webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-14 21:12:59 +02:00
Code Issues Packages Projects Releases Wiki Activity
15,289 Commits 2 Branches 1 Tag
42ebeaa88ef4debd332bd4ac2cf23ae3709bbc26
Commit Graph

7749 Commits

Author SHA1 Message Date
Michael Tremer
7dea42ae84 samba: Drop PDC default configuration 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-13 17:06:17 +01:00
Michael Tremer
be1554336d samba: Export all printers from CUPS 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-13 17:06:16 +01:00
Michael Tremer
97722ab69d samba: Remove printer management 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-13 17:06:16 +01:00
Michael Tremer
a88ea3463c samba: Remove help popup 
This is outdated and should be put into the wiki.

It is also some very ugly JS.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-13 17:06:16 +01:00
Michael Tremer
5aa5f6777a samba: Remove reset options 
This only requires that we have to change multiple files with
the same settings.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-13 17:06:16 +01:00
Michael Tremer
13e455aec7 samba: Log to syslog 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-13 17:06:16 +01:00
Michael Tremer
7a60353472 samba: Remove any options left to default value in global section 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-13 17:06:16 +01:00
Michael Tremer
2a4ac08fcc samba: Remove deprecated encrypt/null passwords options 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-13 17:06:15 +01:00
Michael Tremer
971f93ab12 Merge remote-tracking branch 'origin/master' into next 2020-10-12 20:21:09 +00:00
Michael Tremer
a836a2787c core151: Remove multiple calls of rm 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-12 20:07:30 +00:00
Matthias Fischer
decb7e61f1 update.sh: Delete obsolete files from Net-DNS 1.25 
Fixes Bug #12491

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-12 20:06:42 +00:00
Michael Tremer
79131c6e47 firewall hits graph: Fix order of values 
The fields were mixed up and therefore graph showed incorrect
values.

Fixes: #12496
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-12 10:27:15 +00:00
Matthias Fischer
add03100a5 nano: Update to 5.3 
For details see:
https://www.nano-editor.org/news.php

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-12 10:07:42 +00:00
Michael Tremer
63d55ec0c9 core152: Ship knot 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-12 10:07:27 +00:00
Michael Tremer
b98d3a7e10 core152: Ship unbound 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-12 10:06:22 +00:00
Matthias Fischer
14f02911df unbound: Update to 1.12.0 
For details see:
https://lists.nlnetlabs.nl/pipermail/unbound-users/2020-October/006979.html

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-12 10:04:28 +00:00
Michael Tremer
e0aad107b5 Merge branch 'master' into next 2020-10-10 11:49:07 +00:00
Michael Tremer
a9f69cbf01 core151: Apply local SSH configuration 
Fixes: #12494
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-10 11:48:26 +00:00
Michael Tremer
5e4f76bb71 core151: Ship /etc/os-release 
Fixes: #12495
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-10 11:43:44 +00:00
Jonatan Schlag
bd78dec95b Borgbackup: Ship testsuite also for i586 and armv5tel 
Fixes: #12438

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-10 11:42:09 +00:00
Michael Tremer
d5808f3095 core152: Fix typo in rootfile 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-07 14:27:29 +00:00
Michael Tremer
b67f02d512 /var/ipfire/ethernet/settings: Drop BROADCAST variable 
This variable is no longer being used and was only used to
assign IP addresses to the individual interfaces.

However, the kernel knows best which IP address to select
as broadcast address for each network. Therefore we depend
on the kernel which allows us to support RFC3021.

Fixes: #12486 - no /31 transfer net available on red
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-07 11:46:46 +00:00
Michael Tremer
ffd8eafa52 libtalloc: Move to /usr and drop Python module 
We do not use the Python module and can therefore
only have one rootfile for all architectures.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 16:35:26 +00:00
Michael Tremer
7bdfa67a4b python3: Rootfile update for i586 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 16:21:09 +00:00
Michael Tremer
5f6f2e0b7c python3: Update rootfile for armv5tel 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 15:13:54 +00:00
Michael Tremer
bcbcd15f64 Revert "core152: Load changed /etc/sysctl.conf" 
This reverts commit b125988d3f.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 12:26:43 +00:00
Michael Tremer
a9d90b1b3f Revert "sysctl.conf: prevent autoloading of TTY line disciplines" 
This reverts commit 14c65ab71c.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 12:26:26 +00:00
Arne Fitzenreiter
42fca29033 libtalloc: add new package because samba4 not provide this anymore 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 12:20:09 +00:00
Arne Fitzenreiter
1dd31d858e samba: update to 4.13.0 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 12:19:04 +00:00
Arne Fitzenreiter
b3e5529459 samba: remove SO_xxxBUF size definitions from default config 
this option is not recommended for samba4

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 12:19:01 +00:00
Arne Fitzenreiter
bbcaca5662 perl-Parse-Yapp: add package 
samba4 depends on this perl module

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 12:18:58 +00:00
Arne Fitzenreiter
2598b19088 samba: default.global: remove unsuppoted "map to guest = false" 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 12:18:56 +00:00
Michael Tremer
6d5de038d0 core152: Ship Python 3 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 12:16:46 +00:00
Peter Müller
2ab916576f Python3: update to 3.8.2 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 12:14:32 +00:00
Peter Müller
3c73b7fbf0 python3-botocore: update to 1.16.1 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 12:13:06 +00:00
Peter Müller
33e86e2d4e python3-colorama: update to 0.4.3 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 12:12:59 +00:00
Peter Müller
a1e3c67cad python3-dateutil: update to 2.8.1 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 12:12:54 +00:00
Peter Müller
85bf02ab09 python3-docutils: update to 0.16 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 12:12:45 +00:00
Peter Müller
7597a209ea python3-jmespath: update to 0.9.5 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 12:12:36 +00:00
Peter Müller
a4de7e7b0a python3-pyasn1: update to 0.4.8 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 12:10:26 +00:00
Peter Müller
1be989f46d python3-rsa: update to 4.0 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 12:10:18 +00:00
Peter Müller
9a2f6c5d8a python3-s3transfer: update to 0.3.3 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 12:09:57 +00:00
Peter Müller
06c3032442 python3-six: update to 1.14.0 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 12:09:37 +00:00
Michael Tremer
27bd3dfcef core152: Ship Python 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 12:09:07 +00:00
Arne Fitzenreiter
8f19090504 python: update to 2.7.18 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 12:07:34 +00:00
Michael Tremer
b125988d3f core152: Load changed /etc/sysctl.conf 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 12:05:11 +00:00
Peter Müller
14c65ab71c sysctl.conf: prevent autoloading of TTY line disciplines 
Malicious/vulnerable TTY line disciplines have been subject of some
kernel exploits such as CVE-2017-2636, and since - to put it in Greg
Kroah-Hatrman's words - we do not "trust the userspace to do the right
thing", this reduces local kernel attack surface.

Further, there is no legitimate reason why an unprivileged user should
load kernel modules during runtime, anyway.

See also:
- https://lkml.org/lkml/2019/4/15/890
- https://a13xp0p0v.github.io/2017/03/24/CVE-2017-2636.html

Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Cc: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 12:04:14 +00:00
Michael Tremer
6ec99a3372 Start Core Update 152 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 12:03:34 +00:00
Peter Müller
b7b65e736e sysctl.conf: prevent unintentional writes into attacker-controlled files and FIFOs 
Similar to hard- and symlink protection introduced a while ago, this
patch enables protections against unintentional writes into
attacker-controlled regular files or FIFOs, where a program expected to
create new ones. This makes exploiting TOCTOU flaws harder.

See also: https://www.kernel.org/doc/Documentation/sysctl/fs.txt

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-05 15:07:47 +00:00
Erik Kapfer
22a6277fc9 freeradius: Update to version 3.0.21 
Update includes several fixes (incl. CVE-2019-17185) and feature improvements.
A full overview of all changes can be found in here --> https://raw.githubusercontent.com/FreeRADIUS/freeradius-server/v3.0.x/doc/ChangeLog .

The freeradius-no-buildtime-cert-gen patch applies also with this version.

Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-02 14:59:23 +00:00