people/pmueller/ipfire-2.x.git
3 years agoMerge branch 'core110'
Arne Fitzenreiter [Tue, 30 May 2017 19:29:20 +0000 (21:29 +0200)] 
Merge branch 'core110'

3 years agosamba 3.6.25: fixes for lfs-file
Matthias Fischer [Mon, 29 May 2017 18:27:25 +0000 (20:27 +0200)] 
samba 3.6.25: fixes for lfs-file

Removed 'unrecognized' configure-options.

Deleted empty tab at line end and moved line '-mkdir -p /var/ipfire/samba'
because of error message:
'mkdir: cannot create directory ‘/var/ipfire/samba’: File exists'

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agoflash-image: Increase size of root partition
Michael Tremer [Thu, 25 May 2017 19:16:13 +0000 (20:16 +0100)] 
flash-image: Increase size of root partition

This should still be small enough to barely fit on a disk that
can hold 1GB of data. The actual one. Not the one that some
vendors put on it.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agoMerge branch 'master' of git.ipfire.org:/pub/git/ipfire-2.x
Arne Fitzenreiter [Sun, 28 May 2017 08:41:51 +0000 (10:41 +0200)] 
Merge branch 'master' of git.ipfire.org:/pub/git/ipfire-2.x

3 years agosamba: add current RHEL6 patches
Arne Fitzenreiter [Sun, 28 May 2017 08:40:09 +0000 (10:40 +0200)] 
samba: add current RHEL6 patches

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agoFix shutting down unbound when red is STATIC
Michael Tremer [Sat, 27 May 2017 10:23:58 +0000 (11:23 +0100)] 
Fix shutting down unbound when red is STATIC

Unbound was trying to check availability of the upstream name servers
when /var/ipfire/red/active is present. This patch removes it first
and then brings down the red device.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agocore111: Ship updated openssl
Michael Tremer [Thu, 25 May 2017 20:03:59 +0000 (21:03 +0100)] 
core111: Ship updated openssl

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agoopenssl: Update to 1.0.2l
Michael Tremer [Thu, 25 May 2017 19:58:54 +0000 (20:58 +0100)] 
openssl: Update to 1.0.2l

This release only contains bug fixes but no security-related fixes

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agomake.sh: Bump core update release number
Michael Tremer [Wed, 24 May 2017 10:14:38 +0000 (11:14 +0100)] 
make.sh: Bump core update release number

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agocore111: Ship updated OpenVPN
Michael Tremer [Mon, 22 May 2017 17:42:36 +0000 (18:42 +0100)] 
core111: Ship updated OpenVPN

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agoopenvpn: Update to 2.3.16
Michael Tremer [Mon, 22 May 2017 17:40:30 +0000 (18:40 +0100)] 
openvpn: Update to 2.3.16

Fixes CVE-2017-7479 and CVE-2017-7478

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agoRootfile update
Michael Tremer [Thu, 18 May 2017 15:40:54 +0000 (16:40 +0100)] 
Rootfile update

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agocore111: Ship updated cpio
Michael Tremer [Thu, 18 May 2017 10:55:20 +0000 (11:55 +0100)] 
core111: Ship updated cpio

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agocpio: Update to 2.12
Michael Tremer [Tue, 25 Apr 2017 09:13:04 +0000 (11:13 +0200)] 
cpio: Update to 2.12

FTBFS on aarch64

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agoccache: Cleanup makefile
Michael Tremer [Thu, 13 Apr 2017 17:16:25 +0000 (19:16 +0200)] 
ccache: Cleanup makefile

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agomake.sh: Set TOOLCHAIN=1 in toolchain stage
Michael Tremer [Thu, 13 Apr 2017 17:02:21 +0000 (19:02 +0200)] 
make.sh: Set TOOLCHAIN=1 in toolchain stage

This allows better lfs files and fewer ifdefs in toolchain stage.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agomake.sh: Adjust toolchain PATH in lfsmake1 instead of globally
Michael Tremer [Thu, 13 Apr 2017 17:01:28 +0000 (19:01 +0200)] 
make.sh: Adjust toolchain PATH in lfsmake1 instead of globally

