ipfire-2.x.git
11 months agounbound: Update to 1.8.2
Matthias Fischer [Sat, 8 Dec 2018 17:13:23 +0000 (18:13 +0100)] 
unbound: Update to 1.8.2

For details see:
https://nlnetlabs.nl/projects/unbound/download/

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
11 months agoclamav: Update to 0.101.0
Matthias Fischer [Sat, 8 Dec 2018 17:21:19 +0000 (18:21 +0100)] 
clamav: Update to 0.101.0

For details see:
https://blog.clamav.net/

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
11 months agocore127: Ship updated fireinfo
Michael Tremer [Tue, 11 Dec 2018 19:41:31 +0000 (19:41 +0000)] 
core127: Ship updated fireinfo

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
11 months agoStart Core Update 127
Michael Tremer [Tue, 11 Dec 2018 19:41:09 +0000 (19:41 +0000)] 
Start Core Update 127

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
11 months agofireinfo: Add authentication for upstream proxies
Michael Tremer [Tue, 11 Dec 2018 19:38:21 +0000 (19:38 +0000)] 
fireinfo: Add authentication for upstream proxies

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
11 months agoMerge branch 'master' into next
Arne Fitzenreiter [Tue, 11 Dec 2018 07:01:59 +0000 (08:01 +0100)] 
Merge branch 'master' into next

11 months agokernel: fix dwc2 (usb) dma crashes on RPi1-3
Arne Fitzenreiter [Mon, 10 Dec 2018 19:45:54 +0000 (20:45 +0100)] 
kernel: fix dwc2 (usb) dma crashes on RPi1-3

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
11 months agohaproxy: Create/restore backup when package is installed/uninstalled
Michael Tremer [Mon, 10 Dec 2018 00:36:04 +0000 (00:36 +0000)] 
haproxy: Create/restore backup when package is installed/uninstalled

Fixes: #11946
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
11 months agocore126: finish core126
Arne Fitzenreiter [Sat, 8 Dec 2018 16:47:16 +0000 (17:47 +0100)] 
core126: finish core126

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
11 months agocore126: fix "need reboot display"
Arne Fitzenreiter [Fri, 7 Dec 2018 20:16:43 +0000 (21:16 +0100)] 
core126: fix "need reboot display"

The display should displayed always except the linux-pae
packages is planned to be installed after this update.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
11 months agoMerge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next
Arne Fitzenreiter [Fri, 7 Dec 2018 20:06:45 +0000 (21:06 +0100)] 
Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next

11 months agocpufrequtils: update initskript for xz compressed modules
Arne Fitzenreiter [Fri, 7 Dec 2018 20:05:50 +0000 (21:05 +0100)] 
cpufrequtils: update initskript for xz compressed modules

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
12 months agoinitscripts: Import pakfire keys before importing AWS configuration
Michael Tremer [Fri, 7 Dec 2018 11:36:11 +0000 (11:36 +0000)] 
initscripts: Import pakfire keys before importing AWS configuration

This is useful when the user-data script is installing
packages. For that it will need valid keys for course.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
12 months agorngd: update initskript and add hwrngtty support
Arne Fitzenreiter [Thu, 6 Dec 2018 21:33:05 +0000 (22:33 +0100)] 
rngd: update initskript and add hwrngtty support

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
12 months agocore126: add kernel files to update
Arne Fitzenreiter [Thu, 6 Dec 2018 15:05:31 +0000 (16:05 +0100)] 
core126: add kernel files to update

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
12 months agocore126: add kernel to updater
Arne Fitzenreiter [Thu, 6 Dec 2018 10:27:46 +0000 (11:27 +0100)] 
core126: add kernel to updater

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
12 months agokernel: update to 4.14.86
Arne Fitzenreiter [Thu, 6 Dec 2018 10:18:37 +0000 (11:18 +0100)] 
kernel: update to 4.14.86

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
12 months agoAWS: Add a timestamp to user-data.log
Michael Tremer [Wed, 5 Dec 2018 14:42:54 +0000 (14:42 +0000)] 
AWS: Add a timestamp to user-data.log

This way, multiple (failed) runs of the script won't
overwrite the log file.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
12 months agoAWS: Write user-data.log to /var/log
Michael Tremer [Wed, 5 Dec 2018 14:38:28 +0000 (14:38 +0000)] 
AWS: Write user-data.log to /var/log

