From: Michael Tremer <git@ipfire.org>
To: ipfire-scm@lists.ipfire.org
Subject: [git.ipfire.org] IPFire 2.x development tree branch, master, updated. 2071b2964fed10cbcf62bd2d7da3b7e718f8a88f
Date: Wed, 14 Feb 2024 19:02:18 +0000 [thread overview]
Message-ID: <4TZncp1cTmz2yKF@people01.haj.ipfire.org> (raw)
[-- Attachment #1: Type: text/plain, Size: 25103 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, master has been updated
via 2071b2964fed10cbcf62bd2d7da3b7e718f8a88f (commit)
via f3d7ce3b5d83222c78bc2b246f6afd5766af4dc9 (commit)
via 4fb7b188434b69a7dc6c5e40e827f6a8f389a86f (commit)
via e705636a854de570987817d2f847bec980db928f (commit)
via 0698daa3fb935ede4c027e8b507e7b3106391a86 (commit)
via de9e44e82daa1e650a38e3cb5235a59caaedb66b (commit)
from 4a9fe2eaaa45e25428ce72f0076c0a38fe9b291a (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 2071b2964fed10cbcf62bd2d7da3b7e718f8a88f
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Wed Feb 14 11:34:36 2024 +0100
graphs.pl: Fixes graph failure when the DROP_HOSTILE directory is missing
- If a fresh install is done then only the DROP_HOSTILE_IN & DROP_HOSTILE_OUT
rrd directories are created.
- With the DROP_HOSTILE directory missing then when the fwhits graph is updated an error
message is caused by the inability to open the required files.
- This patch adds an if/else loop into the fwhits graph code to deal with the two cases
of the DROP_HOSTILE being present or not depending on the history and if a backup with
logs has been restored from when DROP_HOSTILE was in use.
- Tested on vm testbed and created a historical line for the hostile data when it was not
split
- There might be a simpler or better approach than this but it was the only option I
could identify. I couldn't find anything about being able to use if loops within the
RRD::Graph loop
Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit f3d7ce3b5d83222c78bc2b246f6afd5766af4dc9
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed Feb 14 19:01:25 2024 +0000
core184: Ship unbound
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 4fb7b188434b69a7dc6c5e40e827f6a8f389a86f
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Wed Feb 14 17:24:52 2024 +0100
unbound: Update to 1.19.1
For details see:
https://nlnetlabs.nl/projects/unbound/download/#unbound-1-19-1
"Bug Fixes
Fix CVE-2023-50387, DNSSEC verification complexity can be exploited
to exhaust CPU resources and stall DNS resolvers.
Fix CVE-2023-50868, NSEC3 closest encloser proof can exhaust CPU."
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit e705636a854de570987817d2f847bec980db928f
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Wed Feb 14 17:34:10 2024 +0100
unbound 1.19.1: Fix for forgotten rootfile
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 0698daa3fb935ede4c027e8b507e7b3106391a86
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed Feb 14 19:00:03 2024 +0000
core184: Ship bind
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit de9e44e82daa1e650a38e3cb5235a59caaedb66b
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Wed Feb 14 17:43:12 2024 +0100
bind: Update to 9.16.48
For details see:
https://downloads.isc.org/isc/bind9/9.16.48/doc/arm/html/notes.html#notes-for-bind-9-16-48
Fixes several CVEs.
