bpfire

mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-18 23:12:59 +02:00

Author	SHA1	Message	Date
Matthias Fischer	49deea707b	wget: Update to 1.20.1 This is a bugfix release: "due to some privacy issues in default settings of Wget, we introduce this bugfix release. The --xattr option (saving original URL and Referer into extended file attributes) was introduced and enabled by default since Wget 1.19. It possibly saved - possibly unrecognized by the user - credentials, access tokes etc that were included in the requested URL. We changed three details as a countermeasure, see below in the NEWS section. With Best Regards, Tim ... NEWS * Changes in Wget 1.20.1 --xattr is no longer default since it introduces privacy issues. --xattr saves the Referer as scheme/host/port, user/pw/path/query/fragment are no longer saved to prevent privacy issues. ** --xattr saves the Original URL without user/password to prevent privacy issues." Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2018-12-31 00:35:50 +00:00
Arne Fitzenreiter	4c76d08b2a	kernel: fix generation of framebuffer blacklist modules are now xz compressed. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-01-02 15:33:16 +01:00
Arne Fitzenreiter	67c9261257	mpd: add soxr dependency Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2018-12-28 16:05:38 +01:00
Michael Tremer	e978f0429f	keepalived: Fix incorrect path in initscript This path to keepalived was just incorrect and therefore the daemon could not easily be reloaded. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2018-12-19 23:38:48 +00:00
Michael Tremer	086bb132ec	ipvsadm: Update to 1.29 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2018-12-19 18:55:23 +00:00
Michael Tremer	4af8d6964b	pcre: Enable JIT This is now possible because we no longer run grsecurity-enabled kernels. The performance of PCRE increases dramatically and applications like the IDS benefit hugely: https://blog.inliniac.net/2011/10/12/suricata-and-pcre-performance/ Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2018-12-19 15:44:32 +00:00
Jonatan Schlag	909549b1d6	Update libvirt to version 4.10 This partially fixes #11941 as libvirt now states clearly that seccomp needs to be disabled Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2018-12-18 22:33:07 +00:00
Matthias Fischer	a2bcb4135b	squid: Update to 4.4 (stable) For details see: http://www.squid-cache.org/Versions/v4/changesets/ In July 2018, 'squid 4' was "released for production use", see: https://wiki.squid-cache.org/Squid-4 "The features have been set and large code changes are reserved for later versions." I've tested almost all 4.x-versions and patch series before with good results. Right now, 4.4 is running here with no seen problems together with 'squidclamav', 'squidguard' and 'privoxy'. I too would declare this version stable. Best, Matthias Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2018-12-18 22:30:51 +00:00
erik.kapfer	27801da089	unbound: Add TFO support for unbound For further informations, see https://tools.ietf.org/html/rfc7413 Signed-off-by: erik.kapfer <ummeegge@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2018-12-18 22:30:39 +00:00
Matthias Fischer	cab2314ac4	bind: Update to 9.11.5-P1 For details see: http://ftp.isc.org/isc/bind9/9.11.5-P1/RELEASE-NOTES-bind-9.11.5-P1.html Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2018-12-18 22:29:39 +00:00
Michael Tremer	a38eb040bf	sqlite: Update to 3.26.0 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2018-12-18 22:28:59 +00:00
Matthias Fischer	53ac9dd222	unbound: Update to 1.8.3 For details see: https://nlnetlabs.nl/svn/unbound/tags/release-1.8.3/doc/Changelog "Fix dns64 allocation in wrong region for returned internal queries." Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2018-12-13 13:14:35 +00:00
Stefan Schantl	848ac69009	grub: xfs: Accept filesystem with sparse inodes Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Tested-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2018-12-13 13:07:53 +00:00
Michael Tremer	de4f303186	core127: Ship updated unbound Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2018-12-11 19:46:10 +00:00
Matthias Fischer	707846392e	unbound: Update to 1.8.2 For details see: https://nlnetlabs.nl/projects/unbound/download/ Best, Matthias Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2018-12-11 19:45:28 +00:00
Matthias Fischer	5df66de303	clamav: Update to 0.101.0 For details see: https://blog.clamav.net/ Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2018-12-11 19:42:22 +00:00
Michael Tremer	7e17de5f86	fireinfo: Add authentication for upstream proxies Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2018-12-11 19:38:21 +00:00
Arne Fitzenreiter	adde1ca8ce	Merge branch 'master' into next	2018-12-11 08:01:59 +01:00
Arne Fitzenreiter	ed4bbe44d1	kernel: fix dwc2 (usb) dma crashes on RPi1-3 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2018-12-10 20:45:54 +01:00
Michael Tremer	c519be4226	haproxy: Create/restore backup when package is installed/uninstalled Fixes: #11946 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2018-12-10 00:36:04 +00:00
Arne Fitzenreiter	d05fe8e3e5	Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next	2018-12-07 21:06:45 +01:00
Arne Fitzenreiter	23a3aec100	cpufrequtils: update initskript for xz compressed modules Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2018-12-07 21:05:50 +01:00
Michael Tremer	f354601bbe	initscripts: Import pakfire keys before importing AWS configuration This is useful when the user-data script is installing packages. For that it will need valid keys for course. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2018-12-07 11:38:55 +00:00
Arne Fitzenreiter	827dd0faa4	kernel: update to 4.14.86 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2018-12-06 11:18:37 +01:00
Arne Fitzenreiter	91e08f20ff	kernel: update to 4.14.85 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2018-12-02 00:01:37 +01:00
Michael Tremer	a4e3a76af9	bird: Add initscript Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2018-12-01 16:13:25 +00:00
