]> git.ipfire.org Git - people/pmueller/ipfire-2.x.git/log
people/pmueller/ipfire-2.x.git
6 years agoxz: update rootfile
Arne Fitzenreiter [Sun, 27 May 2018 17:02:47 +0000 (19:02 +0200)] 
xz: update rootfile

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
6 years agoMerge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next
Arne Fitzenreiter [Sun, 27 May 2018 14:07:07 +0000 (16:07 +0200)] 
Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next

6 years agokernel: update to 4.14.44
Arne Fitzenreiter [Sun, 27 May 2018 14:06:25 +0000 (16:06 +0200)] 
kernel: update to 4.14.44

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
6 years agoxz: Update to 5.2.4
Matthias Fischer [Sat, 26 May 2018 16:18:22 +0000 (18:18 +0200)] 
xz: Update to 5.2.4

For details see:
https://git.tukaani.org/?p=xz.git;a=blob;f=NEWS;hb=HEAD

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 years agotar: Update to 1.30
Matthias Fischer [Sat, 26 May 2018 16:15:02 +0000 (18:15 +0200)] 
tar: Update to 1.30

For details see:
https://www.gnu.org/software/tar/

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 years agoDon't compress packages three times. Once is enough.
Michael Tremer [Fri, 25 May 2018 17:36:37 +0000 (18:36 +0100)] 
Don't compress packages three times. Once is enough.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 years agomake.sh: Compress toolchain in the same way we compress everything else
Michael Tremer [Fri, 25 May 2018 13:17:20 +0000 (13:17 +0000)] 
make.sh: Compress toolchain in the same way we compress everything else

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 years agokernel: update to 4.14.43
Arne Fitzenreiter [Thu, 24 May 2018 05:39:36 +0000 (07:39 +0200)] 
kernel: update to 4.14.43

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
6 years agogitignore: add img.xz to ignore list
Arne Fitzenreiter [Wed, 23 May 2018 17:33:12 +0000 (19:33 +0200)] 
gitignore: add img.xz to ignore list

6 years agomake.sh: There are no tar.gz images to copy out of the chroot environment
Michael Tremer [Wed, 23 May 2018 11:09:07 +0000 (12:09 +0100)] 
make.sh: There are no tar.gz images to copy out of the chroot environment

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 years agomake.sh: Generate checksum files for XZ compressed images
Michael Tremer [Wed, 23 May 2018 11:08:23 +0000 (12:08 +0100)] 
make.sh: Generate checksum files for XZ compressed images

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 years agomake.sh: Refactor XZ compression parameters again
Michael Tremer [Wed, 23 May 2018 11:03:06 +0000 (12:03 +0100)] 
make.sh: Refactor XZ compression parameters again

I completely ruined this now and therefore I had to make
it new again:

* I split the parameters into smaller chunks now and added
  comments about why we have chosen those.

* I move it all to configure_build() since we do not need
  to check if the host architecture is 64 bit capable, but
  the architecture we are building for.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 years agomake.sh: Remove check for minimum host memory
Michael Tremer [Tue, 22 May 2018 20:31:24 +0000 (21:31 +0100)] 
make.sh: Remove check for minimum host memory

This won't build on the ARM builders any more

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 years agomake.sh: Let XZ determine how many cores it wants to use
Michael Tremer [Tue, 22 May 2018 19:46:25 +0000 (20:46 +0100)] 
make.sh: Let XZ determine how many cores it wants to use

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 years agomake.sh: Limit XZ memory to 2GB on 32 bit systems
Michael Tremer [Tue, 22 May 2018 19:46:03 +0000 (20:46 +0100)] 
make.sh: Limit XZ memory to 2GB on 32 bit systems

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 years agojoe: Bump package because of ncurses update
Michael Tremer [Tue, 22 May 2018 19:40:29 +0000 (20:40 +0100)] 
joe: Bump package because of ncurses update