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agokernel headers: Install correct headers for all architectures
Michael Tremer [Sat, 8 Apr 2017 10:12:42 +0000 (12:12 +0200)] 
kernel headers: Install correct headers for all architectures

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agofake-environ: Fix typos
Michael Tremer [Wed, 12 Apr 2017 09:38:42 +0000 (11:38 +0200)] 
fake-environ: Fix typos

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agomake.sh: Show last lines of log when build aborts
Michael Tremer [Fri, 5 May 2017 12:10:36 +0000 (14:10 +0200)] 
make.sh: Show last lines of log when build aborts

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agoStart Core Update 111
Michael Tremer [Thu, 18 May 2017 10:47:07 +0000 (11:47 +0100)] 
Start Core Update 111

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agoMerge remote-tracking branch 'origin/master' into next
Michael Tremer [Thu, 18 May 2017 10:24:41 +0000 (11:24 +0100)] 
Merge remote-tracking branch 'origin/master' into next

3 years agoMerge remote-tracking branch 'ms/wlanclient' into next
Michael Tremer [Thu, 18 May 2017 10:22:20 +0000 (11:22 +0100)] 
Merge remote-tracking branch 'ms/wlanclient' into next

3 years agoindex.cgi: Show WiFi properties on front page
Michael Tremer [Tue, 16 May 2017 14:02:25 +0000 (16:02 +0200)] 
index.cgi: Show WiFi properties on front page

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agoWiFi: Show EAP status on wireless client page
Michael Tremer [Tue, 16 May 2017 13:05:25 +0000 (15:05 +0200)] 
WiFi: Show EAP status on wireless client page

This patch adds some status information so that we know what
authentication an access point is using.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agotor: Update to 0.3.0.7
Michael Tremer [Tue, 16 May 2017 10:33:40 +0000 (11:33 +0100)] 
tor: Update to 0.3.0.7

Fixes various security vulnerabilities of medium severity in
the relay component.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agoItalian translations in it.pl after 110
Gabriel Rolland [Thu, 4 May 2017 08:28:35 +0000 (10:28 +0200)] 
Italian translations in it.pl after 110

Missing or incorrect translations.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agoweb-user-interface: Fix for rootfile
Matthias Fischer [Fri, 5 May 2017 21:22:30 +0000 (23:22 +0200)] 
web-user-interface: Fix for rootfile

Added 'back.png' for Firewall-GUI

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agovpnmain.cgi: Fix typo
Michael Tremer [Fri, 5 May 2017 11:02:21 +0000 (12:02 +0100)] 
vpnmain.cgi: Fix typo

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agowlan client: Generate wpa_supplicant configuration file for EAP
Michael Tremer [Fri, 5 May 2017 10:31:36 +0000 (11:31 +0100)] 
wlan client: Generate wpa_supplicant configuration file for EAP

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agowlan client: Allow configuration of EAP-PEAP and EAP-TTLS on web user interface
Michael Tremer [Fri, 5 May 2017 10:17:06 +0000 (11:17 +0100)] 
wlan client: Allow configuration of EAP-PEAP and EAP-TTLS on web user interface

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agoGUI: Some simple FW-Log cosmetics
Matthias Fischer [Sun, 30 Apr 2017 10:59:23 +0000 (12:59 +0200)] 
GUI: Some simple FW-Log cosmetics

I altered 'showrequestfromcountry.dat', 'showrequestfromip.dat' and 'showrequestfromport.dat'
in the same manner as the 'Loggraphs'-Pages in commit

Each 'Details'-page got a unique title.

Furthermore, I added a 'Back'-Button to go back to the previous page. For this, I used
'back.png' from 'wio' (thanks Stephan! ;-) ) since I found no other appropriate image.

'ipinfo.cgi' got a centered 'Back'-Button, too.

