lp://qastaging/~vcs-imports/ipfire/ipfire-2.x

Created by Jelmer Vernooij and last modified
Get this branch:
bzr branch lp://qastaging/~vcs-imports/ipfire/ipfire-2.x

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
VCS imports
Project:
IPFire.org
Status:
Development

Import details

Import Status: Suspended

This branch is an import of the HEAD branch of the Git repository at git://git.ipfire.org/ipfire-2.x.git.

Last successful import was .

Import started on juju-98ee42-prod-launchpad-codeimport-4 and finished taking 25 seconds — see the log
Import started on juju-98ee42-prod-launchpad-codeimport-2 and finished taking 30 seconds — see the log
Import started on juju-98ee42-prod-launchpad-codeimport-2 and finished taking 30 seconds — see the log
Import started on juju-98ee42-prod-launchpad-codeimport-2 and finished taking 25 seconds — see the log
Import started on juju-98ee42-prod-launchpad-codeimport-0 and finished taking 30 seconds — see the log
Import started on juju-98ee42-prod-launchpad-codeimport-1 and finished taking 30 seconds — see the log
Import started on juju-98ee42-prod-launchpad-codeimport-0 and finished taking 30 seconds — see the log
Import started on juju-98ee42-prod-launchpad-codeimport-2 and finished taking 20 seconds — see the log
Import started on juju-98ee42-prod-launchpad-codeimport-2 and finished taking 25 seconds — see the log
Import started on juju-98ee42-prod-launchpad-codeimport-1 and finished taking 20 seconds — see the log

Recent revisions

13350. By Michael Tremer <email address hidden>

flash-image: Create a journal when the filesystem is being created

We recently started to have problems when a new installation was
launched from the flash image that creating the journal corrupted the
filesystem on the next mount operation.

Since we would like all IPFire installations to have a journal, we
create this now when we create the image and won't try to add it later.

Signed-off-by: Michael Tremer <email address hidden>

13349. By Michael Tremer <email address hidden>

installer: Remove the option to install without journal

It was possible to install a new system without a journal. I think this
is a very outdated concept now and should be avoided in favour of
filesystem integrity.

Signed-off-by: Michael Tremer <email address hidden>

13348. By Michael Tremer <email address hidden>

Config: Don't interpret file names as regular expressions

When we are searching for changes in rootfiles, we walk through each
file that we have found in the build and check if it exists in the
rootfile. That check interpreted filenames as regular expressions which
caused a problem in the case of "/usr/bin/[".

This patch changes that grep will only search for an exact string match
(-F) and the string must be the entire line (-x).

Signed-off-by: Michael Tremer <email address hidden>
Reviewed-by: Adolf Belka <email address hidden>
Signed-off-by: Michael Tremer <email address hidden>

13347. By Michael Tremer <email address hidden>

core190: Load SSH RSA key on legacy systems

Signed-off-by: Michael Tremer <email address hidden>

13346. By Michael Tremer <email address hidden>

OpenSSH: No longer try to load the RSA key

This key has been removed on new installations.

Signed-off-by: Michael Tremer <email address hidden>

13345. By Stefan Schantl <email address hidden>

backup: Add /etc/ssh/sshd_config.d

Signed-off-by: Stefan Schantl <email address hidden>
Signed-off-by: Michael Tremer <email address hidden>

13344. By Stefan Schantl <email address hidden>

openssh: Introduce include directory for additional sshd config files

This patch adds the prosibility to place additional *.config files in /etc/ssh/sshd_config.d/
which will be included and loaded during the daemon startup process.

Because this files will not be overwritten by any update, they can be used to place custom
or other persistent settings.

Signed-off-by: Stefan Schantl <email address hidden>
Signed-off-by: Michael Tremer <email address hidden>

13343. By Adolf Belka <email address hidden>

suricata: Update to version 7.0.8

- Update from version 7.0.7 to 7.0.8
- Update of rootfile not required
- Changelog
    7.0.8
 Security #7412: tcp: generic detection bypass using TCP urgent support (7.0.x
  backport)(HIGH - CVE 2024-55629)
 Security #7405: dns: quadratic complexity in logging and invalid json as output
  (7.0.x backport)(HIGH - CVE 2024-55628)
 Security #7404: tcp: segfault on StreamingBufferSlideToOffsetWithRegions (7.0.x
  backport)(CRITICAL - CVE 2024-55627)
 Security #7367: bpf: oversized bpf file can lead to buffer overflow (7.0.x
  backport)(LOW - CVE 2024-55626)
 Security #7306: detect: write to read-only memory in transforms (7.0.x backport)
  (CRITICAL - CVE 2024-55605)
 Bug #7445: dpdk: RSS key length missmatch on ice (E810) card with DPDK version
  22.11.6 (7.0.x backport)
 Bug #7434: requires: rules with unmet requirements are still loaded (7.0.x
  backport)
 Bug #7432: detect: decoder event rules fail to match on invalid packets (7.0.x
  backport)
 Bug #7407: detect: missing app-layer metadata in alerts (7.0.x backport)
 Bug #7368: flow: flow timeout pseudo packet triggers unexpected alert (7.0.x
  backport)
 Bug #7362: rules: unknown internal events not being detected as errors (7.0.x
  backport)
 Bug #7339: rust: different int types turn garbage on FFI boundary (7.0.x backport)
 Bug #7335: asan/profiling: global-buffer-overflow error (7.0.x backport)
 Bug #7327: http: FN with prefilter if the first of multi buffer did not match
  (7.0.x backport)
 Bug #7324: mqtt: wrong and missing direction for keywords (7.0.x backport)
 Bug #7310: http: incorrect file direction handling (7.0.x backport)
 Bug #7308: conf: memleak if yaml parser is initialized before checking if file
  exists (7.0.x backport)
 Bug #7307: detect: memleak in case of errors during initialization (7.0.x
  backport)
 Bug #7301: output: oversized records lead to invalid json (7.0.x backport)
 Bug #7295: detect: sip.stat_code keyword uses wrong buffer name
 Bug #7294: conf: nullptr dereference if mem alloc fails for a node in yaml
  parser (7.0.x backport)
 Optimization #7316: template: remove usage of template-rust (7.0.x backport)
 Optimization #7275: tcp/reassemble: GetBlock takes O(nlgn) in worst case (7.0.x
  backport)
 Feature #7439: eve/alert: enrich decoder event rules (7.0.x backport)
 Task #7427: flowint: add isnotset support (7.0.x backport)
 Task #7288: schema: add missing tls fields certificate and chain (7.0.x backport)

Signed-off-by: Adolf Belka <email address hidden>
Signed-off-by: Michael Tremer <email address hidden>

13342. By Arne Fitzenreiter

linux-firmware: ship needed config txt files.

these files are parsed by the kernel at firmware load and are needed!
don't remove it again.

Signed-off-by: Arne Fitzenreiter <email address hidden>

13341. By Arne Fitzenreiter

kernel: update to 6.6.63

Signed-off-by: Arne Fitzenreiter <email address hidden>

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
This branch contains Public information 
Everyone can see this information.