bpfire

mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-27 03:07:43 +02:00

Author	SHA1	Message	Date
Michael Tremer	adb11e90df	Always enable asynchronous logging This patch always enables asynchronous logging which slows down the system a lot on slow storage and some virtual environments. It also removes the configuration options in the web user interface, since this is not configurable any more. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2016-11-29 12:18:41 +00:00
Michael Tremer	b7f2fe819b	core108: Ship updated ddns Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2016-11-28 21:51:13 +00:00
Michael Tremer	49750f72de	Start Core Update 108 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2016-11-28 21:48:21 +00:00
Arne Fitzenreiter	2d646e9838	ntp: init with hardcoded ip if dns not work DNSSec need the correct time to validate the zones so we need a workaround to init the time without dns. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2016-11-04 19:31:07 +01:00
Michael Tremer	08fc1aa43b	core107: Restart unbound to activate configuration changes Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2016-11-04 17:46:24 +00:00
Michael Tremer	3ddad158cd	unbound: Allow recursion from everywhere Users use the IPFire DNS service from VPNs and other routed networks. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2016-11-04 17:08:13 +00:00
Michael Tremer	a6dcc5bb77	unbound: Fix for DNS forwarding of .local zones These are traditionally used for Windows domains and should not be used for that. However if they are used like this, DNSSEC validation cannot be used. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2016-11-02 15:51:49 +00:00
Arne Fitzenreiter	38183e52dd	start core107 updater Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2016-10-27 21:07:55 +02:00
Michael Tremer	96473f525d	Revert "setup: Store passwords in SHA format" This reverts commit `eef9b2529c`. It appears that htpasswd is not salting any passwords that are stored with the SHA (-s) algorithm. MD5 passwords however are salted. That leads us to the conclusion that the "MD5 algorithm" in htpasswd is more secure than the "SHA algorithm" although the hash function itself should be stronger. With a rainbow table, cracking "SHA" is easily done. A rainbow table for "MD5" + salt would be way too large to be efficiently stored. Hence this commit is reverted to old behaviour to avoid the clear failure of design in SHA. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>	2016-10-15 22:38:01 +01:00
Arne Fitzenreiter	693928d781	unbound: start prior network Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2016-10-12 23:01:51 +02:00
Arne Fitzenreiter	11ecfb92a0	backup: add unbound config Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2016-10-12 22:51:35 +02:00
Michael Tremer	3a52755b97	core106: Ship changed pakfire.cgi This was actually changed over a year ago, but was never shipped in an update. Commit `212fd689a3` Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2016-10-10 12:05:01 +01:00
Michael Tremer	b32a8aefa2	core106: Ship updated iptables.cgi file Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2016-10-10 12:04:24 +01:00
Arne Fitzenreiter	0807ce69ee	setclock: prevent time bacjump by empty rtc batteries This is a work around to prevent not working dns resolution if the time jumps before the DNSSec signing key. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2016-10-08 15:43:54 +02:00
Michael Tremer	71cf56fe53	core106: Restart DHCP server to import leases into DNS Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2016-10-06 10:41:54 +01:00
Michael Tremer	eef9b2529c	setup: Store passwords in SHA format htpasswd doesn't protect passwords very well. MD5 was used before and now any newly created passwords will use the SHA format. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2016-10-04 22:41:48 +01:00
Arne Fitzenreiter	e3a90a5736	Revert "core106: Add DNS root key to exclude list" This reverts commit `f58002a83f`.	2016-10-04 22:05:26 +02:00
Michael Tremer	52587edac4	core106: Ship updated libidn Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2016-10-03 11:45:36 +01:00
Arne Fitzenreiter	642b831b72	Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next	2016-10-02 16:36:57 +02:00
Arne Fitzenreiter	e24d6112bb	index.cgi: display unbound dns servers Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2016-10-02 16:35:50 +02:00
Michael Tremer	5edc06b701	Remove IPAC stuff This is unused for a very very very long time and serves no purpose any more. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2016-10-02 15:13:55 +01:00
Arne Fitzenreiter	cc60329d88	Add search domain to /etc/resolv.conf at boot time unbound does not append the local domain to the request any more (like dnsmasq did). Therefore, the client needs to do that if desired. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2016-10-02 15:32:14 +02:00