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agoBUG 11305: Suggested fix for '/var/log/btmp' permissions
Matthias Fischer [Fri, 28 Apr 2017 19:29:58 +0000 (21:29 +0200)] 
BUG 11305: Suggested fix for '/var/log/btmp' permissions

Fixes BUG 11305, for details see:
https://bugzilla.ipfire.org/show_bug.cgi?id=11305

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agounbound: Update dnssec-status file
Michael Tremer [Sun, 30 Apr 2017 12:09:51 +0000 (13:09 +0100)] 
unbound: Update dnssec-status file

The status file was not updated when DNSSEC was disabled
before and has been enabled after which always caused
the webif to show that DNSSEC was disabled.

Fixes #11315

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agounbound: Update to 1.6.2
Matthias Fischer [Mon, 24 Apr 2017 18:56:29 +0000 (20:56 +0200)] 
unbound: Update to 1.6.2

For details see:
http://www.unbound.net/download.html

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agobind: Update to 9.11.1
Matthias Fischer [Tue, 25 Apr 2017 19:08:32 +0000 (21:08 +0200)] 
bind: Update to 9.11.1

For details see:
https://ftp.isc.org/isc/bind9/9.11.1/RELEASE-NOTES-bind-9.11.1.html

"Security Fixes

rndc "" could trigger an assertion failure in named. This flaw is disclosed
in (CVE-2017-3138). [RT #44924]

Some chaining (i.e., type CNAME or DNAME) responses to upstream queries could
trigger assertion failures. This flaw is disclosed in CVE-2017-3137. [RT #44734]

dns64 with break-dnssec yes; can result in an assertion failure. This flaw is
disclosed in CVE-2017-3136. [RT #44653]

If a server is configured with a response policy zone (RPZ) that rewrites an
answer with local data, and is also configured for DNS64 address mapping, a NULL
pointer can be read triggering a server crash. This flaw is disclosed in
CVE-2017-3135. [RT #44434]

A coding error in the nxdomain-redirect feature could lead to an assertion failure
if the redirection namespace was served from a local authoritative data source such
as a local zone or a DLZ instead of via recursive lookup. This flaw is disclosed in
CVE-2016-9778. [RT #43837]

named could mishandle authority sections with missing RRSIGs, triggering an
assertion failure. This flaw is disclosed in CVE-2016-9444. [RT #43632]

named mishandled some responses where covering RRSIG records were returned without
the requested data, resulting in an assertion failure. This flaw is disclosed in
CVE-2016-9147. [RT #43548]

named incorrectly tried to cache TKEY records which could trigger an assertion failure
when there was a class mismatch. This flaw is disclosed in CVE-2016-9131. [RT #43522]

It was possible to trigger assertions when processing responses containing answers of
type DNAME. This flaw is disclosed in CVE-2016-8864. [RT #43465]

Added the ability to specify the maximum number of records permitted in a zone
(max-records #;). This provides a mechanism to block overly large zone transfers, which
is a potential risk with slave zones from other parties, as described in CVE-2016-6170.
[RT #42143]

Bug Fixes

A synthesized CNAME record appearing in a response before the associated DNAME could be
cached, when it should not have been. This was a regression introduced while addressing
CVE-2016-8864. [RT #44318]

named could deadlock if multiple changes to NSEC/NSEC3 parameters for the same zone were
being processed at the same time. [RT #42770]

named could trigger an assertion when sending NOTIFY messages. [RT #44019]

Referencing a nonexistent zone in a response-policy statement could cause an assertion
failure during configuration. [RT #43787]

rndc addzone could cause a crash when attempting to add a zone with a type other than
master or slave. Such zones are now rejected. [RT #43665]

named could hang when encountering log file names with large apparent gaps in version
number (for example, when files exist called "logfile.0", "logfile.1", and
"logfile.1482954169"). This is now handled correctly. [RT #38688]

If a zone was updated while named was processing a query for nonexistent data, it could
return out-of-sync NSEC3 records causing potential DNSSEC validation failure. [RT #43247]"