This should not be in /root at all.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
12 months agomake.sh: Build for x86_64 by default
Michael Tremer [Sun, 2 Dec 2018 10:23:15 +0000 (10:23 +0000)] 
make.sh: Build for x86_64 by default

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
12 months agokernel: update to 4.14.85
Arne Fitzenreiter [Sat, 1 Dec 2018 23:01:37 +0000 (00:01 +0100)] 
kernel: update to 4.14.85

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
12 months agobird: Launch service on install and add symlinks to start at boot time
Michael Tremer [Sat, 1 Dec 2018 16:12:44 +0000 (16:12 +0000)] 
bird: Launch service on install and add symlinks to start at boot time

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
12 months agobird: Add initscript
Michael Tremer [Sat, 1 Dec 2018 16:08:22 +0000 (16:08 +0000)] 
bird: Add initscript

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
12 months agobird: Add forgotten file
Michael Tremer [Sat, 1 Dec 2018 15:43:48 +0000 (15:43 +0000)] 
bird: Add forgotten file

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
12 months agocore126: Ship recently updated packages
Michael Tremer [Sat, 1 Dec 2018 15:43:26 +0000 (15:43 +0000)] 
core126: Ship recently updated packages

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
12 months agoBUG 11929: Build 'bind'-binaries dynamically and install needed libraries (V2)
Matthias Fischer [Tue, 13 Nov 2018 17:50:48 +0000 (18:50 +0100)] 
BUG 11929: Build 'bind'-binaries dynamically and install needed libraries (V2)

Hi,

To save space linking the 'bind 9.11.5'-binaries was changed from statically to dynamically.

Changes to V2:
Removed unnecessary '*.so'-links.

Complete file sizes shrinked from ~4800K to ~1700K. Needs testing and confirmation!

I'm running this version right now under Core 124 - no seen problems so far.

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
12 months agobird: Update to 2.0.2
Michael Tremer [Sat, 1 Dec 2018 15:41:36 +0000 (15:41 +0000)] 
bird: Update to 2.0.2

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
12 months agobird: Backup configuration file on update
Michael Tremer [Sat, 1 Dec 2018 15:33:36 +0000 (15:33 +0000)] 
bird: Backup configuration file on update

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
12 months agodocker: Always agree to install all updates
Michael Tremer [Fri, 30 Nov 2018 20:16:08 +0000 (20:16 +0000)] 
docker: Always agree to install all updates

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
12 months agokernel: update arm-multi patchset
Arne Fitzenreiter [Fri, 30 Nov 2018 06:35:07 +0000 (07:35 +0100)] 
kernel: update arm-multi patchset

now patches for Raspberry Pi 3B+
LAN and WLAN included to patchset.

https://git.ipfire.org/?p=people/arne_f/kernel.git;a=shortlog;h=refs/tags/v4.14.84-multi

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
12 months agonfs: Fix build
Michael Tremer [Thu, 29 Nov 2018 13:16:37 +0000 (13:16 +0000)] 
nfs: Fix build

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
12 months agokernel: update to 4.14.84
Arne Fitzenreiter [Thu, 29 Nov 2018 06:02:25 +0000 (07:02 +0100)] 
kernel: update to 4.14.84

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
12 months agonfs: Add backup include file
Michael Tremer [Wed, 28 Nov 2018 19:07:10 +0000 (19:07 +0000)] 
nfs: Add backup include file

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
12 months agonfs: Install configuration in package
Michael Tremer [Wed, 28 Nov 2018 19:02:53 +0000 (19:02 +0000)] 
nfs: Install configuration in package

This was lost in the last update

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
12 months agoUpdate maintainers
Michael Tremer [Tue, 27 Nov 2018 10:24:29 +0000 (10:24 +0000)] 
Update maintainers

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
12 months agogit: Fix spelling of some contributors with umlauts
Michael Tremer [Tue, 27 Nov 2018 10:23:46 +0000 (10:23 +0000)] 
git: Fix spelling of some contributors with umlauts

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
12 months agocredits.cgi: Remove old dev section
Michael Tremer [Tue, 27 Nov 2018 10:20:09 +0000 (10:20 +0000)] 
credits.cgi: Remove old dev section

I do not know why I forgot this. Now it is how it was intended
in the first place.

This commit removes all email addresses because people keep
emailing me for private support. Use the forum guys!

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
12 months agolibvirt: This package depends on jansson now
Michael Tremer [Tue, 27 Nov 2018 10:04:46 +0000 (10:04 +0000)] 
libvirt: This package depends on jansson now

Fixes: #11939
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
12 months agoUpdate of French translation
Stéphane Pautrel [Tue, 27 Nov 2018 09:52:14 +0000 (09:52 +0000)] 
Update of French translation

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
12 months agoUpdate list of contributors
Michael Tremer [Mon, 26 Nov 2018 16:01:29 +0000 (16:01 +0000)] 
Update list of contributors

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
12 months agoUpdate of French translation
Stéphane Pautrel [Mon, 26 Nov 2018 15:59:31 +0000 (15:59 +0000)] 
Update of French translation

Loads of strings have been translated for the first time
and others have been improved.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
12 months agonano: Update to 3.2
Matthias Fischer [Sat, 24 Nov 2018 20:19:56 +0000 (21:19 +0100)] 
nano: Update to 3.2

Hi,

Changed archive to 'xz' - this saves about 1.4MB (thanks Marcel ;-))

For further details see:
https://www.nano-editor.org/news.php

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
12 months agoopenssl: Rootfile update
Michael Tremer [Sun, 25 Nov 2018 13:45:11 +0000 (13:45 +0000)] 
openssl: Rootfile update

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
12 months agodocker: Install wget in docker environment
Michael Tremer [Fri, 23 Nov 2018 22:22:59 +0000 (22:22 +0000)] 
docker: Install wget in docker environment

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
12 months agokernel: update to 4.14.83
Arne Fitzenreiter [Fri, 23 Nov 2018 21:05:14 +0000 (22:05 +0100)] 
kernel: update to 4.14.83

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
12 months agodocker: Add Debian image with basic build environment
Michael Tremer [Fri, 23 Nov 2018 19:47:02 +0000 (19:47 +0000)] 
docker: Add Debian image with basic build environment

By running "./make.sh docker" the current build environment
will be mounted into a Debian-based docker container.

This clean build environment can be used to compile the
toolchain or something...

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
12 months agokernel: update to 4.14.82
Arne Fitzenreiter [Wed, 21 Nov 2018 22:55:54 +0000 (23:55 +0100)] 
kernel: update to 4.14.82

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
12 months agoopenssl: Update to 1.1.0j
Michael Tremer [Wed, 21 Nov 2018 11:21:42 +0000 (11:21 +0000)] 
openssl: Update to 1.1.0j

  *) Timing vulnerability in DSA signature generation

     The OpenSSL DSA signature algorithm has been shown to be vulnerable to a
     timing side channel attack. An attacker could use variations in the signing
     algorithm to recover the private key.

     This issue was reported to OpenSSL on 16th October 2018 by Samuel Weiser.
     (CVE-2018-0734)
     [Paul Dale]

  *) Timing vulnerability in ECDSA signature generation

     The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a
     timing side channel attack. An attacker could use variations in the signing
     algorithm to recover the private key.

     This issue was reported to OpenSSL on 25th October 2018 by Samuel Weiser.
     (CVE-2018-0735)
     [Paul Dale]

  *) Add coordinate blinding for EC_POINT and implement projective
     coordinate blinding for generic prime curves as a countermeasure to
     chosen point SCA attacks.
     [Sohaib ul Hassan, Nicola Tuveri, Billy Bob Brumley]

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
12 months agoopenssl-compat: Update to 1.0.2q
Michael Tremer [Tue, 20 Nov 2018 16:28:52 +0000 (16:28 +0000)] 
openssl-compat: Update to 1.0.2q

  *) Microarchitecture timing vulnerability in ECC scalar multiplication

     OpenSSL ECC scalar multiplication, used in e.g. ECDSA and ECDH, has been
     shown to be vulnerable to a microarchitecture timing side channel attack.
     An attacker with sufficient access to mount local timing attacks during
     ECDSA signature generation could recover the private key.

     This issue was reported to OpenSSL on 26th October 2018 by Alejandro
     Cabrera Aldaya, Billy Brumley, Sohaib ul Hassan, Cesar Pereida Garcia and
     Nicola Tuveri.
     (CVE-2018-5407)
     [Billy Brumley]

  *) Timing vulnerability in DSA signature generation

     The OpenSSL DSA signature algorithm has been shown to be vulnerable to a
     timing side channel attack. An attacker could use variations in the signing
     algorithm to recover the private key.

     This issue was reported to OpenSSL on 16th October 2018 by Samuel Weiser.
     (CVE-2018-0734)
     [Paul Dale]

  *) Resolve a compatibility issue in EC_GROUP handling with the FIPS Object
     Module, accidentally introduced while backporting security fixes from the
     development branch and hindering the use of ECC in FIPS mode.
     [Nicola Tuveri]

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
12 months agoRootfile update
Michael Tremer [Mon, 19 Nov 2018 18:58:48 +0000 (18:58 +0000)] 
Rootfile update

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
12 months agokernel: arm32 bit fix config and update rootfile
Arne Fitzenreiter [Sun, 18 Nov 2018 19:24:43 +0000 (20:24 +0100)] 
kernel: arm32 bit fix config and update rootfile

Some drivers was disabled by oldconfig because i had
arm multiarch patchsed. This commit reenable it.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
12 months agokernel: enable HW of clearfog
Alexander Rudolf Gruber [Sun, 18 Nov 2018 16:36:44 +0000 (17:36 +0100)] 
kernel: enable HW of clearfog

clearfog base need MARVELL Phy and SDHCI Xenon enabled.

12 months agokernel: disable FW_LOADER_USER_HELPER_FALLBACK
Arne Fitzenreiter [Sun, 18 Nov 2018 13:33:45 +0000 (14:33 +0100)] 
kernel: disable FW_LOADER_USER_HELPER_FALLBACK

newer (e)udev has dropped the support for this.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
12 months agokernel: compress kernel modules with xz
Arne Fitzenreiter [Sun, 18 Nov 2018 13:30:14 +0000 (14:30 +0100)] 
kernel: compress kernel modules with xz

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
12 months agokernel: update to 4.14.81
Arne Fitzenreiter [Sun, 18 Nov 2018 13:29:44 +0000 (14:29 +0100)] 
kernel: update to 4.14.81

12 months agoalac: New package
Michael Tremer [Tue, 13 Nov 2018 14:28:00 +0000 (14:28 +0000)] 
alac: New package

This adds the Apple ALAC audio decoder

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
12 months agocore126: Ship libconfig
Michael Tremer [Mon, 12 Nov 2018 00:16:23 +0000 (00:16 +0000)] 
core126: Ship libconfig

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
12 months agoStart Core Update 126
Michael Tremer [Mon, 12 Nov 2018 00:15:28 +0000 (00:15 +0000)] 
Start Core Update 126

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
12 months agoshairport-sync: Add install/uninstall scripts
Michael Tremer [Sun, 11 Nov 2018 18:57:55 +0000 (18:57 +0000)] 
shairport-sync: Add install/uninstall scripts

These scripts will install symlinks to start the service
at boot time.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
12 months agoshairport-sync: Add initscript
Michael Tremer [Sun, 11 Nov 2018 18:55:35 +0000 (18:55 +0000)] 
shairport-sync: Add initscript

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
12 months agoshairport-sync: Explicitely link against soxr
Michael Tremer [Sun, 11 Nov 2018 18:52:10 +0000 (18:52 +0000)] 
shairport-sync: Explicitely link against soxr

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
12 months agoshairport-sync: Add backup include file
Michael Tremer [Sun, 11 Nov 2018 17:34:11 +0000 (17:34 +0000)] 
shairport-sync: Add backup include file

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
12 months agoshairport-sync: New package
Michael Tremer [Sun, 11 Nov 2018 17:26:35 +0000 (17:26 +0000)] 
shairport-sync: New package

Shairport Sync is an AirPlay audio player - it plays audio streamed
from iTunes, iOS, Apple TV and macOS devices and AirPlay sources
such as Quicktime Player and ForkedDaapd, among others.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
12 months agolibconfig: New package
Michael Tremer [Sun, 11 Nov 2018 17:23:20 +0000 (17:23 +0000)] 
libconfig: New package

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
12 months agosoxr: New package (0.1.3)
Michael Tremer [Sun, 11 Nov 2018 16:21:01 +0000 (16:21 +0000)] 
soxr: New package (0.1.3)

The SoX Resampler library `libsoxr' performs one-dimensional sample-rate
conversion -- it may be used, for example, to resample PCM-encoded audio.
For higher-dimensional resampling, such as for visual-image processing, you
should look elsewhere.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
12 months agompd: Depends on avahi
Michael Tremer [Sun, 11 Nov 2018 15:44:17 +0000 (15:44 +0000)] 
mpd: Depends on avahi

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
12 months agoxen-image: enlarge partitions and remove extra /var partition v2.21-core125
Arne Fitzenreiter [Sat, 10 Nov 2018 10:03:37 +0000 (11:03 +0100)] 
xen-image: enlarge partitions and remove extra /var partition

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
12 months agocore125: finish update
Arne Fitzenreiter [Fri, 9 Nov 2018 20:12:02 +0000 (21:12 +0100)] 
core125: finish update

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
12 months agocore125: restart init after glibc uodate
Arne Fitzenreiter [Fri, 9 Nov 2018 20:09:06 +0000 (21:09 +0100)] 
core125: restart init after glibc uodate

without restart remount of / will fail and may result in
a filesystem corruption at next boot.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
12 months agolang: Show the full untranslated string
Michael Tremer [Fri, 9 Nov 2018 14:58:38 +0000 (14:58 +0000)] 
lang: Show the full untranslated string

This will help translators to add missing strings easier

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
12 months agodehydrated: New package
Michael Tremer [Fri, 9 Nov 2018 14:27:46 +0000 (14:27 +0000)] 
dehydrated: New package

This is a light client for Let's Encrypt which is implemented
in bash and does not have any other dependencies apart from
openssl and curl.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
12 months agoupdate accelerator: Do not attempt to cache IPFire updates any more
Michael Tremer [Thu, 8 Nov 2018 16:46:11 +0000 (16:46 +0000)] 
update accelerator: Do not attempt to cache IPFire updates any more

We do not deliver anything via HTTP or FTP any more and therefore
nothing can be cached any more.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
12 months agoupdate accelerator: Cache .msp files for Adobe
Michael Tremer [Thu, 8 Nov 2018 16:45:30 +0000 (16:45 +0000)] 
update accelerator: Cache .msp files for Adobe

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
12 months agoUpdate list of contributors
Michael Tremer [Thu, 8 Nov 2018 16:42:37 +0000 (16:42 +0000)] 
Update list of contributors

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
12 months agobackupiso: Add support for aarch64
Michael Tremer [Thu, 8 Nov 2018 16:02:17 +0000 (16:02 +0000)] 
backupiso: Add support for aarch64

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
12 months agobackupiso: Fix order of variables
Michael Tremer [Thu, 8 Nov 2018 15:58:58 +0000 (15:58 +0000)] 
backupiso: Fix order of variables

Some values in variables were corrected but used before.

Reported-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
12 months agoobservium-agent: Rootfile update
Michael Tremer [Thu, 8 Nov 2018 15:07:17 +0000 (15:07 +0000)] 
observium-agent: Rootfile update

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
12 months agoudev: Do not try to change kernel hotplug handler any more
Michael Tremer [Wed, 7 Nov 2018 20:27:35 +0000 (20:27 +0000)] 
udev: Do not try to change kernel hotplug handler any more

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
12 months agoudev: Do no try to install any device nodes any more
Michael Tremer [Wed, 7 Nov 2018 20:26:34 +0000 (20:26 +0000)] 
udev: Do no try to install any device nodes any more

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
12 months agocore125: Ship syslog changes
Michael Tremer [Wed, 7 Nov 2018 20:17:08 +0000 (20:17 +0000)] 
core125: Ship syslog changes

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
12 months agoTor: update to 0.3.4.9
Peter Müller [Mon, 5 Nov 2018 15:44:03 +0000 (16:44 +0100)] 
Tor: update to 0.3.4.9

For details and release announcement, see:
https://blog.torproject.org/new-release-tor-0349

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
12 months agobind: Update to 9.11.5
Matthias Fischer [Sun, 4 Nov 2018 07:28:07 +0000 (08:28 +0100)] 
bind: Update to 9.11.5

For details see:
http://ftp.isc.org/isc/bind9/9.11.5/RELEASE-NOTES-bind-9.11.5.html

Security fixes:
"named could crash during recursive processing of DNAME records when
deny-answer-aliases was in use. This flaw is disclosed in CVE-2018-5740. [GL #387]

When recursion is enabled but the allow-recursion and allow-query-cache ACLs are
not specified, they should be limited to local networks, but they were
inadvertently set to match the default allow-query, thus allowing
remote queries. This flaw is disclosed in CVE-2018-5738. [GL #309]"

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
12 months agoobservium-agent: New package
Michael Tremer [Wed, 7 Nov 2018 13:19:31 +0000 (13:19 +0000)] 
observium-agent: New package

This ships the observium agent including a couple of
modules.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
12 months agoRevert "haproxy: Make /dev/log available in chroot"
Michael Tremer [Wed, 7 Nov 2018 12:30:50 +0000 (12:30 +0000)] 
Revert "haproxy: Make /dev/log available in chroot"