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 years agohostapd: Fix detection of wireless devices with kernel 4.14
Michael Tremer [Tue, 22 May 2018 19:38:47 +0000 (20:38 +0100)] 
hostapd: Fix detection of wireless devices with kernel 4.14

Fixes #11738

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 years agoentropy: Don't show message for HWRNGs any more
Michael Tremer [Tue, 22 May 2018 19:31:12 +0000 (20:31 +0100)] 
entropy: Don't show message for HWRNGs any more

We cannot reliably detect this with the new kernel
and therefore cannot show this.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 years agorngd: Always start the daemon
Michael Tremer [Tue, 22 May 2018 19:25:03 +0000 (20:25 +0100)] 
rngd: Always start the daemon

We cannot reliably detect in this script any more if the
system has an actual HWRNG (/dev/hwrng always exists).

Therefore we always start the daemon now and let it
deal with what ever comes.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 years agorngd: Update to version 6.2
Michael Tremer [Tue, 22 May 2018 19:23:42 +0000 (20:23 +0100)] 
rngd: Update to version 6.2

Fixes #11737

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 years agoinstaller: Drop /var partition
Michael Tremer [Tue, 22 May 2018 19:07:59 +0000 (20:07 +0100)] 
installer: Drop /var partition

Fixes #11735

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 years agomake.sh: Use all processor cores for compression
Michael Tremer [Mon, 21 May 2018 19:58:36 +0000 (20:58 +0100)] 
make.sh: Use all processor cores for compression

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 years agomake.sh: Use exiterror to end script safely
Michael Tremer [Mon, 21 May 2018 19:56:58 +0000 (20:56 +0100)] 
make.sh: Use exiterror to end script safely

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 years agomake.sh: Remove some empty lines
Michael Tremer [Mon, 21 May 2018 19:56:08 +0000 (20:56 +0100)] 
make.sh: Remove some empty lines

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 years agotar seems to ignore the XZ_OPT variable sometimes
Michael Tremer [Mon, 21 May 2018 19:54:09 +0000 (20:54 +0100)] 
tar seems to ignore the XZ_OPT variable sometimes

This caused that the xz command was called without any
extra arguments. This will now create the tar archive
first and then pass the archive through xz with our
command line switches.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 years agoCompress flash-images as XZ as well
Michael Tremer [Mon, 21 May 2018 19:53:49 +0000 (20:53 +0100)] 
Compress flash-images as XZ as well

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 years agoxz: Performance and compression tuning (V2) - fine tuning
Matthias Fischer [Mon, 21 May 2018 14:19:48 +0000 (16:19 +0200)] 
xz: Performance and compression tuning (V2) - fine tuning

Changes since V1:

- Tuned some more 'tar'-command lines
- Included 'lfs/core-updates'
- Some fine-tuning

Hi,

Current results with V2 (clean builds):

'next':
'packages' => 255 MB
'ipfire-2.19.2gb-ext4.i586-full-core121.img.gz => 319 MB
'ipfire-2.19.i586-full-core121.iso' => 218 MB
Total => 792 MB

'xz-tuning':
'packages' => 228 MB
'ipfire-2.19.2gb-ext4.i586-full-core121.img.gz' => 318 MB
'ipfire-2.19.i586-full-core121.iso' => 207 MB

Total => 753 MB (-39 MB)

It would be nice if someone could review and test these. ;-)

If necessary, I can upload a complete patch.

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 years agoxz: Performance and compression tuning (V1)
Matthias Fischer [Sun, 20 May 2018 07:30:23 +0000 (09:30 +0200)] 
xz: Performance and compression tuning (V1)

Hi,

as mentioned in the "list", we're trying to make the archives as small as possible
using 'xz'-compression.

In order to achieve this, this patch tests the size of the memory available on the
host system.

It sets the xz-memory-limit (--memory=[N]Mib) to 70% of the available working memory,
a maximum of four xz-'worker threads' (-T4) and a compression rate of '-8' (-8).

These options are written to the 'XZ_OPT=' environment.

For details see:
https://linux.die.net/man/1/xz

I have set the number of available xz-'worker threads' (-T) to four (-T4), because during
the final tests the '-T0' parameter led to error messages snd stopped: 'cannot allocate memory'.
It wouldn't even run with 90%.

Furthermore, testing with '-T0' led to countless messages filling  up '_build.packages.log'.

E.g.:
...
xz: Adjusted the number of threads from 8 to 2 to not exceed the memory usage
limit of 1557 MiB
...

Tests took place on a 32bit-Ubuntu 16.04.4-system with 8 GB RAM and an Intel I7-2600.
Build time was about 04:30 hrs. Perhaps a 64bit-system would perform better (higher
values), but my goal was to make this run on as many systems as possible, so I choosed
these averages.

If minimum requirements (1024 MB RAM) are not met, building stops.

Current results:

'next', untuned:
ipfire-2.19.2gb-ext4.i586-full-core121.img.gz => 332951687 Bytes
ipfire-2.19.i586-full-core121.iso => 228589568 Bytes

'next', XZ_OPT: -T4 -8, 70% RAM:
ipfire-2.19.2gb-ext4.i586-full-core121.img.gz => 329725723 Bytes
ipfire-2.19.i586-full-core121.iso => 217055232 Bytes

These two resulting archives are 14760300 Bytes smaller than before.

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 years agonano: Update to 2.9.7
Matthias Fischer [Sat, 19 May 2018 11:53:33 +0000 (13:53 +0200)] 
nano: Update to 2.9.7

For details see:
https://www.nano-editor.org/news.php

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 years agocmake: Update to 3.11.2
Matthias Fischer [Sun, 20 May 2018 15:59:29 +0000 (17:59 +0200)] 
cmake: Update to 3.11.2

For details see:
https://cmake.org/cmake/help/v3.11/release/3.11.html#id2

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 years agonmap: Update to 7.70
Matthias Fischer [Sun, 20 May 2018 15:40:36 +0000 (17:40 +0200)] 
nmap: Update to 7.70

For details see:
https://nmap.org/changelog.html

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 years agoinstaller: Increase size of /boot to 128M
Michael Tremer [Fri, 18 May 2018 16:14:15 +0000 (17:14 +0100)] 
installer: Increase size of /boot to 128M

Fixes #11736

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 years agokernel: update to 4.14.41
Arne Fitzenreiter [Thu, 17 May 2018 05:45:06 +0000 (07:45 +0200)] 
kernel: update to 4.14.41

Signen-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
6 years agoMerge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next
Arne Fitzenreiter [Wed, 16 May 2018 12:09:42 +0000 (14:09 +0200)] 
Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next

6 years agou-boot: add Raspberry Pi 3 Model B+
Arne Fitzenreiter [Wed, 16 May 2018 08:43:58 +0000 (10:43 +0200)] 
u-boot: add Raspberry Pi 3 Model B+

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
6 years agoswconfig: update switch config script for Lamobo R1
Arne Fitzenreiter [Wed, 16 May 2018 08:40:36 +0000 (10:40 +0200)] 
swconfig: update switch config script for Lamobo R1

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
6 years agokernel: arm-multi: enable AXP20x power regulator
Arne Fitzenreiter [Sun, 13 May 2018 08:12:13 +0000 (08:12 +0000)] 
kernel: arm-multi: enable AXP20x power regulator

this is needed for bananapi usb support

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
6 years agoMerge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next
Arne Fitzenreiter [Sun, 13 May 2018 08:03:52 +0000 (08:03 +0000)] 
Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next

6 years agokernel: kirkwood: fix iConnect leds and modell name
Arne Fitzenreiter [Sun, 13 May 2018 07:59:01 +0000 (07:59 +0000)] 
kernel: kirkwood: fix iConnect leds and modell name

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
6 years agoAdd NRPE initscript to rootfile
Matthias Fischer [Sat, 12 May 2018 12:57:37 +0000 (14:57 +0200)] 
Add NRPE initscript to rootfile

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 years agokernel: update to 4.14.40
Arne Fitzenreiter [Thu, 10 May 2018 19:34:07 +0000 (21:34 +0200)] 
kernel: update to 4.14.40

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
6 years agoinstall initscript for NRPE
Peter Müller [Wed, 9 May 2018 19:59:41 +0000 (21:59 +0200)] 
install initscript for NRPE

Install initscript for NRPE addon.

The second version of this patch actually includes the
initscript, which was missing due to lack of coffee the
first time. :-)

Thanks to Michael for catching it.

Resent due to crappy linewrapping in initscript by MUA.

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 years agodisplay country data for remote IPs on ovpnmain.cgi
Peter Müller [Mon, 7 May 2018 15:23:52 +0000 (17:23 +0200)] 
display country data for remote IPs on ovpnmain.cgi

This makes debugging easier, especially when it comes to
GeoIP related firewall rules and database related issues
such as #11482.

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 years agofix aesthetic issues in remote.cgi and ship them
Peter Müller [Mon, 7 May 2018 15:01:58 +0000 (17:01 +0200)] 
fix aesthetic issues in remote.cgi and ship them

Fix some minor cosmetic issues on remote.cgi as well as a typo in
the language files ("sesstions" -> "sessions"). The changes are
listed in "filelists" for Core Update 121.

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 years agoBUG11559: fwhosts
Alexander Marx [Wed, 2 May 2018 11:27:07 +0000 (13:27 +0200)] 
BUG11559: fwhosts

When creating firewallrules or using firewall groups,
it should be possible to select a single IpSec subnet if there is more than one.

This patch adds the changes to the firewall groups.
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Tested-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 years agoBUG11559: firewall-lib
Alexander Marx [Wed, 2 May 2018 11:27:06 +0000 (13:27 +0200)] 
BUG11559: firewall-lib

When creating firewallrules or using firewall groups,
it should be possible to select a single IpSec subnet if there is more than one.

This patch has neccessary changes for the firewall-lib. While the network name of the IpSec changes
on save (subnet is added to name) we need to split the name or normalise the field before using it.
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Tested-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 years agoBUG11559: firewall.cgi
Alexander Marx [Wed, 2 May 2018 11:27:05 +0000 (13:27 +0200)] 
BUG11559: firewall.cgi

When creating firewallrules or using firewall groups,
it should be possible to select a single IpSec subnet if there is more than one.

This patch has the changes for firewall.cgi
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Tested-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 years agoBUG11559: Languagefiles
Alexander Marx [Wed, 2 May 2018 11:27:04 +0000 (13:27 +0200)] 
BUG11559: Languagefiles

When creating firewallrules or using firewall groups,
it should be possible to select a single IpSec subnet if there is more than one.

This patch adds a new languagefileword "fwdfw all subnets" which is used in firewall.cgi and fwhosts.cgi
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Tested-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 years agoupdate language files
Peter Müller [Sat, 20 Jan 2018 17:25:47 +0000 (18:25 +0100)] 
update language files

Add new language strings to the language files.

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 years agodisplay active logins at remote.cgi
Peter Müller [Sat, 20 Jan 2018 17:24:31 +0000 (18:24 +0100)] 
display active logins at remote.cgi

Display active user logins (both local and remote) at
the remote.cgi page in the WebUI. This might be useful
for debugging broken SSH sessions or simply checking that
nobody is currently logged in. :-)

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 years agowget: Update to 1.19.5
Matthias Fischer [Sun, 6 May 2018 23:02:03 +0000 (01:02 +0200)] 
wget: Update to 1.19.5

Hi,

Excerpts from official announcement:

"This version fixes CVE-2018-0494 (Cookie injection vulnerability) found
by Harry Sintonen.
This version fixes several issues, mostly found by OSS-Fuzz.
It also introduces TLS1.3 with OpenSSL, a new option --ciphers and
updates the CSS grammar to version 2.2.
...
Noteworthy changes:

* Fix cookie injection (CVE-2018-0494)
* Enable TLS1.3 with recent OpenSSL environment
* New option --ciphers to set GnuTLS / OpenSSL ciphers directly
* Updated CSS grammar to CSS 2.2
* Fixed several memleaks found by OSS-Fuzz
* Fixed several buffer overflows found by OSS-Fuzz
* Fixed several integer overflows found by OSS-Fuzz
* Several minor bug fixes"

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 years agocmake: Update to 3.11.1
Matthias Fischer [Sun, 6 May 2018 11:34:17 +0000 (13:34 +0200)] 
cmake: Update to 3.11.1

For details see:
https://cmake.org/cmake/help/v3.11/release/3.11.html

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 years agounbound: Update to 1.7.1
Matthias Fischer [Sun, 6 May 2018 10:37:31 +0000 (12:37 +0200)] 
unbound: Update to 1.7.1

For details see:
http://www.unbound.net/download.html

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 years agoopenssh: Update to 7.7p1
Matthias Fischer [Sun, 6 May 2018 10:33:25 +0000 (12:33 +0200)] 
openssh: Update to 7.7p1

For details see:
http://www.openssh.com/txt/release-7.7

This release fixes:
https://bugzilla.ipfire.org/show_bug.cgi?id=11693
https://bugzilla.ipfire.org/show_bug.cgi?id=11694

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 years agohtop: Update to 2.2.0
Matthias Fischer [Sun, 6 May 2018 09:12:07 +0000 (11:12 +0200)] 
htop: Update to 2.2.0

For details see:
https://hisham.hm/htop/index.php?page=downloads

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 years agonano: Update to 2.9.6
Matthias Fischer [Sun, 6 May 2018 08:56:29 +0000 (10:56 +0200)] 
nano: Update to 2.9.6

For details see:
https://www.nano-editor.org/news.php

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 years agonagios_nrpe: Update for rootfile
Matthias Fischer [Sun, 6 May 2018 18:14:22 +0000 (20:14 +0200)] 
nagios_nrpe: Update for rootfile

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 years agocore121: Ship updated libidn
Michael Tremer [Sat, 5 May 2018 19:44:52 +0000 (20:44 +0100)] 
core121: Ship updated libidn

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 years agocore121: Ship updated pcre
Michael Tremer [Sat, 5 May 2018 19:44:20 +0000 (20:44 +0100)] 
core121: Ship updated pcre

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 years agolibidn: Update to 1.34
Matthias Fischer [Sat, 5 May 2018 07:18:04 +0000 (09:18 +0200)] 
libidn: Update to 1.34

For details see:
https://lists.gnu.org/archive/html/info-gnu/2018-04/msg00001.html

"* Version 1.34 (2018-03-31)

** libidn: Fix integer overflow in combine_hangul()
   Found by fuzzing.
** libidn: Fix integer overflow in punycode decoder
   Found by fuzzing, fix for the fix reported by Christian Weisgerber
** libidn: Fix performance issue in idna_to_unicode_internal()
   Found by fuzzing.
** libidn: Fix performance issue in stringprep functions.
   Found by fuzzing.
** libidn: Fix NULL pointer dereference in g_utf8_normalize()
   Found by fuzzing.
** libidn: Fix NULL pointer dereference in stringprep_ucs4_nfkc_normalize()
   Found by fuzzing.
** libidn: Increase performance of stringprep functions
   Found by fuzzing.
** testing: Add OSS-fuzz integration and regression testing
** build: Update gnulib files
** build: Modernize GTK-Doc build
** build: Fix parallel builds
** build: Add configure flag --disable-doc
** build: Add configure flag --enable-ubsan (enable UB Sanitizer)
** build: Add configure flag --enable-asan (enable Address Sanitizer)
** build: Fix compiler warnings
** build: Fix build for gcc-7
** i18n: Added Swedish translation.
   Thanks to Josef Andersson.
** API and ABI is backwards compatible with the previous version."

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 years agopcre: Update to 8.42
Matthias Fischer [Sat, 5 May 2018 06:33:24 +0000 (08:33 +0200)] 
pcre: Update to 8.42

For details see:
http://www.pcre.org/original/changelog.txt

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 years agoupdate nagios_nrpe to 3.2.1
Peter Müller [Sun, 29 Apr 2018 08:20:17 +0000 (10:20 +0200)] 
update nagios_nrpe to 3.2.1

Update NRPE to 3.2.1, which fixes various security vulnerabilities
and bugs (changelog is available at:
https://github.com/NagiosEnterprises/nrpe/blob/master/CHANGELOG.md).

Due to changes in ./configure, some options such as initsystem (sysV)
need to be specified now. Also, simple "make" does not exist anymore
and must be replaced by "make all".

Rootfile information is now included which was missing in the
first version of this patch.

This fixes #11700 and partly addresses #11551.

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 years agocore121: Ship update list of trusted CAs
Michael Tremer [Mon, 30 Apr 2018 10:35:30 +0000 (11:35 +0100)] 
core121: Ship update list of trusted CAs

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 years agoupdate ca-certificates CA bundle
Peter Müller [Sun, 29 Apr 2018 08:09:10 +0000 (10:09 +0200)] 
update ca-certificates CA bundle

Update the CA certificates list to what Mozilla NSS ships currently
(some Turktrust root CAs have been dropped).

The original file can be retrieved from:
https://hg.mozilla.org/mozilla-central/raw-file/tip/security/nss/lib/ckfw/builtins/certdata.txt

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 years agocore121: fix typo fileslist -> filelist
Arne Fitzenreiter [Sat, 5 May 2018 16:01:53 +0000 (18:01 +0200)] 
core121: fix typo fileslist -> filelist

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
6 years agoset pakfire core back to 120
Arne Fitzenreiter [Sat, 5 May 2018 15:49:44 +0000 (17:49 +0200)] 
set pakfire core back to 120

this should set to 121 when the updated is finished to ensure that
testers that has installed a test build install core121 again.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
6 years agoMerge branch 'kernel-4.14' into next
Arne Fitzenreiter [Sat, 5 May 2018 07:14:42 +0000 (09:14 +0200)] 
Merge branch 'kernel-4.14' into next

6 years agokernel: update to 4.14.39
Arne Fitzenreiter [Thu, 3 May 2018 13:37:39 +0000 (15:37 +0200)] 
kernel: update to 4.14.39

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
6 years agou-boot: enable HUSH_PARSER for Iomega iConnect
Arne Fitzenreiter [Wed, 2 May 2018 09:39:38 +0000 (11:39 +0200)] 
u-boot: enable HUSH_PARSER for Iomega iConnect

without this if ... then ... else is not supported.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
6 years agou-boot: remove useless rootwait double
Arne Fitzenreiter [Wed, 2 May 2018 09:38:23 +0000 (11:38 +0200)] 
u-boot: remove useless rootwait double

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
6 years agokernel: update to 4.14.38
Arne Fitzenreiter [Mon, 30 Apr 2018 10:26:30 +0000 (12:26 +0200)] 
kernel: update to 4.14.38

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
6 years agocore121: Add filelist
Michael Tremer [Mon, 30 Apr 2018 10:26:10 +0000 (11:26 +0100)] 
core121: Add filelist

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 years agou-boot: update rootfile
Arne Fitzenreiter [Sun, 29 Apr 2018 21:09:08 +0000 (23:09 +0200)] 
u-boot: update rootfile

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
6 years agokernel: disable crng unseeded use message spamming
Arne Fitzenreiter [Sun, 29 Apr 2018 07:48:29 +0000 (09:48 +0200)] 
kernel: disable crng unseeded use message spamming

there was a bug until 4.14.36 that this message are not printed at all
now it work and spam the log at boot.
For security it is is a nightmare to use unseeded random but we and the user
cannot do anything. This is work for platform maintainers to get the crng
working earlier.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
6 years agou-boot-kirkwood: add u-boot build for kirkwood
Arne Fitzenreiter [Sat, 28 Apr 2018 08:24:16 +0000 (10:24 +0200)] 
u-boot-kirkwood: add u-boot build for kirkwood

This file build IPFire (dtb, bootz) compatible versions for:

Marvell DreamPlug
Iomega iConnect Wireless
Raidsonic ICY-Box 62x0

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
6 years agoMerge remote-tracking branch 'origin/core120' into kernel-4.14
Arne Fitzenreiter [Sat, 28 Apr 2018 07:09:00 +0000 (09:09 +0200)] 
Merge remote-tracking branch 'origin/core120' into kernel-4.14

6 years agokernel: update to 4.14.37
Arne Fitzenreiter [Sat, 28 Apr 2018 07:01:52 +0000 (09:01 +0200)] 
kernel: update to 4.14.37

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
6 years agou-boot: update buildscript
Arne Fitzenreiter [Sat, 28 Apr 2018 06:51:01 +0000 (08:51 +0200)] 
u-boot: update buildscript

enable wandboard
update ident strings
distclean after every target

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
6 years agoremove forgotten Nagios files, if any
Peter Müller [Thu, 26 Apr 2018 19:44:56 +0000 (21:44 +0200)] 
remove forgotten Nagios files, if any

When we decided to drop Nagios, some files were not removed on the
installations. Since the package does not exist anymore, "pakfire remove
nagios" does not work so we need to clean them up manually in case they
exist.

The third version of this patch makes sure Apache is restarted
afterwards, and includes some forgotten files [sic] as well as it is
now applying for Core Update 121.

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 years agoStart Core Update 121
Peter Müller [Thu, 26 Apr 2018 15:06:51 +0000 (17:06 +0200)] 
Start Core Update 121

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 years agoBUG:11312 Fix renaming GeoIP groups
Peter Müller [Thu, 26 Apr 2018 15:31:46 +0000 (17:31 +0200)] 
BUG:11312 Fix renaming GeoIP groups

When renaming a GeoIP Group, the corresponding names in
firewallrules (if any) are not changed accordingly. Now
when changing a GeoIP Group the firewallrules are renamed
correctly.

Slightly improved first version of this patch (contained
a blank line with trailing whitespace). No functionality
changed, patch has been confirmed as working correctly.

Fixes: #11312
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 years agocore120: Regenerate IPsec configuration v2.19-core120
Michael Tremer [Tue, 24 Apr 2018 13:25:55 +0000 (14:25 +0100)] 
core120: Regenerate IPsec configuration

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 years agoRevert "IPsec: Try to restart always-on tunnels immediately"
Michael Tremer [Thu, 19 Apr 2018 14:36:37 +0000 (15:36 +0100)] 
Revert "IPsec: Try to restart always-on tunnels immediately"

This reverts commit a261cb06c6cdd3ba14ad0163c8c9e714ae94fc5b.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 years agodma: Apply compile fix
Michael Tremer [Tue, 24 Apr 2018 11:34:53 +0000 (12:34 +0100)] 
dma: Apply compile fix

dma segfaulted when built without string.h.

Fixes: #11701
Submitted upstream: https://github.com/corecode/dma/pull/58

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 years agodma: Apply compile fix
Michael Tremer [Tue, 24 Apr 2018 11:34:53 +0000 (12:34 +0100)] 
dma: Apply compile fix

dma segfaulted when built without string.h.

Fixes: #11701
Submitted upstream: https://github.com/corecode/dma/pull/58

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 years agoimprove error message if make.sh is executed by non-root user
Peter Müller [Mon, 23 Apr 2018 14:17:00 +0000 (16:17 +0200)] 
improve error message if make.sh is executed by non-root user

Fixes #11706.

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 years agoDrop noip updater
Michael Tremer [Tue, 24 Apr 2018 10:04:34 +0000 (11:04 +0100)] 
Drop noip updater

This package is unused since we introduced ddns. Dropped.

Fixes: #11708
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 years agoipsec: Open ports in outgoing direction
Michael Tremer [Tue, 24 Apr 2018 09:47:16 +0000 (10:47 +0100)] 
ipsec: Open ports in outgoing direction

When the firewall policy is blocked, no outgoing IPsec connections
can be established. That is slightly counter-intuitive since we
open ports in the incoming direction automatically.

Fixes: #11704
Reported-by: Oliver Fuhrer <oliver.fuhrer@bluewin.ch>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 years agoFix mistakes in Turkish translation
Ersan Yildirim [Tue, 24 Apr 2018 09:46:52 +0000 (10:46 +0100)] 
Fix mistakes in Turkish translation

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 years agoclamav 0.100.0: Add missing update for rootfile
Matthias Fischer [Sun, 22 Apr 2018 11:38:11 +0000 (13:38 +0200)] 
clamav 0.100.0: Add missing update for rootfile

This is missing in https://patchwork.ipfire.org/patch/1722/

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 years agoupdate ClamAV to 0.100.0
Peter Müller [Sat, 21 Apr 2018 16:44:45 +0000 (18:44 +0200)] 
update ClamAV to 0.100.0

Update ClamAV to 0.100.0, which brings some new features and bugfixes
(release notes are available here: https://blog.clamav.net/2018/04/clamav-01000-has-been-released.html).

Since the internal LLVM code is now deprecated and disabled by default,
patching clamav/libclamav/c++/llvm/lib/ExecutionEngine/JIT/Intercept.cpp
does not seem to be necessary anymore.

Further, the --disable-zlib-vcheck option has been removed since it
produces warnings during compilation.

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 years agoleds: dreamplug: the blue led has wrong name in dtb
Arne Fitzenreiter [Sun, 22 Apr 2018 08:24:36 +0000 (10:24 +0200)] 
leds: dreamplug: the blue led has wrong name in dtb

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
6 years agoleds: rename dreamplug leds for new kernel
Arne Fitzenreiter [Sun, 22 Apr 2018 08:16:37 +0000 (10:16 +0200)] 
leds: rename dreamplug leds for new kernel

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
6 years agokernel: update to 4.14.35
Arne Fitzenreiter [Fri, 20 Apr 2018 08:52:30 +0000 (10:52 +0200)] 
kernel: update to 4.14.35

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
6 years agoiw: update to 4.14
Arne Fitzenreiter [Thu, 19 Apr 2018 16:42:27 +0000 (18:42 +0200)] 
iw: update to 4.14

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
6 years agocrda: update to 3.18
Arne Fitzenreiter [Thu, 19 Apr 2018 16:42:03 +0000 (18:42 +0200)] 
crda: update to 3.18

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
6 years agosquid-accounting: Do not make menu entry executable
Michael Tremer [Thu, 19 Apr 2018 14:38:20 +0000 (15:38 +0100)] 
squid-accounting: Do not make menu entry executable

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 years agosquid-accounting: Do not make translations executable
Michael Tremer [Thu, 19 Apr 2018 14:37:58 +0000 (15:37 +0100)] 
squid-accounting: Do not make translations executable

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 years agosquid-accounting: Install Turkish translation
Michael Tremer [Thu, 19 Apr 2018 14:37:28 +0000 (15:37 +0100)] 
squid-accounting: Install Turkish translation

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 years agoRevert "IPsec: Try to restart always-on tunnels immediately"
Michael Tremer [Thu, 19 Apr 2018 14:36:37 +0000 (15:36 +0100)] 
Revert "IPsec: Try to restart always-on tunnels immediately"

This reverts commit a261cb06c6cdd3ba14ad0163c8c9e714ae94fc5b.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>