Arne Fitzenreiter	f58002a83f	core106: Add DNS root key to exclude list Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2016-10-02 13:36:07 +02:00
Michael Tremer	a1de9f6fc9	core106: Ship updated /etc/login.defs Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2016-10-01 18:56:42 +01:00
Arne Fitzenreiter	829435bea3	ntp: fix wait for red if dhcp or wpasupplicant is running. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2016-09-27 20:15:53 +02:00
Arne Fitzenreiter	b547554aea	core106: ship mt7601u firmware. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2016-09-27 19:20:14 +02:00
Michael Tremer	92aebbcddd	Revert "libjpeg: update to 1.4.2" This reverts commit `feba68e4af`. Breaks building netpbm Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2016-09-27 09:44:49 +01:00
Michael Tremer	e26a93322d	core106: Add recently updated packages, etc. This update removes dnsmasq and replaces it with unbound. Also many packages are updated and shipped. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2016-09-26 21:03:33 +01:00
Michael Tremer	59bddc7989	Start Core Update 106 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2016-09-26 20:25:22 +01:00
Arne Fitzenreiter	2d850c7944	core105: add openssl sse2 binaries Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2016-09-23 10:30:34 +02:00
Arne Fitzenreiter	e4ee7f0317	core105: fix rootfile. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2016-09-22 17:44:06 +02:00
Michael Tremer	3bc177eec5	openssl: Update to 1.0.2i https://www.openssl.org/news/openssl-1.0.2-notes.html This release fixes various security flaws: * OCSP Status Request extension unbounded memory growth (CVE-2016-6304) * SWEET32 Mitigation (CVE-2016-2183) * OOB write in MDC2_Update() (CVE-2016-6303) * Malformed SHA512 ticket DoS (CVE-2016-6302) * OOB write in BN_bn2dec() (CVE-2016-2182) * OOB read in TS_OBJ_print_bio() (CVE-2016-2180) * Pointer arithmetic undefined behaviour (CVE-2016-2177) * Constant time flag not preserved in DSA signing (CVE-2016-2178) * DTLS buffered message DoS (CVE-2016-2179) * DTLS replay protection DoS (CVE-2016-2181) * Certificate message OOB reads (CVE-2016-6306) Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2016-09-22 12:03:56 +01:00
Michael Tremer	8bbed7a5b6	core105: Ship security update for libgcrypt Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2016-09-22 10:30:28 +01:00
Michael Tremer	c4a1169ed9	Start Core Update 105 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2016-09-22 10:28:36 +01:00
Arne Fitzenreiter	40607f8126	core104: revert adding customservices. simply adding may use id's twice if the user has added other services so we don't update this files. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2016-08-07 17:08:44 +02:00
Arne Fitzenreiter	1159f711c8	core104: add changed files customservices and openssh. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2016-08-06 12:09:44 +02:00
Michael Tremer	afc0f6e884	Merge remote-tracking branch 'stevee/guardian-2.0' into next	2016-08-02 12:18:29 +01:00
Arne Fitzenreiter	9a300ee8b5	core104: ship screen old binary is linked against libshadow.0* Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2016-07-29 18:57:49 +02:00
Stefan Schantl	6a5b83f80d	Core 104: Add for guardian changed files to core update. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>	2016-07-29 15:40:30 +02:00
Arne Fitzenreiter	5a53d5947d	core104: add kernel to updater Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2016-07-28 18:12:13 +02:00
Michael Tremer	c48a24dc14	core104: Include recent changes Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2016-07-20 16:49:11 +01:00
Michael Tremer	3b7d73d1d4	Fix potential HTTPoxy vulnerability https://httpoxy.org/ Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2016-07-19 15:02:16 +01:00
Michael Tremer	035e2b4a9b	core104: Ship recently updated which Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2016-07-16 10:57:04 +01:00
Michael Tremer	19a4317093	core104: Ship recently updated packages Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2016-07-14 23:36:49 +01:00
Michael Tremer	cc97d7b417	collectd: Ignore phys, macvtap and vnet* interfaces Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2016-07-13 16:55:29 +01:00
Michael Tremer	dc2e0320d3	core104: Ship updated libarchive Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2016-06-27 23:18:39 +01:00
Stefan Schantl	f7029f2057	core 104: Add updated snort. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>	2016-06-22 14:19:24 +02:00
Stefan Schantl	fee796dcb7	core 104: Add changed ids.cgi. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>	2016-06-22 14:18:36 +02:00
Stefan Schantl	60ef4f6704	Add updated ddns to core 104. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>	2016-06-21 12:02:49 +02:00
Michael Tremer	0204a3c5bf	core104: Ship updated shadow-utils and remove old files Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2016-06-17 13:07:10 +01:00

... 3 4 5 6 7 ...

1965 Commits