webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-11 03:25:54 +02:00
Code Issues Packages Projects Releases Wiki Activity
15,213 Commits 2 Branches 1 Tag
3c73b7fbf02f29e4f4b9ca72bf22e480ca2cf74c
Commit Graph

3819 Commits

Author SHA1 Message Date
Erik Kapfer
aa4ed7637c iptraf-ng: Update to version 1.2.1 
Update includes several fixes and enhancements.
The full overview of changes are located in here --> https://github.com/iptraf-ng/iptraf-ng/blob/master/CHANGES .

rvnamed has been merged into iptraf-ng. Fix division by zero patch has been merged into new version, patch is not needed anymore. logrotate configuration for iptraf-ng has been included.

Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-09-30 09:58:51 +00:00
Michael Tremer
df8920100d exoscale: Fix assigning domain name 
The whole hostname was used as domain name because there
was no . in it where the string could have been split.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-09-29 13:47:09 +00:00
Michael Tremer
a7d8d35288 exoscale: Get SSH key from meta-data API 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-09-29 08:05:44 +00:00
Michael Tremer
9e09e1c47b setup: Remove tampering with MAC addresses 
There are NICs with 06: and we cannot simply replace the
first byte of the address.

I have no idea why this hack is needed and I believe we
do not need it at all.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-09-27 11:19:56 +00:00
Michael Tremer
e06d8de976 exoscale: Add cloud setup script 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-09-25 16:08:46 +00:00
Michael Tremer
5ae3706d20 cloud-init: Extend to support Exoscale 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-09-25 10:37:06 +00:00
Stefan Schantl
8be7a2206c libloc: Update to 0.9.4 
Also update to the shipped database to 2020-09-21.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-09-24 17:36:38 +00:00
Michael Tremer
b45faf9e70 IPsec: Bring down connections after reloading configuration 
It could happen that the remote peer re-established the connection
before "ipsec reload" removed it from the daemon.

Now, we write the configuration files first, reload them
and then bring down any connections that are still established.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-09-24 17:36:38 +00:00
Matthias Fischer
fcb991813b logwatch: Update to 7.5.4 
Sorry, there is no changelog available.

For a better overview I moved 'logwatch-7.3.6-date_manip6.patch' to a directory of its own.

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-09-24 17:36:38 +00:00
Michael Tremer
b171c68349 collectd: Link against libip4tc 
libiptc is no longer being shipped by iptables and has been split
into a version for IPv4 and IPv6.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-09-24 17:36:38 +00:00
Michael Tremer
57b277786e fontconfig: update to 2.13.1 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-09-24 17:36:37 +00:00
Arne Fitzenreiter
3a69555f90 kernel: add patch agains CVE-2020-14386 
fixes #12483

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-09-12 09:38:10 +02:00
Arne Fitzenreiter
9dafa28a1c Revert "kernel: add patch against CVE-2020-14386" 
This reverts commit f04023b1ca.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-09-11 22:16:27 +02:00
Arne Fitzenreiter
f04023b1ca kernel: add patch against CVE-2020-14386 
fixes #12483

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-09-11 21:27:15 +02:00
Arne Fitzenreiter
2c8819992e vim: update to 8.2 and fix crash with gcc-10 
the configure.ac has a bug that detects gcc-10 as gcc-1 and so not use
some quirks. Also there is a bug with FORTIFY-SOURCE=2 that crash
if the matchparen plugin is used (enabled by default).

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-08-29 18:08:57 +00:00
Michael Tremer
0e457b13ea smt: Fix check to detect if a system is running virtually 
/sys/hypervisor exists when a host has loaded the kvm modules.

Fixes: #12472
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-08-21 09:52:15 +00:00
Matthias Fischer
9ac5418613 zstd 1.4.5: Deleted obsolete files from '/src/paks/' 
No longer needed => deleted because of:
https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=c67ff7d72c2232b6994e1ff97277d4040711f97d

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-08-18 15:42:12 +00:00
Matthias Fischer
6b264af51b zstd 1.4.5: New package 
This packages adds a "lossless compression algorithm" - supported by 'rsync 3.2.1'.

For details see:
https://github.com/facebook/zstd/releases/tag/v1.4.5

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-08-17 17:54:55 +00:00
Stephan Feddersen
6a73c7b94c WIO: new french translation 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-08-17 10:08:16 +00:00
Stephan Feddersen
48aae162c6 WIO: code cleanup 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-08-17 10:08:14 +00:00
Peter Müller
159cab272a OpenSSL: remove ciphers without Forward Secrecy from default ciphersuite 
Ciphers not supplying (Perfect) Forward Secrecy are considered dangerous
since they allow content decryption in retrospect, if an attacker is
able to gain access to the servers' private key used for the
corresponding TLS session.

Since IPFire machines establish very few TLS connections by themselves, and
destinations (IPFire.org infrastructure, mirrors, IPS rule sources, etc.)
provide support for Forward Secrecy ciphers - some are even enforcing
them -, it is safe to drop support for anything else.

This patch reduces the OpenSSL default cipher list to:
TLS_AES_256_GCM_SHA384  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(256) Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any      Au=any  Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_128_GCM_SHA256  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(128) Mac=AEAD
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA384
ECDHE-ECDSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=Camellia(256) Mac=SHA384
ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA384
ECDHE-RSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=Camellia(256) Mac=SHA384
ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA256
ECDHE-ECDSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=Camellia(128) Mac=SHA256
ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA256
ECDHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=Camellia(128) Mac=SHA256
DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(256) Mac=AEAD
DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH       Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD
DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES256-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA256
DHE-RSA-CAMELLIA256-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=Camellia(256) Mac=SHA256
DHE-RSA-AES128-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA256
DHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=Camellia(128) Mac=SHA256
ECDHE-ECDSA-AES256-SHA  TLSv1 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA1
ECDHE-ECDSA-AES128-SHA  TLSv1 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA1
ECDHE-RSA-AES256-SHA    TLSv1 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA1
ECDHE-RSA-AES128-SHA    TLSv1 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA1
DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH       Au=RSA  Enc=Camellia(256) Mac=SHA1
DHE-RSA-AES128-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA1
DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH       Au=RSA  Enc=Camellia(128) Mac=SHA1

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-08-17 10:07:56 +00:00
Michael Tremer
6d6f306179 perl: Fix build in toolchain stage 
perl searches for headers and libraries in the wrong paths
and detects GCC 10 as GCC 1.x.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-08-16 10:29:43 +00:00
Michael Tremer
30ddc2e27a kbd: Update to 2.2.0 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-08-16 10:29:42 +00:00
Michael Tremer
8ba15ff89a syslinux: Fix build with GCC 10 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-08-16 10:29:42 +00:00
Michael Tremer
ac2d807d1c ipfire-netboot: Fix build with GCC 10 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-08-16 10:29:42 +00:00
Michael Tremer
fed525f280 7zip: Fix build against GCC 10 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-08-16 10:29:42 +00:00
Arne Fitzenreiter
f8561a5c16 grub: update to 2.04 
fixes: #12463

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Acked-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-08-14 15:10:14 +00:00
Michael Tremer
8531a9503c smt: Do not disable SMT in virtual machines 
Processors in virtual machines are *virtual*. Therefore this
only degrades the performance of the guest, but does not increase
it's security.

This patch always leaves SMT enabled in all virtual environments.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-08-05 18:51:43 +00:00
Michael Tremer
138c94a96d oci: Add automatic configuration script 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-08-05 18:51:38 +00:00
Michael Tremer
7c24a0d973 oci: Add detection for Oracle Cloud 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-08-05 18:51:33 +00:00
Arne Fitzenreiter
03cd6810d3 libloc: fix i586 perl module 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-08-03 19:52:38 +02:00
Stefan Schantl
99659ce50b libloc: Only update database once a week 
Ensure to download and update the database only once a week, even the
script will be called by cron each hour.

Fixes #12462.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-07-29 17:15:56 +00:00
Michael Tremer
e43c3206d3 network: Fix typo for MTU value 
Reported here:

  https://community.ipfire.org/t/strange-etc-init-d-networking-any-for-blue/2831

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-07-28 18:33:33 +00:00
Michael Tremer
2ae1c23f62 location: Restart IPsec after firewall was restarted 
strongswan creates rules in iptables which are being dropped when
the firewall is being restarted.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-07-28 18:32:20 +00:00
Arne Fitzenreiter
be03f10353 libloc: use regular stack-protector on i586 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-07-22 20:46:13 +02:00
Stefan Schantl
99f8980dec libloc: Add upstream patch to fix a buffer issue. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-07-21 11:09:54 +00:00
Stefan Schantl
cb4860794b libloc: Apply patch to compile the perl module without stack protector. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-07-21 11:09:51 +00:00
Stefan Schantl
bbaf9bdf21 convert-to-location: Regenerate firewall chains. 
The firewall chain for location based rules has been renamed to
LOCATIONBLOCK and therefore the fiewall needs to be restarted and
the chains regenerated.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-07-12 05:31:41 +00:00
Stefan Schantl
d047b493aa convert-to-location: Fix double patch declaration 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-07-12 05:31:39 +00:00
Stefan Schantl
af7f9fc43d :xMerge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next-switch-to-libloc 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2020-07-03 18:48:30 +02:00
Stephan Feddersen
cc864e3d12 WIO - shutdown function removed, adjustments to IPsec status display 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-07-01 12:22:12 +00:00
Stephan Feddersen
9755fdf9d2 WIO - shutdown function removed, adjustments to IPsec status display 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-07-01 12:22:08 +00:00
Stephan Feddersen
cf07214a9c WIO - shutdown function removed, adjustments to IPsec status display 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-07-01 12:22:07 +00:00
Stephan Feddersen
b3f7628a9f WIO - hutdown function removed, adjustments to IPsec status display 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-07-01 12:22:03 +00:00
Stephan Feddersen
9c5dbb24e0 WIO - shutdown function removed, adjustments to IPsec status display 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-07-01 12:21:56 +00:00
Stephan Feddersen
391a24591e WIO - shutdown function removed, adjustments to IPsec status display 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-07-01 12:21:51 +00:00
Stephan Feddersen
445c4ccd1e WIO - cleaned up language files 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-07-01 12:21:49 +00:00
Michael Tremer
78b65ea7e3 firewall: Configure TRACE target to log to syslog 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-07-01 12:12:59 +00:00
Arne Fitzenreiter
5f34a67205 installer: update filecount 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-27 12:27:10 +02:00
Adolf Belka
3b887740e8 bacula: Update to 9.6.5 
- Update bacula from version 9.0.6 to 9.6.5
  Version 9.0.6 is over two and a half years old.
- Update config options in lfs to include bacula recommended smartalloc option.
  "This enables the inclusion of the Smartalloc orphaned buffer detection
  code. This option is highly recommended. Because we never build without this option,
  you may experience problems if it is not enabled. In this case, simply re-enable the
  option. We strongly recommend keeping this option enabled as it helps detect memory
  leaks. This configuration parameter is used while building Bacula"
- Add install, uninstall and update files in src/paks/bacula
- Updated backup/includes to backup the config file and the File Daemon state file.

Signed-off-by: Adolf Belka <ahb.ipfire@gmail.com>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-06-19 17:14:59 +00:00