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agonano: Update to 2.8.1
Matthias Fischer [Tue, 25 Apr 2017 19:13:17 +0000 (21:13 +0200)] 
nano: Update to 2.8.1

For details see:
https://www.nano-editor.org/news.php

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agologrotate: Update to 3.12.1
Matthias Fischer [Fri, 28 Apr 2017 06:17:33 +0000 (08:17 +0200)] 
logrotate: Update to 3.12.1

For details see:
https://github.com/logrotate/logrotate/blob/master/ChangeLog.md

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agoOpenVPN: Mark SHA1 as weak
Michael Tremer [Fri, 28 Apr 2017 12:03:46 +0000 (13:03 +0100)] 
OpenVPN: Mark SHA1 as weak

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agoOpenVPN: Use SHA512 by default
Michael Tremer [Fri, 28 Apr 2017 12:01:41 +0000 (13:01 +0100)] 
OpenVPN: Use SHA512 by default

This will break compatibility with old clients like
Windows XP, but these are too old now to be supported.

SHA1 is considered to be weak and should not be used any more

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agovnstat: Update to 1.17
Matthias Fischer [Sat, 22 Apr 2017 16:17:27 +0000 (18:17 +0200)] 
vnstat: Update to 1.17

For details see:
http://humdi.net/vnstat/CHANGES

Please note - this commit is based on:
http://git.ipfire.org/?p=people/mfischer/ipfire-2.x.git;a=commit;h=f92c3ef6b97d4bd5e3db9c6c783ab0059016b211

1.15 was running here since then, upgrading to 1.17 showed no problems so far.

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agovnstat: Update to 1.15
Matthias Fischer [Tue, 12 Jul 2016 10:56:42 +0000 (12:56 +0200)] 
vnstat: Update to 1.15

Changelog:
http://humdi.net/vnstat/CHANGES

I had to add some 'configure'-lines to build this - nevertheless: its
working. ;-)

'vnstat.conf' needed some additional 'sed'-lines, too.

Please review, test and confirm.

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agoGUI: Some simple FW-Log cosmetics
Matthias Fischer [Fri, 21 Apr 2017 20:37:28 +0000 (22:37 +0200)] 
GUI: Some simple FW-Log cosmetics

Fixed the 'details'-Button in 'firewalllogcountry.dat' by adding missing
translation string.

Each 'Loggraphs'-Page got a unique title and a new heading for the corresponding
diagram.

Just cosmetics...

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agounbound 1.6.1: Linking against libevent2
Matthias Fischer [Fri, 21 Apr 2017 17:00:21 +0000 (19:00 +0200)] 
unbound 1.6.1: Linking against libevent2

Hi,

this was triggered by unbound-users@unbound.net - it seems that the
'configure'-option '--with-libevent-support' is not enough:

***SNIP***
...
When building unbound with --with-libevent support, the make
install phase should also call make unbound-event-install or else
unbound-event.h does not get installed and the header file for
using the unbound event functionality is not available.
...
This install is triggered by the option --enable-event-api. Just
enabling --with-libevent does not trigger the install by itself.

Best regards,
Wouter
...
***SNAP***

I built 'unbound' this way - its running without any problems so far.

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agoavahi-remove: bump mpd version.
Arne Fitzenreiter [Sat, 22 Apr 2017 07:54:05 +0000 (09:54 +0200)] 
avahi-remove: bump mpd version.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agocore110: remove avahi startlinks
Arne Fitzenreiter [Sat, 22 Apr 2017 06:19:05 +0000 (08:19 +0200)] 
core110: remove avahi startlinks

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agoavahi-remove: bump package versions to remove avahi dep
Arne Fitzenreiter [Thu, 20 Apr 2017 18:32:42 +0000 (20:32 +0200)] 
avahi-remove: bump package versions to remove avahi dep

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agocore110: remove avahi from system and pakfire db
Arne Fitzenreiter [Thu, 20 Apr 2017 18:26:38 +0000 (20:26 +0200)] 
core110: remove avahi from system and pakfire db

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agoIPsec: Show status in WUI when VPN is connecting
Michael Tremer [Thu, 20 Apr 2017 12:00:42 +0000 (13:00 +0100)] 
IPsec: Show status in WUI when VPN is connecting

This is helpful when debugging on-demand connections
when you can see if strongswan tries to connect or is
still idle.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agoIPsec: Mark MODP<=1024 and MD5 as broken and SHA1 as weak
Michael Tremer [Thu, 20 Apr 2017 11:53:53 +0000 (12:53 +0100)] 
IPsec: Mark MODP<=1024 and MD5 as broken and SHA1 as weak

Since we somehow have to support these algorithms this patch
adds some information for the user that it is very strongly
discouraged to use them in production.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agoIPsec: Allow using MODP-768 in proposal
Michael Tremer [Thu, 20 Apr 2017 11:44:27 +0000 (12:44 +0100)] 
IPsec: Allow using MODP-768 in proposal

MODP-768 is broken but some systems out there (for example old
Cisco ASAs) do not support anything better. Hence it is better
to allow this instead of using no VPN at all.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agolibevent2: Update to 2.1.8-stable
Matthias Fischer [Sun, 9 Apr 2017 22:35:50 +0000 (00:35 +0200)] 
libevent2: Update to 2.1.8-stable

Contains lots of build- and bugfixes since 2.0.22 - for details see:
https://raw.githubusercontent.com/libevent/libevent/release-2.1.8-stable/ChangeLog

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agoRevert "gdbm: update to 1.13"
Matthias Fischer [Wed, 19 Apr 2017 13:26:06 +0000 (15:26 +0200)] 
Revert "gdbm: update to 1.13"

This reverts commit dc539daf8823ef97c931f12b514453c25e867c45.

With "gdbm-Update to 1.13", 'php 5.3.27' failed to build.

Best,
Matthias

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agophp 5.3.27: Source format improvements
Matthias Fischer [Wed, 19 Apr 2017 08:10:05 +0000 (10:10 +0200)] 
php 5.3.27: Source format improvements

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agocups-filters: Fix for lfs-file (dropped avahi package)
Matthias Fischer [Thu, 13 Apr 2017 07:08:21 +0000 (09:08 +0200)] 
cups-filters: Fix for lfs-file (dropped avahi package)

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agoavahi: Drop package
Michael Tremer [Wed, 12 Apr 2017 16:35:43 +0000 (17:35 +0100)] 
avahi: Drop package

The daemon locks up when starting up in avahi_log_info() and
probably the other logging functions, too.

Since avahi is not really used a lot in the distribution,
has been in testing for four years and has virtually no users
I am going to drop it instead of wasting time on fixing this.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agogit: update to 2.12.1
Marcel Lorenz [Tue, 18 Apr 2017 12:56:05 +0000 (14:56 +0200)] 
git: update to 2.12.1

Signed-off-by: Marcel Lorenz <marcel.lorenz@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agoBUG 11318: Fix deletion of temporary files from IPTables-GUI
Matthias Fischer [Sun, 16 Apr 2017 21:01:33 +0000 (23:01 +0200)] 
BUG 11318: Fix deletion of temporary files from IPTables-GUI

For details see:
https://bugzilla.ipfire.org/show_bug.cgi?id=11318

Temporary files for 'iptables', 'iptablesmangle' and 'iptablesnat' created by
'iptables.cgi' were not deleted after use but stayed in '/srv/weg/ipfire/html/'.

As a workaround I changed 'getipstat.c' to create these files in '/var/tmp' and the
"open (file..." and "rm" commands in 'iptables.cgi'.

Works here.

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agolibevent2-compat: newpackage
Matthias Fischer [Mon, 17 Apr 2017 12:25:59 +0000 (14:25 +0200)] 
libevent2-compat: newpackage

Keeps older packages that have been linked
against this version of libevent2 working.

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agoFix for guardian-CGI: As a result of fixing BUG11318
Matthias Fischer [Sun, 16 Apr 2017 22:16:02 +0000 (00:16 +0200)] 
Fix for guardian-CGI: As a result of fixing BUG11318

This is necessary because commit bf1985fae5baca327fcded31264f45638442f02e changes the
place where temporary files from 'iptables' are stored.

Some typos where fixed, too.

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agoRootfile update
Michael Tremer [Mon, 17 Apr 2017 11:36:49 +0000 (12:36 +0100)] 
Rootfile update

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agoBuild python3-libvirt only on i586 and x86_64
Jonatan Schlag [Sun, 16 Apr 2017 17:36:22 +0000 (19:36 +0200)] 
Build python3-libvirt only on i586 and x86_64

Libvirt is build only on these arches and the bindings make only with
libvirt sense so we should build them only on these two arches too.

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agoAdd package python3-libvirt
Jonatan Schlag [Sat, 15 Apr 2017 13:56:22 +0000 (15:56 +0200)] 
Add package python3-libvirt

This new package provides the python3 bindings for libvirt.

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agogdbm: update to 1.13
Marcel Lorenz [Sun, 16 Apr 2017 17:35:50 +0000 (19:35 +0200)] 
gdbm: update to 1.13

Signed-off-by: Marcel Lorenz <marcel.lorenz@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agoUpdate python3 to 3.6.1
Jonatan Schlag [Sat, 15 Apr 2017 13:48:54 +0000 (15:48 +0200)] 
Update python3 to 3.6.1

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agoipset: Update to 6.32
Matthias Fischer [Sun, 16 Apr 2017 12:13:33 +0000 (14:13 +0200)] 
ipset: Update to 6.32

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agocoreutils: Update to 8.27
Matthias Fischer [Sun, 16 Apr 2017 12:38:46 +0000 (14:38 +0200)] 
coreutils: Update to 8.27

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agoUpdate libvirt to 3.1.0
Jonatan Schlag [Sat, 15 Apr 2017 12:01:30 +0000 (14:01 +0200)] 
Update libvirt to 3.1.0

This patch update the libvirt library to version 3.1.0
We can not update to the latest version in the moment because version
3.2.0 has a annoying bug.

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agobind: Update to 9.11.0-P5
Matthias Fischer [Sun, 16 Apr 2017 12:11:10 +0000 (14:11 +0200)] 
bind: Update to 9.11.0-P5

For details see:
https://ftp.isc.org/isc/bind9/9.11.0-P5/RELEASE-NOTES-bind-9.11.0-P5.html

"BIND 9.11.0-P5 addresses the security issues described in CVE-2017-3136,
CVE-2017-3137, and CVE-2017-3138, and updates the built-in trusted keys for the root zone.

Security Fixes

rndc "" could trigger an assertion failure in named. This flaw is disclosed in
(CVE-2017-3138). [RT #44924]

Some chaining (i.e., type CNAME or DNAME) responses to upstream queries could
trigger assertion failures. This flaw is disclosed in CVE-2017-3137. [RT #44734]

dns64 with break-dnssec yes; can result in an assertion failure. This flaw is
disclosed in CVE-2017-3136. [RT #44653]

If a server is configured with a response policy zone (RPZ) that rewrites an
answer with local data, and is also configured for DNS64 address mapping, a NULL
pointer can be read triggering a server crash. This flaw is disclosed in CVE-2017-3135.
[RT #44434]

A coding error in the nxdomain-redirect feature could lead to an assertion failure if
the redirection namespace was served from a local authoritative data source such as a
local zone or a DLZ instead of via recursive lookup. This flaw is disclosed in
CVE-2016-9778. [RT #43837]

named could mishandle authority sections with missing RRSIGs, triggering an assertion
failure. This flaw is disclosed in CVE-2016-9444. [RT #43632]

named mishandled some responses where covering RRSIG records were returned without the
requested data, resulting in an assertion failure. This flaw is disclosed in
CVE-2016-9147. [RT #43548]

named incorrectly tried to cache TKEY records which could trigger an assertion failure
when there was a class mismatch. This flaw is disclosed in CVE-2016-9131. [RT #43522]

It was possible to trigger assertions when processing responses containing answers of
type DNAME. This flaw is disclosed in CVE-2016-8864. [RT #43465]

Bug Fixes

A synthesized CNAME record appearing in a response before the associated DNAME could be
cached, when it should not have been. This was a regression introduced while addressing
CVE-2016-8864. [RT #44318]

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agocups-filters: Fix for lfs-file (dropped avahi package)
Matthias Fischer [Thu, 13 Apr 2017 07:08:21 +0000 (09:08 +0200)] 
cups-filters: Fix for lfs-file (dropped avahi package)

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agoavahi: Drop package
Michael Tremer [Wed, 12 Apr 2017 16:35:43 +0000 (17:35 +0100)] 
avahi: Drop package

The daemon locks up when starting up in avahi_log_info() and
probably the other logging functions, too.

Since avahi is not really used a lot in the distribution,
has been in testing for four years and has virtually no users
I am going to drop it instead of wasting time on fixing this.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agographs.pl: Fix HTML syntax error
Michael Tremer [Tue, 11 Apr 2017 13:26:57 +0000 (14:26 +0100)] 
graphs.pl: Fix HTML syntax error

The missing ' caused that a different URL was called

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agographs.pl: Fix HTML syntax error
Michael Tremer [Tue, 11 Apr 2017 13:26:57 +0000 (14:26 +0100)] 
graphs.pl: Fix HTML syntax error

The missing ' caused that a different URL was called

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agokbd 1.12: Update for rootfile
Matthias Fischer [Mon, 10 Apr 2017 12:10:28 +0000 (14:10 +0200)] 
kbd 1.12: Update for rootfile

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agorrdtool 1.6.0: fix for rootfile
Matthias Fischer [Sun, 9 Apr 2017 16:19:49 +0000 (18:19 +0200)] 
rrdtool 1.6.0: fix for rootfile

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agoltrace: New package
Michael Tremer [Tue, 11 Apr 2017 13:11:16 +0000 (14:11 +0100)] 
ltrace: New package

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agoelfutils: Update rootfile
Michael Tremer [Tue, 11 Apr 2017 13:10:53 +0000 (14:10 +0100)] 
elfutils: Update rootfile

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agoelfutils: New package
Michael Tremer [Tue, 11 Apr 2017 12:05:53 +0000 (13:05 +0100)] 
elfutils: New package

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agodbus: Update to 1.11.12
Michael Tremer [Tue, 11 Apr 2017 12:05:22 +0000 (13:05 +0100)] 
dbus: Update to 1.11.12

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agonmap: remove uninstall_ndiff from rootfile
Timo Eissler [Fri, 7 Apr 2017 19:59:40 +0000 (21:59 +0200)] 
nmap: remove uninstall_ndiff from rootfile

Signed-off-by: Timo Eissler <timo.eissler@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agoattr: rootfile update
Arne Fitzenreiter [Sat, 8 Apr 2017 04:57:56 +0000 (06:57 +0200)] 
attr: rootfile update

there must be a problem at log generation. sometimes
some manpages are not listed in the log.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agompd: disable smbclient
Arne Fitzenreiter [Fri, 7 Apr 2017 22:04:48 +0000 (00:04 +0200)] 
mpd: disable smbclient

because it has many dependencies and spit allot of error messages.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agocore110: fix legacy theme css path
Arne Fitzenreiter [Fri, 7 Apr 2017 21:13:09 +0000 (23:13 +0200)] 
core110: fix legacy theme css path

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agoMerge remote-tracking branch 'origin/master' into core110
Arne Fitzenreiter [Fri, 7 Apr 2017 15:35:05 +0000 (17:35 +0200)] 
Merge remote-tracking branch 'origin/master' into core110

3 years agocore110: Ship updated legacy style CSS
Michael Tremer [Fri, 7 Apr 2017 11:05:35 +0000 (12:05 +0100)] 
core110: Ship updated legacy style CSS

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agopakfire: Fix dependency resolver
Michael Tremer [Fri, 7 Apr 2017 11:04:02 +0000 (12:04 +0100)] 
pakfire: Fix dependency resolver

The old algorithm could potentially lock itself in an endless
recursion when there were packages with circular dependencies.

This version does not do this and is also faster.

Reported-by: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agoattr: update rootfile
Arne Fitzenreiter [Fri, 7 Apr 2017 10:09:51 +0000 (12:09 +0200)] 
attr: update rootfile

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agompd: back to 0.19.19 because 0.20.x not work on arm softfloat
Arne Fitzenreiter [Fri, 7 Apr 2017 10:02:50 +0000 (12:02 +0200)] 
mpd: back to 0.19.19 because 0.20.x not work on arm softfloat

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agoQoS: Enable IMQ multi queueing
Michael Tremer [Thu, 6 Apr 2017 18:12:06 +0000 (19:12 +0100)] 
QoS: Enable IMQ multi queueing

This increases throughput when QoS is activated
since now all available CPU cores will be used

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agoRootfile update
Michael Tremer [Thu, 6 Apr 2017 18:00:45 +0000 (19:00 +0100)] 
Rootfile update

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agodhcp: Fix extracting bundled BIND package
Michael Tremer [Thu, 6 Apr 2017 11:52:10 +0000 (12:52 +0100)] 
dhcp: Fix extracting bundled BIND package

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agogcc: update to 4.9.4
Marcel Lorenz [Fri, 17 Mar 2017 14:50:03 +0000 (15:50 +0100)] 
gcc: update to 4.9.4

This is only a bugfix release
https://gcc.gnu.org/gcc-4.9/changes.html

Signed-off-by: Marcel Lorenz <marcel.lorenz@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agompfr: update to 3.1.5
Marcel Lorenz [Fri, 17 Mar 2017 15:00:04 +0000 (16:00 +0100)] 
mpfr: update to 3.1.5

Signed-off-by: Marcel Lorenz <marcel.lorenz@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agogmp: update to 6.1.2
Marcel Lorenz [Fri, 17 Mar 2017 14:26:06 +0000 (15:26 +0100)] 
gmp: update to 6.1.2

Signed-off-by: Marcel Lorenz <marcel.lorenz@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agopcre: update to 8.40
Marcel Lorenz [Fri, 17 Mar 2017 14:20:07 +0000 (15:20 +0100)] 
pcre: update to 8.40

Signed-off-by: Marcel Lorenz <marcel.lorenz@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agorrdtool: update to 1.6.0
Marcel Lorenz [Fri, 17 Mar 2017 14:11:12 +0000 (15:11 +0100)] 
rrdtool: update to 1.6.0

Signed-off-by: Marcel Lorenz <marcel.lorenz@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agopkg-config: update to 0.29.1
Marcel Lorenz [Fri, 17 Mar 2017 15:11:36 +0000 (16:11 +0100)] 
pkg-config: update to 0.29.1

Signed-off-by: Marcel Lorenz <marcel.lorenz@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agonmap: update to 7.40
Marcel Lorenz [Fri, 17 Mar 2017 15:16:57 +0000 (16:16 +0100)] 
nmap: update to 7.40

Signed-off-by: Marcel Lorenz <marcel.lorenz@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agom4: update to 1.4.18
Marcel Lorenz [Fri, 17 Mar 2017 15:23:13 +0000 (16:23 +0100)] 
m4: update to 1.4.18

Signed-off-by: Marcel Lorenz <marcel.lorenz@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agoacpid: update to 2.0.28
Marcel Lorenz [Sat, 18 Mar 2017 10:16:16 +0000 (11:16 +0100)] 
acpid: update to 2.0.28

Signed-off-by: Marcel Lorenz <marcel.lorenz@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>