Those fix some unintentional behaviour regarding autocompletion I
stumbled across the other day. While there seems nothing security
relevant in this, it irons out a few bugs.
The full and up-to-date list of all Bash 5.0 patches can be obtained
from https://ftp.gnu.org/gnu/bash/bash-5.0-patches/ .
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This package has not been maintained well and is thereof outdated. At
the time of writing, we neither
(a) have a maintainer for this nor
(b) believe it is wise to run a full-featured content scanner on a
firewall for security purposes. (We can make do with Postfix, as it
is known for being a very robust MTA and providess less attack
surface than something actually inspecting transferred messages.)
Thereof, this patch drops the SpamAssassin add-on. In case it is desired
in future versions of IPFire, it can be easily reverted, restoring the
functionality and behaviour before.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This package has not been maintained well and is thereof outdated. At
the time of writing, we neither
(a) have a maintainer for this nor
(b) believe it is wise to run a full-featured content scanner on a
firewall for security purposes. (We can make do with Postfix, as it
is known for being a very robust MTA and providess less attack
surface than something actually inspecting transferred messages.)
Thereof, this patch drops the Amavis add-on. In case it is desired in
future versions of IPFire, it can be easily reverted, restoring the
functionality and behaviour before.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Samba is always linked against CUPS and therefore there is
no way to disable printing anyways.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
It is not useful to set this on a modern server. The Linux
kernel will be tuning any send and receive buffer sizes.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This variable is no longer being used and was only used to
assign IP addresses to the individual interfaces.
However, the kernel knows best which IP address to select
as broadcast address for each network. Therefore we depend
on the kernel which allows us to support RFC3021.
Fixes: #12486 - no /31 transfer net available on red
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Update includes several fixes and enhancements.
The full overview of changes are located in here --> https://github.com/iptraf-ng/iptraf-ng/blob/master/CHANGES .
rvnamed has been merged into iptraf-ng. Fix division by zero patch has been merged into new version, patch is not needed anymore. logrotate configuration for iptraf-ng has been included.
Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
The whole hostname was used as domain name because there
was no . in it where the string could have been split.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
There are NICs with 06: and we cannot simply replace the
first byte of the address.
I have no idea why this hack is needed and I believe we
do not need it at all.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
It could happen that the remote peer re-established the connection
before "ipsec reload" removed it from the daemon.
Now, we write the configuration files first, reload them
and then bring down any connections that are still established.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Sorry, there is no changelog available.
For a better overview I moved 'logwatch-7.3.6-date_manip6.patch' to a directory of its own.
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
libiptc is no longer being shipped by iptables and has been split
into a version for IPv4 and IPv6.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
the configure.ac has a bug that detects gcc-10 as gcc-1 and so not use
some quirks. Also there is a bug with FORTIFY-SOURCE=2 that crash
if the matchparen plugin is used (enabled by default).
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Processors in virtual machines are *virtual*. Therefore this
only degrades the performance of the guest, but does not increase
it's security.
This patch always leaves SMT enabled in all virtual environments.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
