webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-10 11:05:54 +02:00
Code Issues Packages Projects Releases Wiki Activity
13,624 Commits 2 Branches 1 Tag
00a655fa5cc92c64bcd0fc3a1b0dca482f2b6c7e
Commit Graph

5923 Commits

Author SHA1 Message Date
Arne Fitzenreiter
b1752aa86a perl: fix installation at toolchain build 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-08-16 21:32:56 +02:00
Arne Fitzenreiter
8f520a2d1d rootfile update and bump of all addons with perl modules 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-08-16 12:59:46 +02:00
Arne Fitzenreiter
7d95d6feeb spamassassin: update to 3.4.2 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-08-16 12:48:25 +02:00
Arne Fitzenreiter
cdf45e41df gnump3d: update for new perl path 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-08-16 12:47:05 +02:00
Arne Fitzenreiter
9720a361d5 mpfire: update to new perl path 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-08-16 12:45:14 +02:00
Arne Fitzenreiter
2fa5a87dc0 MIME-Tools: update to 5.509 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-08-16 12:42:01 +02:00
Arne Fitzenreiter
1ef84a720e perl-Authen-SASL: fix build and bump for new perl 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-08-16 12:40:22 +02:00
Arne Fitzenreiter
f878c27e82 perl-NetAddr-IP: add addon module 
perl-NetAddr-IP is needed for Spamassassin

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-08-16 12:38:01 +02:00
Arne Fitzenreiter
6dac067cfe perl-Switch: add module 
perl-Switch was removed from perl core distribution

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-08-16 12:36:20 +02:00
Arne Fitzenreiter
2890ab712e perl-CGI: add perl-CGI module. 
perl-CGI was remoced from perl core distribution

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-08-16 12:35:01 +02:00
Arne Fitzenreiter
9680152977 perl: update to 5.30 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-08-16 12:33:40 +02:00
Arne Fitzenreiter
348cc0ddcd texinfo: update to 6.6 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-08-16 12:17:51 +02:00
Arne Fitzenreiter
7c30831ad2 initskripts: move unbound down after network down 
this remove a bunch of unbound errors at shutdown because
network down try to reconfigure unbond. (e.g. disable forwarders)

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-08-11 11:09:40 +02:00
Arne Fitzenreiter
520e6a1dd4 kernel: update to 4.14.138 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-08-09 23:47:55 +02:00
Arne Fitzenreiter
3b415347bb kernel: update to 4.14.137 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-08-07 20:38:25 +00:00
Arne Fitzenreiter
c934c5ff19 clamav: update to 0.101.3 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-08-07 22:16:46 +02:00
Arne Fitzenreiter
6836e528e5 u-boot-friendlyarm: add u-boot for nanopi-r1 to boot from eMMC 
this is a heavy patched version and should replaced when stock
u-boot is able to boot from h3 eMMC.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-08-06 04:32:22 +00:00
Arne Fitzenreiter
e47e01f60c u-boot: enable boot from additional mmc device 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-08-04 13:43:44 +00:00
Arne Fitzenreiter
a6859d889e rpi-firmware: create copy of RPI3 brcm 43430 configfile. 
the AP21xx need a different config so store the rpi version as backup.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-07-31 11:03:33 +00:00
Arne Fitzenreiter
2e65d316a7 kernel: remove old modules folder before kernel build 
the build fails at creating source symlinks for external
modules build if it already exists.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-07-30 18:28:57 +00:00
Arne Fitzenreiter
53ece8f1f7 kernel: update arm-multi patchset 
this add FriendlyElec nanopi-r1 devicetree file.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-07-30 18:27:43 +00:00
Arne Fitzenreiter
1fd34bd2ec pcenginges-firmware: skip build on arm 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-07-24 12:37:10 +02:00
Michael Tremer
efc5cb1d34 bird: Update to 2.0.4 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-07-22 21:12:20 +01:00
Arne Fitzenreiter
eb5cd9fa57 pcengines-firmware: update to 4.9.0.7 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-07-17 17:16:25 +02:00
Arne Fitzenreiter
de8810fbaa iperf3: update to 3.7 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-07-17 13:15:33 +02:00
Arne Fitzenreiter
e4e1b8718e iperf: update to 2.0.13 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-07-17 13:15:01 +02:00
Matthias Fischer
61e1ad2703 squid: Update to 4.8 
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-07-09 09:49:47 +01:00
Peter Müller
fd244f4327 tzdata: update to 2019b 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-07-04 08:23:27 +01:00
Michael Tremer
c4dd9dfc46 Revert "Generate a VHD image" 
This reverts commit ee0e3beb39.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-07-01 07:54:19 +01:00
Michael Tremer
ee0e3beb39 Generate a VHD image 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-07-01 07:53:58 +01:00
Michael Tremer
ffb37e51d4 Rename AWS initscript to cloud-init 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-07-01 07:53:58 +01:00
Michael Tremer
4cf7c05dd8 flash-image: Align image to 1MB boundary 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-07-01 07:53:34 +01:00
Matthias Fischer
1c505151cb nettle: Update to 3.5.1 
For details see:
https://git.lysator.liu.se/nettle/nettle/blob/master/ChangeLog

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-06-25 08:18:15 +01:00
Matthias Fischer
5fa51a839e dhcpcd: Update to 7.2.3 
For details see: Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
https://roy.marples.name/blog/dhcpcd-7-2-3-released

"Minor update with the following changes:

   OpenBSD: compiles again
   BSD: Check RTM lengths incase of kernel issues
   DHCP6: Don't stop even when last router goes away
   DHCP6: Fix inform from RA
   hostname: Fix short hostname check"

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-06-25 08:18:05 +01:00
Arne Fitzenreiter
527d14bf5a kernel: update to 4.14.131 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-06-27 18:18:41 +02:00
Matthias Fischer
4e5802a9be mc: Update to 4.8.23 
For details see:
http://midnight-commander.org/wiki/NEWS-4.8.23

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-06-21 15:21:58 +01:00
Arne Fitzenreiter
4e69701332 intel-microcode: update to 20190618 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-06-22 21:05:21 +02:00
Arne Fitzenreiter
b10365c832 Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next 2019-06-22 16:01:16 +02:00
Arne Fitzenreiter
8c261d91e8 kernel: 4.14.129 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-06-22 16:00:37 +02:00
Matthias Fischer
f3959d13e8 bind: Update to 9.11.8 
For Details see:
https://downloads.isc.org/isc/bind9/9.11.8/RELEASE-NOTES-bind-9.11.8.html

"Security Fixes
    A race condition could trigger an assertion failure when a large number
    of incoming packets were being rejected.
    This flaw is disclosed in CVE-2019-6471. [GL #942]"

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-06-21 01:39:18 +01:00
Arne Fitzenreiter
3a8fef331d kernel: remove RPi DMA allignment revert 
TODO: test if RPi works without now or if we need to
revert more of the allignment patches.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-06-20 09:33:17 +02:00
Arne Fitzenreiter
70590cef48 Kernel: update to 4.14.128 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-06-19 21:01:29 +02:00
Matthias Fischer
98f55e136f vim: Update to 8.1 
Please note:
If this gets merged, the update process must deal with the otherwise remaining
files in '/usr/share/vim74' (~16 MB).

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-06-18 22:34:55 +01:00
Arne Fitzenreiter
15ca18a3d9 Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next 2019-06-18 18:42:02 +02:00
Arne Fitzenreiter
82c279a518 kernel: update to 4.14.127 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-06-18 18:41:19 +02:00
Matthias Fischer
2f278de868 unbound: Update to 1.9.2 
For details see:
https://nlnetlabs.nl/pipermail/unbound-users/2019-June/011632.html

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-06-17 17:39:37 +01:00
Arne Fitzenreiter
f5662122b5 hyperscan: increase min RAM per buildprocess to 1GB 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-06-14 22:09:47 +02:00
Peter Müller
69772b7dda OpenSSL: lower priority for CBC ciphers in default cipherlist 
In order to avoid CBC ciphers as often as possible (they contain
some known vulnerabilities), this changes the OpenSSL default
ciphersuite to:

TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any      Au=any  Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_256_GCM_SHA384  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(256) Mac=AEAD
TLS_AES_128_GCM_SHA256  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(128) Mac=AEAD
ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA384
ECDHE-ECDSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=Camellia(256) Mac=SHA384
ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA384
ECDHE-RSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=Camellia(256) Mac=SHA384
ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA256
ECDHE-ECDSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=Camellia(128) Mac=SHA256
ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA256
ECDHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=Camellia(128) Mac=SHA256
DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH       Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD
DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(256) Mac=AEAD
DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES256-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA256
DHE-RSA-CAMELLIA256-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=Camellia(256) Mac=SHA256
DHE-RSA-AES128-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA256
DHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=Camellia(128) Mac=SHA256
ECDHE-ECDSA-AES256-SHA  TLSv1 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA1
ECDHE-ECDSA-AES128-SHA  TLSv1 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA1
ECDHE-RSA-AES256-SHA    TLSv1 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA1
ECDHE-RSA-AES128-SHA    TLSv1 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA1
DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH       Au=RSA  Enc=Camellia(256) Mac=SHA1
DHE-RSA-AES128-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA1
DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH       Au=RSA  Enc=Camellia(128) Mac=SHA1
AES256-GCM-SHA384       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(256) Mac=AEAD
AES128-GCM-SHA256       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(128) Mac=AEAD
AES256-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA256
CAMELLIA256-SHA256      TLSv1.2 Kx=RSA      Au=RSA  Enc=Camellia(256) Mac=SHA256
AES128-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA256
CAMELLIA128-SHA256      TLSv1.2 Kx=RSA      Au=RSA  Enc=Camellia(128) Mac=SHA256
AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
CAMELLIA256-SHA         SSLv3 Kx=RSA      Au=RSA  Enc=Camellia(256) Mac=SHA1
AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1
CAMELLIA128-SHA         SSLv3 Kx=RSA      Au=RSA  Enc=Camellia(128) Mac=SHA1

Since TLS servers usually override the clients' preference with their
own, this will neither break existing setups nor introduce huge
differences in the wild. Unfortunately, CBC ciphers cannot be disabled
at all, as they are still used by popular web sites.

TLS 1.3 ciphers will be added implicitly and can be omitted in the
ciphersting. Chacha20/Poly1305 is preferred over AES-GCM due to missing
AES-NI support for the majority of installations reporting to Fireinfo
(see https://fireinfo.ipfire.org/processors for details, AES-NI support
is 28.22% at the time of writing).

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-06-12 17:24:00 +01:00
Peter Müller
fa7de475fe Tor: fix permissions after updating, too 
Fixes #12088

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reported-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-06-12 05:45:42 +01:00
Matthias Fischer
33fb0c91ec wpa_supplicant: Update to 2.8 
For details see:
https://w1.fi/cgit/hostap/plain/wpa_supplicant/ChangeLog

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-06-11 07:00:05 +01:00