From: Arne Fitzenreiter <git@ipfire.org>
To: ipfire-scm@lists.ipfire.org
Subject: [git.ipfire.org] IPFire 2.x development tree branch, core139, created. a15dbe44971a47d8749497d75cbfd829ba09e9a3
Date: Mon, 09 Dec 2019 18:40:22 +0000 [thread overview]
Message-ID: <47WsSk5y4lz2yBv@people01.haj.ipfire.org> (raw)
[-- Attachment #1: Type: text/plain, Size: 46910 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, core139 has been created
at a15dbe44971a47d8749497d75cbfd829ba09e9a3 (commit)
- Log -----------------------------------------------------------------
commit a15dbe44971a47d8749497d75cbfd829ba09e9a3
Merge: 699381b69 f23b944ec
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Mon Dec 9 18:03:14 2019 +0000
Merge branch 'next'
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit f23b944ecbdbcea349129f90850f961264fc1873
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Mon Dec 9 18:48:07 2019 +0100
core139: finish
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit dd12d8c54c4ae52a8e334440c579bbf053429ce4
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Sun Dec 8 22:55:26 2019 +0100
leds: use new APUx ACPI Bios leds if exist.
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 6a9d9ff4af5069314e5c49e799505dfef6380c4e
Author: Erik Kapfer <ummeegge(a)ipfire.org>
Date: Fri Dec 6 07:08:33 2019 +0100
ovpn: Fix LZO checkbox restore
Triggered by --> https://community.ipfire.org/t/openvpn-is-lzo-compression-now-effectively-disabled/503 .
Signed-off-by: Erik Kapfer <ummeegge(a)ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 898dc600e63766d8ebc6b19a2e0e52327992c2b2
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Fri Dec 6 03:18:09 2019 +0100
pcengines-firmware: fix rootfile
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit f7c8d150893a6091727250922f20db3564450acc
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Wed Dec 4 16:32:00 2019 +0000
Core Update 139: ship updated OpenSSH
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 81502fe6f3edb6b7b2554b2ea3010435665eb7ce
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Wed Dec 4 16:30:00 2019 +0000
OpenSSH: update to 8.1p1
Please refer to https://www.openssh.com/txt/release-8.1 for release notes.
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 43fa700e11020261935ab9c1cb395eb3d9f4f4b3
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Thu Dec 5 18:53:16 2019 +0100
pcengines-firmware: update to 4.10.0.3
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 6fb7936c1650ea18b4690ec2f60be8b7640022a2
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Thu Dec 5 12:48:13 2019 +0100
intel-microcode: update to 20191115
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 0894092e2c5227c98ae19c373cb4021dbcbcf9c2
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Thu Dec 5 12:44:45 2019 +0100
linux-firmware: update to 20191022
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 7ff42686ecd746f8cc306832745e695ba1854d8c
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Mon Dec 2 17:11:30 2019 +0000
core139: add cpio to updater
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 01493f7a44322a93f868347c265610621f9eb908
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Sat Nov 30 17:03:47 2019 +0100
cpio: Update to 2.13
For details see:
https://www.gnu.org/software/cpio/
Fix CVE-2015-1197
Fix CVE-2016-2037
Fix CVE-2019-14866
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 9d6e22e3fcbbac6a082ba11d1720718a58101f69
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Sat Nov 30 16:57:46 2019 +0100
nano: Update to 4.6
For details see:
https://www.nano-editor.org/news.php
... and a long list of other changes in https://www.nano-editor.org/dist/latest/ChangeLog ...
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 18f1b46e1a28d141418631e79c43ee7cf9e949a9
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Thu Nov 28 21:43:00 2019 +0000
spectre-meltdown-checker: update to 0.42
See https://github.com/speed47/spectre-meltdown-checker/releases/tag/v0.42
for release announcements.
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 6d0a2f8b1e54d047e3b46c64bfb2638de09e92c6
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Thu Nov 28 21:14:00 2019 +0000
Postfix: update to 3.4.8
See http://www.postfix.org/announcements/postfix-3.4.8.html for release
announcements.
