- Update from version 3.8.4 to 3.9.0
- Update of rootfile
- With version 3.9.0 the option smtpd_forbid_bare_newline default value is now yes. With
previous versions the default value was no but to prevent the possibility of an smtp
smuggling attack the option should be yes. Previous version therefore actively set
the value to yes and added it to the main.cf file when being installed. With version
3.9.0 the default value is now yes so the option no longer needs to be added into
main.cf, so smtp smuggling attack is protected by default now.
- Removed the section from the install.sh file that added the option into main.cf with
version 3.8.4. From 3.9.0 onwards the default value is yes so no longer needs to be
actively added into main.cf
- Changelog is too large to paste here. It can be read in the file RELEASE_NOTES in the
source tarball.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- This v2 version increments the PAK_VER number
- Update from version 4.19.5 to 4.20.1
- Update of rootfile
- Changelog
4.20.1
* BUG 15630: dns update debug message is too noisy.
* BUG 15635: Do not fail PAC validation for RFC8009 checksums types.
* BUG 15605: Improve performance of lookup_groupmem() in idmap_ad.
* BUG 15636: Smbcacls incorrectly propagates inheritance with Inherit-Only
flag.
* BUG 15611: http library doesn't support 'chunked transfer encoding'.
* BUG 15600: Provide a systemd service file for the background queue daemon.
4.20.0
The changelog is too large to show here. Details can be found at
https://www.samba.org/samba/history/samba-4.20.0.html
I did not identify any changes related to how samba is configured in IPFire
4.19.6
* BUG 15527: fd_handle_destructor() panics within an smbd_smb2_close() if
vfs_stat_fsp() fails in fd_close().
* BUG 15588: samba-gpupdate: Correctly implement site support.
* BUG 15527: fd_handle_destructor() panics within an smbd_smb2_close() if
vfs_stat_fsp() fails in fd_close().
* BUG 15588: samba-gpupdate: Correctly implement site support.
* BUG 15599: libgpo: Segfault in python bindings.
* BUG 15580: Packet marshalling push support missing for
CTDB_CONTROL_TCP_CLIENT_DISCONNECTED and
CTDB_CONTROL_TCP_CLIENT_PASSED.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
This architecture does not seem to be support and since we don't support
this as a primary architecture just yet, we will build without this
package.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- hyperscan will move from BSD licence to a proprietary paid for licence from version 5.5
onwards.
- hyperscan will be replaced by vectorscan, a fork of hyperscan.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- It has been announced that from hyperscan-5.5 onwards the licence for this package
will change from BSD tp proprietarty paid for version
- This patch submission installs vectorscan whihc was created as a fork from hyperscan
andf that is being maintained and has indicated it will suay Open Source
- Created new lfs file
- Created nbew rootfile. This looks to match the hyperscan rootfile closely
- Added vector scan to the make.sh file and removed hyperscan from it.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Update from version 11.0.6 to 13.0.4
- Update of rootfile
- Version 13.x has now been released for 12 months so updating the File Daemon to 13.x
should be good.
- Version 11.x was released 40 months ago.
- Changelog
The changes are all related to the Director and the Storage Daemon. The changelog states
that older file daemons "should" be compatible with 13.x DIR & SD. This change ensures
IPfire "is" compatible with the 13.x DIR & SD.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- I realised that the previous patch for update.sh related to the ipblocklist removal
of ALIENVAULT and SPAMHAUS_EDROP only removed the SPAMHAUS_EDROP setting. It makes sense
to add SPAMHAUS_DROP to the settings file if SPAMHAUS_EDROP was previously used and
SPAMHAUS_DROP was not selected.
- This patch adds the above change.
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Changelog according to the tarball's NEWS file:
- Improvements
- Use any hash algo known by kernel/openssl instead of keep needing
to update the mapping
- Teach kmod to load modprobe.d/depmod.d configuration from ${prefix}/lib
and allow it to be overriden during build with --with-distconfdir=DIR
- Make kernel modules directory configurable. This allows distro to
make kmod use only files from /usr regardless of having a compat
symlink in place.
- Install kmod.pc containing the features selected at build time.
- Install all tools and symlinks by default. Previously kmod relied on
distro packaging to set up the symlinks in place like modprobe,
depmod, lsmod, etc. Now those symlinks are created by kmod itself
and they are always placed in $bindir.
- Bug Fixes
- Fix warnings due to -Walloc-size
- Others
- Drop python bindings. Those were not update in ages and not compatible
with latest python releases.
- Cleanup test infra, dropping what was not used anymore
- Drop experimental tools `kmod insert` / `kmod remove`. Building those
was protected by a configure option never set by distros. They also
didn't gain enough traction to replace the older interfaces via
modprobe/insmod/rmmod.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Since we no longer support other themes, the web UI should load quicker
if not importing too many other files.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- This removes any time entries in the modified file for either ALIENVAULT or
SPAMHAUS_EDROP.
- This also removes any blocklists for either of these sources from the /var/lib/ipblocklist
directory.
- This patch will ensure that any reference to either of these sources is removed from the
ipblocklist files.
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- As discussed in the Dev conf call on 2024-Jan-08
- The 1.x version of Icinga has been EOL since 2018
- The 2.x version would require a complete new configuration approach as the settings
and options are completely different to 1.x and so would be a start from scratch.
- removal of icinga from make.sh file
- removal of lfs file
- removal of rootfile
- removal of configuration file
- removal of backup includes file
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Acked-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- sslh is listed in the initscripts lfs and rootfiles.
- Removal of these references with the bremoval of sslh
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- As discussed in the Dev conf call on 2024-Apr-08
- sslh has not been functioning since last update ion Sep 2021. Configuration syntax
was radically changed somewhere in the update from 1.7a(2013) to 1.22c in Sep 2021
- removal of sslh from make file
- removal of lfs file
- removal of rootfile
- removal of paks files
- removal of initscript
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
For details see:
https://downloads.isc.org/isc/bind9/9.16.49/doc/arm/html/notes.html#notes-for-bind-9-16-49
"Bug Fixes
A regression in cache-cleaning code enabled memory use to grow
significantly more quickly than before, until the configured
max-cache-size limit was reached. This has been fixed. [GL #4596]
Using rndc flush inadvertently caused cache cleaning to become
less effective. This could ultimately lead to the configured
max-cache-size limit being exceeded and has now been fixed. [GL #4621]
The logic for cleaning up expired cached DNS records was tweaked to be
more aggressive. This change helps with enforcing max-cache-ttl and
max-ncache-ttl in a timely manner. [GL #4591]
It was possible to trigger a use-after-free assertion when the overmem
cache cleaning was initiated. This has been fixed. [GL #4595]"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