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
config/cfgroot/graphs.pl | 237 ++++++++++++++-------
config/rootfiles/common/bind | 14 +-
config/rootfiles/common/unbound | 2 +-
.../{oldcore/100 => core/184}/filelists/bind | 0
.../{oldcore/106 => core/184}/filelists/unbound | 0
config/rootfiles/core/184/update.sh | 1 +
lfs/bind | 6 +-
lfs/unbound | 6 +-
8 files changed, 173 insertions(+), 93 deletions(-)
copy config/rootfiles/{oldcore/100 => core/184}/filelists/bind (100%)
copy config/rootfiles/{oldcore/106 => core/184}/filelists/unbound (100%)
Difference in files:
diff --git a/config/cfgroot/graphs.pl b/config/cfgroot/graphs.pl
index a23e49c980..96c6c26ead 100644
--- a/config/cfgroot/graphs.pl
+++ b/config/cfgroot/graphs.pl
@@ -13,7 +13,7 @@
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
-# GNU General Public License for more details. #
+# GNU General Public License for more details. #update.sh
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
@@ -676,84 +676,163 @@ sub updatevpnn2ngraph {
sub updatefwhitsgraph {
my $period = $_[0];
- RRDs::graph(
- @GRAPH_ARGS,
- "-",
- "--start",
- "-1".$period,
- "-r",
- "-t ".$Lang::tr{'firewall hits per'}." ".$Lang::tr{$period."-graph"},
- "-v ".$Lang::tr{'bytes per second'},
- "--color=SHADEA".$color{"color19"},
- "--color=SHADEB".$color{"color19"},
- "--color=BACK".$color{"color21"},
- "DEF:output=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYOUT/ipt_bytes-DROP_OUTPUT.rrd:value:AVERAGE",
- "DEF:input=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYIN/ipt_bytes-DROP_INPUT.rrd:value:AVERAGE",
- "DEF:forward=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYFWD/ipt_bytes-DROP_FORWARD.rrd:value:AVERAGE",
- "DEF:newnotsyn=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-NEWNOTSYN/ipt_bytes-DROP_NEWNOTSYN.rrd:value:AVERAGE",
- "DEF:portscan=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-PSCAN/ipt_bytes-DROP_PScan.rrd:value:AVERAGE",
- "DEF:spoofedmartian=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-SPOOFED_MARTIAN/ipt_bytes-DROP_SPOOFED_MARTIAN.rrd:value:AVERAGE",
- "DEF:hostilein=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-HOSTILE_DROP_IN/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE",
- "DEF:hostileout=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-HOSTILE_DROP_OUT/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE",
- "DEF:hostilelegacy=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-HOSTILE_DROP/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE",
-
- # This creates a new combined hostile segment.
- # Previously we did not split into incoming/outgoing, but we cannot go back in time. This CDEF will take the values
- # from the old RRD database unless those are UNKNOWN (i.e. we started collected IN/OUT). If the values are unknown,
- # we replace them with them sum of IN + OUT.
- "CDEF:hostile=hostilelegacy,UN,hostilein,hostileout,+,hostilelegacy,IF",
-
- "COMMENT:".sprintf("%-26s",$Lang::tr{'caption'}),
- "COMMENT:".sprintf("%15s",$Lang::tr{'maximal'}),
- "COMMENT:".sprintf("%15s",$Lang::tr{'average'}),
- "COMMENT:".sprintf("%14s",$Lang::tr{'minimal'}),
- "COMMENT:".sprintf("%15s",$Lang::tr{'current'})."\\j",
- "AREA:output".$color{"color25"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}." (OUTPUT)"),
- "GPRINT:output:MAX:%8.1lf %sBps",
- "GPRINT:output:AVERAGE:%8.1lf %sBps",
- "GPRINT:output:MIN:%8.1lf %sBps",
- "GPRINT:output:LAST:%8.1lf %sBps\\j",
- "STACK:forward".$color{"color23"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}." (FORWARD)"),