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit c701ddcba59c7f5e814416a0490d395f8ff5e0e2
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Thu Nov 28 17:19:00 2019 +0000
update ca-certificates CA bundle
Update the CA certificates list to what Mozilla NSS ships currently.
The original file can be retrieved from:
https://hg.mozilla.org/mozilla-central/raw-file/tip/security/nss/lib/ckfw/builtins/certdata.txt
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 4622af5f153837f7dc0f36eb772d7539586df415
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Mon Dec 2 17:05:15 2019 +0000
core139: add hwdata to updater
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit bf9fa6d864065694babfa8c192fc778b49e8d7fd
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Thu Nov 28 17:08:00 2019 +0000
hwdata: update PCI/USB databases
PCI IDs: 2019-11-26 03:15:03
USB IDs: 2019-11-05 20:34:06
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit bedfda83c9e5dc09c1e2168c6cf35bb810d4f0aa
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Sun Dec 1 18:33:19 2019 +0100
dhcpcd.exe: remove red.down run on "NOCARRIER"
after "NOCARRIER" the dhcp client always run "EXPIRE" event.
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 941520c69cf5bf50c3c737f47b27ccb28a73a746
Merge: d346d4746 455291f90
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Sun Dec 1 16:36:43 2019 +0100
Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next
commit d346d474677b9507fce16ee2d2774435658d6ba1
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Sun Dec 1 15:29:59 2019 +0100
up/down beep: move from ppp ip-up/down to general red.up/down
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 455291f90e0729ad8a8edc743d4375f782728ad3
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Sun Dec 1 14:03:46 2019 +0100
70-dhcpdd.exe: don't run red.down scripts at "PREINIT"
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 86409ab1006bd3582d55f59c399385b2c70434e2
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Sun Dec 1 00:45:02 2019 +0100
core139: add dhcp and network changes to updater
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit fff96e394545eef64d160bbc8c7c8b50f364aea8
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Sat Nov 30 22:26:00 2019 +0100
networking red: add delay to wait for carrier
some nic's need some time after link up to get a carrier
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit f938083fb5d097ea4c677ec08da91f61fa9f67d1
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Sat Nov 30 22:21:42 2019 +0100
dhcpcd: 10-mtu break if carrier was lost
some nic's like Intel e1000e needs a reinit to change the
mtu. In this case the dhcp hook reinit the nic and terminate now
to let the dhcpcd reinit the card in backgrounnd without running the
rest of the hooks.
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 4775d54ba6ebca19dc498fd40d881b6eabd3ecb3
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Mon Nov 25 11:09:58 2019 +0000
clamav: Allow downloads to take up to 10 minutes
freshclam did not have a receive timeout set and a default of
60s was used. That causes that the large main database cannot
be downloaded over a line with a 16 MBit/s downlink.
This patch increases that timeout and should allow a successful
download on slower connections, too.
Suggested-by: Tim Fitzgeorge <ipfb(a)tfitzgeorge.me.uk>
Fixes: #12246
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 78756496c9f2a3bcf0bc505da046957f5d22f5b9
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Fri Nov 22 19:26:59 2019 +0100
bind: Update to 9.11.13
For details see:
https://downloads.isc.org/isc/bind9/9.11.13/RELEASE-NOTES-bind-9.11.13.html
"Security Fixes
Set a limit on the number of concurrently served pipelined TCP queries.
This flaw is disclosed in CVE-2019-6477. [GL #1264]"
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 1f1c2f4364434a11ddaaef3f1778a6c284cf380f
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Thu Nov 21 17:57:48 2019 +0100
clamav: Update to 0.102.1
For details see:
https://blog.clamav.net/2019/11/clamav-01021-and-01015-patches-have.html
"Fix for the following vulnerability affecting 0.102.0 and 0.101.4 and prior:
CVE-2019-15961:
A Denial-of-Service (DoS) vulnerability may occur when scanning
a specially crafted email file as a result of excessively long scan
times. The issue is resolved by implementing several maximums in parsing
MIME messages and by optimizing use of memory allocation.
