lp://qastaging/~vcs-imports/ipfire/ipfire-2.x
- Get this branch:
- bzr branch lp://qastaging/~vcs-imports/ipfire/ipfire-2.x
Branch merges
Branch information
Import details
This branch is an import of the HEAD branch of the Git repository at git://git.ipfire.org/ipfire-2.x.git.
Last successful import was .
Recent revisions
- 13350. By Michael Tremer <email address hidden>
-
flash-image: Create a journal when the filesystem is being created
We recently started to have problems when a new installation was
launched from the flash image that creating the journal corrupted the
filesystem on the next mount operation.Since we would like all IPFire installations to have a journal, we
create this now when we create the image and won't try to add it later.Signed-off-by: Michael Tremer <email address hidden>
- 13349. By Michael Tremer <email address hidden>
-
installer: Remove the option to install without journal
It was possible to install a new system without a journal. I think this
is a very outdated concept now and should be avoided in favour of
filesystem integrity.Signed-off-by: Michael Tremer <email address hidden>
- 13348. By Michael Tremer <email address hidden>
-
Config: Don't interpret file names as regular expressions
When we are searching for changes in rootfiles, we walk through each
file that we have found in the build and check if it exists in the
rootfile. That check interpreted filenames as regular expressions which
caused a problem in the case of "/usr/bin/[".This patch changes that grep will only search for an exact string match
(-F) and the string must be the entire line (-x).Signed-off-by: Michael Tremer <email address hidden>
Reviewed-by: Adolf Belka <email address hidden>
Signed-off-by: Michael Tremer <email address hidden> - 13347. By Michael Tremer <email address hidden>
-
core190: Load SSH RSA key on legacy systems
Signed-off-by: Michael Tremer <email address hidden>
- 13346. By Michael Tremer <email address hidden>
-
OpenSSH: No longer try to load the RSA key
This key has been removed on new installations.
Signed-off-by: Michael Tremer <email address hidden>
- 13345. By Stefan Schantl <email address hidden>
-
backup: Add /etc/ssh/
sshd_config. d Signed-off-by: Stefan Schantl <email address hidden>
Signed-off-by: Michael Tremer <email address hidden> - 13344. By Stefan Schantl <email address hidden>
-
openssh: Introduce include directory for additional sshd config files
This patch adds the prosibility to place additional *.config files in /etc/ssh/
sshd_config. d/
which will be included and loaded during the daemon startup process.Because this files will not be overwritten by any update, they can be used to place custom
or other persistent settings.Signed-off-by: Stefan Schantl <email address hidden>
Signed-off-by: Michael Tremer <email address hidden> - 13343. By Adolf Belka <email address hidden>
-
suricata: Update to version 7.0.8
- Update from version 7.0.7 to 7.0.8
- Update of rootfile not required
- Changelog
7.0.8
Security #7412: tcp: generic detection bypass using TCP urgent support (7.0.x
backport)(HIGH - CVE 2024-55629)
Security #7405: dns: quadratic complexity in logging and invalid json as output
(7.0.x backport)(HIGH - CVE 2024-55628)
Security #7404: tcp: segfault on StreamingBufferSlideToOffsetWi thRegions (7.0.x
backport)(CRITICAL - CVE 2024-55627)
Security #7367: bpf: oversized bpf file can lead to buffer overflow (7.0.x
backport)(LOW - CVE 2024-55626)
Security #7306: detect: write to read-only memory in transforms (7.0.x backport)
(CRITICAL - CVE 2024-55605)
Bug #7445: dpdk: RSS key length missmatch on ice (E810) card with DPDK version
22.11.6 (7.0.x backport)
Bug #7434: requires: rules with unmet requirements are still loaded (7.0.x
backport)
Bug #7432: detect: decoder event rules fail to match on invalid packets (7.0.x
backport)
Bug #7407: detect: missing app-layer metadata in alerts (7.0.x backport)
Bug #7368: flow: flow timeout pseudo packet triggers unexpected alert (7.0.x
backport)
Bug #7362: rules: unknown internal events not being detected as errors (7.0.x
backport)
Bug #7339: rust: different int types turn garbage on FFI boundary (7.0.x backport)
Bug #7335: asan/profiling: global-buffer- overflow error (7.0.x backport)
Bug #7327: http: FN with prefilter if the first of multi buffer did not match
(7.0.x backport)
Bug #7324: mqtt: wrong and missing direction for keywords (7.0.x backport)
Bug #7310: http: incorrect file direction handling (7.0.x backport)
Bug #7308: conf: memleak if yaml parser is initialized before checking if file
exists (7.0.x backport)
Bug #7307: detect: memleak in case of errors during initialization (7.0.x
backport)
Bug #7301: output: oversized records lead to invalid json (7.0.x backport)
Bug #7295: detect: sip.stat_code keyword uses wrong buffer name
Bug #7294: conf: nullptr dereference if mem alloc fails for a node in yaml
parser (7.0.x backport)
Optimization #7316: template: remove usage of template-rust (7.0.x backport)
Optimization #7275: tcp/reassemble: GetBlock takes O(nlgn) in worst case (7.0.x
backport)
Feature #7439: eve/alert: enrich decoder event rules (7.0.x backport)
Task #7427: flowint: add isnotset support (7.0.x backport)
Task #7288: schema: add missing tls fields certificate and chain (7.0.x backport)Signed-off-by: Adolf Belka <email address hidden>
Signed-off-by: Michael Tremer <email address hidden> - 13342. By Arne Fitzenreiter
-
linux-firmware: ship needed config txt files.
these files are parsed by the kernel at firmware load and are needed!
don't remove it again.Signed-off-by: Arne Fitzenreiter <email address hidden>
- 13341. By Arne Fitzenreiter
-
kernel: update to 6.6.63
Signed-off-by: Arne Fitzenreiter <email address hidden>
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)