Jonatan Schlag [Fri, 10 Jun 2016 08:13:41 +0000 (10:13 +0200)]
Fix in pakfire functions.sh
The if statement in line 89 and 99 are useless with the -e
conditional expression because it returns true if the path ist a
regular file or a directory.
So "/etc/init.d/ " returns true and "/etc/init.d/avahi" return also true,
but the statement should return only true if we have a regular file.
So -f if the right conditional expression, and we only try to execute
the init script if the path "/etc/init.d/${1}" points to a regular file.
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jonatan Schlag [Fri, 10 Jun 2016 08:57:13 +0000 (10:57 +0200)]
Change the default libvirt remote user to libvirt-remote
It is possible to communicate per ssh via a socket with libvirt. It is
not a good idea to do this as root, so the remote user is now
libvirt-remote. Only this user or users in the group libvirt-remote can
communicate with the socket.
The user libvirt-remote is created without a password. The users have to
set a password for this user after installation.
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Tue, 14 Jun 2016 10:33:00 +0000 (12:33 +0200)]
wget: Update to 1.18
Excerpt from annoncement:
"This version fixes a security vulnerability (CVE-2016-4971) present in
all old versions of wget. The vulnerability was discovered by Dawid
Golunski which were reported to us by Beyond Security's SecuriTeam.
On a server redirect from HTTP to a FTP resource, wget would trust the
HTTP server and uses the name in the redirected URL as the destination
filename.
This behaviour was changed and now it works similarly as a redirect from
HTTP to another HTTP resource so the original name is used as
the destination file. To keep the previous behaviour the user must
provide --trust-server-names."
Best,
Mat-backfromholidays-thias
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
BUG11131: fix errormessage when more ipsec subnets defined
When having more than one subnet in an ipsec connection it is not
possible to create a new openvpn static subnet.
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org> Signed-off-by: Heino Gutschmidt <heino.gutschmidt@managedhosting.de> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Marcel Lorenz [Thu, 2 Jun 2016 17:39:51 +0000 (19:39 +0200)]
ncurses: update to 6.0 and rename 5.9 to ncurses-compat v3
This patch updates the ncurses to 6.0. The old 5.9 are renamed to ncurses-compat.
The compat makes the old libs maintainable and the compat rootfile is cleaned up.
The 6.0 is build after 5.9 and all IPFire componentes will build with 6.0
In version 6 only the wide-character libraries are build. The are usable
in both multibyte and traditional 8-bit locales while normal libraries work
properly only in 8-bit locales. The toolchain is only bild with 6.0.
Signed-off-by: Marcel Lorenz <marcel.lorenz@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jonatan Schlag [Sat, 7 May 2016 14:01:09 +0000 (16:01 +0200)]
New package util-macros
This package is a build dependency of libpciaccess, we do not need this
as a package. That's why the rootfiles goes into common and all lines
are excluded.
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jonatan Schlag [Sat, 7 May 2016 14:01:08 +0000 (16:01 +0200)]
Network: add macvtap mode
This change make it possible to use a macvtap interface as a
standard interface (green0).
This is required by libvirt, because libvirt adds macvtap interfaces to
the physical interface, but this causes a problem. A VM with this
configuration can communicate with the whole network,
but not with the Host (IPFire).
To solve this problem, the host interface must be also a macvtap interface.
This is achieved by:
1. In /var/ipfire/ethernet/settings the mode of a interface could set
with GREEN_MODE= ...
When the mode is macvtap the physical interface is renamed to green0phys
instead of green0. If the mode is not set the normal configuration is
applied .
2. The network-hotplug-macvtap script checks if a physical nic ends
with "phys".
When the interface ends with "phys", the script adds a macvtap interface
to the physical nic which is named green0. The MAC address of this
interface is set to the MAC address of the physical nic. The MAC address
of the physical is set to a random value. We do this because the MAC
address of green0 should not change.
All services, IP addresses then binds to the macvatap interface, the
physical nic is not used.
PS.: The script works also with the orange or blue interface, just
replace green with orange or blue.
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Tue, 17 May 2016 19:33:24 +0000 (21:33 +0200)]
squid: Rework initscript
The initscript now takes care that the squid proxy server process
is properly shut down. If that fails, it will remove the cache
index and let it be recreated at the next start. A warning is
shown to the user.
The "flush" command will now remove the entire proxy cache.
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Tue, 10 May 2016 16:58:28 +0000 (18:58 +0200)]
squid: Update to 3.5.19
Activated 'ipv6', as discussed in ipfire-list with Michael:
"I had a look what the IPv6 switch actually changes. And that is not really much.
Essentially nothing. It just probes if the system supports IPv6 and if not it
disables it internally.
Alexander Marx [Thu, 21 Apr 2016 06:56:25 +0000 (08:56 +0200)]
tzdata: Update to 2016d
fixes: #11103
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
The 2016d release of the tz code and data is available. It reflects the
following changes, which were either circulated on the tz mailing list
or are relatively minor technical or administrative changes:
Changes affecting future time stamps
America/Caracas switches from -0430 to -04 on 2016-05-01 at 02:30.
(Thanks to Alexander Krivenyshev for the heads-up.)
Asia/Magadan switches from +10 to +11 on 2016-04-24 at 02:00.
(Thanks to Alexander Krivenyshev and Matt Johnson.)
New zone Asia/Tomsk, split off from Asia/Novosibirsk. It covers
Tomsk Oblast, Russia, which switches from +06 to +07 on 2016-05-29
at 02:00. (Thanks to Stepan Golosunov.)
Changes affecting past time stamps
New zone Europe/Kirov, split off from Europe/Volgograd. It covers
Kirov Oblast, Russia, which switched from +04/+05 to +03/+04 on
1989-03-26 at 02:00, roughly a year after Europe/Volgograd made
the same change. (Thanks to Stepan Golosunov.)
Russia and nearby locations had daylight-saving transitions on
1992-03-29 at 02:00 and 1992-09-27 at 03:00, instead of on
1992-03-28 at 23:00 and 1992-09-26 at 23:00. (Thanks to Stepan
Golosunov.)
Many corrections to historical time in Kazakhstan from 1991
through 2005. (Thanks to Stepan Golosunov.) Replace Kazakhstan's
invented time zone abbreviations with numeric abbreviations.
ncurses: update to 6.0 and rename 5.9 to ncurses-compat
This patch updates the ncurses to 6.0. The old 5.9 are renamed to ncurses-compat.
The compat makes the old libs maintainable and the compat rootfile is cleaned up.
The 6.0 is build after 5.9 and all IPFire componentes will build with 6.0
In version 6 only the wide-character libraries are build. The are usable
in both multibyte and traditional 8-bit locales while normal libraries work
properly only in 8-bit locales. The toolchain is only bild with 6.0.
Please ignore my first ncurses 6.0 patch.
Signed-off-by: Marcel Lorenz <marcel.lorenz@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>