- "GPRINT:forward:MAX:%8.1lf %sBps",
- "GPRINT:forward:AVERAGE:%8.1lf %sBps",
- "GPRINT:forward:MIN:%8.1lf %sBps",
- "GPRINT:forward:LAST:%8.1lf %sBps\\j",
- "STACK:input".$color{"color24"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}." (INPUT)"),
- "GPRINT:input:MAX:%8.1lf %sBps",
- "GPRINT:input:AVERAGE:%8.1lf %sBps",
- "GPRINT:input:MIN:%8.1lf %sBps",
- "GPRINT:input:LAST:%8.1lf %sBps\\j",
- "STACK:newnotsyn".$color{"color14"}."A0:".sprintf("%-25s","NewNotSYN"),
- "GPRINT:newnotsyn:MAX:%8.1lf %sBps",
- "GPRINT:newnotsyn:AVERAGE:%8.1lf %sBps",
- "GPRINT:newnotsyn:MIN:%8.1lf %sBps",
- "GPRINT:newnotsyn:LAST:%8.1lf %sBps\\j",
- "STACK:portscan".$color{"color16"}."A0:".sprintf("%-25s",$Lang::tr{'portscans'}),
- "GPRINT:portscan:MAX:%8.1lf %sBps",
- "GPRINT:portscan:AVERAGE:%8.1lf %sBps",
- "GPRINT:portscan:MIN:%8.1lf %sBps",
- "GPRINT:portscan:LAST:%8.1lf %sBps\\j",
- "STACK:spoofedmartian".$color{"color12"}."A0:".sprintf("%-25s",$Lang::tr{'spoofed or martians'}),
- "GPRINT:spoofedmartian:MAX:%8.1lf %sBps",
- "GPRINT:spoofedmartian:AVERAGE:%8.1lf %sBps",
- "GPRINT:spoofedmartian:MIN:%8.1lf %sBps",
- "GPRINT:spoofedmartian:LAST:%8.1lf %sBps\\j",
- "STACK:hostilein".$color{"color13"}."A0:".sprintf("%-25s",$Lang::tr{'hostile networks in'}),
- "GPRINT:hostilein:MAX:%8.1lf %sBps",
- "GPRINT:hostilein:AVERAGE:%8.1lf %sBps",
- "GPRINT:hostilein:MIN:%8.1lf %sBps",
- "GPRINT:hostilein:LAST:%8.1lf %sBps\\j",
- "STACK:hostileout".$color{"color25"}."A0:".sprintf("%-25s",$Lang::tr{'hostile networks out'}),
- "GPRINT:hostileout:MAX:%8.1lf %sBps",
- "GPRINT:hostileout:AVERAGE:%8.1lf %sBps",
- "GPRINT:hostileout:MIN:%8.1lf %sBps",
- "GPRINT:hostileout:LAST:%8.1lf %sBps\\j",
- "LINE:hostile#000000A0:".sprintf("%-25s",$Lang::tr{'hostile networks total'}),
- "GPRINT:hostile:MAX:%8.1lf %sBps",
- "GPRINT:hostile:AVERAGE:%8.1lf %sBps",
- "GPRINT:hostile:MIN:%8.1lf %sBps",
- "GPRINT:hostile:LAST:%8.1lf %sBps\\j",
- );
+ if ( -e "$mainsettings{'RRDLOG'}/collectd/localhost/iptables-filter-HOSTILE_DROP/ipt_bytes-DROP_HOSTILE.rrd" ) {
+ RRDs::graph(
+ @GRAPH_ARGS,
+ "-",
+ "--start",
+ "-1".$period,
+ "-r",
+ "-t ".$Lang::tr{'firewall hits per'}." ".$Lang::tr{$period."-graph"},
+ "-v ".$Lang::tr{'bytes per second'},
+ "--color=SHADEA".$color{"color19"},
+ "--color=SHADEB".$color{"color19"},
+ "--color=BACK".$color{"color21"},
+ "DEF:output=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYOUT/ipt_bytes-DROP_OUTPUT.rrd:value:AVERAGE",
+ "DEF:input=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYIN/ipt_bytes-DROP_INPUT.rrd:value:AVERAGE",
+ "DEF:forward=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYFWD/ipt_bytes-DROP_FORWARD.rrd:value:AVERAGE",
+ "DEF:newnotsyn=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-NEWNOTSYN/ipt_bytes-DROP_NEWNOTSYN.rrd:value:AVERAGE",
+ "DEF:portscan=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-PSCAN/ipt_bytes-DROP_PScan.rrd:value:AVERAGE",
+ "DEF:spoofedmartian=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-SPOOFED_MARTIAN/ipt_bytes-DROP_SPOOFED_MARTIAN.rrd:value:AVERAGE",
+ "DEF:hostilein=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-HOSTILE_DROP_IN/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE",
+ "DEF:hostileout=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-HOSTILE_DROP_OUT/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE",
+ "DEF:hostilelegacy=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-HOSTILE_DROP/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE",
+
+ # This creates a new combined hostile segment.
