For details, see:
http://www.squid-cache.org/Versions/v3/3.5/changesets/
Since there were problems with "trailing white spaces" I started a new 'squid_3'
branch from scratch, based on current 'next'.
I hope this is what is needed and that it helps.
This one was built without errors and is running here without seen problems.
Best,
Matthias
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
If the kernel module vhot_net is loaded, the performance of virtio
networking is better then without vhost_net.
So the module is loaded before libvirtd ist started to get the benefit
of vhost_net.
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
simply adding may use id's twice if the user has
added other services so we don't update this files.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
This package adds support for the use redirection of spice.
It is now possible to attach USB devices of the host where the spice
client run to the virtual machine.
The binary is not needed for this functionality and that's why they is
not shipped with the package
This feature is also enabled in qemu.
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
The directory /etc/libvirt is backed up on uninstallation and is
restored on installation.
Alle Files in /var are commented in the rootfile so they are not
removed on uninstallation.
Because of the fact that the directories are not shipped with the
package they were created at installation time.
The permissions of 3 directories are changed because the qemu user is
nobody and the qemu group is kvm, so the permissions must be nobody:kvm
Fixes: #11151
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Includes various security fixes:
* sshd(8): Mitigate a potential denial-of-service attack against
the system's crypt(3) function via sshd(8). An attacker could
send very long passwords that would cause excessive CPU use in
crypt(3). sshd(8) now refuses to accept password authentication
requests of length greater than 1024 characters. Independently
reported by Tomas Kuthan (Oracle), Andres Rojas and Javier Nieto.
* sshd(8): Mitigate timing differences in password authentication
that could be used to discern valid from invalid account names
when long passwords were sent and particular password hashing
algorithms are in use on the server. CVE-2016-6210, reported by
EddieEzra.Harari at verint.com
* ssh(1), sshd(8): Fix observable timing weakness in the CBC padding
oracle countermeasures. Reported by Jean Paul Degabriele, Kenny
Paterson, Torben Hansen and Martin Albrecht. Note that CBC ciphers
are disabled by default and only included for legacy compatibility.
* ssh(1), sshd(8): Improve operation ordering of MAC verification for
Encrypt-then-MAC (EtM) mode transport MAC algorithms to verify the
MAC before decrypting any ciphertext. This removes the possibility
of timing differences leaking facts about the plaintext, though no
such leakage has been observed. Reported by Jean Paul Degabriele,
Kenny Paterson, Torben Hansen and Martin Albrecht.
* sshd(8): (portable only) Ignore PAM environment vars when
UseLogin=yes. If PAM is configured to read user-specified
environment variables and UseLogin=yes in sshd_config, then a
hostile local user may attack /bin/login via LD_PRELOAD or
similar environment variables set via PAM. CVE-2015-8325,
found by Shayan Sadigh.
Fixes: #11160
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
The perl-Net-IP module provides various methods for validating
and calculating IP-addresses (both IP protocols supported) and
is a runtime dependency of guardian 2.0.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
The options for configuring the log file location and
snort alert priority level now dynamically will be
displayed or hidden if the desired options or feature
is not used.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
This will allow to choose between DROP and REJECT if guardian blocks an
attackers address.
Fixes #10xxx.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