Build system fixes to build clamav-milter, to correctly link with
libxml2 when detected, and to correctly detect fanotify for on-access
scanning feature support.
Signature load time is significantly reduced by changing to a more
efficient algorithm for loading signature patterns and allocating the AC
trie. Patch courtesy of Alberto Wu.
Introduced a new configure option to statically link libjson-c with
libclamav. Static linking with libjson is highly recommended to prevent
crashes in applications that use libclamav alongside another JSON
parsing library.
Null-dereference fix in email parser when using the --gen-json metadata
option.
Fixes for Authenticode parsing and certificate signature (.crb database)
bugs."
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit df1aca40eb6b948854e41387f883c9dd82a7cb05
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Sat Nov 30 09:56:29 2019 +0000
core139: add unbound to updater
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 0786c686ea47543bc4ea3d8005ee9489dc98cb13
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Wed Nov 20 17:24:01 2019 +0100
unbound: Update to 1.9.5
For details see:
https://nlnetlabs.nl/pipermail/unbound-users/2019-November/011897.html
"This release is a fix for vulnerability CVE-2019-18934, that can cause
shell execution in ipsecmod.
Bug Fixes:
- Fix for the reported vulnerability.
The CVE number for this vulnerability is CVE-2019-18934"
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit b0e2dffde97822a772a5c0534263517fecf96a9d
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Sat Nov 30 09:54:14 2019 +0000
core139: add captive.cgi to updater
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 650aac182e0d0e7ef035c963780fbadc75aecc88
Author: Alexander Marx <alexander.marx(a)ipfire.org>
Date: Wed Nov 20 11:45:18 2019 +0100
BUG12245: captive portal - clients are not automatically removed
With this patch the clients are updated and those who are expired get deleted from the hash.
In addition the table of active clients is now sorted.
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 1a23cf7324ff8497761dc070bbb0186f1d585789
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Nov 19 15:28:22 2019 +0000
bird: Fix path of configuration file in backup
The backup did not pack the configuration file
due to an incorrect path.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 007b99e5402ba5e01845ab858a68aa2c908415f4
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Sat Nov 30 09:49:58 2019 +0000
core139: add pcregrep to updater
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit eb0adc17d6a5486d58539c78a682c14f55bc980f
Author: Erik Kapfer <ummeegge(a)ipfire.org>
Date: Tue Nov 19 08:09:42 2019 +0100
pcre: Add pcregrep to core system
Triggered by --> https://community.ipfire.org/t/pcregrep-on-ipfire/259 .
This patch adds pcregrep only from the actual package not from pcre-compat.
Signed-off-by: Erik Kapfer <ummeegge(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 7942ff9875ea42cd8b4619386fc2cd4be4da9b18
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Sat Nov 30 09:48:00 2019 +0000
core139: add updated calamaris mkreport
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit ee506d5027783757a775e3aad6982d1698719023
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Thu Nov 14 19:03:46 2019 +0100
calamaris: Bug fix for proxy reports staying empty after Core 136 upgrade
After upgrading to Core 136, 'calamaris' "Proxy reports" stayed empty.
GUI always show "No reports available".
Tested manually on console stops and throws an error:
...
root(a)ipfire: ~ # /usr/bin/perl /var/ipfire/proxy/calamaris/bin/mkreport
1 0 2019 8 10 2019 -d 10 -P 30 -t 10 -D 2 -u -r -1 -R 100 -s
Can't use 'defined(%hash)' (Maybe you should just omit the defined()?)
at /var/ipfire/proxy/calamaris/bin/calamaris line 2609.
...
Line 2609 was changed and reports are built again.
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit e557cecbddd021198c01eb1adaa38adb36b27925
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Thu Nov 28 18:41:18 2019 +0100
python: update to 2.7.17
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 4baee8fa4c2ede6f28a1d669d191ea64bb68ad51
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Fri Nov 15 16:29:42 2019 +0100
kernel: fix x86_64 rootfile
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 906d9265cde12f1a0e677db43c076f2263fe15df
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Fri Nov 15 16:28:02 2019 +0100
set core to 139 and pakfire to 138
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit aee6dd0ba45cf12f014050bbab234d9e4b0d03ab
Merge: 44b227b10 9e5434d4b
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Thu Nov 14 22:13:23 2019 +0100
Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next
commit 44b227b102964e520369d8628db342e68551966f
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Thu Nov 14 22:12:12 2019 +0100
kernel: update to 4.14.154
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit b007a35292928d150fcbe0053bd21e9fe6eebe0e
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Thu Nov 14 22:10:04 2019 +0100
vulnearabilities.cgi: add tsx async abort and itlb_multihit
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 9e5434d4bf822ba7c62cb8917ec8692b9aa68143
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Thu Nov 14 17:28:38 2019 +0000
rename core138 -> core139 to insert a emergency core update
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 60490558f655b7184879f5574520852d3f08a6ee
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Thu Nov 14 02:42:54 2019 +0000
core138: fix rootfile
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 6eac34e43185a6ee04f9ee86b4cfa40fdc176615
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Thu Nov 14 01:55:46 2019 +0000
intel-microcode: fix rootfile
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 1d91ea28f9dcd640c39fa68df9c400b22ae0879c
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Thu Nov 14 01:55:09 2019 +0000
bash: fix rootfile
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 02ad01eb9f8942d687246cec46e838f74b28face
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Wed Nov 13 20:08:41 2019 +0000
core138: fix intel-microcode rootfile link
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 1ec32691e9d3bff913b5701178ddceacae3f8e1f
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Wed Nov 13 19:18:00 2019 +0000
intel-microcode: update to 20191112
For release notes, refer to:
- https://blogs.intel.com/technology/2019/11/ipas-november-2019-intel-platform-update-ipu/
- https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20191112
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 510a670253de9d93fec967a72a3f0e32650eb164
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Wed Nov 13 19:56:11 2019 +0000
qemu: remove sdl from dependency list
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit d8bef72e7686539769debd5e914d69d6ec28fc68
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Wed Nov 13 19:55:17 2019 +0000
qemu: switch to xz compressed source
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit beae0121b740ad235a9ecea866a4bc4789279ad0
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Wed Nov 13 19:45:14 2019 +0000
core138: add bash, readline and readline-compat
commit 415fb8b5bd4509f274515408e8e36c308e05f497
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Tue Nov 12 17:15:00 2019 +0000
bash: update to 5.0 (patchlevel 11)
The third version of this patch also includes patches 1-11
for version 5.0, drops orphaned 4.3 patches, and fixes rootfile
mistakes reported by Arne.
Please refer to https://tiswww.case.edu/php/chet/bash/bashtop.html
for release notes.
Cc: Michael Tremer <michael.tremer(a)ipfire.org>
Cc: Arne Fitzenreiter <arne_f(a)ipfire.org>
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit c82aa03e2c14f8380ada3f38011990bf49cfe9c4
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Tue Nov 12 17:14:00 2019 +0000
readline: update to 8.0 (patchlevel 1)
The third version of this patch fixes missing rootfile changes, drops
orphaned readline 5.2 patches (as they became obsolete due to
readline-compat changes), includes readline 8.0 upstream patch, and
keeps the for-loop in LFS file (as commented by Michael).
Cc: Michael Tremer <michael.tremer(a)ipfire.org>
Cc: Arne Fitzenreiter <arne_f(a)ipfire.org>
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit f7b1fe542f6734b597821cba0e2f75d6bc6e5cb1
Author: peter.mueller(a)ipfire.org <peter.mueller(a)ipfire.org>
Date: Tue Nov 12 15:59:00 2019 +0000
readline-compat: update to 6.3
This is necessary as many add-ons still need readline-compat as they
cannot link against readline 8.0, yet.
