From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: ipfire-scm@lists.ipfire.org Subject: [git.ipfire.org] IPFire 2.x development tree branch, master, updated. 2071b2964fed10cbcf62bd2d7da3b7e718f8a88f Date: Wed, 14 Feb 2024 19:02:18 +0000 Message-ID: <4TZncp1cTmz2yKF@people01.haj.ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============4834865361907957202==" List-Id: --===============4834865361907957202== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree". The branch, master has been updated via 2071b2964fed10cbcf62bd2d7da3b7e718f8a88f (commit) via f3d7ce3b5d83222c78bc2b246f6afd5766af4dc9 (commit) via 4fb7b188434b69a7dc6c5e40e827f6a8f389a86f (commit) via e705636a854de570987817d2f847bec980db928f (commit) via 0698daa3fb935ede4c027e8b507e7b3106391a86 (commit) via de9e44e82daa1e650a38e3cb5235a59caaedb66b (commit) from 4a9fe2eaaa45e25428ce72f0076c0a38fe9b291a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 2071b2964fed10cbcf62bd2d7da3b7e718f8a88f Author: Adolf Belka Date: Wed Feb 14 11:34:36 2024 +0100 graphs.pl: Fixes graph failure when the DROP_HOSTILE directory is missing =20 - If a fresh install is done then only the DROP_HOSTILE_IN & DROP_HOSTILE= _OUT rrd directories are created. - With the DROP_HOSTILE directory missing then when the fwhits graph is u= pdated an error message is caused by the inability to open the required files. - This patch adds an if/else loop into the fwhits graph code to deal with= the two cases of the DROP_HOSTILE being present or not depending on the history and = if a backup with logs has been restored from when DROP_HOSTILE was in use. - Tested on vm testbed and created a historical line for the hostile data= when it was not split - There might be a simpler or better approach than this but it was the on= ly option I could identify. I couldn't find anything about being able to use if lo= ops within the RRD::Graph loop =20 Tested-by: Adolf Belka Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit f3d7ce3b5d83222c78bc2b246f6afd5766af4dc9 Author: Michael Tremer Date: Wed Feb 14 19:01:25 2024 +0000 core184: Ship unbound =20 Signed-off-by: Michael Tremer commit 4fb7b188434b69a7dc6c5e40e827f6a8f389a86f Author: Matthias Fischer Date: Wed Feb 14 17:24:52 2024 +0100 unbound: Update to 1.19.1 =20 For details see: https://nlnetlabs.nl/projects/unbound/download/#unbound-1-19-1 =20 "Bug Fixes =20 Fix CVE-2023-50387, DNSSEC verification complexity can be exploited to exhaust CPU resources and stall DNS resolvers. Fix CVE-2023-50868, NSEC3 closest encloser proof can exhaust CPU." =20 Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit e705636a854de570987817d2f847bec980db928f Author: Matthias Fischer Date: Wed Feb 14 17:34:10 2024 +0100 unbound 1.19.1: Fix for forgotten rootfile =20 Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit 0698daa3fb935ede4c027e8b507e7b3106391a86 Author: Michael Tremer Date: Wed Feb 14 19:00:03 2024 +0000 core184: Ship bind =20 Signed-off-by: Michael Tremer commit de9e44e82daa1e650a38e3cb5235a59caaedb66b Author: Matthias Fischer Date: Wed Feb 14 17:43:12 2024 +0100 bind: Update to 9.16.48 =20 For details see: https://downloads.isc.org/isc/bind9/9.16.48/doc/arm/html/notes.html#notes= -for-bind-9-16-48 =20 Fixes several CVEs. =20 Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer ----------------------------------------------------------------------- Summary of changes: config/cfgroot/graphs.pl | 237 ++++++++++++++-----= -- config/rootfiles/common/bind | 14 +- config/rootfiles/common/unbound | 2 +- .../{oldcore/100 =3D> core/184}/filelists/bind | 0 .../{oldcore/106 =3D> core/184}/filelists/unbound | 0 config/rootfiles/core/184/update.sh | 1 + lfs/bind | 6 +- lfs/unbound | 6 +- 8 files changed, 173 insertions(+), 93 deletions(-) copy config/rootfiles/{oldcore/100 =3D> core/184}/filelists/bind (100%) copy config/rootfiles/{oldcore/106 =3D> core/184}/filelists/unbound (100%) Difference in files: diff --git a/config/cfgroot/graphs.pl b/config/cfgroot/graphs.pl index a23e49c980..96c6c26ead 100644 --- a/config/cfgroot/graphs.pl +++ b/config/cfgroot/graphs.pl @@ -13,7 +13,7 @@ # This program is distributed in the hope that it will be useful, = # # but WITHOUT ANY WARRANTY; without even the implied warranty of = # # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the = # -# GNU General Public License for more details. = # +# GNU General Public License for more details. = #update.sh # = # # You should have received a copy of the GNU General Public License = # # along with this program. If not, see . = # @@ -676,84 +676,163 @@ sub updatevpnn2ngraph { =20 sub updatefwhitsgraph { my $period =3D $_[0]; - RRDs::graph( - @GRAPH_ARGS, - "-", - "--start", - "-1".$period, - "-r", - "-t ".$Lang::tr{'firewall hits per'}." ".$Lang::tr{$period."-graph"}, - "-v ".$Lang::tr{'bytes per second'}, - "--color=3DSHADEA".$color{"color19"}, - "--color=3DSHADEB".$color{"color19"}, - "--color=3DBACK".$color{"color21"}, - "DEF:output=3D".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filt= er-POLICYOUT/ipt_bytes-DROP_OUTPUT.rrd:value:AVERAGE", - "DEF:input=3D".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filte= r-POLICYIN/ipt_bytes-DROP_INPUT.rrd:value:AVERAGE", - "DEF:forward=3D".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-fil= ter-POLICYFWD/ipt_bytes-DROP_FORWARD.rrd:value:AVERAGE", - "DEF:newnotsyn=3D".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-f= ilter-NEWNOTSYN/ipt_bytes-DROP_NEWNOTSYN.rrd:value:AVERAGE", - "DEF:portscan=3D".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-fi= lter-PSCAN/ipt_bytes-DROP_PScan.rrd:value:AVERAGE", - "DEF:spoofedmartian=3D".$mainsettings{'RRDLOG'}."/collectd/localhost/iptab= les-filter-SPOOFED_MARTIAN/ipt_bytes-DROP_SPOOFED_MARTIAN.rrd:value:AVERAGE", - "DEF:hostilein=3D".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-f= ilter-HOSTILE_DROP_IN/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE", - "DEF:hostileout=3D".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-= filter-HOSTILE_DROP_OUT/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE", - "DEF:hostilelegacy=3D".$mainsettings{'RRDLOG'}."/collectd/localhost/iptabl= es-filter-HOSTILE_DROP/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE", - - # This creates a new combined hostile segment. - # Previously we did not split into incoming/outgoing, but we cannot go bac= k in time. This CDEF will take the values - # from the old RRD database unless those are UNKNOWN (i.e. we started coll= ected IN/OUT). If the values are unknown, - # we replace them with them sum of IN + OUT. - "CDEF:hostile=3Dhostilelegacy,UN,hostilein,hostileout,+,hostilelegacy,IF", - - "COMMENT:".sprintf("%-26s",$Lang::tr{'caption'}), - "COMMENT:".sprintf("%15s",$Lang::tr{'maximal'}), - "COMMENT:".sprintf("%15s",$Lang::tr{'average'}), - "COMMENT:".sprintf("%14s",$Lang::tr{'minimal'}), - "COMMENT:".sprintf("%15s",$Lang::tr{'current'})."