The virtlogd could only be restarted when the daemons run. The update.sh
script tried to restart the daemon no matter if the daemons run or not.
This behaviour produce problems.
An If statement now checks if the daemon runs or not and execute the
command that is suitable for the situation.
Fixes: #11172 Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jonatan Schlag [Sun, 28 Aug 2016 17:59:19 +0000 (19:59 +0200)]
Update libvirt to 2.1
This is the update of libvirt to the latest version 2.1.
The most important change from a packager view is the new virtlogd
daemon.
This daemon handles the qemu output and wrote it to log files.
The require some changes:
- A new init script to start, stop restart the daemon called virtlogd.
The daemon is restart with SIGUSR1 (this is important because the daemon
keeps all pipelines etc. open).
This introduces a problem with the uninstall.sh install.sh script.
It is not possible to stop the daemon while virtual machines are
running, so the script update.sh execute from now not uninstall.sh and
install.sh instead it contains all steps from uninstall.sh install.sh
expect the start / stop routine for virtlogd. The daemon is just
restarted after the update, which makes sure that all changes take
effect.
- new symlinks in the uninstall.sh and install.sh script and some root
file changes because of the new virtlogd init script.
- the archive format changes from tar.gz to tar.xz
For Changelogs see:
https://libvirt.org/news-2015.html
https://libvirt.org/news.html (2017 and later:
https://libvirt.org/news-2016.html )
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Alexander Marx [Thu, 15 Sep 2016 13:31:48 +0000 (15:31 +0200)]
BUG11184: Error if DNAT address ends with 0 or 255 now disabled
When using dnat addresses, it is possible to use big subnets and host addresses like 172.16.0.0/12.
These addresses where rejected because it was recognised as network address.
The check is now removed.
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
The virtlogd could only be restarted when the daemons run. The update.sh
script tried to restart the daemon no matter if the daemons run or not.
This behaviour produce problems.
An If statement now checks if the daemon runs or not and execute the
command that is suitable for the situation.
Fixes: #11172 Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jonatan Schlag [Sun, 28 Aug 2016 17:59:19 +0000 (19:59 +0200)]
Update libvirt to 2.1
This is the update of libvirt to the latest version 2.1.
The most important change from a packager view is the new virtlogd
daemon.
This daemon handles the qemu output and wrote it to log files.
The require some changes:
- A new init script to start, stop restart the daemon called virtlogd.
The daemon is restart with SIGUSR1 (this is important because the daemon
keeps all pipelines etc. open).
This introduces a problem with the uninstall.sh install.sh script.
It is not possible to stop the daemon while virtual machines are
running, so the script update.sh execute from now not uninstall.sh and
install.sh instead it contains all steps from uninstall.sh install.sh
expect the start / stop routine for virtlogd. The daemon is just
restarted after the update, which makes sure that all changes take
effect.
- new symlinks in the uninstall.sh and install.sh script and some root
file changes because of the new virtlogd init script.
- the archive format changes from tar.gz to tar.xz
For Changelogs see:
https://libvirt.org/news-2015.html
https://libvirt.org/news.html (2017 and later:
https://libvirt.org/news-2016.html )
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Fri, 19 Aug 2016 22:15:55 +0000 (00:15 +0200)]
squid: Update to 3.5.20 with latest patches (14067-14075)
For details, see:
http://www.squid-cache.org/Versions/v3/3.5/changesets/
Since there were problems with "trailing white spaces" I started a new 'squid_3'
branch from scratch, based on current 'next'.
I hope this is what is needed and that it helps.
This one was built without errors and is running here without seen problems.
Best,
Matthias
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jonatan Schlag [Sun, 14 Aug 2016 09:25:01 +0000 (11:25 +0200)]
Libvirt: load vhost_net before libvirtd start.
If the kernel module vhot_net is loaded, the performance of virtio
networking is better then without vhost_net.
So the module is loaded before libvirtd ist started to get the benefit
of vhost_net.
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jonatan Schlag [Sun, 14 Aug 2016 09:25:01 +0000 (11:25 +0200)]
Libvirt: load vhost_net before libvirtd start.
If the kernel module vhot_net is loaded, the performance of virtio
networking is better then without vhost_net.
So the module is loaded before libvirtd ist started to get the benefit
of vhost_net.
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jonatan Schlag [Sun, 7 Aug 2016 13:29:44 +0000 (15:29 +0200)]
Add new package libusbredir
This package adds support for the use redirection of spice.
It is now possible to attach USB devices of the host where the spice
client run to the virtual machine.
The binary is not needed for this functionality and that's why they is
not shipped with the package
This feature is also enabled in qemu.
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jonatan Schlag [Tue, 2 Aug 2016 12:01:05 +0000 (14:01 +0200)]
Libvirt: Add backup
The directory /etc/libvirt is backed up on uninstallation and is
restored on installation.
Alle Files in /var are commented in the rootfile so they are not
removed on uninstallation.
Because of the fact that the directories are not shipped with the
package they were created at installation time.
The permissions of 3 directories are changed because the qemu user is
nobody and the qemu group is kvm, so the permissions must be nobody:kvm
Fixes: #11151 Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 2 Aug 2016 15:06:35 +0000 (16:06 +0100)]
openssh: Update to 7.3p1
Includes various security fixes:
* sshd(8): Mitigate a potential denial-of-service attack against
the system's crypt(3) function via sshd(8). An attacker could
send very long passwords that would cause excessive CPU use in
crypt(3). sshd(8) now refuses to accept password authentication
requests of length greater than 1024 characters. Independently
reported by Tomas Kuthan (Oracle), Andres Rojas and Javier Nieto.
* sshd(8): Mitigate timing differences in password authentication
that could be used to discern valid from invalid account names
when long passwords were sent and particular password hashing
algorithms are in use on the server. CVE-2016-6210, reported by
EddieEzra.Harari at verint.com
* ssh(1), sshd(8): Fix observable timing weakness in the CBC padding
oracle countermeasures. Reported by Jean Paul Degabriele, Kenny
Paterson, Torben Hansen and Martin Albrecht. Note that CBC ciphers
are disabled by default and only included for legacy compatibility.
* ssh(1), sshd(8): Improve operation ordering of MAC verification for
Encrypt-then-MAC (EtM) mode transport MAC algorithms to verify the
MAC before decrypting any ciphertext. This removes the possibility
of timing differences leaking facts about the plaintext, though no
such leakage has been observed. Reported by Jean Paul Degabriele,
Kenny Paterson, Torben Hansen and Martin Albrecht.
* sshd(8): (portable only) Ignore PAM environment vars when
UseLogin=yes. If PAM is configured to read user-specified
environment variables and UseLogin=yes in sshd_config, then a
hostile local user may attack /bin/login via LD_PRELOAD or
similar environment variables set via PAM. CVE-2015-8325,
found by Shayan Sadigh.
Fixes: #11160 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>