Commit Graph

6207 Commits

Author SHA1 Message Date
Michael Tremer
13827014fc core127: Ship updated wget
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2018-12-31 00:36:23 +00:00
Arne Fitzenreiter
f1f40274a0 u-boot: fix x86 builds
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2018-12-23 11:12:15 +01:00
Arne Fitzenreiter
ae84d3745d u-boot: fix typo in boot.scr
fix serial console output on RPi3 B+ at aarch64

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2018-12-20 08:04:22 +01:00
Michael Tremer
6f1f51ba1c core127: Ship DNS forwarding settings
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2018-12-19 21:01:20 +01:00
Michael Tremer
4af8d6964b pcre: Enable JIT
This is now possible because we no longer run grsecurity-enabled
kernels. The performance of PCRE increases dramatically and applications
like the IDS benefit hugely:

  https://blog.inliniac.net/2011/10/12/suricata-and-pcre-performance/

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2018-12-19 15:44:32 +00:00
Jonatan Schlag
909549b1d6 Update libvirt to version 4.10
This partially fixes #11941 as libvirt now states clearly that seccomp
needs to be disabled

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2018-12-18 22:33:07 +00:00
Michael Tremer
452e537092 core127: Ship updated squid
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2018-12-18 22:32:07 +00:00
Matthias Fischer
a2bcb4135b squid: Update to 4.4 (stable)
For details see:
http://www.squid-cache.org/Versions/v4/changesets/

In July 2018, 'squid 4' was "released for production use", see:
https://wiki.squid-cache.org/Squid-4

"The features have been set and large code changes are reserved for later versions."

I've tested almost all 4.x-versions and patch series before with good results.
Right now, 4.4 is running here with no seen problems together with
'squidclamav', 'squidguard' and 'privoxy'.

I too would declare this version stable.

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2018-12-18 22:30:51 +00:00
Matthias Fischer
cab2314ac4 bind: Update to 9.11.5-P1
For details see:
http://ftp.isc.org/isc/bind9/9.11.5-P1/RELEASE-NOTES-bind-9.11.5-P1.html

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2018-12-18 22:29:39 +00:00
Michael Tremer
a38eb040bf sqlite: Update to 3.26.0
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2018-12-18 22:28:59 +00:00
Matthias Fischer
53ac9dd222 unbound: Update to 1.8.3
For details see:
https://nlnetlabs.nl/svn/unbound/tags/release-1.8.3/doc/Changelog

"Fix dns64 allocation in wrong region for returned internal queries."

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2018-12-13 13:14:35 +00:00
Michael Tremer
edff2bb851 core127: Ship updated grub
It doesn't need to be re-installed because no system with
that configuration should exist right now.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2018-12-13 13:11:01 +00:00
Michael Tremer
81e1e80e38 AWS: Prefer red* or eth* when importing configuration
This change is necessary to make sure that the script prefers
are link with internet access. That would usually be red (after
the second boot) or eth* (on the first boot).

That allows (and ensures) that we can install packages in
the user-data script.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2018-12-12 11:36:44 +00:00
Michael Tremer
de4f303186 core127: Ship updated unbound
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2018-12-11 19:46:10 +00:00
Matthias Fischer
707846392e unbound: Update to 1.8.2
For details see:
https://nlnetlabs.nl/projects/unbound/download/

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2018-12-11 19:45:28 +00:00
Matthias Fischer
5df66de303 clamav: Update to 0.101.0
For details see:
https://blog.clamav.net/

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2018-12-11 19:42:22 +00:00
Michael Tremer
8b02a92fe7 core127: Ship updated fireinfo
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2018-12-11 19:41:31 +00:00
Michael Tremer
66f7b646cd Start Core Update 127
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2018-12-11 19:41:09 +00:00
Arne Fitzenreiter
c030bfba2e core126: fix "need reboot display"
The display should displayed always except the linux-pae
packages is planned to be installed after this update.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2018-12-07 21:16:43 +01:00
Michael Tremer
f354601bbe initscripts: Import pakfire keys before importing AWS configuration
This is useful when the user-data script is installing
packages. For that it will need valid keys for course.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2018-12-07 11:38:55 +00:00
Arne Fitzenreiter
56726ed954 rngd: update initskript and add hwrngtty support
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2018-12-06 22:33:05 +01:00
Arne Fitzenreiter
8d638b63f8 core126: add kernel files to update
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2018-12-06 16:05:31 +01:00
Arne Fitzenreiter
19f37f2493 core126: add kernel to updater
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2018-12-06 11:27:46 +01:00
Michael Tremer
a4e3a76af9 bird: Add initscript
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2018-12-01 16:13:25 +00:00
Michael Tremer
b5b8920cf0 bird: Add forgotten file
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2018-12-01 16:13:25 +00:00
Michael Tremer
e122256d8f core126: Ship recently updated packages
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2018-12-01 16:13:25 +00:00
Matthias Fischer
9a12784047 BUG 11929: Build 'bind'-binaries dynamically and install needed libraries (V2)
Hi,

To save space linking the 'bind 9.11.5'-binaries was changed from statically to dynamically.

Changes to V2:
Removed unnecessary '*.so'-links.

Complete file sizes shrinked from ~4800K to ~1700K. Needs testing and confirmation!

I'm running this version right now under Core 124 - no seen problems so far.

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2018-12-01 16:13:25 +00:00
Michael Tremer
be7f989249 bird: Backup configuration file on update
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2018-12-01 16:13:25 +00:00
Michael Tremer
3eea5c6f3a nfs: Add backup include file
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2018-11-28 19:08:17 +00:00
Michael Tremer
77729e5be8 nfs: Install configuration in package
This was lost in the last update

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2018-11-28 19:02:53 +00:00
Michael Tremer
380350300f openssl: Rootfile update
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2018-11-25 13:45:11 +00:00
Michael Tremer
928b3cbf66 openssl: Update to 1.1.0j
*) Timing vulnerability in DSA signature generation

     The OpenSSL DSA signature algorithm has been shown to be vulnerable to a
     timing side channel attack. An attacker could use variations in the signing
     algorithm to recover the private key.

     This issue was reported to OpenSSL on 16th October 2018 by Samuel Weiser.
     (CVE-2018-0734)
     [Paul Dale]

  *) Timing vulnerability in ECDSA signature generation

     The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a
     timing side channel attack. An attacker could use variations in the signing
     algorithm to recover the private key.

     This issue was reported to OpenSSL on 25th October 2018 by Samuel Weiser.
     (CVE-2018-0735)
     [Paul Dale]

  *) Add coordinate blinding for EC_POINT and implement projective
     coordinate blinding for generic prime curves as a countermeasure to
     chosen point SCA attacks.
     [Sohaib ul Hassan, Nicola Tuveri, Billy Bob Brumley]

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2018-11-21 11:21:42 +00:00
Michael Tremer
6170b25363 Rootfile update
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2018-11-19 18:58:48 +00:00
Arne Fitzenreiter
67640833a2 kernel: arm32 bit fix config and update rootfile
Some drivers was disabled by oldconfig because i had
arm multiarch patchsed. This commit reenable it.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2018-11-18 20:24:43 +01:00
Alexander Rudolf Gruber
4684118009 kernel: enable HW of clearfog
clearfog base need MARVELL Phy and SDHCI Xenon enabled.
2018-11-18 17:36:44 +01:00
Arne Fitzenreiter
5ed864857a kernel: disable FW_LOADER_USER_HELPER_FALLBACK
newer (e)udev has dropped the support for this.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2018-11-18 14:33:45 +01:00
Arne Fitzenreiter
16c18024bb kernel: compress kernel modules with xz
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2018-11-18 14:30:14 +01:00
Michael Tremer
e91ceed69a alac: New package
This adds the Apple ALAC audio decoder

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2018-11-13 14:28:00 +00:00
Michael Tremer
3a7dd58834 core126: Ship libconfig
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2018-11-12 00:16:23 +00:00
Michael Tremer
93aa56a698 Start Core Update 126
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2018-11-12 00:15:28 +00:00
Michael Tremer
6dc7b04bea shairport-sync: Add initscript
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2018-11-11 18:55:35 +00:00
Michael Tremer
63dc6532d1 shairport-sync: Add backup include file
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2018-11-11 17:34:11 +00:00
Michael Tremer
c708fa157f shairport-sync: New package
Shairport Sync is an AirPlay audio player - it plays audio streamed
from iTunes, iOS, Apple TV and macOS devices and AirPlay sources
such as Quicktime Player and ForkedDaapd, among others.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2018-11-11 17:26:35 +00:00
Michael Tremer
f3e6230125 libconfig: New package
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2018-11-11 17:23:20 +00:00
Michael Tremer
41f8d64284 soxr: New package (0.1.3)
The SoX Resampler library `libsoxr' performs one-dimensional sample-rate
conversion -- it may be used, for example, to resample PCM-encoded audio.
For higher-dimensional resampling, such as for visual-image processing, you
should look elsewhere.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2018-11-11 16:21:01 +00:00
Arne Fitzenreiter
8e68bb83c6 xen-image: enlarge partitions and remove extra /var partition
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2018-11-10 11:03:37 +01:00
Arne Fitzenreiter
f52ef2ce5a core125: restart init after glibc uodate
without restart remount of / will fail and may result in
a filesystem corruption at next boot.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2018-11-09 21:09:06 +01:00
Michael Tremer
014b235a06 dehydrated: New package
This is a light client for Let's Encrypt which is implemented
in bash and does not have any other dependencies apart from
openssl and curl.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2018-11-09 14:29:04 +00:00
Michael Tremer
524dae818f update accelerator: Do not attempt to cache IPFire updates any more
We do not deliver anything via HTTP or FTP any more and therefore
nothing can be cached any more.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2018-11-08 16:46:11 +00:00
Michael Tremer
01a3c346dd update accelerator: Cache .msp files for Adobe
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2018-11-08 16:45:30 +00:00