\\j", - "AREA:output".$color{"color25"}."A0:".sprintf("%-25s",$Lang::tr{'firewallh= its'}." (OUTPUT)"), - "GPRINT:output:MAX:%8.1lf %sBps", - "GPRINT:output:AVERAGE:%8.1lf %sBps", - "GPRINT:output:MIN:%8.1lf %sBps", - "GPRINT:output:LAST:%8.1lf %sBps\\j", - "STACK:forward".$color{"color23"}."A0:".sprintf("%-25s",$Lang::tr{'firewal= lhits'}." (FORWARD)"), - "GPRINT:forward:MAX:%8.1lf %sBps", - "GPRINT:forward:AVERAGE:%8.1lf %sBps", - "GPRINT:forward:MIN:%8.1lf %sBps", - "GPRINT:forward:LAST:%8.1lf %sBps\\j", - "STACK:input".$color{"color24"}."A0:".sprintf("%-25s",$Lang::tr{'firewallh= its'}." (INPUT)"), - "GPRINT:input:MAX:%8.1lf %sBps", - "GPRINT:input:AVERAGE:%8.1lf %sBps", - "GPRINT:input:MIN:%8.1lf %sBps", - "GPRINT:input:LAST:%8.1lf %sBps\\j", - "STACK:newnotsyn".$color{"color14"}."A0:".sprintf("%-25s","NewNotSYN"), - "GPRINT:newnotsyn:MAX:%8.1lf %sBps", - "GPRINT:newnotsyn:AVERAGE:%8.1lf %sBps", - "GPRINT:newnotsyn:MIN:%8.1lf %sBps", - "GPRINT:newnotsyn:LAST:%8.1lf %sBps\\j", - "STACK:portscan".$color{"color16"}."A0:".sprintf("%-25s",$Lang::tr{'portsc= ans'}), - "GPRINT:portscan:MAX:%8.1lf %sBps", - "GPRINT:portscan:AVERAGE:%8.1lf %sBps", - "GPRINT:portscan:MIN:%8.1lf %sBps", - "GPRINT:portscan:LAST:%8.1lf %sBps\\j", - "STACK:spoofedmartian".$color{"color12"}."A0:".sprintf("%-25s",$Lang::tr{'= spoofed or martians'}), - "GPRINT:spoofedmartian:MAX:%8.1lf %sBps", - "GPRINT:spoofedmartian:AVERAGE:%8.1lf %sBps", - "GPRINT:spoofedmartian:MIN:%8.1lf %sBps", - "GPRINT:spoofedmartian:LAST:%8.1lf %sBps\\j", - "STACK:hostilein".$color{"color13"}."A0:".sprintf("%-25s",$Lang::tr{'hosti= le networks in'}), - "GPRINT:hostilein:MAX:%8.1lf %sBps", - "GPRINT:hostilein:AVERAGE:%8.1lf %sBps", - "GPRINT:hostilein:MIN:%8.1lf %sBps", - "GPRINT:hostilein:LAST:%8.1lf %sBps\\j", - "STACK:hostileout".$color{"color25"}."A0:".sprintf("%-25s",$Lang::tr{'host= ile networks out'}), - "GPRINT:hostileout:MAX:%8.1lf %sBps", - "GPRINT:hostileout:AVERAGE:%8.1lf %sBps", - "GPRINT:hostileout:MIN:%8.1lf %sBps", - "GPRINT:hostileout:LAST:%8.1lf %sBps\\j", - "LINE:hostile#000000A0:".sprintf("%-25s",$Lang::tr{'hostile networks total= '}), - "GPRINT:hostile:MAX:%8.1lf %sBps", - "GPRINT:hostile:AVERAGE:%8.1lf %sBps", - "GPRINT:hostile:MIN:%8.1lf %sBps", - "GPRINT:hostile:LAST:%8.1lf %sBps\\j", - ); + if ( -e "$mainsettings{'RRDLOG'}/collectd/localhost/iptables-filter-HOSTILE= _DROP/ipt_bytes-DROP_HOSTILE.rrd" ) { + RRDs::graph( + @GRAPH_ARGS, + "-", + "--start", + "-1".$period, + "-r", + "-t ".$Lang::tr{'firewall hits per'}." ".$Lang::tr{$period."-graph"}, + "-v ".$Lang::tr{'bytes per second'}, + "--color=3DSHADEA".$color{"color19"}, + "--color=3DSHADEB".$color{"color19"}, + "--color=3DBACK".$color{"color21"}, + "DEF:output=3D".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-fil= ter-POLICYOUT/ipt_bytes-DROP_OUTPUT.rrd:value:AVERAGE", + "DEF:input=3D".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filt= er-POLICYIN/ipt_bytes-DROP_INPUT.rrd:value:AVERAGE", + "DEF:forward=3D".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-fi= lter-POLICYFWD/ipt_bytes-DROP_FORWARD.rrd:value:AVERAGE", + "DEF:newnotsyn=3D".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-= filter-NEWNOTSYN/ipt_bytes-DROP_NEWNOTSYN.rrd:value:AVERAGE", + "DEF:portscan=3D".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-f= ilter-PSCAN/ipt_bytes-DROP_PScan.rrd:value:AVERAGE", + "DEF:spoofedmartian=3D".$mainsettings{'RRDLOG'}."/collectd/localhost/ipta= bles-filter-SPOOFED_MARTIAN/ipt_bytes-DROP_SPOOFED_MARTIAN.rrd:value:AVERAGE", + "DEF:hostilein=3D".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-= filter-HOSTILE_DROP_IN/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE", + "DEF:hostileout=3D".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables= -filter-HOSTILE_DROP_OUT/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE", + "DEF:hostilelegacy=3D".$mainsettings{'RRDLOG'}."/collectd/localhost/iptab= les-filter-HOSTILE_DROP/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE", + + # This creates a new combined hostile segment. + # Previously we did not split into incoming/outgoing, but we cannot go ba= ck in time. This CDEF will take the values + # from the old RRD database if it exists and if those values are UNKNOWN = (time period after Hostile was split into In and Out), + # we replace them with the sum of IN + OUT. + "CDEF:hostile=3Dhostilelegacy,UN,hostilein,hostileout,+,hostilelegacy,IF", + + "COMMENT:".sprintf("%-26s",$Lang::tr{'caption'}), + "COMMENT:".sprintf("%15s",$Lang::tr{'maximal'}), + "COMMENT:".sprintf("%15s",$Lang::tr{'average'}), + "COMMENT:".sprintf("%14s",$Lang::tr{'minimal'}), + "COMMENT:".sprintf("%15s",$Lang::tr{'current'})."\\j", + "AREA:output".$color{"color25"}."A0:".sprintf("%-25s",$Lang::tr{'firewall= hits'}." (OUTPUT)"), + "GPRINT:output:MAX:%8.1lf %sBps", + "GPRINT:output:AVERAGE:%8.1lf %sBps", + "GPRINT:output:MIN:%8.1lf %sBps", + "GPRINT:output:LAST:%8.1lf %sBps\\j", + "STACK:forward".$color{"color23"}."A0:".sprintf("%-25s",$Lang::tr{'firewa= llhits'}." (FORWARD)"), + "GPRINT:forward:MAX:%8.1lf %sBps", + "GPRINT:forward:AVERAGE:%8.1lf %sBps", + "GPRINT:forward:MIN:%8.1lf %sBps", + "GPRINT:forward:LAST:%8.1lf %sBps\\j", + "STACK:input".$color{"color24"}."A0:".sprintf("%-25s",$Lang::tr{'firewall= hits'}." (INPUT)"), + "GPRINT:input:MAX:%8.1lf %sBps", + "GPRINT:input:AVERAGE:%8.1lf %sBps", + "GPRINT:input:MIN:%8.1lf %sBps", + "GPRINT:input:LAST:%8.1lf %sBps\\j", + "STACK:newnotsyn".$color{"color14"}."A0:".sprintf("%-25s","NewNotSYN"), + "GPRINT:newnotsyn:MAX:%8.1lf %sBps", + "GPRINT:newnotsyn:AVERAGE:%8.1lf %sBps", + "GPRINT:newnotsyn:MIN:%8.1lf %sBps", + "GPRINT:newnotsyn:LAST:%8.1lf %sBps\\j", + "STACK:portscan".$color{"color16"}."A0:".sprintf("%-25s",$Lang::tr{'ports= cans'}), + "GPRINT:portscan:MAX:%8.1lf %sBps", + "GPRINT:portscan:AVERAGE:%8.1lf %sBps", + "GPRINT:portscan:MIN:%8.1lf %sBps", + "GPRINT:portscan:LAST:%8.1lf %sBps\\j", + "STACK:spoofedmartian".$color{"color12"}."A0:".sprintf("%-25s",$Lang::tr{= 'spoofed or martians'}), + "GPRINT:spoofedmartian:MAX:%8.1lf %sBps", + "GPRINT:spoofedmartian:AVERAGE:%8.1lf %sBps", + "GPRINT:spoofedmartian:MIN:%8.1lf %sBps", + "GPRINT:spoofedmartian:LAST:%8.1lf %sBps\\j", + "STACK:hostilein".$color{"color13"}."A0:".sprintf("%-25s",$Lang::tr{'host= ile networks in'}), + "GPRINT:hostilein:MAX:%8.1lf %sBps", + "GPRINT:hostilein:AVERAGE:%8.1lf %sBps", + "GPRINT:hostilein:MIN:%8.1lf %sBps", + "GPRINT:hostilein:LAST:%8.1lf %sBps\\j", + "STACK:hostileout".$color{"color25"}."A0:".sprintf("%-25s",$Lang::tr{'hos= tile networks out'}), + "GPRINT:hostileout:MAX:%8.1lf %sBps", + "GPRINT:hostileout:AVERAGE:%8.1lf %sBps", + "GPRINT:hostileout:MIN:%8.1lf %sBps", + "GPRINT:hostileout:LAST:%8.1lf %sBps\\j", + "LINE:hostile#000000A0:".sprintf("%-25s",$Lang::tr{'hostile networks tota= l'}), + "GPRINT:hostile:MAX:%8.1lf %sBps", + "GPRINT:hostile:AVERAGE:%8.1lf %sBps", + "GPRINT:hostile:MIN:%8.1lf %sBps", + "GPRINT:hostile:LAST:%8.1lf %sBps\\j", + ); + }else{ + RRDs::graph( + @GRAPH_ARGS, + "-", + "--start", + "-1".$period, + "-r", + "-t ".$Lang::tr{'firewall hits per'}." ".$Lang::tr{$period."-graph"}, + "-v ".$Lang::tr{'bytes per second'}, + "--color=3DSHADEA".$color{"color19"}, + "--color=3DSHADEB".$color{"color19"}, + "--color=3DBACK".$color{"color21"}, + "DEF:output=3D".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-fil= ter-POLICYOUT/ipt_bytes-DROP_OUTPUT.rrd:value:AVERAGE", + "DEF:input=3D".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filt= er-POLICYIN/ipt_bytes-DROP_INPUT.rrd:value:AVERAGE", + "DEF:forward=3D".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-fi= lter-POLICYFWD/ipt_bytes-DROP_FORWARD.rrd:value:AVERAGE", + "DEF:newnotsyn=3D".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-= filter-NEWNOTSYN/ipt_bytes-DROP_NEWNOTSYN.rrd:value:AVERAGE", + "DEF:portscan=3D".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-f= ilter-PSCAN/ipt_bytes-DROP_PScan.rrd:value:AVERAGE", + "DEF:spoofedmartian=3D".$mainsettings{'RRDLOG'}."/collectd/localhost/ipta= bles-filter-SPOOFED_MARTIAN/ipt_bytes-DROP_SPOOFED_MARTIAN.rrd:value:AVERAGE", + "DEF:hostilein=3D".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-= filter-HOSTILE_DROP_IN/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE", + "DEF:hostileout=3D".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables= -filter-HOSTILE_DROP_OUT/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE", + + # This creates a new combined hostile segment. + # If we started collecting IN/OUT, ie the old single Hostile RRD database= is not available then this CDEF will take the values + # from the sum of IN + OUT. + "CDEF:hostile=3Dhostilein,hostileout,+", + + "COMMENT:".sprintf("%-26s",$Lang::tr{'caption'}), + "COMMENT:".sprintf("%15s",$Lang::tr{'maximal'}), + "COMMENT:".sprintf("%15s",$Lang::tr{'average'}), + "COMMENT:".sprintf("%14s",$Lang::tr{'minimal'}), + "COMMENT:".sprintf("%15s",$Lang::tr{'current'})."\\j", + "AREA:output".$color{"color25"}."A0:".sprintf("%-25s",$Lang::tr{'firewall= hits'}." (OUTPUT)"), + "GPRINT:output:MAX:%8.1lf %sBps", + "GPRINT:output:AVERAGE:%8.1lf %sBps", + "GPRINT:output:MIN:%8.1lf %sBps", + "GPRINT:output:LAST:%8.1lf %sBps\\j", + "STACK:forward".$color{"color23"}."A0:".sprintf("%-25s",$Lang::tr{'firewa= llhits'}." (FORWARD)"), + "GPRINT:forward:MAX:%8.1lf %sBps", + "GPRINT:forward:AVERAGE:%8.1lf %sBps", + "GPRINT:forward:MIN:%8.1lf %sBps", + "GPRINT:forward:LAST:%8.1lf %sBps\\j", + "STACK:input".$color{"color24"}."A0:".sprintf("%-25s",$Lang::tr{'firewall= hits'}." (INPUT)"), + "GPRINT:input:MAX:%8.1lf %sBps", + "GPRINT:input:AVERAGE:%8.1lf %sBps", + "GPRINT:input:MIN:%8.1lf %sBps", + "GPRINT:input:LAST:%8.1lf %sBps\\j", + "STACK:newnotsyn".$color{"color14"}."A0:".sprintf("%-25s","NewNotSYN"), + "GPRINT:newnotsyn:MAX:%8.1lf %sBps", + "GPRINT:newnotsyn:AVERAGE:%8.1lf %sBps", + "GPRINT:newnotsyn:MIN:%8.1lf %sBps", + "GPRINT:newnotsyn:LAST:%8.1lf %sBps\\j", + "STACK:portscan".$color{"color16"}."A0:".sprintf("%-25s",$Lang::tr{'ports= cans'}), + "GPRINT:portscan:MAX:%8.1lf %sBps", + "GPRINT:portscan:AVERAGE:%8.1lf %sBps", + "GPRINT:portscan:MIN:%8.1lf %sBps", + "GPRINT:portscan:LAST:%8.1lf %sBps\\j", + "STACK:spoofedmartian".$color{"color12"}."A0:".sprintf("%-25s",$Lang::tr{= 'spoofed or martians'}), + "GPRINT:spoofedmartian:MAX:%8.1lf %sBps", + "GPRINT:spoofedmartian:AVERAGE:%8.1lf %sBps", + "GPRINT:spoofedmartian:MIN:%8.1lf %sBps", + "GPRINT:spoofedmartian:LAST:%8.1lf %sBps\\j", + "STACK:hostilein".$color{"color13"}."A0:".sprintf("%-25s",$Lang::tr{'host= ile networks in'}), + "GPRINT:hostilein:MAX:%8.1lf %sBps", + "GPRINT:hostilein:AVERAGE:%8.1lf %sBps", + "GPRINT:hostilein:MIN:%8.1lf %sBps", + "GPRINT:hostilein:LAST:%8.1lf %sBps\\j", + "STACK:hostileout".$color{"color25"}."A0:".sprintf("%-25s",$Lang::tr{'hos= tile networks out'}), + "GPRINT:hostileout:MAX:%8.1lf %sBps", + "GPRINT:hostileout:AVERAGE:%8.1lf %sBps", + "GPRINT:hostileout:MIN:%8.1lf %sBps", + "GPRINT:hostileout:LAST:%8.1lf %sBps\\j", + "LINE:hostile#000000A0:".sprintf("%-25s",$Lang::tr{'hostile networks tota= l'}), + "GPRINT:hostile:MAX:%8.1lf %sBps", + "GPRINT:hostile:AVERAGE:%8.1lf %sBps", + "GPRINT:hostile:MIN:%8.1lf %sBps", + "GPRINT:hostile:LAST:%8.1lf %sBps\\j", + ); + } $ERROR =3D RRDs::error; return "Error in RRD::graph for firewallhits: ".$ERROR."\n" if $ERROR; } diff --git a/config/rootfiles/common/bind b/config/rootfiles/common/bind index 230b2e595f..96859c8db4 100644 --- a/config/rootfiles/common/bind +++ b/config/rootfiles/common/bind @@ -271,24 +271,24 @@ usr/bin/nsupdate #usr/include/pk11/site.h #usr/include/pkcs11 #usr/include/pkcs11/pkcs11.h -usr/lib/libbind9-9.16.45.so +usr/lib/libbind9-9.16.48.so #usr/lib/libbind9.la #usr/lib/libbind9.so -usr/lib/libdns-9.16.45.so +usr/lib/libdns-9.16.48.so #usr/lib/libdns.la #usr/lib/libdns.so -usr/lib/libirs-9.16.45.so +usr/lib/libirs-9.16.48.so #usr/lib/libirs.la #usr/lib/libirs.so -usr/lib/libisc-9.16.45.so +usr/lib/libisc-9.16.48.so #usr/lib/libisc.la #usr/lib/libisc.so -usr/lib/libisccc-9.16.45.so +usr/lib/libisccc-9.16.48.so #usr/lib/libisccc.la #usr/lib/libisccc.so -usr/lib/libisccfg-9.16.45.so +usr/lib/libisccfg-9.16.48.so #usr/lib/libisccfg.la #usr/lib/libisccfg.so -usr/lib/libns-9.16.45.so +usr/lib/libns-9.16.48.so #usr/lib/libns.la #usr/lib/libns.so diff --git a/config/rootfiles/common/unbound b/config/rootfiles/common/unbound index 78c5a31ae2..1badd605ab 100644 --- a/config/rootfiles/common/unbound +++ b/config/rootfiles/common/unbound @@ -11,7 +11,7 @@ etc/unbound/unbound.conf #usr/lib/libunbound.la #usr/lib/libunbound.so usr/lib/libunbound.so.8 -usr/lib/libunbound.so.8.1.23 +usr/lib/libunbound.so.8.1.24 #usr/lib/pkgconfig/libunbound.pc usr/sbin/unbound usr/sbin/unbound-anchor diff --git a/config/rootfiles/core/184/filelists/bind b/config/rootfiles/core= /184/filelists/bind new file mode 120000 index 0000000000..48a0ebaefd --- /dev/null +++ b/config/rootfiles/core/184/filelists/bind @@ -0,0 +1 @@ +../../../common/bind \ No newline at end of file diff --git a/config/rootfiles/core/184/filelists/unbound b/config/rootfiles/c= ore/184/filelists/unbound new file mode 120000 index 0000000000..66adf09242 --- /dev/null +++ b/config/rootfiles/core/184/filelists/unbound @@ -0,0 +1 @@ +../../../common/unbound \ No newline at end of file diff --git a/config/rootfiles/core/184/update.sh b/config/rootfiles/core/184/= update.sh index 024c44be7f..3bf38ff8b2 100644 --- a/config/rootfiles/core/184/update.sh +++ b/config/rootfiles/core/184/update.sh @@ -81,6 +81,7 @@ telinit u /etc/init.d/vnstat start /etc/init.d/collectd restart /etc/init.d/suricata restart +/etc/init.d/unbound restart if [ -f /var/ipfire/proxy/enable ]; then /etc/init.d/squid start fi diff --git a/lfs/bind b/lfs/bind index 63e642ca89..271f8ab53b 100644 --- a/lfs/bind +++ b/lfs/bind @@ -1,7 +1,7 @@ ############################################################################= ### # = # # IPFire.org - A linux based firewall = # -# Copyright (C) 2007-2023 IPFire Team = # +# Copyright (C) 2007-2024 IPFire Team = # # = # # This program is free software: you can redistribute it and/or modify = # # it under the terms of the GNU General Public License as published by = # @@ -25,7 +25,7 @@ =20 include Config =20 -VER =3D 9.16.45 +VER =3D 9.16.48 =20 THISAPP =3D bind-$(VER) DL_FILE =3D $(THISAPP).tar.xz @@ -43,7 +43,7 @@ objects =3D $(DL_FILE) =20 $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE) =20 -$(DL_FILE)_BLAKE2 =3D 2b6cea5e5b510780fb144cf9fce5fbec4adc6a2bb2186646f95afb= 4aa486edc326106519f149e600aec373238d55c06dfe7ac65f41016453a0967a28ec67ad7e +$(DL_FILE)_BLAKE2 =3D 4a503b45df412c435cb0f75b54ee1270140cccce7ecc159cdf3e0e= 3cbd3c0a0866b7472782f20aacf130f57df12d20a102ac6979498138ce00a2655806d003e7 =20 install : $(TARGET) =20 diff --git a/lfs/unbound b/lfs/unbound index 22bb2e1ceb..b852f75b9b 100644 --- a/lfs/unbound +++ b/lfs/unbound @@ -1,7 +1,7 @@ ############################################################################= ### # = # # IPFire.org - A linux based firewall = # -# Copyright (C) 2007-2023 IPFire Team = # +# Copyright (C) 2007-2024 IPFire Team = # # = # # This program is free software: you can redistribute it and/or modify = # # it under the terms of the GNU General Public License as published by = # @@ -24,7 +24,7 @@ =20 include Config =20 -VER =3D 1.19.0 +VER =3D 1.19.1 =20 THISAPP =3D unbound-$(VER) DL_FILE =3D $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects =3D $(DL_FILE) =20 $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE) =20 -$(DL_FILE)_BLAKE2 =3D 66ec2b1cd32ac5930c088c73e884bc1fb4d35526a0c89bdbe209de= fd3e78326ce9b3c1a523fc1ab28b8fdf0e457280d5de7b300cf560c15d875f460bc361f5c7 +$(DL_FILE)_BLAKE2 =3D a48c5b9493eb0a9aa2171956e08677e1cfb7c49b53731c1b05f919= 2434c4d815eba972aab110ba0ee25fee1e7a57192c8b48e59bb21fb76ad7fd1c7d2d260012 =20 install : $(TARGET) =20 hooks/post-receive -- IPFire 2.x development tree --===============4834865361907957202==--