BUG11131: fix errormessage when more ipsec subnets defined
When having more than one subnet in an ipsec connection it is not
possible to create a new openvpn static subnet.
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org> Signed-off-by: Heino Gutschmidt <heino.gutschmidt@managedhosting.de> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Marcel Lorenz [Thu, 2 Jun 2016 17:39:51 +0000 (19:39 +0200)]
ncurses: update to 6.0 and rename 5.9 to ncurses-compat v3
This patch updates the ncurses to 6.0. The old 5.9 are renamed to ncurses-compat.
The compat makes the old libs maintainable and the compat rootfile is cleaned up.
The 6.0 is build after 5.9 and all IPFire componentes will build with 6.0
In version 6 only the wide-character libraries are build. The are usable
in both multibyte and traditional 8-bit locales while normal libraries work
properly only in 8-bit locales. The toolchain is only bild with 6.0.
Signed-off-by: Marcel Lorenz <marcel.lorenz@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jonatan Schlag [Sat, 7 May 2016 14:01:09 +0000 (16:01 +0200)]
New package util-macros
This package is a build dependency of libpciaccess, we do not need this
as a package. That's why the rootfiles goes into common and all lines
are excluded.
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jonatan Schlag [Sat, 7 May 2016 14:01:08 +0000 (16:01 +0200)]
Network: add macvtap mode
This change make it possible to use a macvtap interface as a
standard interface (green0).
This is required by libvirt, because libvirt adds macvtap interfaces to
the physical interface, but this causes a problem. A VM with this
configuration can communicate with the whole network,
but not with the Host (IPFire).
To solve this problem, the host interface must be also a macvtap interface.
This is achieved by:
1. In /var/ipfire/ethernet/settings the mode of a interface could set
with GREEN_MODE= ...
When the mode is macvtap the physical interface is renamed to green0phys
instead of green0. If the mode is not set the normal configuration is
applied .
2. The network-hotplug-macvtap script checks if a physical nic ends
with "phys".
When the interface ends with "phys", the script adds a macvtap interface
to the physical nic which is named green0. The MAC address of this
interface is set to the MAC address of the physical nic. The MAC address
of the physical is set to a random value. We do this because the MAC
address of green0 should not change.
All services, IP addresses then binds to the macvatap interface, the
physical nic is not used.
PS.: The script works also with the orange or blue interface, just
replace green with orange or blue.
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2016-03-09 - Snort 2.9.8.2
[*] New additions
* Future-flow and DNS API exposed to lua detector.
* Double VLAN tagging support.
[*] Improvements
* Performance improvements to AppID.
* Stability improvements to file and ftp_telnet preprocessor.
* Fixed several issues with SDF and obfuscation.
* Resolved an issue of improper handling of malformed DNS host
in AppID.
* HTTP PAF accepts all tokens between method and version strings
in a request URI.
* Resolved snort build issue with "--disable-perfprofiling" configure
option.
* Enhanced mime parsing by adding support for detecting files
after unknown headers and no headers.
* Fixed issue with gzip decompression. If the server response specifies
Content-Encoding as GZIP, but no Content-Length field for HTTP ver 1.0.
* End of Header(EOH) identification for HTTP response header spanning multiple
packets.
* Improved packet reassembly for HTTP.
* Fixed Flash LZMA decompression issue.
For details see:
https://www.snort.org/downloads/snort/changelog_2.9.8.2.txt
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Matthias Fischer [Tue, 17 May 2016 19:33:24 +0000 (21:33 +0200)]
squid: Rework initscript
The initscript now takes care that the squid proxy server process
is properly shut down. If that fails, it will remove the cache
index and let it be recreated at the next start. A warning is
shown to the user.
The "flush" command will now remove the entire proxy cache.
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Tue, 10 May 2016 16:58:28 +0000 (18:58 +0200)]
squid: Update to 3.5.19
Activated 'ipv6', as discussed in ipfire-list with Michael:
"I had a look what the IPv6 switch actually changes. And that is not really much.
Essentially nothing. It just probes if the system supports IPv6 and if not it
disables it internally.
Alexander Marx [Thu, 21 Apr 2016 06:56:25 +0000 (08:56 +0200)]
tzdata: Update to 2016d
fixes: #11103
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
The 2016d release of the tz code and data is available. It reflects the
following changes, which were either circulated on the tz mailing list
or are relatively minor technical or administrative changes:
Changes affecting future time stamps
America/Caracas switches from -0430 to -04 on 2016-05-01 at 02:30.
(Thanks to Alexander Krivenyshev for the heads-up.)
Asia/Magadan switches from +10 to +11 on 2016-04-24 at 02:00.
(Thanks to Alexander Krivenyshev and Matt Johnson.)
New zone Asia/Tomsk, split off from Asia/Novosibirsk. It covers
Tomsk Oblast, Russia, which switches from +06 to +07 on 2016-05-29
at 02:00. (Thanks to Stepan Golosunov.)
Changes affecting past time stamps
New zone Europe/Kirov, split off from Europe/Volgograd. It covers
Kirov Oblast, Russia, which switched from +04/+05 to +03/+04 on
1989-03-26 at 02:00, roughly a year after Europe/Volgograd made
the same change. (Thanks to Stepan Golosunov.)
Russia and nearby locations had daylight-saving transitions on
1992-03-29 at 02:00 and 1992-09-27 at 03:00, instead of on
1992-03-28 at 23:00 and 1992-09-26 at 23:00. (Thanks to Stepan
Golosunov.)
Many corrections to historical time in Kazakhstan from 1991
through 2005. (Thanks to Stepan Golosunov.) Replace Kazakhstan's
invented time zone abbreviations with numeric abbreviations.
ncurses: update to 6.0 and rename 5.9 to ncurses-compat
This patch updates the ncurses to 6.0. The old 5.9 are renamed to ncurses-compat.
The compat makes the old libs maintainable and the compat rootfile is cleaned up.
The 6.0 is build after 5.9 and all IPFire componentes will build with 6.0
In version 6 only the wide-character libraries are build. The are usable
in both multibyte and traditional 8-bit locales while normal libraries work
properly only in 8-bit locales. The toolchain is only bild with 6.0.
Please ignore my first ncurses 6.0 patch.
Signed-off-by: Marcel Lorenz <marcel.lorenz@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
projects / people / fbuehrle / ipfire-2.x.git / log