Matthias Fischer	9a12784047	BUG 11929: Build 'bind'-binaries dynamically and install needed libraries (V2) Hi, To save space linking the 'bind 9.11.5'-binaries was changed from statically to dynamically. Changes to V2: Removed unnecessary '*.so'-links. Complete file sizes shrinked from ~4800K to ~1700K. Needs testing and confirmation! I'm running this version right now under Core 124 - no seen problems so far. Best, Matthias Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2018-12-01 16:13:25 +00:00
Michael Tremer	046b436c76	bird: Update to 2.0.2 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2018-12-01 16:13:25 +00:00
Michael Tremer	be7f989249	bird: Backup configuration file on update Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2018-12-01 16:13:25 +00:00
Arne Fitzenreiter	ef9cc2e5d5	kernel: update arm-multi patchset now patches for Raspberry Pi 3B+ LAN and WLAN included to patchset. https://git.ipfire.org/?p=people/arne_f/kernel.git;a=shortlog;h=refs/tags/v4.14.84-multi Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2018-11-30 07:35:07 +01:00
Michael Tremer	cd022294d9	nfs: Fix build Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2018-11-29 13:17:30 +00:00
Arne Fitzenreiter	9743182472	kernel: update to 4.14.84 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2018-11-29 07:02:25 +01:00
Michael Tremer	3eea5c6f3a	nfs: Add backup include file Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2018-11-28 19:08:17 +00:00
Michael Tremer	77729e5be8	nfs: Install configuration in package This was lost in the last update Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2018-11-28 19:02:53 +00:00
Michael Tremer	6124245427	libvirt: This package depends on jansson now Fixes: #11939 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2018-11-27 10:04:46 +00:00
Matthias Fischer	fe5e64997a	nano: Update to 3.2 Hi, Changed archive to 'xz' - this saves about 1.4MB (thanks Marcel ;-)) For further details see: https://www.nano-editor.org/news.php Best, Matthias Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2018-11-25 14:10:50 +00:00
Arne Fitzenreiter	fad2f37646	kernel: update to 4.14.83 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2018-11-23 22:05:14 +01:00
Arne Fitzenreiter	000ece0135	kernel: update to 4.14.82 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2018-11-21 23:55:54 +01:00
Michael Tremer	928b3cbf66	openssl: Update to 1.1.0j ) Timing vulnerability in DSA signature generation The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. This issue was reported to OpenSSL on 16th October 2018 by Samuel Weiser. (CVE-2018-0734) [Paul Dale] ) Timing vulnerability in ECDSA signature generation The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. This issue was reported to OpenSSL on 25th October 2018 by Samuel Weiser. (CVE-2018-0735) [Paul Dale] *) Add coordinate blinding for EC_POINT and implement projective coordinate blinding for generic prime curves as a countermeasure to chosen point SCA attacks. [Sohaib ul Hassan, Nicola Tuveri, Billy Bob Brumley] Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2018-11-21 11:21:42 +00:00
Michael Tremer	5ca47910a7	openssl-compat: Update to 1.0.2q ) Microarchitecture timing vulnerability in ECC scalar multiplication OpenSSL ECC scalar multiplication, used in e.g. ECDSA and ECDH, has been shown to be vulnerable to a microarchitecture timing side channel attack. An attacker with sufficient access to mount local timing attacks during ECDSA signature generation could recover the private key. This issue was reported to OpenSSL on 26th October 2018 by Alejandro Cabrera Aldaya, Billy Brumley, Sohaib ul Hassan, Cesar Pereida Garcia and Nicola Tuveri. (CVE-2018-5407) [Billy Brumley] ) Timing vulnerability in DSA signature generation The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. This issue was reported to OpenSSL on 16th October 2018 by Samuel Weiser. (CVE-2018-0734) [Paul Dale] *) Resolve a compatibility issue in EC_GROUP handling with the FIPS Object Module, accidentally introduced while backporting security fixes from the development branch and hindering the use of ECC in FIPS mode. [Nicola Tuveri] Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2018-11-20 16:28:52 +00:00
Arne Fitzenreiter	668f91c37c	kernel: update to 4.14.81	2018-11-18 14:29:44 +01:00
Michael Tremer	e91ceed69a	alac: New package This adds the Apple ALAC audio decoder Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2018-11-13 14:28:00 +00:00
Michael Tremer	6dc7b04bea	shairport-sync: Add initscript Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2018-11-11 18:55:35 +00:00
Michael Tremer	b7dbcd158d	shairport-sync: Explicitely link against soxr Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2018-11-11 18:52:10 +00:00
Michael Tremer	63dc6532d1	shairport-sync: Add backup include file Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2018-11-11 17:34:11 +00:00
Michael Tremer	c708fa157f	shairport-sync: New package Shairport Sync is an AirPlay audio player - it plays audio streamed from iTunes, iOS, Apple TV and macOS devices and AirPlay sources such as Quicktime Player and ForkedDaapd, among others. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2018-11-11 17:26:35 +00:00
Michael Tremer	f3e6230125	libconfig: New package Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2018-11-11 17:23:20 +00:00
Michael Tremer	41f8d64284	soxr: New package (0.1.3) The SoX Resampler library `libsoxr' performs one-dimensional sample-rate conversion -- it may be used, for example, to resample PCM-encoded audio. For higher-dimensional resampling, such as for visual-image processing, you should look elsewhere. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2018-11-11 16:21:01 +00:00
Michael Tremer	5187740ed2	mpd: Depends on avahi Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2018-11-11 15:44:17 +00:00
Michael Tremer	014b235a06	dehydrated: New package This is a light client for Let's Encrypt which is implemented in bash and does not have any other dependencies apart from openssl and curl. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2018-11-09 14:29:04 +00:00

1 2 3 4 5 ...

5618 Commits