webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-26 19:00:34 +02:00
Code Issues Packages Projects Releases Wiki Activity
15,056 Commits 2 Branches 1 Tag
111bbcb3ada255b73d8ddfab1052e030d402aeff
Commit Graph

7603 Commits

Author SHA1 Message Date
Michael Tremer
38736148c7 core147: Ship iproute2 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-06-19 17:14:59 +00:00
Matthias Fischer
d289d6fb5c iproute2: Update to 5.7.0 
For details see:
https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/log/?h=v5.7.0

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-06-19 17:14:59 +00:00
Matthias Fischer
8b245523e5 joe: Update to 4.6 
For details see:
https://joe-editor.sourceforge.io/NEWS.html

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-06-19 17:14:59 +00:00
Michael Tremer
aee4a61ad3 core147: Ship updated crypto libraries 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-06-19 17:14:58 +00:00
Matthias Fischer
b11b4842c2 gmp 6.2.0: Fixed rootfile for i586 
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-06-19 17:14:58 +00:00
Matthias Fischer
a5427e456c libgpg-error: Update to 1.38 
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-06-19 17:14:58 +00:00
Matthias Fischer
2944c59ea9 libassuan: Update to 2.5.3 
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-06-19 17:14:58 +00:00
Matthias Fischer
acef0b81d3 libgcrypt: Update to 1.8.5 
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-06-19 17:14:58 +00:00
Matthias Fischer
63eacedabc gmp: Update to 6.2.0 
Needed for gnutls 3.6.14

For details see:
https://gmplib.org/gmp6.2

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-06-19 17:14:58 +00:00
Matthias Fischer
44d2f538e1 gnutls: Update to 3.6.14 
For details see:
https://lists.gnupg.org/pipermail/gnutls-help/2020-June/004648.html

"** libgnutls: Fixed insecure session ticket key construction, since 3.6.4.
   The TLS server would not bind the session ticket encryption key with a
   value supplied by the application until the initial key rotation, allowing
   attacker to bypass authentication in TLS 1.3 and recover previous
   conversations in TLS 1.2 (#1011).
   [GNUTLS-SA-2020-06-03, CVSS: high]

** libgnutls: Fixed handling of certificate chain with cross-signed
   intermediate CA certificates (#1008).

** libgnutls: Fixed reception of empty session ticket under TLS 1.2 (#997).

** libgnutls: gnutls_x509_crt_print() is enhanced to recognizes commonName
   (2.5.4.3), decodes certificate policy OIDs (!1245), and prints Authority
   Key Identifier (AKI) properly (#989, #991).

** certtool: PKCS #7 attributes are now printed with symbolic names (!1246).

** libgnutls: Added several improvements on Windows Vista and later releases
   (!1257, !1254, !1256). Most notably the system random number generator now
   uses Windows BCrypt* API if available (!1255).

** libgnutls: Use accelerated AES-XTS implementation if possible (!1244).
   Also both accelerated and non-accelerated implementations check key block
   according to FIPS-140-2 IG A.9 (!1233).

** libgnutls: Added support for AES-SIV ciphers (#463).

** libgnutls: Added support for 192-bit AES-GCM cipher (!1267).

** libgnutls: No longer use internal symbols exported from Nettle (!1235)

** API and ABI modifications:
GNUTLS_CIPHER_AES_128_SIV: Added
GNUTLS_CIPHER_AES_256_SIV: Added
GNUTLS_CIPHER_AES_192_GCM: Added
gnutls_pkcs7_print_signature_info: Added"

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-06-19 17:14:58 +00:00
Matthias Fischer
c9f49bc693 borgbackup: Update to 1.1.13 
For details see:
https://borgbackup.readthedocs.io/en/stable/changes.html#changelog

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-06-19 17:14:58 +00:00
Michael Tremer
73c084b6a7 core147: Ship squid 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-06-19 17:14:58 +00:00
Michael Tremer
47686b1b6e Start Core Update 147 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-06-19 17:14:58 +00:00
Michael Tremer
46b0f9ab44 web: Hide certain menu items when running in cloud environments 
This used to be only hidden on AWS.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-06-19 17:14:58 +00:00
Michael Tremer
e7978f5671 gcloud: Add function to detect whether we are running on GCP 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-06-19 17:14:58 +00:00
Michael Tremer
4e58ab4bbf aws-functions.pl: Drop file and move functions to general-functions.pl 
There is not enough stuff that it is justified to have an own file.

This patch therefore merges everything into general-functions.pl.

