webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-13 20:42:58 +02:00
Code Issues Packages Projects Releases Wiki Activity
10,364 Commits 2 Branches 1 Tag
4bdbf22ee4609aed3cc378f80a1eb656ed68a634
Commit Graph

10364 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Arne Fitzenreiter
4bdbf22ee4 kernel: fix CVE-2016-5159 (Dirty COW) 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2016-10-22 20:20:22 +02:00
Arne Fitzenreiter
ed7a7f77db kernel: add support aes-ni support for aes-192 and 256 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2016-10-22 16:52:40 +02:00
Arne Fitzenreiter
5a2ebd32c0 Merge branch 'master' into next 2016-10-22 10:33:46 +02:00
Arne Fitzenreiter
86667d0c7a core106: set version to 106 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2016-10-15 23:52:07 +02:00
Michael Tremer
96473f525d Revert "setup: Store passwords in SHA format" 
This reverts commit eef9b2529c.

It appears that htpasswd is not salting any passwords that are
stored with the SHA (-s) algorithm. MD5 passwords however are
salted.

That leads us to the conclusion that the "MD5 algorithm" in htpasswd
is more secure than the "SHA algorithm" although the hash function
itself should be stronger.

With a rainbow table, cracking "SHA" is easily done.

A rainbow table for "MD5" + salt would be way too large to be
efficiently stored.

Hence this commit is reverted to old behaviour to avoid the clear
failure of design in SHA.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
 2016-10-15 22:38:01 +01:00
Michael Tremer
6920fbe86d unbound: Omit reverse PTRs if address equals GREEN 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-10-15 22:34:43 +01:00
Michael Tremer
13e6019b92 unbound-dhcp-bridge: Make leases unique by IP address 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-10-15 22:34:35 +01:00
Michael Tremer
9324732071 unbound-dhcp-bridge: Only update cache when lease was added/removed 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-10-15 22:34:29 +01:00
Michael Tremer
a3f77ded65 unbound-dhcp-bridge: Rewrite update algorithm 
Before the bridge tries reading any existing leases from unbound
but this makes it difficult to destinguish between what is a DHCP lease,
static host entry or anything else.

This patch will change the bridge back to just remember what has been
added to the cache already which makes it easier to keep track.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-10-15 22:34:23 +01:00
Michael Tremer
cd4437eaa7 unbound-dhcp-bridge: Skip processing leases with empty hostname 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-10-15 22:34:15 +01:00
Michael Tremer
901e172c91 unbound-dhcp-bridge: Reading in static hosts 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-10-15 22:34:08 +01:00
Arne Fitzenreiter
9f9d4e3c74 unbound/dhcp: stop lease bridge if dhcp was needed to killed 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-10-15 22:33:54 +01:00
Michael Tremer
868d2a1fff unbound: Omit reverse PTRs if address equals GREEN 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-10-15 22:32:21 +01:00
Michael Tremer
8b1eb795ac unbound-dhcp-bridge: Make leases unique by IP address 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-10-15 22:32:05 +01:00
Michael Tremer
3ec5ba501e unbound-dhcp-bridge: Only update cache when lease was added/removed 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-10-15 19:17:44 +02:00
Michael Tremer
c7b83f9bed unbound-dhcp-bridge: Rewrite update algorithm 
Before the bridge tries reading any existing leases from unbound
but this makes it difficult to destinguish between what is a DHCP lease,
static host entry or anything else.

This patch will change the bridge back to just remember what has been
added to the cache already which makes it easier to keep track.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-10-15 19:08:22 +02:00
Michael Tremer
5d4f3a42ce unbound-dhcp-bridge: Skip processing leases with empty hostname 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-10-15 19:06:27 +02:00
Michael Tremer
7354d2947a unbound-dhcp-bridge: Reading in static hosts 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-10-15 19:05:11 +02:00
Michael Tremer
b8a5c2fc7b netpbm: Bump release version to 2 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-10-14 00:05:55 +01:00
Marcel Lorenz
894fea37d4 netpbm: update to 10.47.61 
To keep the files in the right place, the files are installed into the build directory
and only the files which are useful are copied to the usual places in /usr.

Signed-off-by: Marcel Lorenz <marcel.lorenz@ipfire.org>
Reviewed-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-10-14 00:05:55 +01:00
Marcel Lorenz
71a95ee330 libjpeg: update to 1.5.1 
The old libjpeg is renamed to libjpeg-compat
The compat makes the old libs maintainable

Signed-off-by: Marcel Lorenz <marcel.lorenz@ipfire.org>
Reviewed-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-10-14 00:05:55 +01:00
Marcel Lorenz
1cd30812d6 texinfo: update to 6.3 
Signed-off-by: Marcel Lorenz <marcel.lorenz@ipfire.org>
Reviewed-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-10-14 00:05:55 +01:00
Arne Fitzenreiter
d1778a773e unbound/dhcp: stop lease bridge if dhcp was needed to killed 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2016-10-13 17:21:28 +02:00
Matthias Fischer
11073720a2 squid: Update to 3.5.22 
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-10-12 22:40:42 +01:00
Michael Tremer
1b4d5ad9af unbound: Move "listen on all" to main configuration file 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-10-12 22:37:26 +01:00
Matthias Fischer
b06187f5b6 Midnight Commander: Update to 4.8.18 
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-10-12 22:35:50 +01:00
Arne Fitzenreiter
693928d781 unbound: start prior network 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2016-10-12 23:01:51 +02:00
Arne Fitzenreiter
0fa8a4e98e Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next 2016-10-12 22:52:34 +02:00
Arne Fitzenreiter
11ecfb92a0 backup: add unbound config 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2016-10-12 22:51:35 +02:00
Arne Fitzenreiter
d221f41fbe unbound: bind to all interfaces 
this allow to add interfaces without restart unbound.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2016-10-12 22:43:21 +02:00
Arne Fitzenreiter
3a6752d928 setup: restart unbound after network config change 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2016-10-12 22:39:41 +02:00
Daniel Weismüller
d653b433ec drop of the obsolete and deprecated vdr addon vdr_vnsiserver3 
Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-10-12 11:21:24 +01:00
Michael Tremer
86c9deb2ea unbound: Public static leases in DNS, too 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-10-11 19:14:33 +02:00
Michael Tremer
998e880b61 unbound: Skip invalid hostnames 
If there are any invalid hostnames in the DHCP leases
table, we just skip them and do not create and RRs for
them.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-10-10 20:11:57 +01:00
Matthias Fischer
5eeea64237 guardian 2.0: fixes for rootfile 
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-10-10 12:08:33 +01:00
Michael Tremer
3a52755b97 core106: Ship changed pakfire.cgi 
This was actually changed over a year ago, but was
never shipped in an update.

Commit 212fd689a3

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-10-10 12:05:01 +01:00
Michael Tremer
b32a8aefa2 core106: Ship updated iptables.cgi file 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-10-10 12:04:24 +01:00
Matthias Fischer
58c2333bdc iptables.cgi: cosmetics - wider columns 
Hi,

Since the first three columns of 'iptables.cgi' gave a nearly unreadable output
with large numbers, so I made 'pkts', 'bytes' and 'target'-columns a bit wider.

BEFORE - it was something like this:

Chain INPUT (policy DROP 0 packets, 0 bytes)
  pkts bytestarget        proc opt in     out source    destination
  32M38G    BADTCP        tcp  --  *      *   0.0.0.0/0 0.0.0.0/0
  32M38G    CUSTOMINPUT   all  --  *      *   0.0.0.0/0 0.0.0.0/0
  32M38G    P2PBLOCK      all  --  *      *   0.0.0.0/0 0.0.0.0/0
  32M38G    GUARDIAN      all  --  *      *   0.0.0.0/0 0.0.0.0/0
  00        OVPNBLOCK     all  --  tun+   *   0.0.0.0/0 0.0.0.0/0
  32M38G    IPTVINPUT     all  --  *      *   0.0.0.0/0 0.0.0.0/0
  32M38G    ICMPINPUT     all  --  *      *   0.0.0.0/0 0.0.0.0/0
  32M38G    LOOPBACK      all  --  *      *   0.0.0.0/0 0.0.0.0/0
  21M21G    CONNTRACK     all  --  *      *   0.0.0.0/0 0.0.0.0/0
  393873484KDHCPGREENINPUTall  --  green0 *   0.0.0.0/0 0.0.0.0/0
  645153642KGEOIPBLOCK    all  --  *      *   0.0.0.0/0 0.0.0.0/0
  386592304KIPSECINPUT    all  --  *      *   0.0.0.0/0 0.0.0.0/0
  386592304KGUIINPUT      all  --  *      *   0.0.0.0/0 0.0.0.0/0
  368332209KWIRELESSINPUT all  --  *      *   0.0.0.0/0 0.0.0.0/0 ctstate NEW
  368332209KOVPNINPUT     all  --  *      *   0.0.0.0/0 0.0.0.0/0
  368332209KTOR_INPUT     all  --  *      *   0.0.0.0/0 0.0.0.0/0
  368332209KINPUTFW       all  --  *      *   0.0.0.0/0 0.0.0.0/0
  309641833KREDINPUT      all  --  *      *   0.0.0.0/0 0.0.0.0/0
  309641833KPOLICYIN      all  --  *      *   0.0.0.0/0 0.0.0.0/0

AFTER - somehow better readable - I think: ;-)

Chain INPUT (policy DROP 0 packets, 0 bytes)
  pkts  bytes target         proc opt in     out source    destination
  32M   38G   BADTCP         tcp  --  *      *   0.0.0.0/0 0.0.0.0/0
  32M   38G   CUSTOMINPUT    all  --  *      *   0.0.0.0/0 0.0.0.0/0
  32M   38G   P2PBLOCK       all  --  *      *   0.0.0.0/0 0.0.0.0/0
  32M   38G   GUARDIAN       all  --  *      *   0.0.0.0/0 0.0.0.0/0
  0     0     OVPNBLOCK      all  --  tun+   *   0.0.0.0/0 0.0.0.0/0
  32M   38G   IPTVINPUT      all  --  *      *   0.0.0.0/0 0.0.0.0/0
  32M   38G   ICMPINPUT      all  --  *      *   0.0.0.0/0 0.0.0.0/0
  32M   38G   LOOPBACK       all  --  *      *   0.0.0.0/0 0.0.0.0/0
  21M   21G   CONNTRACK      all  --  *      *   0.0.0.0/0 0.0.0.0/0
  39387 3484K DHCPGREENINPUT all  --  green0 *   0.0.0.0/0 0.0.0.0/0
  64515 3642K GEOIPBLOCK     all  --  *      *   0.0.0.0/0 0.0.0.0/0
  38659 2304K IPSECINPUT     all  --  *      *   0.0.0.0/0 0.0.0.0/0
  38659 2304K GUIINPUT       all  --  *      *   0.0.0.0/0 0.0.0.0/0
  36833 2209K WIRELESSINPUT  all  --  *      *   0.0.0.0/0 0.0.0.0/0 ctstate NEW
  36833 2209K OVPNINPUT      all  --  *      *   0.0.0.0/0 0.0.0.0/0
  36833 2209K TOR_INPUT      all  --  *      *   0.0.0.0/0 0.0.0.0/0
  36833 2209K INPUTFW        all  --  *      *   0.0.0.0/0 0.0.0.0/0
  30964 1833K REDINPUT       all  --  *      *   0.0.0.0/0 0.0.0.0/0
  30964 1833K POLICYIN       all  --  *      *   0.0.0.0/0 0.0.0.0/0

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-10-10 12:03:51 +01:00
Arne Fitzenreiter
f824cd285b setclock: accept also empty logfile timestamp 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2016-10-09 12:10:15 +02:00
Arne Fitzenreiter
0807ce69ee setclock: prevent time bacjump by empty rtc batteries 
This is a work around to prevent not working dns
resolution if the time jumps before the DNSSec signing key.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2016-10-08 15:43:54 +02:00
Arne Fitzenreiter
0d7ca700bd unbound: skip green interface if ip was set to 1.1.1.1 
this is a reserved marker for unused green ip.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2016-10-07 11:27:33 +02:00
Michael Tremer
e22bcd38d6 unbound: Correctly format PTR records 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-10-06 10:42:49 +01:00
Michael Tremer
71cf56fe53 core106: Restart DHCP server to import leases into DNS 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-10-06 10:41:54 +01:00
Michael Tremer
eef9b2529c setup: Store passwords in SHA format 
htpasswd doesn't protect passwords very well. MD5 was used
before and now any newly created passwords will use the
SHA format.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-10-04 22:41:48 +01:00
Michael Tremer
574ee681d2 Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next 2016-10-04 22:34:23 +01:00
Arne Fitzenreiter
e3a90a5736 Revert "core106: Add DNS root key to exclude list" 
This reverts commit f58002a83f.
 2016-10-04 22:05:26 +02:00
Arne Fitzenreiter
a48a2034f5 unbound: fix update forwarders if unbound was not running 
psgrep has no "-q" switch so i use pidof.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2016-10-04 19:24:26 +02:00
Arne Fitzenreiter
9aa7b0469d Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next 2016-10-03 17:55:42 +02:00
Arne Fitzenreiter
f75c279b97 unbound: fix reverse lockup of webif defined hosts 
and make the own host resolveable.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2016-10-03 17:53:13 +02:00
Michael Tremer
350e29c26f Update translations 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-10-03 12:13:43 +01:00