This reverts commit 699f0aa710932736d34dabf5a8c17287af29075c.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
12 months agosyslog: Listen to network and block access from anywhere but localhost
Michael Tremer [Wed, 7 Nov 2018 12:29:19 +0000 (12:29 +0000)] 
syslog: Listen to network and block access from anywhere but localhost

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
12 months agobackupiso: fix boot on EFI
Arne Fitzenreiter [Wed, 7 Nov 2018 18:16:57 +0000 (19:16 +0100)] 
backupiso: fix boot on EFI

the grub on EFI serch the config on volume "IPFire 2.21 arch"
so the custom "ipfire backup ..." volume name is not working
anymore.
This is now fixed and a backup-version.media tag will added.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
13 months agobackup: fix backupiso mastering
Arne Fitzenreiter [Sun, 4 Nov 2018 09:16:26 +0000 (10:16 +0100)] 
backup: fix backupiso mastering

fixes: #11916

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
13 months agoclamav: fix rootfile
Arne Fitzenreiter [Sun, 4 Nov 2018 07:41:43 +0000 (08:41 +0100)] 
clamav: fix rootfile

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
13 months agofreeradius: rootfile update
Arne Fitzenreiter [Sat, 3 Nov 2018 20:08:52 +0000 (21:08 +0100)] 
freeradius: rootfile update

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
13 months agoclamav: rootfile update
Arne Fitzenreiter [Sat, 3 Nov 2018 20:08:30 +0000 (21:08 +0100)] 
clamav: rootfile update

13 months agoglibc: rootfile update armv5tel
Arne Fitzenreiter [Sat, 3 Nov 2018 11:09:47 +0000 (12:09 +0100)] 
glibc: rootfile update armv5tel

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
13 months agoMerge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next
Arne Fitzenreiter [Fri, 2 Nov 2018 15:16:22 +0000 (15:16 +0000)] 
Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next

13 months agodirectfb: fix comile on 32bit arm
Arne Fitzenreiter [Fri, 2 Nov 2018 15:13:15 +0000 (15:13 +0000)] 
directfb: fix comile on 32bit arm

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
13 months agocore125: Ship updated ca-certificates
Michael Tremer [Thu, 1 Nov 2018 10:31:45 +0000 (10:31 +0000)] 
core125: Ship updated ca-certificates

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
13 months agoupdate ca-certificates CA bundle
Peter Müller [Sat, 27 Oct 2018 13:37:45 +0000 (15:37 +0200)] 
update ca-certificates CA bundle

Update the CA certificates list to what Mozilla NSS ships currently.

The original file can be retrieved from:
https://hg.mozilla.org/mozilla-central/raw-file/tip/security/nss/lib/ckfw/builtins/certdata.txt

The second version of this patch superseds the first one and
bumps the LFS version of ca-certificate, too. Me stupid...

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
13 months agoUnbound: output statistics daily instead of just on shutdown
Peter Müller [Sat, 27 Oct 2018 13:44:02 +0000 (15:44 +0200)] 
Unbound: output statistics daily instead of just on shutdown

Currently, Unbound only prints statistics if it is being shutdown
(mostly because of a machine reboot). This makes detecting DNS
anomalies hard as no intermediate statistic result is being logged.

This patch changes Unbound's behaviour in order to log statistics
every 86,400 seconds (i.e. 24 hours).

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
13 months agocore125: Ship updated ids.cgi
Michael Tremer [Thu, 1 Nov 2018 10:30:49 +0000 (10:30 +0000)] 
core125: Ship updated ids.cgi

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
13 months agofix downloading Snort rules if behind upstream proxy
Peter Müller [Mon, 29 Oct 2018 17:49:49 +0000 (18:49 +0100)] 
fix downloading Snort rules if behind upstream proxy

Currently, the wget call only uses proxy information for HTTP.
Since rulesets are downloaded via HTTPS now, the same information
also needs to be applied for HTTPS.

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
13 months agocore125: Ship updated squid
Michael Tremer [Thu, 1 Nov 2018 10:29:48 +0000 (10:29 +0000)] 
core125: Ship updated squid

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
13 months agosquid 3.5.28: latest patches (01-02)
Matthias Fischer [Thu, 1 Nov 2018 08:24:24 +0000 (09:24 +0100)] 
squid 3.5.28: latest patches (01-02)

For details see:
http://www.squid-cache.org/Versions/v3/3.5/changesets/

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>