commit dadbaef0ae1e669e617cb0abfb08f81c91be2aa3 Author: Arne Fitzenreiter Date: Tue Jul 22 08:16:54 2025 +0200 core197: add kernel to updater Signed-off-by: Arne Fitzenreiter commit e5bbca89e6a79c428fd81ae916960d5402a286e2 Author: Arne Fitzenreiter Date: Tue Jul 22 08:04:09 2025 +0200 vulnarabilities: add transient sheduler attacks Signed-off-by: Arne Fitzenreiter commit 1f95c7ea8c7f615e0d808fac72fbb4622ec23a7f Author: Arne Fitzenreiter Date: Tue Jul 22 08:03:22 2025 +0200 kernel: update to 6.12.39 Signed-off-by: Arne Fitzenreiter commit 3e945cb3f0644f9dae356b0cbe0ddf9e532497b1 Author: Michael Tremer Date: Mon Jul 21 15:43:38 2025 +0000 core197: Ship Suricata's ruleset sources Signed-off-by: Michael Tremer commit 38617a4acd4485be7b019a72e549d222ecba1ad6 Author: Adolf Belka Date: Mon Jul 21 16:34:52 2025 +0200 ruleset-sources: Remove the abuse.ch SSL list from the suricata sources - The abuse.ch ssl suricata list has stopped being updated since 2025-06-25 - Looking at all of the abuse.ch lists, none of them are being updated anymore so abuse.ch becoming part of spamhaus looks to have stopped all work on free versions of the lists - This change modifies the abuse.ch entry so that it no longer can be installed but also if already installed it will remove it. - The patch has also made a few minor typo corrections in comments. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit dab0e52df496e83e797a80ffb19ee863e086b1d1 Author: Michael Tremer Date: Mon Jul 21 13:27:50 2025 +0000 dnsdist: Update to 2.0.0 Signed-off-by: Michael Tremer commit f7565a885b55384a64edd8bd73079143a04da519 Author: Michael Tremer Date: Fri Jul 18 09:57:34 2025 +0000 wireguard-functions.pl: Remove any carriage returns on import Some files might include carriage returns which won't be removed by chomp() on Linux. To be extra safe, we remove them manually. Signed-off-by: Michael Tremer commit 0a4a3c362f4123b21e4a3c67abb4f82df1e039a8 Author: Michael Tremer Date: Mon Jul 21 09:25:51 2025 +0000 core197: Ship wireguard-functions.pl Signed-off-by: Michael Tremer commit 68a3334413efb1a963b7cc6c6dca1ec0126e1cc1 Author: Michael Tremer Date: Fri Jul 18 08:42:12 2025 +0000 wireguard-functions.pl: Automatically skip IPv6 subnets Since we do not support this and some VPN providers generate configuration files that send any data over to them, we simply ignore any IPv6 subnets. Signed-off-by: Michael Tremer commit 43e0f64444f47b149f6a69ec5a727a1345698a40 Author: Michael Tremer Date: Thu Jul 17 18:26:33 2025 +0100 cpufrequtils: Drop unused patches Signed-off-by: Michael Tremer commit a9cc769404a20c0217a04720bc8cd17d678a6013 Author: Michael Tremer Date: Mon Jul 21 09:19:01 2025 +0000 core197: Update the status file in the roadwarrior configuration Signed-off-by: Michael Tremer commit e61c723c8f74e02d4e9f073d2dbcb05781f50cb4 Author: Michael Tremer Date: Mon Jul 21 09:17:27 2025 +0000 core197: Ship updated collectd configuration Signed-off-by: Michael Tremer commit 341a6a24655377ffc64d7adba096485bdc90341c Author: Robin Roevens Date: Sat Jul 19 23:10:10 2025 +0200 collectd: Openvpn-2.6: fix statusfile name Signed-off-by: Robin Roevens Signed-off-by: Michael Tremer commit 18f768f016d5d74c33f60b488f6b27f0b7fc3a07 Author: Michael Tremer Date: Mon Jul 21 09:15:12 2025 +0000 core197: Ship the new cpupower script Signed-off-by: Michael Tremer commit 080323d43237b4ed9ffe184cb9e147baacebdf95 Author: Michael Tremer Date: Mon Jul 21 09:14:19 2025 +0000 core197: Drop cpufrequtils Signed-off-by: Michael Tremer commit 3f67590278a59fbc85b095d7bc30dd69ac7e0f4e Author: Michael Tremer Date: Thu Jul 17 17:30:31 2025 +0000 cpufrequtils: Drop package This is now implemented in