Reported-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 83596e7059b772e657ea74e07ca279eb888325d8
Author: Stephan Feddersen <sfeddersen(a)ipfire.org>
Date: Tue Nov 12 21:34:00 2019 +0100
wio-1.3.2-7: fixed bug with arp client import
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 4ae9d47ba3b72f8007c43256e1533a088abffe53
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Tue Nov 12 09:09:01 2019 +0100
ddns: Import rename NoIP.com handle back to no-ip.com patch
This patch is required for compatiblity reasons for any existing
configurations.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 9cc131cc5ad1d8c733c033a7b451e73508835d2b
Author: Jonatan Schlag <jonatan.schlag(a)ipfire.org>
Date: Sun Nov 10 13:03:02 2019 +0000
Update qemu to version 4.1.0
Signed-off-by: Jonatan Schlag <jonatan.schlag(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit f64cbda3d1983204b5624b55498977020829894a
Author: Jonatan Schlag <jonatan.schlag(a)ipfire.org>
Date: Sun Nov 10 13:03:01 2019 +0000
qemu: disable sdl and documentation
A newer version of qemu does not build anymore with our version of sdl. I
tried around a little bit and as I have not got a clue why we are using
sdl (spice and remote access still works) I think we should disable it.
I disabled the generation of the documentation as well but this switch
does not seem to have any effect.
Signed-off-by: Jonatan Schlag <jonatan.schlag(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 5cc921b474c991c36120d29c8974dcb8734ebc65
Author: Jonatan Schlag <jonatan.schlag(a)ipfire.org>
Date: Sun Nov 10 13:03:00 2019 +0000
Libvirt: enable lvm
This was requested in the forum:
https://forum.ipfire.org/viewtopic.php?f=17&t=21872&p=120243&hilit=lvm#p120243
Signed-off-by: Jonatan Schlag <jonatan.schlag(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 62e116567adf025d1ecc4e290b0dcbb3fb886fb2
Author: Jonatan Schlag <jonatan.schlag(a)ipfire.org>
Date: Sun Nov 10 13:02:59 2019 +0000
Libvirt: update to version 5.6.0
Signed-off-by: Jonatan Schlag <jonatan.schlag(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 3e5d4e6f83a75412ef9b9205829cf5102d504d25
Author: Jonatan Schlag <jonatan.schlag(a)ipfire.org>
Date: Sun Nov 10 13:02:58 2019 +0000
libvirt: use a custom config file
The patch which adjusts the options for IPFire in the libvirtd.conf does
not apply in a newer version of libvirt. Creating this patch is harder
than to use a separate config file.
This separate config file also enables us to adjust options much faster.
Signed-off-by: Jonatan Schlag <jonatan.schlag(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 8d82903c0d2fbf8180a5d07681af9872e86a0611
Author: Jonatan Schlag <jonatan.schlag(a)ipfire.org>
Date: Sun Nov 10 13:02:57 2019 +0000
Libvirt: disable Wireshark
When I try to build libvirt a second-time without ./make.sh clean
between the two builds, libvirt tries to link against Wireshark and
fails.
This configure option solves the problem.
Signed-off-by: Jonatan Schlag <jonatan.schlag(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit df67c7a80e8a3465384ed818fa50ac75d0db31a0
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Wed Nov 13 19:37:47 2019 +0000
core138: add squid
commit 7487e2340ec92cb401413f880c7d37c329d8e7ed
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Fri Nov 8 17:47:06 2019 +0100
squid: Update to 4.9
For details see:
http://www.squid-cache.org/Versions/v4/changesets/
Fixes CVE-2019-12526, CVE-2019-12523, CVE-2019-18676, CVE-2019-18677, CVE-2019-18678 and
CVE-2019-18679
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 527c3f39b8af9399619eaca5b5e4feace9f0f2f3
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Tue Nov 5 19:23:41 2019 +0100
ddns: Import upstream patch for NoIP.com
Reference: #11561.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 590e4a38bfb35640cc8ca2bd3cd624ff6e947e8c
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Wed Nov 13 19:33:53 2019 +0000
core138: add ddns
commit ca6dc5ad5e74c19e6414491f4b902803453b5639
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Wed Nov 13 19:33:31 2019 +0000
core138: add logwatch
commit 3e9f88bc65213150f0fc975f360d835c1423f622
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Tue Nov 5 10:37:44 2019 +0100
ddns: Update to 012
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 42541ddb7eb2196951fc5353012324ca0575790c
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Wed Nov 13 19:20:17 2019 +0000
core138: add suricata changes
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 961a27b5e2285da9953abf00b265fbb37e744c4a
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Tue Nov 5 10:32:02 2019 +0100
suricata: Use DNS_SERVERS declaration from external file.
These settings now will be read from
/var/ipfire/suricata/suricata-dns-servers.yaml, which will be
generated by the generate_dns_servers_file() function, located in
ids-functions.pl and called by various scripts.
Fixes #12166.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit c8b068a2b5a3965e10adf01b0e231cfbd3a0384c
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Tue Nov 5 10:32:01 2019 +0100
red.up: Generate Suricata DNS servers file on reconnect.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit bb2696da35b7e92515dddd6ec18644974bb78dc9
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Tue Nov 5 10:32:00 2019 +0100
convert-snort: Generate DNS servers file.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit a40ee6b9bf36410664536e1b591ae0982678fba7
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Tue Nov 5 10:31:59 2019 +0100
ids.cgi: Generate and store the DNS server configuration.
This will be done by the recently added generate_dns_servers_file()
function from ids-functions.pl.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 30ee98e949097ee91e92987c2303c15c71cb0ae3
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Tue Nov 5 10:31:58 2019 +0100
ids-functions.pl: Introduce generate_dns_servers_file()
This function is used to generate a yaml file which take care of the
current used DNS configuration and should be included in the main
suricata config file.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit e93959a7aab3e47248930e53fcde94c098a6e012
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Tue Nov 5 09:07:46 2019 +0100
logwatch: Update to 7.5.2
For details see:
https://build.opensuse.org/package/view_file/server:monitoring/logwatch/ChangeLog?expand=1
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit be8afd151f95cf6b2a77e73524c42628600cd543
Author: peter.mueller(a)ipfire.org <peter.mueller(a)ipfire.org>
Date: Mon Nov 4 18:53:00 2019 +0000
Apache: deny framing of WebUI from different origins
There is no legitimate reason to do this. Setting header X-Frame-Options
to "sameorigin" is necessary for displaying some collectd graphs on the
WebUI.
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
Acked-by: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 90582bb01e41bd700421f59587724f395a57d951
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Wed Nov 13 19:10:03 2019 +0000
core138: add ipfire-interface.conf
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 583687a88d263b68b4fdb27e78a7b65120d21088
Author: peter.mueller(a)ipfire.org <peter.mueller(a)ipfire.org>
Date: Mon Nov 4 18:52:00 2019 +0000
Apache: prevent Referrer leaks via WebUI
By default, even modern browsers sent the URL of ther originating
site to another one when accessing hyperlinks. This is an information
leak and may expose internal details (such as FQDN or IP address)
of an IPFire installation to a third party.
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
Acked-by: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 1141bc69c9b218717699c1ee02ed06e566aea96b
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Wed Nov 13 19:08:02 2019 +0000
core138: add ipfire-interface-ssl.conf
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 4636ed66c6c12c7c17ea05ffaa2242b4b0355990
Author: peter.mueller(a)ipfire.org <peter.mueller(a)ipfire.org>
Date: Mon Nov 4 18:35:00 2019 +0000
Apache: drop CBC ciphers for WebUI
CBC ciphers contain some known vulnerabilities and should not be used
anymore. While dropping them for OpenSSL clients or public web servers
still causes interoperability problems with legacy setups, they can
be safely removed from IPFire's administrative UI.
This patch changes the used cipersuite to:
TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD
TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD
Since TLS 1.3 ciphers will be added automatically by OpenSSL, mentioning
them in "SSLCipherSuite" is unnecessary. ECDSA is preferred over RSA for
performance reasons.
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
Acked-by: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 856cdf15df30e3cab170581b2cd3e4c19fbb9170
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Wed Nov 13 19:04:48 2019 +0000
core138: add openssl
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit e153efaf11a673a02ff81b10e09305463d22ffaf
Author: peter.mueller(a)ipfire.org <peter.mueller(a)ipfire.org>
Date: Mon Nov 4 18:24:00 2019 +0000
OpenSSL: drop preferring of Chacha20/Poly1305 over AES-GCM
As hardware acceleration for AES is emerging (Fireinfo indicates
30.98% of reporting installations support this, compared to
28.22% in summer), there is no more reason to manually prefer
Chacha20/Poly1305 over it.
Further, overall performance is expected to increase as server
CPUs usually come with AES-NI today, where Chacha/Poly would
be an unnecessary bottleneck. Small systems without AES-NI,
however, compute Chacha/Poly measurable, but not significantly faster,
so there only was a small advantage of this.
This patch changes the OpenSSL default ciphersuite to:
TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD
TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384
ECDHE-ECDSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=Camellia(256) Mac=SHA384
ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384
ECDHE-RSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=Camellia(256) Mac=SHA384
ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256
ECDHE-ECDSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=Camellia(128) Mac=SHA256
ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256
ECDHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=Camellia(128) Mac=SHA256
DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD
DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256
DHE-RSA-CAMELLIA256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA256
DHE-RSA-AES128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(128) Mac=SHA256
DHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA256
ECDHE-ECDSA-AES256-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1
ECDHE-ECDSA-AES128-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA1
ECDHE-RSA-AES256-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1
ECDHE-RSA-AES128-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1
DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1
DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA1
DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1
DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA1
AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD
AES128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(128) Mac=AEAD
AES256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA256
CAMELLIA256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA256
AES128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA256
CAMELLIA128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=Camellia(128) Mac=SHA256
AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
CAMELLIA256-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA1
AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1
CAMELLIA128-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(128) Mac=SHA1
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
Acked-by: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 1826c42b9e7bf55b9afd9ac39799554892e751f9
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Wed Nov 13 18:55:53 2019 +0000
core138: add ovpnmain.cgi
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit fa5274763c55515dc1a0e519da3582b0fec440b8
Author: Erik Kapfer <ummeegge(a)ipfire.org>
Date: Mon Nov 4 15:52:26 2019 +0100
OpenVPN: Fix max-clients option
Fix: Triggered by https://forum.ipfire.org/viewtopic.php?f=16&t=23551
Since the 'DHCP_WINS' cgiparam has been set for the max-client directive, changes in the WUI has not been adapted to server.conf.
Signed-off-by: Erik Kapfer <ummeegge(a)ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit c86bf0bf2484213e6ada44be65d70b4fca1f8ef9
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Wed Nov 13 18:54:28 2019 +0000
core138: add unbound initscript
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit cdf373c8fc1c9262afc0954816c2244006c8a4e2
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Mon Nov 4 12:02:46 2019 +0000
unbound: Fix whitespace error in initscript
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit d93b76a00eab09ef1e7c9327ec1f1b703e6fb801
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Wed Nov 13 18:52:15 2019 +0000
core138: add openvpn
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit a0926f75e0691527688a5bb0b964acae4f204bff
Author: Erik Kapfer <ummeegge(a)ipfire.org>
Date: Fri Nov 1 14:33:06 2019 +0100
OpenVPN: Update to version 2.4.8
This is primarily a maintenance release with bugfixes and improvements. All changes can be overviewed in here -->
https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24 .
Signed-off-by: Erik Kapfer <ummeegge(a)ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 64e0b8a5afabc66a9da6586a1c23cf2ce1d7b6d4
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Wed Nov 13 18:50:07 2019 +0000
core138: add init.d/functions
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 31a36bb951818457c2505a32cfc110f7e7cc9bf0
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Oct 31 18:09:05 2019 +0000
initscripts: Tell users to report bugs on Bugzilla
I have been receiving a couple of emails recently directed
at info(a)ipfire.org with bug reports when a system did not
boot up or shut down properly.
