webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-14 21:12:59 +02:00
Code Issues Packages Projects Releases Wiki Activity
13,381 Commits 2 Branches 1 Tag
40407aee99546b4f25632bcaeb796d2a53cb1bcb
Commit Graph

13381 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Tremer
5876642d17 ffmpeg: Ship libraries correctly 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-03-19 18:07:49 +00:00
Matthias Fischer
27ef66c26c hdparm: Update to 9.55 
Changelogs against 9.53:

"hdparm-9.55:
	- added #include <sys/sysmacros.h> for major()/minor() macros

hdparm-9.54:
	- Partial revert of Jmicron changes, from Jan Friesse."

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-03-19 11:56:35 +00:00
Matthias Fischer
71e5a29c81 dmidecode 3.1: Added patch (Fix firmware version of TPM device) 
For details see:
http://git.savannah.gnu.org/cgit/dmidecode.git/commit/?id=174387405e98cd94c627832ae23abcb9be7e5623

"Both the operator (detected by clang, reported by Xorg) and the mask
for the minor firmware version field of TPM devices were wrong."

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-03-19 11:56:19 +00:00
Michael Tremer
35cdaa194a Fix python-m2crypto rootfile 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-03-19 11:52:44 +00:00
Michael Tremer
b2318b5e35 core120: Ship updated logrotate and restart unbound 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-03-18 13:51:38 +00:00
Matthias Fischer
9e9fdb39e6 unbound: Update to 1.7.0 
For details see:
http://www.unbound.net/download.html

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-03-18 13:49:40 +00:00
Matthias Fischer
399c2f9ccc logrotate: Update to 3.14.0 
For details see:
https://github.com/logrotate/logrotate/releases

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-03-18 13:44:27 +00:00
Matthias Fischer
4e316ae0a0 htop: Update to 2.1.0 
For details see:
https://hisham.hm/htop/index.php?page=downloads

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-03-18 13:44:25 +00:00
Matthias Fischer
9051f3c9d7 bind: Update to 9.11.3 
For details see:
http://ftp.isc.org/isc/bind9/9.11.3/RELEASE-NOTES-bind-9.11.3.html

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-03-18 13:44:19 +00:00
Matthias Fischer
1c1c1ac238 nano: Update to 2.9.4 
For details see:
https://www.nano-editor.org/news.php

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-03-18 13:44:14 +00:00
Matthias Fischer
8aeec0ba89 rsync: Update to 3.1.3 
For details see:
https://download.samba.org/pub/rsync/src/rsync-3.1.3-NEWS

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-03-18 13:44:12 +00:00
Erik Kapfer
e779b6bc7a PAM: Delete old lib and symlinks 
Core 119 update delivers an updated PAM whereby the libdir has been changed from /lib to /usr/lib
but the old libraries and symlinks are still presant. Since the system searches /lib before
/usr/lib , the old libs and symlinks are used which ends up in an `LIBPAM_EXTENSION_1.1' not found.

Signed-off-by: Erik Kapfer <erik.kapfer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-03-18 13:44:04 +00:00
Arne Fitzenreiter
62777ff407 kernel: update to 4.14.27 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-03-16 20:49:22 +01:00
Arne Fitzenreiter
1682e5fc69 kernel: drop rpi config 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-03-16 20:48:56 +01:00
Erik Kapfer
cdc1a0e901 OpenVPN: Update to version 2.4.5 
This is primarily a maintenance release, with further improved OpenSSL 1.1 integration, several minor bug fixes and other minor improvements.
Further information can be found in here https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst#version-245 and
here https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24 .

Signed-off-by: Erik Kapfer <erik.kapfer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-03-16 14:38:02 +00:00
Michael Tremer
35b892b0dd pakfire: Drop old key import mechanism 
This was error-prone and allowed to potentially inject another
key.

Fixes: #11539
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-03-16 14:37:21 +00:00
Michael Tremer
7d995c9f56 installer: Import the Pakfire key at install time 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-03-16 14:33:42 +00:00
Michael Tremer
ceed3534e1 core120: Import new pakfire PGP key 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-03-16 14:28:17 +00:00
Michael Tremer
5e5c2e5413 Import new Pakfire Signing Key 
We will swap the key that we use to sign Pakfire packages
since the current one is considered outdated cryptography.

Fixes: #11539

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-03-16 14:26:07 +00:00
Arne Fitzenreiter
bf19f5c6a0 kernel: drop rpi kernel 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-03-14 19:39:23 +01:00
Arne Fitzenreiter
ce8a4ba6a0 kernel: update to 4.14.26 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-03-13 11:37:36 +01:00
Arne Fitzenreiter
7fab74918d kernel: update to 4.14.25 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-03-09 23:05:06 +01:00
Stephan Feddersen
f0e9ed78a2 WIO: increment PAK_VER 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-03-09 15:39:56 +00:00
Stephan Feddersen via Development
c1fc92a9b8 WIO: Fix a problem with the Network-Table-Button 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-03-09 15:39:52 +00:00
Stephan Feddersen via Development
cc222a8e62 WIO: Fix some typos 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-03-09 15:39:50 +00:00
Stephan Feddersen via Development
a25c95b3a0 WIO: Update to Version 1.3.2 several changes in many files 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-03-09 15:39:48 +00:00
Matthias Fischer
d536c178ec ntp: Update to 4.2.8p11 
For details see:
http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities

"This release addresses five security issues in ntpd:

	LOW/MEDIUM: Sec 3012 / CVE-2016-1549 / VU#961909: Sybil vulnerability: ephemeral
	association attack
		While fixed in ntp-4.2.8p7, there are significant additional protections for
		this issue in 4.2.8p11.
		Reported by Matt Van Gundy of Cisco.
	INFO/MEDIUM: Sec 3412 / CVE-2018-7182 / VU#961909: ctl_getitem(): buffer read overrun
	leads to undefined behavior and information leak
		Reported by Yihan Lian of Qihoo 360.
	LOW: Sec 3415 / CVE-2018-7170 / VU#961909: Multiple authenticated ephemeral associations
		Reported on the questions@ list.
	LOW: Sec 3453 / CVE-2018-7184 / VU#961909: Interleaved symmetric mode cannot recover
	from bad state
		Reported by Miroslav Lichvar of Red Hat.
	LOW/MEDIUM: Sec 3454 / CVE-2018-7185 / VU#961909: Unauthenticated packet can reset
	authenticated interleaved association
		Reported by Miroslav Lichvar of Red Hat.

one security issue in ntpq:

	MEDIUM: Sec 3414 / CVE-2018-7183 / VU#961909: ntpq:decodearr() can write beyond its
	buffer limit
		Reported by Michael Macnair of Thales-esecurity.com.

and provides over 33 bugfixes and 32 other improvements."

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-03-07 18:44:04 +00:00
Matthias Fischer
cc4816a1af clamav 0.99.4: removed gcc patch 
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-03-07 18:43:44 +00:00
Michael Tremer
dcd60d274e core120: Ship updated qos.cgi 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-03-06 15:13:56 +00:00
Daniel Weismüller
20ffa7d1a8 As described in bug 11257 there is a mistake in the qos templates. The sum of the guaranteed bandwidth of the classes 101 - 120 is bigger than the available bandwidth. I adjusted the guaranteed bandwidth of the classes 101 - 104 so that each of them has a 
Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-03-06 15:13:16 +00:00
Michael Tremer
318434affb core120: Ship updated proxy.cgi 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-03-06 15:12:42 +00:00
Daniel Weismüller via Development
53d6755451 squid: Add RAM-only Proxy functionality 
As suggested by Oliver "giller" Fieker <oli@new-lan.de>
in bug 10592 I added the functionality to use the squid as ram-only cache.

Further it defines the maximum_object_size_in_memory
as 2% of the in the webif defined "Memory cache size".
The maximum_object_size_in_memory should have a useful
size of the defined memory cache and I don't want to
create another variable which muste be fulled in by the user.

Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org>
Suggested-by: Oliver "giller" Fieker <oli@new-lan.de>
Suggested-by: Kim Wölfel <xaver4all@gmx.de>
Acked-by: Michael Tremer <michael.tremer@ipfire.org>
Cc: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-03-06 15:12:17 +00:00
Michael Tremer
01bec95655 core120: Ship updated unbound init script 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-03-05 15:21:56 +00:00
Peter Müller
438da7e0a0 test if nameservers with DNSSEC support return "ad"-flagged data 
DNSSEC-validating nameservers return an "ad" (Authenticated Data)
flag in the DNS response header. This can be used as a negative
indicator for DNSSEC validation: In case a nameserver does not
return the flag, but failes to look up a domain with an invalid
signature, it does not support DNSSEC validation.

This makes it easier to detect nameservers which do not fully
comply to the RFCs or try to tamper DNS queries.

See bug #11595 (https://bugzilla.ipfire.org/show_bug.cgi?id=11595) for further details.

The second version of this patch avoids unnecessary usage of
grep. Thanks to Michael Tremer for the hint.

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-03-05 15:19:55 +00:00
Peter Müller
9d5e5eb012 Tor: update to 0.3.2.10 
Update Tor to 0.3.2.10, which fixes some security and DoS
issues especially important for relays.

The release notes are available at:
https://blog.torproject.org/new-stable-tor-releases-security-fixes-and-dos-prevention-03210-03110-02915

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Fixes: #11662
 2018-03-05 15:12:28 +00:00
Peter Müller
a12d488682 ClamAV: update to 0.99.4 
Update ClamAV to 0.99.4 which fixes four security issues
and compatibility issues with GCC 6 and C++ 11.

The release note can be found here: http://blog.clamav.net/2018/03/clamav-0994-has-been-released.html

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-03-05 15:11:55 +00:00
Michael Tremer
568a227bd3 vpnmain.cgi: Fix reading common names from certificates 
OpenSSL has changed the output of the subject lines of
certificates.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-03-01 19:59:14 +00:00
Arne Fitzenreiter
d5e0428c15 kernel: 4.14.23 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-02-28 16:20:17 +01:00
Michael Tremer
63b515dc26 apache: Require TLSv1.2 for access to the web user interface 
This will work fine for FF 27 or newer, Chrome 30 or newer,
IE 11 on Windows 7 or newer, Opera 17 or newer, Safari 9 or
newer, Android 5.0 or newer and Java 8 or newer

Since IPFire is not supposed to host any other applications and
all have been removed in the last few Core Updates, only the web
user interface is served over HTTPS here. We clearly prefer
security over compatibility.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-28 11:55:35 +00:00
Peter Müller
464426d363 change Apache TLS cipher list to "Mozilla Modern" 
Change the TLS cipher list of Apache to "Mozilla Modern".

ECDSA is preferred over RSA to save CPU time on both server
and client. Clients without support for TLS 1.2 and AES will
experience connection failures.

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-28 11:54:08 +00:00
Michael Tremer
263d1e6484 openssl: Apply ciphers patch before running Configure 
This works just fine here.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-28 11:49:47 +00:00
Peter Müller via Development
5929493445 set OpenSSL 1.1.0 DEFAULT cipher list to secure value 
Only use secure cipher list for the OpenSSL DEFAULT list:
* ECDSA is preferred over RSA since it is faster and more scalable
* TLS 1.2 suites are preferred over anything older
* weak ciphers such as RC4 and 3DES have been eliminated
* AES-GCM is preferred over AES-CBC (known as "mac-then-encrypt" problem)
* ciphers without PFS are moved to the end of the cipher list

This patch leaves AES-CCM, AES-CCM8 and CHACHA20-POLY1305 suites
where they are since they are considered secure and there is no
need to change anything.

The DEFAULT cipher list is now (output of "openssl ciphers -v"):

ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-ECDSA-AES256-CCM8 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESCCM8(256) Mac=AEAD
ECDHE-ECDSA-AES256-CCM  TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESCCM(256) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES128-CCM8 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESCCM8(128) Mac=AEAD
ECDHE-ECDSA-AES128-CCM  TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESCCM(128) Mac=AEAD
ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA384
ECDHE-ECDSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=Camellia(256) Mac=SHA384
ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA256
ECDHE-ECDSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=Camellia(128) Mac=SHA256
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(128) Mac=AEAD
ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA384
ECDHE-RSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=Camellia(256) Mac=SHA384
ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA256
ECDHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=Camellia(128) Mac=SHA256
DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(256) Mac=AEAD
DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH       Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD
DHE-RSA-AES256-CCM8     TLSv1.2 Kx=DH       Au=RSA  Enc=AESCCM8(256) Mac=AEAD
DHE-RSA-AES256-CCM      TLSv1.2 Kx=DH       Au=RSA  Enc=AESCCM(256) Mac=AEAD
DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES128-CCM8     TLSv1.2 Kx=DH       Au=RSA  Enc=AESCCM8(128) Mac=AEAD
DHE-RSA-AES128-CCM      TLSv1.2 Kx=DH       Au=RSA  Enc=AESCCM(128) Mac=AEAD
DHE-RSA-AES256-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA256
DHE-RSA-CAMELLIA256-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=Camellia(256) Mac=SHA256
DHE-RSA-AES128-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA256
DHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=Camellia(128) Mac=SHA256
ECDHE-ECDSA-AES256-SHA  TLSv1 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA1
ECDHE-ECDSA-AES128-SHA  TLSv1 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA1
ECDHE-RSA-AES256-SHA    TLSv1 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA1
ECDHE-RSA-AES128-SHA    TLSv1 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA1
DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH       Au=RSA  Enc=Camellia(256) Mac=SHA1
DHE-RSA-AES128-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA1
DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH       Au=RSA  Enc=Camellia(128) Mac=SHA1
AES256-GCM-SHA384       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(256) Mac=AEAD
AES256-CCM8             TLSv1.2 Kx=RSA      Au=RSA  Enc=AESCCM8(256) Mac=AEAD
AES256-CCM              TLSv1.2 Kx=RSA      Au=RSA  Enc=AESCCM(256) Mac=AEAD
AES128-GCM-SHA256       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(128) Mac=AEAD
AES128-CCM8             TLSv1.2 Kx=RSA      Au=RSA  Enc=AESCCM8(128) Mac=AEAD
AES128-CCM              TLSv1.2 Kx=RSA      Au=RSA  Enc=AESCCM(128) Mac=AEAD
AES256-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA256
CAMELLIA256-SHA256      TLSv1.2 Kx=RSA      Au=RSA  Enc=Camellia(256) Mac=SHA256
AES128-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA256
CAMELLIA128-SHA256      TLSv1.2 Kx=RSA      Au=RSA  Enc=Camellia(128) Mac=SHA256
AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
CAMELLIA256-SHA         SSLv3 Kx=RSA      Au=RSA  Enc=Camellia(256) Mac=SHA1
AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1
CAMELLIA128-SHA         SSLv3 Kx=RSA      Au=RSA  Enc=Camellia(128) Mac=SHA1

This has been discussed at 2017-12-04 (https://wiki.ipfire.org/devel/telco/2017-12-04)
and for a similar patch written for OpenSSL 1.0.x.

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-28 11:45:03 +00:00
Michael Tremer
e707599d2c core120: Call openvpnctrl with full path 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-28 10:48:29 +00:00
Arne Fitzenreiter
031ea15b00 kernel: update to 4.14.22 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-02-27 15:25:50 +01:00
Arne Fitzenreiter
1a7cfc2f10 Merge remote-tracking branch 'origin/core119' into kernel-4.14 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-02-27 12:38:18 +01:00
Arne Fitzenreiter
7eb86ee39e mpd: bump package to remove link against tcpwrapper 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-02-26 20:08:56 +01:00
Michael Tremer
ca4c354e08 Bump release of all packages linked against OpenSSL 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-26 16:28:16 +00:00
Michael Tremer
d192815e83 core120: Ship everything that is linked against OpenSSL 
This will make sure that everything is using the new version
of the library.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-26 16:22:32 +00:00
Michael Tremer
1c0cfaa594 Disable Path MTU discovery 
This seems to be a failed concept and causes issues with transferring
large packets through an IPsec tunnel connection.

This configures the kernel to still respond to PMTU ICMP discovery
messages, but will not try this on its own.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-26 15:37:49 +00:00
Michael Tremer
f0e308ab2f core120: Fix typo in initscript name 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-26 15:34:10 +00:00