There are no functional changes.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-06-19 17:14:58 +00:00
Michael Tremer
89b10e7095 gcp: Add initscript to import configuration 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-06-19 17:14:58 +00:00
Arne Fitzenreiter
46bccfc219 core146: add openvpn 
openvpn was missed in core145 so add it again.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-16 11:36:20 +00:00
Stefan Schantl
f1d982cce6 Add convert-to-location converter. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2020-06-15 18:21:57 +02:00
Stefan Schantl
18c9fd2820 firewall-lib.pl: Fix typo. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2020-06-13 19:10:15 +02:00
Arne Fitzenreiter
e9c62e37f4 vulnerabilities.cgi: add srdbs (CVE-2020-0543) 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-13 12:23:46 +02:00
Stefan Schantl
d0faaf61d6 Rootfiles update. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2020-06-12 20:01:48 +02:00
Stefan Schantl
006e3c6c31 firewall-lib.pl: Rework code to use location-functions.pl 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2020-06-12 19:21:27 +02:00
Stefan Schantl
b1229cf610 50-firewall.menu: Rename geoipblock to locationblock 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2020-06-12 19:12:00 +02:00
Stefan Schantl
46269ee5fb Transform geoipblock into locationblock settings file. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2020-06-12 19:09:29 +02:00
Stefan Schantl
5730a5bcdf firewall/rules.pl: Rework code to use location-functions.pl 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2020-06-12 19:06:01 +02:00
Arne Fitzenreiter
4d43b3dcb1 intel-microcode: update to 20200609 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-12 17:47:29 +02:00
Stefan Schantl
48152fae62 Transform geoip-functions.pl into location-functions.pl 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2020-06-12 17:42:41 +02:00
Michael Tremer
c556242efd location: Remove "GeoIP" from crontab 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-06-12 16:12:49 +02:00
Arne Fitzenreiter
f3a59d63e2 kernel: update to 4.14.184 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-12 16:04:48 +02:00
Michael Tremer
0e6eca78b8 firewall: Rename GEOIPBLOCK table to LOCATIONBLOCK 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-06-12 16:00:34 +02:00
Stefan Schantl
d00923cef8 libloc: Rootfile update. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2020-06-11 08:19:07 +02:00
Stefan Schantl
4852f77e33 Revert "firewall/rules.pl: Add code to collect and export all required country" 
This reverts commit ad47d2ae80.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2020-06-10 21:29:04 +02:00
Stefan Schantl
38a8d40142 Revert "firewall/rules.pl: Only try to export locations if needed." 
This reverts commit 693b8513df.
 2020-06-10 21:28:16 +02:00
Stefan Schantl
e7b1b002c9 Revert "geoip-functions.pl: Add functions to export locations and to flush them." 
This reverts commit e758c76384.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2020-06-10 21:27:06 +02:00
Stefan Schantl
304abbae22 Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next-switch-to-libloc 2020-06-10 18:01:14 +02:00
Peter Müller
92e828b3b0 kernel: disable CONFIG_UPROBES 
Quoted from #12433:
> Uprobes is the user-space counterpart to kprobes: they enable instrumentation
> applications (such as 'perf probe') to establish unintrusive probes in
> user-space binaries and libraries, by executing handler functions when the
> probes are hit by user-space applications.
>
> ( These probes come in the form of single-byte breakpoints, managed by the
> kernel and kept transparent to the probed application. )

IMHO this can be safely disabled, as there is little if any need to debug
userspace programs _that_ deeply on an IPFire machine.

Fixes: #12433

Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-10 15:18:36 +00:00
Peter Müller
a5e577d083 kernel: enable CONFIG_FORTIFY_SOURCE on armv5tel 
Partially fixes: #12369

Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-10 15:17:40 +00:00
Peter Müller
3eb393ff2e kernel: enable CONFIG_FORTIFY_SOUCRE on aarch64 
Partially fixes: #12369

Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-10 15:17:24 +00:00
Peter Müller
4ee87ee248 kernel: enable CONFIG_SLUB_DEBUG on aarch64 and armv5tel 
Fixes: #12377

Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-10 15:16:57 +00:00
Arne Fitzenreiter
325a2680c8 kernel: fix diabling CONFIG_MODFIFY_LDT_SYSCALL 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-10 16:21:49 +02:00
Arne Fitzenreiter
2b51e4aeab Revert "kernel: enable CONFIG_RANDOMIZE_BASE on aarch64" 
with enabled CONFIG_RAMDOIZE_BASE the linking of xtables
and maybee other external kernel modules fail on aarch64

This reverts commit 8379ab44b8.
 2020-06-10 16:20:34 +02:00
Peter Müller
e694bbd17f kernel: enable CONFIG_RANDOMIZE_BASE on armv5tel 
Partially fixes: #12363

Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-09 22:20:26 +00:00
Peter Müller
8379ab44b8 kernel: enable CONFIG_RANDOMIZE_BASE on aarch64 
Partially fixes: #12363

Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-09 22:19:50 +00:00
Peter Müller
e4d1f96869 kernel: enable CONFIG_HARDENED_USERCOPY on aarch64 and armv5tel 
Fixes: #12365

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-09 15:37:33 +00:00
Peter Müller
7617da3bba kernel: enable CONFIG_SECCOMP on aarch64 and armv5tel 
Fixes: #12366

Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-08 21:22:44 +00:00
Peter Müller
d7174d7c3a kernel: disable CONFIG_ACPI_CUSTOM_METHOD on x86_64 and i586 
This is dangerous as it allows replacing the running kernel without
rebooting. Kernel Self Protection Project people recommend to keep it
disabled.

Fixes: #12372

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-08 21:22:32 +00:00
Peter Müller
b1f24c4353 kernel: disable CONFIG_MODIFY_LDT_SYSCALL on i586 and x86_64 
Fixes: #12382

Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-08 21:22:05 +00:00
Stefan Schantl
d2b364f032 red.up: Do not download/update location database. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2020-06-08 21:20:17 +02:00
Arne Fitzenreiter
625104ec57 Merge branch 'master' into next 2020-06-04 15:16:39 +00:00