This is obviously not the right way to report bugs, but
we are telling our users to do so.
This patch changes this to report bugs to Bugzilla like
it should be.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit cb41e4a9a9bf9e860f65110422820a0267492bf5
Author: Erik Kapfer <ummeegge(a)ipfire.org>
Date: Thu Oct 31 08:58:30 2019 +0100
libarchiv: Update to version 3.4.0
Version 3.4.0 is a feature and security release. The changelog can be found in here --> https://github.com/libarchive/libarchive/releases .
Signed-off-by: Erik Kapfer <ummeegge(a)ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit eeb1a2a219ae844b1a130e28fa3b394ad7a4f260
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Wed Nov 13 18:44:36 2019 +0000
core138: add lz4
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit bc456dd750a09b8d86089d00f27308a17145f10d
Author: Erik Kapfer <ummeegge(a)ipfire.org>
Date: Thu Oct 31 08:49:55 2019 +0100
lz4: Update to version 1.9.2
Several fixes and improvements has been integrated. The changes list through the different versions since
the current version 1.8.1.2 can be found in here --> https://github.com/lz4/lz4/releases
Signed-off-by: Erik Kapfer <ummeegge(a)ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 39bf8c634163c92939693b090af6bfcdb2226b46
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Wed Nov 13 18:42:17 2019 +0000
core138: add mail.cgi
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 095bf494074994c5a2cd867f3b00603de95ed207
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed Oct 30 10:59:00 2019 +0000
mail.cgi: Do not print content of input fields
This was printed unescaped and could therefore be used
for a stored XSS attack.
Fixes: #12226
Reported-by: Pisher Honda <pisher24(a)gmail.com>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 0a340fbe1e76323afc7473b296dec871f3d820b0
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed Oct 30 10:58:59 2019 +0000
mail.cgi: Always check content of fields
These checks did not do anything but clear all fields
when mailing was disabled.
It makes a lot more sense to retain people's settings,
even when they have been disabled.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 8f9c4081b41783505f24a3c43404d5ad82e067c1
Author: peter.mueller(a)ipfire.org <peter.mueller(a)ipfire.org>
Date: Tue Oct 29 18:17:00 2019 +0000
Core Update 138: ship ca-certificates
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit d5ccd924e04ff4e4a71293aa488870bc7767ef6e
Author: peter.mueller(a)ipfire.org <peter.mueller(a)ipfire.org>
Date: Tue Oct 29 18:16:00 2019 +0000
update ca-certificates CA bundle
Update the CA certificates list to what Mozilla NSS ships currently.
The original file can be retrieved from:
https://hg.mozilla.org/mozilla-central/raw-file/tip/security/nss/lib/ckfw/builtins/certdata.txt
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
Acked-by: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit c772b7550c4dd06f7945e32cc6af47e8f6a0f229
Author: peter.mueller(a)ipfire.org <peter.mueller(a)ipfire.org>
Date: Tue Oct 29 18:37:00 2019 +0000
Tor: fix permissions of /var/ipfire/tor/torrc after installation
Fixes #12220
Reported-by: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 94c09bd9c425dc11bada0548a5d066df6a73cd91
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Tue Oct 29 13:25:55 2019 +0000
core138: add firewall-lib.pl to update
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit dba780a78460ff19ba0f332ed4cab7b1db321af2
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Tue Apr 16 21:08:05 2019 +0200
firewall-lib.pl: Populate GeoIP rules only if location is available.
In case a GeoIP related firewall rule should be created, the script
now will check if the given location is still available.
Fixes #12054.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 75612f0644da16bc26cd2f7f0483ba73ae741404
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Tue Oct 29 13:22:31 2019 +0000
start core138
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
-----------------------------------------------------------------------
hooks/post-receive
--
IPFire 2.x development tree
reply other threads:[~2019-12-09 18:40 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=47WsSk5y4lz2yBv@people01.haj.ipfire.org \
--to=git@ipfire.org \
--cc=ipfire-scm@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox