Michael Tremer [Wed, 15 Mar 2017 13:45:05 +0000 (13:45 +0000)]
Improve graphs
The graphs are using an iframe and PNG images where the resolution
did often not fit and the browser had to resize the image. That
led to blurred fonts and hard to read graphs.
This patch increases the size of the box and the image. With that
higher resolution resizing should not be too much of an issue, but
since the sizes of the iframe and image have been aligned should
not even be necessary.
Reported-by: Marcel Lorenz <marcel.lorenz@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 15 Mar 2017 12:56:05 +0000 (12:56 +0000)]
strongswan: Disable IPv6 by default
IPFire 2 does not have IPv6 connectivity with exception of a
few systems for testing where IPsec connections become a little
bit unstable when trying to connect over IPv6.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 28 Feb 2017 11:32:08 +0000 (11:32 +0000)]
apache: Allow more processes/connections as the same time
In large networks, when ever multiple clients connect at the
same time and request the proxy.pac configuration file, apache
rate-limited requests so that some clients did not get a response
and therefore could not connect to the Internet.
This allows apache to handle more connections at the same time.
Suggested-by: Thoralf Söldenwagner <soeldenwagner@brecht-schule.hamburg> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 27 Feb 2017 21:38:03 +0000 (21:38 +0000)]
DNS: Fall back to permissive mode if recursor mode is unavailable
The tests when assigning DNS name servers has been extended so that
if no working forwarder can be found, we will test if the local recursor
mode is an option.
If not, we will configure unbound's validator module into permissive
mode so that at least some DNS functionality is available.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Wed, 22 Feb 2017 17:39:40 +0000 (18:39 +0100)]
unbound: Update to 1.6.1
For details see:
http://www.unbound.net/download.html
"Features
configure --enable-systemd and lets unbound use systemd sockets if you enable use-systemd:
yes in unbound.conf. Also there are contrib/unbound.socket and contrib/unbound.service:
systemd files for unbound, install them in /usr/lib/systemd/system. Contributed by Sami Kerola
and Pavel Odintsov.
[bugzilla: 1185 ]
Source IP rate limiting, patch from Larissa Feng.
[bugzilla: 1184 ]
Log DNS replies. This includes the same logging information that DNS queries and response
code and response size, patch from Larissa Feng.
Include root trust anchor id 20326 in unbound-anchor.
64bit is default for windows builds.
Bug Fixes
[bugzilla: 1176 ] Fix stack size too small for Alpine Linux.
Fix unbound-control and ipv6 only.
[bugzilla: 1182 ] Fix Resource leak (socket), at startup.
[bugzilla: 1178 ] Fix attempt to fix setup error at end, pop result values at end of install.
iana portlist update
Fix inet_ntop and inet_pton warnings in windows compile.
[bugzilla: 1191 ] Fix remove comment about view deletion.
[bugzilla: 1188 ] Fix unresolved symbol 'fake_dsa' in libunbound.so when built with Nettle
[bugzilla: 1190 ] Fix to not echo back EDNS options in local-zone error response.
[bugzilla: 1194 ] Fix if cross build fails when $host isn't `uname` for getentropy.
Fix reload chdir failure when also chrooted to that directory.
Fix to return formerr for queries for meta-types, to avoid packet amplification if this meta-type
is sent on to upstream.
[bugzilla: 1201 ] Fix missing unlock in answer_from_cache error condition.
[bugzilla: 1202 ] Fix code comment that packed_rrset_data is not always 'packed'.
Fix to also block meta types 128 through to 248 with formerr.
[bugzilla: 1206 ] Fix that some view-related commands are missing from 'unbound-control -h'
Fix to rename ub_callback_t to ub_callback_type, because POSIX reserves _t typedefs.
Fix to rename internally used types from _t to _type, because _t type names are reserved by
POSIX.
Increase MAX_MODULE to 16.
[bugzilla: 1211 ] Fix can't enable interface-automatic if no IPv6 with more helpful error message.
fix root_anchor test for updated icannbundle.pem lower certificates.
Fix compile on solaris of the fix to use $host detect.
Fix for type name change and fix warning on windows compile.
Fix pythonmod for typedef changes.
Fix dnstap for warning of set but not used.
Fix autoconf of systemd check for lack of pkg-config."
Best, Matthias
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jonatan Schlag [Wed, 22 Feb 2017 11:20:09 +0000 (12:20 +0100)]
Add new make macro for installing initscripts
We also move the initscript for also to src/initscripts/packages
and use this new macro to install the initscript Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Jonatan Schlag [Wed, 22 Feb 2017 09:23:10 +0000 (10:23 +0100)]
Move all Initscripts of the system, into an extra directory
Till now all init scripts going into src/initscripts/init.d so they are
installed by the lfs file initscripts. Because of that they also appear
in the rootfile of the "package" initscripts.
This has some disadvantages:
- the initscripts of the packages appear in the 3 rootfiles (one for
each arch) which are annoying because for every package with an
initscript 4 rootfiles (the 3 of the initscript package + the rootfile
of the package) are important.
- The rootfiles for a package are installed by lfs/initscripts but this
should happen only in the build of the package
To solve this issues all rootfiles for the core system are moved into
src/initscripts/init.d/common. Only the initscript in this directory are
installed by lfs/initscripts. So all initscripts for packages are
located in src/initscripts/init.d and are not installed by
lfs/initscripts.
So only the initscripts of the system appear in the 3 rootfiles of the
initscripts package. The initscript of a package appear only in the
rootfile of the package. This makes the maintaining of initscript
easier.