the core distribution. Signed-off-by: Michael Tremer commit 331d249140e4224834b2b9ea8a340cdfce4f81c7 Author: Michael Tremer Date: Thu Jul 17 17:30:30 2025 +0000 initscripts: Automatically enable CPU power saving features This is a cleaned up implementation of the script that was previously packaged in the cpufrequtils package. Signed-off-by: Michael Tremer commit 13b7e3803cfd803d42d4ef082fba37859aa1e2f7 Author: Michael Tremer Date: Fri Jul 18 10:30:29 2025 +0000 core197: Migrate OpenVPN configuration changes Signed-off-by: Michael Tremer commit 6349caf6fa009ea02f93c1b6d1a589859ce3031e Author: Michael Tremer Date: Fri Jul 18 10:11:34 2025 +0000 core197: Ship BIND Signed-off-by: Michael Tremer commit ff90bed77c5fec5d9f29c6f1422cf36440b09e94 Author: Matthias Fischer Date: Fri Jul 18 00:35:56 2025 +0200 bind: Update ot 9.20.11 For details see: https://downloads.isc.org/isc/bind9/9.20.11/doc/arm/html/notes.html#notes-for-bind-9-20-11 "Notes for BIND 9.20.11 Security Fixes Fix a possible assertion failure when stale-answer-client-timeout is set to 0. In specific circumstances the named resolver process could exit with an assertion failure when stale answers were enabled and the stale-answer-client-timeout configuration option was set to 0. This has been fixed. (CVE-2025-40777) [GL #5372] New Features Add support for the CO flag to dig. Add support for Compact Denial of Existence to dig. This includes showing the CO (Compact Answers OK) flag when displaying messages and adding an option to set the CO flag when making queries (dig +coflag). [GL #5319] Bug Fixes Correct the default interface-interval from 60s to 60m. When the interface-interval parser was changed from a uint32 parser to a duration parser, the default value stayed at plain number 60 which now means 60 seconds instead of 60 minutes. The documentation also incorrectly states that the value is in minutes. That has been fixed. [GL #5246] Fix a purge-keys bug when using multiple views of a zone. Previously, when a DNSSEC key was purged by one zone view, other zone views would return an error about missing key files. This has been fixed. [GL #5315] Use IPv6 queries in delv +ns. delv +ns invokes the same code to perform name resolution as named, but it neglected to set up an IPv6 dispatch object first. Consequently, it was behaving more like named -4. It now sets up dispatch objects for both address families, and performs resolver queries to both IPv4 and IPv6 addresses, except when one of the address families has been suppressed by using delv -4 or delv -6. [GL #5352]" Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit a2cc5c320c3bd894c0cff2f9185f13f0d527e456 Author: Robin Roevens Date: Thu Jul 17 19:52:05 2025 +0200 zabbix_agentd: Openvpn-2.6: use the helper binary to read the status log Signed-off-by: Robin Roevens Signed-off-by: Michael Tremer commit 928f98326d7c82584754a9c4631b94e64ca15ae1 Author: Robin Roevens Date: Thu Jul 17 19:52:04 2025 +0200 zabbix_agentd: Openvpn-2.6: fix pid name for services stats Signed-off-by: Robin Roevens Signed-off-by: Michael Tremer commit c297c347d96460bcab651b4f58038d5e857fd2ff Author: Robin Roevens Date: Thu Jul 17 19:52:03 2025 +0200 zabbix_agentd: Add LocationDB functionality Adds new IPFire specific monitoring capabilities to Zabbix Agent: - ipfire.locationdb.lookup[,,...]: Perform IPFire LocationDB lookups from within Zabbix. Returns a JSON dict. - ipfire.locationdb.version: Get LocationDB version timestamp in unixtime. Signed-off-by: Robin Roevens Signed-off-by: Michael Tremer commit 3f3c688181304b4676a7fbb3291270b967f09395 Author: Robin Roevens Date: Thu Jul 17 19:52:02 2025 +0200 zabbix_agentd: Add WireGuard specific monitoring items Adds new IPFire specific monitoring capabilities to Zabbix Agent: - ipfire.wireguard.peers.discovery: Discovery of configured WireGuard clients. Returns a JSON array. - ipfire.wireguard.statusreport.get: Parses and returns output of `wireguardctrl dump` as a JSON array. Signed-off-by: Robin Roevens Signed-off-by: Michael Tremer commit 2772a5990067679bde106883f39a30aa2fe196e6 Author: Robin Roevens Date: Thu Jul 17 19:52:01 2025 +0200 zabbix_agentd: Add ARPing method for checking Internet Gateway Since some ISP's block ICMP ping to their gateway ARPing can be an alternative. This change adds arping alternatives for the regular (icmp) ping checks: - ipfire.net.gateway.arping: Check if the Internet Gateway is reachable via ARPing - ipfire.net.gateway.arpingtime: Measure the time it takes to ARPing the Internet Gateway Signed-off-by: Robin Roevens Signed-off-by: Michael Tremer commit 23fb1dfd86d1efc85a0f80228bd644287bfff682 Author: Robin Roevens Date: Thu Jul 17 19:52:00 2025 +0200 zabbix_agentd: Update to 7.0.16 (LTS) - Update from version 7.0.11 to 7.0.16 - Update of rootfile not required Bugs fixed: ZBX-26080 Fixed old file descriptors being held when external log rotation is used ZBX-26121 Added default flags to net.dns.get arguments when none are specified ZBX-26055 Fixed failure to refresh active checks when next refresh was faster than 60 seconds Full changelogs since 7.0.11: - https://www.zabbix.com/rn/rn7.0.12 - https://www.zabbix.com/rn/rn7.0.13 - https://www.zabbix.com/rn/rn7.0.14 - https://www.zabbix.com/rn/rn7.0.15 - https://www.zabbix.com/rn/rn7.0.16 Signed-off-by: Robin Roevens Signed-off-by: Michael Tremer commit d32ce68c3e2cc0bde4407d97e1f09d8a1efba0e7 Author: Michael Tremer Date: Thu Jul 17 09:33:00 2025 +0000 core197: Ship unbound Signed-off-by: Michael Tremer commit fa17eeb492011789e7fd0c88ffb1b345cf60fc7e Author: Matthias Fischer Date: Wed Jul 16 18:50:32 2025 +0200 unbound 1.23.1: Fix for rootfile Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit 78857720874c00fd9827da6b61454b0f932592d9 Author: Matthias Fischer Date: Wed Jul 16 13:32:07 2025 +0200 unbound: Update to 1.23.1 For details see: https://nlnetlabs.nl/projects/unbound/download/#unbound-1-23-1 "Fix RebirthDay Attack CVE-2025-5994, reported by Xiang Li from AOSP Lab Nankai University." Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit c5ecfbe3f1cb1adc4d8ad04c97a5d749dd5a3f1a Author: Michael Tremer Date: Tue Jul 15 09:57:16 2025 +0000 core197: Ship OpenVPN changes Signed-off-by: Michael Tremer commit 231f939586d8ec1d72f654175b549859e59f105b Author: Michael Tremer Date: Tue Jul 8 10:49:47 2025 +0200 openvpn: Ignore existing PID files when starting processes This is all not very organised and tidy. The init process seems to be too cautious if there is a PID file left but there should not be any harm in trying to start the same process twice when in doubt because after all only one can bind to the same port at a time. Signed-off-by: Michael Tremer commit fa429bcca8f156125181667fba75b2dfd13c7281 Author: Michael Tremer Date: Tue Jul 8 10:44:30 2025 +0200 ovpnmain.cgi: Accept an empty value for ENABLED Signed-off-by: Michael Tremer commit 3bbf7b6e2919bf054af1d6c924522f889142ba91 Author: Michael Tremer Date: Tue Jul 8 10:42:36 2025 +0200 ovpnmain.cgi: Fix broken headline in N2N crypto section Signed-off-by: Michael Tremer commit eed199788837a54f739d567afe225abe02b0012f Author: Michael Tremer Date: Tue Jul 8 10:38:44 2025 +0200 Revert "ovpnmain.cgi: Remove yet another "if (1)" statement" This reverts commit 0dcafefb694d4e1ebef317f4d45f68216685ff25. Removing this breaks creating N2N connections and I don't think there is a way to fix this all properly without a major rewrite. Signed-off-by: Michael Tremer commit 56400c89b82ecde90befe4fdda1027cfca707f03 Author: Adolf Belka Date: Mon Jun 30 11:00:30 2025 +0200 services.cgi: Openvpn-2.6 rebase fix pid name for services page Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer commit 5aebc354310a6cc3b9e9ade5cba02e151c1e6756 Author: Michael Tremer Date: Mon Jun 30 10:41:35 2025 +0200 openvpn: Fix typo in initscript This prevented the authenticator from being shut down gracefully. https://lists.ipfire.org/development/1396727E-BF73-4015-B853-B3F854806B28@ipfire.org/T/#m41dd73643dc6fa0dd6d187f59f72277f9c5d072f Reported-by: Adolf Belka Signed-off-by: Michael Tremer commit 8ff821076e5bd610e747fef4b5c32eae3e744021 Author: Michael Tremer Date: Thu Jun 19 16:49:22 2025 +0200 ovpnmain.cgi: Accept empty input for ENABLED Signed-off-by: Michael Tremer commit 8e58e852163e636f4edf99a6c6419a8e3330113a Author: Stefan Schantl Date: Thu Jun 19 16:47:50 2025 +0200 ovpnmain.cgi: Make checkboxes unselectable Signed-off-by: Michael Tremer commit 07c05baff8f4c76d00dcbe9d6a120330131bb4ea Author: Michael Tremer Date: Tue Jun 3 17:04:50 2025 +0200 ovpnmain.cgi: Only load status when the server is running Otherwise we would show the status if the service is no longer running and show clients as connected which have only been connected when the server was stopped. Signed-off-by: Michael Tremer commit 3a9b321e3afc6cdbc0eb355d626f2a8fe8db3ce3 Author: Michael Tremer Date: Tue Jun 3 16:21:12 2025 +0200 ovpnmain.cgi: Fix reading the current status file again Signed-off-by: Michael Tremer commit 829d3f4f617c6bfcb2de7a178a171dec7a28a49f Author: Michael Tremer Date: Tue Jun 3 16:10:53 2025 +0200 ovpnmain.cgi: Remove more dead code Signed-off-by: Michael Tremer commit ed66fe66298734b0ecde91ff478eb814f8b0a099 Author: Michael Tremer Date: Tue Jun 3 16:08:45 2025 +0200 ovpnmain.cgi: Fix path to the RW PID file Signed-off-by: Michael Tremer commit 26034a80ffbaafcb78e6514868159a561594cf1f Author: Michael Tremer Date: Tue Jun 3 16:06:03 2025 +0200 ovpnmain.cgi: Use the helper binary to read the status log Signed-off-by: Michael Tremer commit ffe75e4767846f72bac49db6a2ba7274905d8d9d Author: Michael Tremer Date: Tue Jun 3 12:44:33 2025 +0200 ovpnmain.cgi: Log a better message if the RW log file could not be opened Signed-off-by: Michael Tremer commit 5f00c4dd53f403a8fd9c1f044ab1edd21a11a75d Author: Michael Tremer Date: Tue Jun 3 12:40:38 2025 +0200 ovpnmain.cgi: Tell the server the subnet in the old-fashioned way Signed-off-by: Michael Tremer commit 805eb6c1d6244887301fdc5414fafac420404a44 Author: Michael Tremer Date: Tue Jun 3 12:33:44 2025 +0200 ovpnmain.cgi: Remove some dead code This prevented creating new connections and was never being used at all. Signed-off-by: Michael Tremer commit 657998956d6ac7943d3ff3f6a9c65111bb3dcba6 Author: Michael Tremer Date: Tue Jun 3 12:27:28 2025 +0200 Revert "CSS: Make text/number inputs 100% wide, too" This reverts commit f9beaa17f22a191919b2982511d4a4598ffcf81e. This seems to break major parts of the layout on several pages. Signed-off-by: Michael Tremer commit 693a13928d95fa3e6d73c841f70b4f3eec9d78e8 Author: Michael Tremer Date: Tue Jun 3 12:25:38 2025 +0200 CSS: Fix merge error Signed-off-by: Michael Tremer commit 6d1abf3856ce9908089662cd35552f74ebafb941 Author: Michael Tremer Date: Tue Jun 3 09:27:03 2025 +0000 openvpn: Update to 2.6.14 Signed-off-by: Michael Tremer commit 956a69fdbeefbb681b3f6a76d3aedaae4f6d1539 Author: Adolf Belka Date: Sun Dec 8 12:23:30 2024 +0100 openvpn: Update to version 2.6.12 Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer