Commit Graph

6051 Commits

Author SHA1 Message Date
Arne Fitzenreiter
44b227b102 kernel: update to 4.14.154
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-11-14 22:12:12 +01:00
Peter Müller
1ec32691e9 intel-microcode: update to 20191112
For release notes, refer to:
- https://blogs.intel.com/technology/2019/11/ipas-november-2019-intel-platform-update-ipu/
- https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20191112

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-11-13 19:58:08 +00:00
Arne Fitzenreiter
510a670253 qemu: remove sdl from dependency list
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-11-13 19:56:11 +00:00
Arne Fitzenreiter
d8bef72e76 qemu: switch to xz compressed source
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-11-13 19:55:17 +00:00
Peter Müller
415fb8b5bd bash: update to 5.0 (patchlevel 11)
The third version of this patch also includes patches 1-11
for version 5.0, drops orphaned 4.3 patches, and fixes rootfile
mistakes reported by Arne.

Please refer to https://tiswww.case.edu/php/chet/bash/bashtop.html
for release notes.

Cc: Michael Tremer <michael.tremer@ipfire.org>
Cc: Arne Fitzenreiter <arne_f@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-11-13 19:42:59 +00:00
Peter Müller
c82aa03e2c readline: update to 8.0 (patchlevel 1)
The third version of this patch fixes missing rootfile changes, drops
orphaned readline 5.2 patches (as they became obsolete due to
readline-compat changes), includes readline 8.0 upstream patch, and
keeps the for-loop in LFS file (as commented by Michael).

Cc: Michael Tremer <michael.tremer@ipfire.org>
Cc: Arne Fitzenreiter <arne_f@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-11-13 19:42:43 +00:00
peter.mueller@ipfire.org
f7b1fe542f readline-compat: update to 6.3
This is necessary as many add-ons still need readline-compat as they
cannot link against readline 8.0, yet.

Reported-by: Arne Fitzenreiter <arne_f@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-11-13 19:42:31 +00:00
Stephan Feddersen
83596e7059 wio-1.3.2-7: fixed bug with arp client import
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-11-13 19:41:37 +00:00
Stefan Schantl
4ae9d47ba3 ddns: Import rename NoIP.com handle back to no-ip.com patch
This patch is required for compatiblity reasons for any existing
configurations.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-11-13 19:40:52 +00:00
Jonatan Schlag
9cc131cc5a Update qemu to version 4.1.0
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-11-13 19:40:39 +00:00
Jonatan Schlag
f64cbda3d1 qemu: disable sdl and documentation
A newer version of qemu does not build anymore with our version of sdl. I
tried around a little bit and as I have not got a clue why we are using
sdl (spice and remote access still works)  I think we should disable it.

I disabled the generation of the documentation as well but this switch
does not seem to have any effect.

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-11-13 19:40:29 +00:00
Jonatan Schlag
5cc921b474 Libvirt: enable lvm
This was requested in the forum:

https://forum.ipfire.org/viewtopic.php?f=17&t=21872&p=120243&hilit=lvm#p120243

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-11-13 19:39:33 +00:00
Jonatan Schlag
62e116567a Libvirt: update to version 5.6.0
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-11-13 19:39:20 +00:00
Jonatan Schlag
3e5d4e6f83 libvirt: use a custom config file
The patch which adjusts the options for IPFire in the libvirtd.conf does
not apply in a newer version of libvirt. Creating this patch is harder
than to use a separate config file.

This separate config file also enables us to adjust options much faster.

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-11-13 19:38:59 +00:00
Jonatan Schlag
8d82903c0d Libvirt: disable Wireshark
When I try to build libvirt a second-time without ./make.sh clean
between the two builds, libvirt tries to link against Wireshark and
fails.
This configure option solves the problem.

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-11-13 19:38:29 +00:00
Matthias Fischer
7487e2340e squid: Update to 4.9
For details see:
http://www.squid-cache.org/Versions/v4/changesets/

Fixes CVE-2019-12526, CVE-2019-12523, CVE-2019-18676, CVE-2019-18677, CVE-2019-18678 and
CVE-2019-18679

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-11-13 19:36:35 +00:00
Stefan Schantl
527c3f39b8 ddns: Import upstream patch for NoIP.com
Reference: #11561.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-11-13 19:36:11 +00:00
Stefan Schantl
3e9f88bc65 ddns: Update to 012
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-11-13 19:31:42 +00:00
Matthias Fischer
e93959a7aa logwatch: Update to 7.5.2
For details see:
https://build.opensuse.org/package/view_file/server:monitoring/logwatch/ChangeLog?expand=1

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-11-13 19:11:09 +00:00
peter.mueller@ipfire.org
e153efaf11 OpenSSL: drop preferring of Chacha20/Poly1305 over AES-GCM
As hardware acceleration for AES is emerging (Fireinfo indicates
30.98% of reporting installations support this, compared to
28.22% in summer), there is no more reason to manually prefer
Chacha20/Poly1305 over it.

Further, overall performance is expected to increase as server
CPUs usually come with AES-NI today, where Chacha/Poly would
be an unnecessary bottleneck. Small systems without AES-NI,
however, compute Chacha/Poly measurable, but not significantly faster,
so there only was a small advantage of this.

This patch changes the OpenSSL default ciphersuite to:

TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any      Au=any  Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_256_GCM_SHA384  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(256) Mac=AEAD
TLS_AES_128_GCM_SHA256  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(128) Mac=AEAD
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA384
ECDHE-ECDSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=Camellia(256) Mac=SHA384
ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA384
ECDHE-RSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=Camellia(256) Mac=SHA384
ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA256
ECDHE-ECDSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=Camellia(128) Mac=SHA256
ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA256
ECDHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=Camellia(128) Mac=SHA256
DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(256) Mac=AEAD
DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH       Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD
DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES256-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA256
DHE-RSA-CAMELLIA256-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=Camellia(256) Mac=SHA256
DHE-RSA-AES128-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA256
DHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=Camellia(128) Mac=SHA256
ECDHE-ECDSA-AES256-SHA  TLSv1 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA1
ECDHE-ECDSA-AES128-SHA  TLSv1 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA1
ECDHE-RSA-AES256-SHA    TLSv1 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA1
ECDHE-RSA-AES128-SHA    TLSv1 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA1
DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH       Au=RSA  Enc=Camellia(256) Mac=SHA1
DHE-RSA-AES128-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA1
DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH       Au=RSA  Enc=Camellia(128) Mac=SHA1
AES256-GCM-SHA384       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(256) Mac=AEAD
AES128-GCM-SHA256       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(128) Mac=AEAD
AES256-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA256
CAMELLIA256-SHA256      TLSv1.2 Kx=RSA      Au=RSA  Enc=Camellia(256) Mac=SHA256
AES128-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA256
CAMELLIA128-SHA256      TLSv1.2 Kx=RSA      Au=RSA  Enc=Camellia(128) Mac=SHA256
AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
CAMELLIA256-SHA         SSLv3 Kx=RSA      Au=RSA  Enc=Camellia(256) Mac=SHA1
AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1
CAMELLIA128-SHA         SSLv3 Kx=RSA      Au=RSA  Enc=Camellia(128) Mac=SHA1

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-11-13 19:01:19 +00:00
Erik Kapfer
a0926f75e0 OpenVPN: Update to version 2.4.8
This is primarily a maintenance release with bugfixes and improvements. All changes can be overviewed in here -->
https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24 .

Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-11-13 18:51:21 +00:00
Erik Kapfer
cb41e4a9a9 libarchiv: Update to version 3.4.0
Version 3.4.0 is a feature and security release. The changelog can be found in here --> https://github.com/libarchive/libarchive/releases .

Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-11-13 18:45:32 +00:00
Erik Kapfer
bc456dd750 lz4: Update to version 1.9.2
Several fixes and improvements has been integrated. The changes list through the different versions since
the current version 1.8.1.2 can be found in here --> https://github.com/lz4/lz4/releases

Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-11-13 18:43:04 +00:00
peter.mueller@ipfire.org
d5ccd924e0 update ca-certificates CA bundle
Update the CA certificates list to what Mozilla NSS ships currently.

The original file can be retrieved from:
https://hg.mozilla.org/mozilla-central/raw-file/tip/security/nss/lib/ckfw/builtins/certdata.txt

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-11-13 18:39:50 +00:00
peter.mueller@ipfire.org
c772b7550c Tor: fix permissions of /var/ipfire/tor/torrc after installation
Fixes #12220

Reported-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-10-29 19:50:32 +00:00
Michael Tremer
a42dfb216d speedtest-cli: Use Python 3 instead of Python 2
This seems to be required although the documentation says
that Python 2 is supported.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-10-29 13:17:11 +00:00
Michael Tremer
45a3168ef1 python3: Bump release version to redistribute package
Python 3 was linked against an old version of OpenSSL on my
system and to avoid this, we need to ship it again being built
against the current version of it.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-10-29 13:17:07 +00:00
Matthias Fischer
4ba4645d12 bind: Update to 9.11.12
For details see:
https://downloads.isc.org/isc/bind9/9.11.12/RELEASE-NOTES-bind-9.11.12.html

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-10-21 19:01:32 +00:00
Michael Tremer
951a9f9ba0 linux+iptables: Drop support for IMQ
This is no longer needed since we are using IFB now

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-10-21 18:58:08 +00:00
Arne Fitzenreiter
c27fdd8697 Revert "linux+iptables: Drop support for IMQ"
This reverts commit 59b9a6bd22.
2019-10-20 20:20:26 +00:00
Arne Fitzenreiter
596c71d07f kernel: update to 4.14.150
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-10-18 23:07:44 +02:00
Arne Fitzenreiter
cafef39aa2 Revert "suricata: Enable rust support"
This reverts commit 5b87687cb1.
2019-10-18 20:39:47 +02:00
Arne Fitzenreiter
52d57e9748 rust: disabled build
rust build code with illegal instructions on armv5tel
so this need more checking

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-10-18 20:37:50 +02:00
Arne Fitzenreiter
a2c2c4c74c Revert "dhcpcd: Update to 8.0.2"
This reverts commit 0184e5806d.
2019-10-15 07:50:12 +00:00
Arne Fitzenreiter
3cbed67644 Revert "dhcpcd: Update to 8.0.3"
This reverts commit 8a001e556c.
2019-10-15 07:49:31 +00:00
Arne Fitzenreiter
5867db5808 Revert "dhcpcd: Update to 8.0.6"
This reverts commit a4bb11243f.
2019-10-15 07:48:56 +00:00
Arne Fitzenreiter
0e60713ff0 Revert "dhcpcd: Update to 8.1.0"
This reverts commit 4863f2096c.
2019-10-15 07:48:12 +00:00
Arne Fitzenreiter
049fd235c6 Revert "bash: update to 5.0"
This reverts commit 700f11b305.
2019-10-15 07:38:21 +00:00
Arne Fitzenreiter
13cd0bbc1f Revert "readline: update to 8.0"
This reverts commit 6e8e8ee41c.
2019-10-15 07:37:54 +00:00
Michael Tremer
59b9a6bd22 linux+iptables: Drop support for IMQ
This is no longer needed since we are using IFB now

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-10-14 18:02:55 +00:00
peter.mueller@ipfire.org
41fe437400 fix typo in hostapd initscript
Fixes: #11237

Reported-by: Tom Rymes <tomvend@rymes.com>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-10-14 17:40:25 +00:00
peter.mueller@ipfire.org
04a42c81f5 rust: fix year in LFS file
Tempus fugit, I know... :-)

Cc: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-10-14 17:37:33 +00:00
Erik Kapfer
f3acac7f11 ipset: Update to version 7.3
Some kernel part fixes are included. For a overview of the changelog,
take a look in here --> http://ipset.netfilter.org/changelog.html .

Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-10-14 17:15:16 +00:00
peter.mueller@ipfire.org
6e8e8ee41c readline: update to 8.0
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-10-14 17:12:03 +00:00
peter.mueller@ipfire.org
700f11b305 bash: update to 5.0
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-10-14 17:11:59 +00:00
Matthias Fischer
4863f2096c dhcpcd: Update to 8.1.0
For details see:
https://roy.marples.name/blog/dhcpcd-8-1-0-released

"DragonFlyBSD: Improved rc.d handling
Fix carrier status after a route socket overflow
Allow domain spaced options
DHCP: Allow not sending Force Renew Nonce or Reconf Accept
IPv4LL: Now passes Apple Bonjour test versions 1.4 and 1.5
ARP: Fix a typo and remove pragma (thus working with old gcc)
DHCP6: Fix a cosmetic issue with infinite leases
DHCP6: SLA 0 and Prefix Len 0 will now add a delegated /64 address
Ignore some virtual interfaces such as Tap and Bridge by default
BPF: Move validation logic out of BPF and back into dhcpcd"

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-10-13 06:08:05 +00:00
Arne Fitzenreiter
778dd44789 kernel: update to 4.14.149
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-10-12 13:12:03 +02:00
Arne Fitzenreiter
f2e7d2bf50 rust: fix typo
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-10-08 19:49:01 +00:00
Arne Fitzenreiter
2228871e3e rust: fix md5 sums for i586 and arm
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-10-08 19:44:54 +00:00
Stefan Schantl
5b87687cb1 suricata: Enable rust support
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-10-08 19:08:37 +00:00