 Kx=3DECDH Au=3DECDSA Enc=3DCam= ellia(128) Mac=3DSHA256 ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=3DECDH Au=3DRSA Enc=3DAES(128) M= ac=3DSHA256 ECDHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=3DECDH Au=3DRSA Enc=3DCamell= ia(128) Mac=3DSHA256 DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=3DDH Au=3DRSA Enc=3DCHACHA20/= POLY1305(256) Mac=3DAEAD DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=3DDH Au=3DRSA Enc=3DAESGCM(25= 6) Mac=3DAEAD DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=3DDH Au=3DRSA Enc=3DAESGCM(12= 8) Mac=3DAEAD DHE-RSA-AES256-SHA256 TLSv1.2 Kx=3DDH Au=3DRSA Enc=3DAES(256) M= ac=3DSHA256 DHE-RSA-CAMELLIA256-SHA256 TLSv1.2 Kx=3DDH Au=3DRSA Enc=3DCamellia= (256) Mac=3DSHA256 DHE-RSA-AES128-SHA256 TLSv1.2 Kx=3DDH Au=3DRSA Enc=3DAES(128) M= ac=3DSHA256 DHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=3DDH Au=3DRSA Enc=3DCamellia= (128) Mac=3DSHA256 ECDHE-ECDSA-AES256-SHA TLSv1 Kx=3DECDH Au=3DECDSA Enc=3DAES(256) Ma= c=3DSHA1 ECDHE-ECDSA-AES128-SHA TLSv1 Kx=3DECDH Au=3DECDSA Enc=3DAES(128) Ma= c=3DSHA1 ECDHE-RSA-AES256-SHA TLSv1 Kx=3DECDH Au=3DRSA Enc=3DAES(256) Mac= =3DSHA1 ECDHE-RSA-AES128-SHA TLSv1 Kx=3DECDH Au=3DRSA Enc=3DAES(128) Mac= =3DSHA1 DHE-RSA-AES256-SHA SSLv3 Kx=3DDH Au=3DRSA Enc=3DAES(256) Mac= =3DSHA1 DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=3DDH Au=3DRSA Enc=3DCamellia(256)= Mac=3DSHA1 DHE-RSA-AES128-SHA SSLv3 Kx=3DDH Au=3DRSA Enc=3DAES(128) Mac= =3DSHA1 DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=3DDH Au=3DRSA Enc=3DCamellia(128)= Mac=3DSHA1 AES256-GCM-SHA384 TLSv1.2 Kx=3DRSA Au=3DRSA Enc=3DAESGCM(256)= Mac=3DAEAD AES128-GCM-SHA256 TLSv1.2 Kx=3DRSA Au=3DRSA Enc=3DAESGCM(128)= Mac=3DAEAD AES256-SHA256 TLSv1.2 Kx=3DRSA Au=3DRSA Enc=3DAES(256) M= ac=3DSHA256 CAMELLIA256-SHA256 TLSv1.2 Kx=3DRSA Au=3DRSA Enc=3DCamellia(25= 6) Mac=3DSHA256 AES128-SHA256 TLSv1.2 Kx=3DRSA Au=3DRSA Enc=3DAES(128) M= ac=3DSHA256 CAMELLIA128-SHA256 TLSv1.2 Kx=3DRSA Au=3DRSA Enc=3DCamellia(12= 8) Mac=3DSHA256 AES256-SHA SSLv3 Kx=3DRSA Au=3DRSA Enc=3DAES(256) Mac= =3DSHA1 CAMELLIA256-SHA SSLv3 Kx=3DRSA Au=3DRSA Enc=3DCamellia(256)= Mac=3DSHA1 AES128-SHA SSLv3 Kx=3DRSA Au=3DRSA Enc=3DAES(128) Mac= =3DSHA1 CAMELLIA128-SHA SSLv3 Kx=3DRSA Au=3DRSA Enc=3DCamellia(128)= Mac=3DSHA1 =20 Since TLS servers usually override the clients' preference with their own, this will neither break existing setups nor introduce huge differences in the wild. Unfortunately, CBC ciphers cannot be disabled at all, as they are still used by popular web sites. =20 TLS 1.3 ciphers will be added implicitly and can be omitted in the ciphersting. Chacha20/Poly1305 is preferred over AES-GCM due to missing AES-NI support for the majority of installations reporting to Fireinfo (see https://fireinfo.ipfire.org/processors for details, AES-NI support is 28.22% at the time of writing). =20 Signed-off-by: Peter M=C3=BCller Signed-off-by: Michael Tremer commit ce46df9b83d15033156845e19e9a386e52a0a1cd Author: Michael Tremer Date: Wed Jun 12 17:18:23 2019 +0100 Start Core Update 134 =20 Signed-off-by: Michael Tremer commit e263c29c929e69e345833f436d4958d88264020c Author: Michael Tremer Date: Wed Jun 12 17:14:28 2019 +0100 unbound: Make some zones type-transparent =20 If we remove other records (like MX) from the response, we won't be able to send mail to those hosts any more. =20 Signed-off-by: Michael Tremer commit 91056adea5d6e203f41e7743443eb61ed2b885cf Author: Michael Tremer Date: Wed Jun 12 17:11:32 2019 +0100 unbound: Add yandex.com to safe search feature =20 Signed-off-by: Michael Tremer commit 043e7aa50ff36e65eb0d6a341b09301ce25795f0 Author: Michael Tremer Date: Thu Jun 13 11:12:07 2019 +0100 unbound: safe search: Resolve hosts at startup =20 unbound is not able to expand CNAMEs in local-data. Therefore we have to do it manually at startup. =20 Signed-off-by: Michael Tremer ----------------------------------------------------------------------- hooks/post-receive -- IPFire 2.x development tree --===============5961143236328933445==--