+ # Previously we did not split into incoming/outgoing, but we cannot go back in time. This CDEF will take the values
+ # from the old RRD database if it exists and if those values are UNKNOWN (time period after Hostile was split into In and Out),
+ # we replace them with the sum of IN + OUT.
+ "CDEF:hostile=hostilelegacy,UN,hostilein,hostileout,+,hostilelegacy,IF",
+
+ "COMMENT:".sprintf("%-26s",$Lang::tr{'caption'}),
+ "COMMENT:".sprintf("%15s",$Lang::tr{'maximal'}),
+ "COMMENT:".sprintf("%15s",$Lang::tr{'average'}),
+ "COMMENT:".sprintf("%14s",$Lang::tr{'minimal'}),
+ "COMMENT:".sprintf("%15s",$Lang::tr{'current'})."\\j",
+ "AREA:output".$color{"color25"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}." (OUTPUT)"),
+ "GPRINT:output:MAX:%8.1lf %sBps",
+ "GPRINT:output:AVERAGE:%8.1lf %sBps",
+ "GPRINT:output:MIN:%8.1lf %sBps",
+ "GPRINT:output:LAST:%8.1lf %sBps\\j",
+ "STACK:forward".$color{"color23"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}." (FORWARD)"),
+ "GPRINT:forward:MAX:%8.1lf %sBps",
+ "GPRINT:forward:AVERAGE:%8.1lf %sBps",
+ "GPRINT:forward:MIN:%8.1lf %sBps",
+ "GPRINT:forward:LAST:%8.1lf %sBps\\j",
+ "STACK:input".$color{"color24"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}." (INPUT)"),
+ "GPRINT:input:MAX:%8.1lf %sBps",
+ "GPRINT:input:AVERAGE:%8.1lf %sBps",
+ "GPRINT:input:MIN:%8.1lf %sBps",
+ "GPRINT:input:LAST:%8.1lf %sBps\\j",
+ "STACK:newnotsyn".$color{"color14"}."A0:".sprintf("%-25s","NewNotSYN"),
+ "GPRINT:newnotsyn:MAX:%8.1lf %sBps",
+ "GPRINT:newnotsyn:AVERAGE:%8.1lf %sBps",
+ "GPRINT:newnotsyn:MIN:%8.1lf %sBps",
+ "GPRINT:newnotsyn:LAST:%8.1lf %sBps\\j",
+ "STACK:portscan".$color{"color16"}."A0:".sprintf("%-25s",$Lang::tr{'portscans'}),
+ "GPRINT:portscan:MAX:%8.1lf %sBps",
+ "GPRINT:portscan:AVERAGE:%8.1lf %sBps",
+ "GPRINT:portscan:MIN:%8.1lf %sBps",
+ "GPRINT:portscan:LAST:%8.1lf %sBps\\j",
+ "STACK:spoofedmartian".$color{"color12"}."A0:".sprintf("%-25s",$Lang::tr{'spoofed or martians'}),
+ "GPRINT:spoofedmartian:MAX:%8.1lf %sBps",
+ "GPRINT:spoofedmartian:AVERAGE:%8.1lf %sBps",
+ "GPRINT:spoofedmartian:MIN:%8.1lf %sBps",
+ "GPRINT:spoofedmartian:LAST:%8.1lf %sBps\\j",
+ "STACK:hostilein".$color{"color13"}."A0:".sprintf("%-25s",$Lang::tr{'hostile networks in'}),
+ "GPRINT:hostilein:MAX:%8.1lf %sBps",
+ "GPRINT:hostilein:AVERAGE:%8.1lf %sBps",
+ "GPRINT:hostilein:MIN:%8.1lf %sBps",
+ "GPRINT:hostilein:LAST:%8.1lf %sBps\\j",
+ "STACK:hostileout".$color{"color25"}."A0:".sprintf("%-25s",$Lang::tr{'hostile networks out'}),
+ "GPRINT:hostileout:MAX:%8.1lf %sBps",
+ "GPRINT:hostileout:AVERAGE:%8.1lf %sBps",
+ "GPRINT:hostileout:MIN:%8.1lf %sBps",
+ "GPRINT:hostileout:LAST:%8.1lf %sBps\\j",
+ "LINE:hostile#000000A0:".sprintf("%-25s",$Lang::tr{'hostile networks total'}),
+ "GPRINT:hostile:MAX:%8.1lf %sBps",
+ "GPRINT:hostile:AVERAGE:%8.1lf %sBps",
+ "GPRINT:hostile:MIN:%8.1lf %sBps",
+ "GPRINT:hostile:LAST:%8.1lf %sBps\\j",
+ );
+ }else{
+ RRDs::graph(
+ @GRAPH_ARGS,
+ "-",
+ "--start",
+ "-1".$period,
+ "-r",
+ "-t ".$Lang::tr{'firewall hits per'}." ".$Lang::tr{$period."-graph"},
+ "-v ".$Lang::tr{'bytes per second'},
+ "--color=SHADEA".$color{"color19"},
+ "--color=SHADEB".$color{"color19"},
+ "--color=BACK".$color{"color21"},
+ "DEF:output=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYOUT/ipt_bytes-DROP_OUTPUT.rrd:value:AVERAGE",
+ "DEF:input=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYIN/ipt_bytes-DROP_INPUT.rrd:value:AVERAGE",
+ "DEF:forward=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYFWD/ipt_bytes-DROP_FORWARD.rrd:value:AVERAGE",
+ "DEF:newnotsyn=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-NEWNOTSYN/ipt_bytes-DROP_NEWNOTSYN.rrd:value:AVERAGE",
+ "DEF:portscan=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-PSCAN/ipt_bytes-DROP_PScan.rrd:value:AVERAGE",
+ "DEF:spoofedmartian=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-SPOOFED_MARTIAN/ipt_bytes-DROP_SPOOFED_MARTIAN.rrd:value:AVERAGE",
+ "DEF:hostilein=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-HOSTILE_DROP_IN/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE",
+ "DEF:hostileout=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-HOSTILE_DROP_OUT/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE",
+
+ # This creates a new combined hostile segment.
+ # If we started collecting IN/OUT, ie the old single Hostile RRD database is not available then this CDEF will take the values
+ # from the sum of IN + OUT.
+ "CDEF:hostile=hostilein,hostileout,+",
+
+ "COMMENT:".sprintf("%-26s",$Lang::tr{'caption'}),
+ "COMMENT:".sprintf("%15s",$Lang::tr{'maximal'}),
+ "COMMENT:".sprintf("%15s",$Lang::tr{'average'}),
+ "COMMENT:".sprintf("%14s",$Lang::tr{'minimal'}),
+ "COMMENT:".sprintf("%15s",$Lang::tr{'current'})."\\j",
+ "AREA:output".$color{"color25"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}." (OUTPUT)"),
+ "GPRINT:output:MAX:%8.1lf %sBps",
+ "GPRINT:output:AVERAGE:%8.1lf %sBps",
+ "GPRINT:output:MIN:%8.1lf %sBps",
+ "GPRINT:output:LAST:%8.1lf %sBps\\j",
+ "STACK:forward".$color{"color23"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}." (FORWARD)"),
+ "GPRINT:forward:MAX:%8.1lf %sBps",
+ "GPRINT:forward:AVERAGE:%8.1lf %sBps",
+ "GPRINT:forward:MIN:%8.1lf %sBps",
+ "GPRINT:forward:LAST:%8.1lf %sBps\\j",
+ "STACK:input".$color{"color24"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}." (INPUT)"),
+ "GPRINT:input:MAX:%8.1lf %sBps",
+ "GPRINT:input:AVERAGE:%8.1lf %sBps",
+ "GPRINT:input:MIN:%8.1lf %sBps",
+ "GPRINT:input:LAST:%8.1lf %sBps\\j",
+ "STACK:newnotsyn".$color{"color14"}."A0:".sprintf("%-25s","NewNotSYN"),
+ "GPRINT:newnotsyn:MAX:%8.1lf %sBps",
+ "GPRINT:newnotsyn:AVERAGE:%8.1lf %sBps",
+ "GPRINT:newnotsyn:MIN:%8.1lf %sBps",
+ "GPRINT:newnotsyn:LAST:%8.1lf %sBps\\j",
+ "STACK:portscan".$color{"color16"}."A0:".sprintf("%-25s",$Lang::tr{'portscans'}),
+ "GPRINT:portscan:MAX:%8.1lf %sBps",
+ "GPRINT:portscan:AVERAGE:%8.1lf %sBps",
+ "GPRINT:portscan:MIN:%8.1lf %sBps",
+ "GPRINT:portscan:LAST:%8.1lf %sBps\\j",
+ "STACK:spoofedmartian".$color{"color12"}."A0:".sprintf("%-25s",$Lang::tr{'spoofed or martians'}),
+ "GPRINT:spoofedmartian:MAX:%8.1lf %sBps",
+ "GPRINT:spoofedmartian:AVERAGE:%8.1lf %sBps",
+ "GPRINT:spoofedmartian:MIN:%8.1lf %sBps",
+ "GPRINT:spoofedmartian:LAST:%8.1lf %sBps\\j",
+ "STACK:hostilein".$color{"color13"}."A0:".sprintf("%-25s",$Lang::tr{'hostile networks in'}),
+ "GPRINT:hostilein:MAX:%8.1lf %sBps",
+ "GPRINT:hostilein:AVERAGE:%8.1lf %sBps",
+ "GPRINT:hostilein:MIN:%8.1lf %sBps",
+ "GPRINT:hostilein:LAST:%8.1lf %sBps\\j",
+ "STACK:hostileout".$color{"color25"}."A0:".sprintf("%-25s",$Lang::tr{'hostile networks out'}),
+ "GPRINT:hostileout:MAX:%8.1lf %sBps",
+ "GPRINT:hostileout:AVERAGE:%8.1lf %sBps",
+ "GPRINT:hostileout:MIN:%8.1lf %sBps",
+ "GPRINT:hostileout:LAST:%8.1lf %sBps\\j",
+ "LINE:hostile#000000A0:".sprintf("%-25s",$Lang::tr{'hostile networks total'}),
+ "GPRINT:hostile:MAX:%8.1lf %sBps",
+ "GPRINT:hostile:AVERAGE:%8.1lf %sBps",
+ "GPRINT:hostile:MIN:%8.1lf %sBps",
+ "GPRINT:hostile:LAST:%8.1lf %sBps\\j",
+ );
+ }
$ERROR = RRDs::error;
return "Error in RRD::graph for firewallhits: ".$ERROR."\n" if $ERROR;
}
diff --git a/config/rootfiles/common/bind b/config/rootfiles/common/bind
index 230b2e595f..96859c8db4 100644
--- a/config/rootfiles/common/bind
+++ b/config/rootfiles/common/bind
@@ -271,24 +271,24 @@ usr/bin/nsupdate
#usr/include/pk11/site.h
#usr/include/pkcs11
#usr/include/pkcs11/pkcs11.h
-usr/lib/libbind9-9.16.45.so
+usr/lib/libbind9-9.16.48.so
#usr/lib/libbind9.la
#usr/lib/libbind9.so
-usr/lib/libdns-9.16.45.so
+usr/lib/libdns-9.16.48.so
#usr/lib/libdns.la
#usr/lib/libdns.so
-usr/lib/libirs-9.16.45.so
+usr/lib/libirs-9.16.48.so
#usr/lib/libirs.la
#usr/lib/libirs.so
-usr/lib/libisc-9.16.45.so
+usr/lib/libisc-9.16.48.so
#usr/lib/libisc.la
#usr/lib/libisc.so
-usr/lib/libisccc-9.16.45.so
+usr/lib/libisccc-9.16.48.so
#usr/lib/libisccc.la
#usr/lib/libisccc.so
-usr/lib/libisccfg-9.16.45.so
+usr/lib/libisccfg-9.16.48.so
#usr/lib/libisccfg.la
#usr/lib/libisccfg.so
-usr/lib/libns-9.16.45.so
+usr/lib/libns-9.16.48.so
#usr/lib/libns.la
#usr/lib/libns.so
diff --git a/config/rootfiles/common/unbound b/config/rootfiles/common/unbound
index 78c5a31ae2..1badd605ab 100644
--- a/config/rootfiles/common/unbound
+++ b/config/rootfiles/common/unbound
@@ -11,7 +11,7 @@ etc/unbound/unbound.conf
#usr/lib/libunbound.la
#usr/lib/libunbound.so
usr/lib/libunbound.so.8
-usr/lib/libunbound.so.8.1.23
+usr/lib/libunbound.so.8.1.24
#usr/lib/pkgconfig/libunbound.pc
usr/sbin/unbound
usr/sbin/unbound-anchor
diff --git a/config/rootfiles/core/184/filelists/bind b/config/rootfiles/core/184/filelists/bind
new file mode 120000
index 0000000000..48a0ebaefd
--- /dev/null
+++ b/config/rootfiles/core/184/filelists/bind
@@ -0,0 +1 @@
+../../../common/bind
\ No newline at end of file
diff --git a/config/rootfiles/core/184/filelists/unbound b/config/rootfiles/core/184/filelists/unbound
new file mode 120000
index 0000000000..66adf09242
--- /dev/null
+++ b/config/rootfiles/core/184/filelists/unbound
@@ -0,0 +1 @@
+../../../common/unbound
\ No newline at end of file
diff --git a/config/rootfiles/core/184/update.sh b/config/rootfiles/core/184/update.sh
index 024c44be7f..3bf38ff8b2 100644
--- a/config/rootfiles/core/184/update.sh
+++ b/config/rootfiles/core/184/update.sh
@@ -81,6 +81,7 @@ telinit u
/etc/init.d/vnstat start
/etc/init.d/collectd restart
/etc/init.d/suricata restart
+/etc/init.d/unbound restart
if [ -f /var/ipfire/proxy/enable ]; then
/etc/init.d/squid start
fi
diff --git a/lfs/bind b/lfs/bind
index 63e642ca89..271f8ab53b 100644
--- a/lfs/bind
+++ b/lfs/bind
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2023 IPFire Team <info(a)ipfire.org> #
+# Copyright (C) 2007-2024 IPFire Team <info(a)ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -25,7 +25,7 @@
include Config
-VER = 9.16.45
+VER = 9.16.48
THISAPP = bind-$(VER)
DL_FILE = $(THISAPP).tar.xz
@@ -43,7 +43,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 2b6cea5e5b510780fb144cf9fce5fbec4adc6a2bb2186646f95afb4aa486edc326106519f149e600aec373238d55c06dfe7ac65f41016453a0967a28ec67ad7e
+$(DL_FILE)_BLAKE2 = 4a503b45df412c435cb0f75b54ee1270140cccce7ecc159cdf3e0e3cbd3c0a0866b7472782f20aacf130f57df12d20a102ac6979498138ce00a2655806d003e7
install : $(TARGET)
diff --git a/lfs/unbound b/lfs/unbound
index 22bb2e1ceb..b852f75b9b 100644
--- a/lfs/unbound
+++ b/lfs/unbound
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2023 IPFire Team <info(a)ipfire.org> #
+# Copyright (C) 2007-2024 IPFire Team <info(a)ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,7 +24,7 @@
include Config
-VER = 1.19.0
+VER = 1.19.1
THISAPP = unbound-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 66ec2b1cd32ac5930c088c73e884bc1fb4d35526a0c89bdbe209defd3e78326ce9b3c1a523fc1ab28b8fdf0e457280d5de7b300cf560c15d875f460bc361f5c7
+$(DL_FILE)_BLAKE2 = a48c5b9493eb0a9aa2171956e08677e1cfb7c49b53731c1b05f9192434c4d815eba972aab110ba0ee25fee1e7a57192c8b48e59bb21fb76ad7fd1c7d2d260012
install : $(TARGET)
hooks/post-receive
--
IPFire 2.x development tree
reply other threads:[~2024-02-14 19:02 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4TZncp1cTmz2yKF@people01.haj.ipfire.org \
--to=git@ipfire.org \
--cc=ipfire-scm@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox