The helper script will be automatically called when the red interface gets up
and will re-generate the HOME_NET file, to take care if the IP-address of this
interface has changed.
Fixes#11989
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Perl seems to have a very funny feature where you cannot rely on
how it formats IP addresses into a binary string.
This seems to be 16 bytes long for IPv4 addresses when we (and the kernel)
only expect 4.
This patch changes this so that the last 12 bytes are just being dropped.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
For details see:
https://github.com/logrotate/logrotate/releases
- timer unit: change trigger fuzz from 12h to 1h (#230)
- service unit: only run if /var/log is mounted (#230)
- preserve fractional part of timestamps when compressing (#226)
- re-indent source code using spaces only (#188)
- minage: avoid rounding issue while comparing the amount of seconds (#36)
- never remove old log files if rotate -1 is specified (#202)
- return non-zero exit status if a config file contains an error (#199)
- make copytruncate work with rotate 0 (#191)
- warn user if both size and the time interval options are used (#192)
- pass rotated log file name as the 2nd argument of the postrotate script
when sharedscript is not enabled (#193)
- rename logrotate-default to logrotate.conf (#187)
Best,
Matthias
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Disabled MD2 and Aria cipher.
TLSv1.3 is now available with:
TLS_CHACHA20_POLY1305_SHA256 TLSv1.3
TLS_AES_256_GCM_SHA384 TLSv1.3
TLS_AES_128_GCM_SHA256 TLSv1.3
Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
The setting cannot be set on the default system because the ip_vs
module is not loaded by default and there is no reason to load it
just because we would be able to set the setting.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
The legacy GeoIP perl module cannot handle the new GeoLite2 databases
provided from maxmind and therefore needs to be dropped.
Reference #11960
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This is a runtime dependency of the xt_geoip_build perl script
shipped by xtables-addons in version 3.2.
Reference #11960.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Fixes#11904
Since OpenSSL-1.1.0x the database attribute file for IPSec and OpenVPN wasn´t created while initial PKI generation.
OpenVPN delivered an error message but IPSec did crashed within the first attempt.
This problem persists also after X509 deletion and new generation.
index.txt.attr will now be delivered by the system but also deleted and recreated while setting up a new x509.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This is a bugfix release:
"due to some privacy issues in default settings of Wget, we introduce
this bugfix release.
The --xattr option (saving original URL and Referer into extended file
attributes) was introduced and enabled by default since Wget 1.19.
It possibly saved - possibly unrecognized by the user - credentials,
access tokes etc that were included in the requested URL.
We changed three details as a countermeasure, see below in the NEWS section.
With Best Regards, Tim
...
NEWS
* Changes in Wget 1.20.1
** --xattr is no longer default since it introduces privacy issues.
** --xattr saves the Referer as scheme/host/port,
user/pw/path/query/fragment
are no longer saved to prevent privacy issues.
** --xattr saves the Original URL without user/password to prevent
privacy issues."
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This path to keepalived was just incorrect and therefore
the daemon could not easily be reloaded.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
