- This patch ensures that if a restore is carried out from an earlier version that includes
ALIENVAULT and/or SPAMHAUS_EDROP that the references will be removed.
- This is the same code as was put into the update.sh file with the previous patch of this
set.
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- This removes any time entries in the modified file for either ALIENVAULT or
SPAMHAUS_EDROP.
- This also removes any blocklists for either of these sources from the /var/lib/ipblocklist
directory.
- This patch will ensure that any reference to either of these sources is removed from the
ipblocklist files.
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- ALIENVAULT has not been updated since at least Nov 2022 but probably earlier. There is no
date for the file to be downloaded but a forum user has log messages from Nov 2022 that
indicate the file had not changed as therefore no download occurred.
- AT&T aquired AlienVault in August 2018. Somewhere between 2018 and 2022 the list stopped
getting updated. AlienVault references on the AT&T website are now for a different
product.
- Discussed in IPFire conf call of April 2024 and agreed to remove the ALIENVAULT
blocklist.
- On Apr 10th the Spamhaus eDROP list was merged with the Spamhaus DROP list. The eDROP
list is still available but is now empty. Trying to select the SPAMHAUS_EDROP list
gives an error message that the blocklist was found to be empty.
- This patch removes both the ALIENVAULT and the SPAMHAUS_EDROP lists from the ipblocklist
sources file.
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- This ensures that all ip route and ip rule commands are redirected to null if the output
is not used to feed into a variable.
- This will prevent any error messages related to empty iproute tables being displayed
during boot if an empty table is accessed.
Fixes: Bug#12763
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- This ensures that all ip route and ip rule commands are redirected to null if the output
is not used to feed into a variable.
- This will prevent any error messages related to empty iproute tables being displayed
during boot if an empty table is accessed.
Fixes: Bug#12763
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- This ensures that all ip route and ip rule commands are redirected to null if the output
is not used to feed into a variable.
- This will prevent any error messages related to empty iproute tables being displayed
during boot if an empty table is accessed.
Fixes: Bug#12763
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- This ensures that all ip route and ip rule commands are redirected to null if the output
is not used to feed into a variable.
- This will prevent any error messages related to empty iproute tables being displayed
during boot if an empty table is accessed.
Fixes: Bug#12763
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- This ensures that all ip route and ip rule commands are redirected to null if the output
is not used to feed into a variable.
- This will prevent any error messages related to empty iproute tables being displayed
during boot if an empty table is accessed.
Fixes: Bug#12763
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- This ensures that all ip route and ip rule commands are redirected to null if the output
is not used to feed into a variable.
- This will prevent any error messages related to empty iproute tables being displayed
during boot if an empty table is accessed.
Fixes: Bug#12763
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- This ensures that all ip route and ip rule commands are redirected to null if the output
is not used to feed into a variable.
- This will prevent any error messages related to empty iproute tables being displayed
during boot if an empty table is accessed.
Fixes: Bug#12763
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- This ensures that all ip route and ip rule commands are redirected to null if the output
is not used to feed into a variable.
- This will prevent any error messages related to empty iproute tables being displayed
during boot.
- Tested on my vm system and confirmed that the fix in ipsec-interfaces stops the "FIB
table does not exist" and "RTNETLINK answers: no such file or directory" messages during
boot.
Fixes: Bug#12763
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Some of the ip route commands are not redirected to null. This causes the "FIB table does
not exist" message from bug12763
- This patch makes all ip route commands get redirected to null, preventing the error
message from being seen at boot.
- One of the ip rule commands is not redirected to null. This causes the "RTNETLINK
answers: no such file or directory" message.
- This patch makes all ip rule commands get redirected to null, preventing the error
message from being seen at boot.
- Additional patches in this set ensure that all ip route and ip rule commands in all
IPFire code is redirected to null unless the output of the ip route or ip rule command
is used in a variable for use elsewhere in the code.
- Tested on my vm system and confirmed that the fix in ipsec-interfaces stops the "FIB
table does not exist" and "RTNETLINK answers: no such file or directory" messages during
boot.
Fixes: Bug#12763
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- As discussed in the Dev conf call on 2024-Jan-08
- The 1.x version of Icinga has been EOL since 2018
- The 2.x version would require a complete new configuration approach as the settings
and options are completely different to 1.x and so would be a start from scratch.
- removal of icinga from make.sh file
- removal of lfs file
- removal of rootfile
- removal of configuration file
- removal of backup includes file
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Acked-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- sslh is listed in the initscripts lfs and rootfiles.
- Removal of these references with the bremoval of sslh
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- As discussed in the Dev conf call on 2024-Apr-08
- sslh has not been functioning since last update ion Sep 2021. Configuration syntax
was radically changed somewhere in the update from 1.7a(2013) to 1.22c in Sep 2021
- removal of sslh from make file
- removal of lfs file
- removal of rootfile
- removal of paks files
- removal of initscript
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
For details see:
https://downloads.isc.org/isc/bind9/9.16.49/doc/arm/html/notes.html#notes-for-bind-9-16-49
"Bug Fixes
A regression in cache-cleaning code enabled memory use to grow
significantly more quickly than before, until the configured
max-cache-size limit was reached. This has been fixed. [GL #4596]
Using rndc flush inadvertently caused cache cleaning to become
less effective. This could ultimately lead to the configured
max-cache-size limit being exceeded and has now been fixed. [GL #4621]
The logic for cleaning up expired cached DNS records was tweaked to be
more aggressive. This change helps with enforcing max-cache-ttl and
max-ncache-ttl in a timely manner. [GL #4591]
It was possible to trigger a use-after-free assertion when the overmem
cache cleaning was initiated. This has been fixed. [GL #4595]"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
this feature should not used by IPFire and there
is a possible unfixed race condition that can
used for a privilege elevation attack.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
