webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-11 19:55:52 +02:00
Code Issues Packages Projects Releases Wiki Activity
11,478 Commits 2 Branches 1 Tag
53929f5ae8a2edc8dff4484b4d293fcba5dd50af
Commit Graph

11478 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Tremer
53929f5ae8 core120: Ship updated OpenSSL 1.1.0 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-21 12:39:55 +00:00
Michael Tremer
9434bffaf2 Merge branch 'openssl-11' into next 2018-02-21 12:21:10 +00:00
Michael Tremer
cb8a6bf5a4 Start Core Update 120 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-21 12:20:57 +00:00
Michael Tremer
83d6101b9d core119: Reload apache after configuration changes 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-21 12:06:02 +00:00
Peter Müller
51bf74a1c8 disable Apache server signature 
Sending the server signature is unnecessary and might leak
some internal information (although ServerTokens is already
set to "Prod").

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-21 12:06:02 +00:00
Michael Tremer
3f42cf5cb9 backup: Don't backup apache configuration, keys only 
In the past the apache configuration was part of the backup
and may have been restored after Core Update 118 was installed
with PHP being dropped amongst other things.

This patch will make sure that only keys are being backuped.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-21 12:06:02 +00:00
Michael Tremer
bbe8e248fe Rootfile update 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-20 20:10:30 +00:00
Michael Tremer
ea3b9a4f88 strongswan: Update to 5.6.2 
Fixed a DoS vulnerability in the parser for PKCS#1 RSASSA-PSS
signatures that was caused by insufficient input validation.
One of the configurable parameters in algorithm identifier
structures for RSASSA-PSS signatures is the mask generation
function (MGF). Only MGF1 is currently specified for this purpose.
However, this in turn takes itself a parameter that specifies
the underlying hash function. strongSwan's parser did not
correctly handle the case of this parameter being absent,
causing an undefined data read.

This vulnerability has been registered as CVE-2018-6459.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-19 23:46:17 +00:00
Michael Tremer
a261cb06c6 IPsec: Try to restart always-on tunnels immediately 
When a tunnel that is in always-on configuration closes
unexpectedly, we can instruct strongSwan to restart it
immediately which is precisely what we do now.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-19 23:46:17 +00:00
Michael Tremer
2ec7a53b3e Rootfile update for armv5tel 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-17 18:55:38 +00:00
Michael Tremer
e36a7e3cf2 haproxy: Link against libatomic on ARM 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-17 13:36:37 +00:00
Michael Tremer
429af17883 i2c-tools: New package 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-16 20:01:55 +00:00
Michael Tremer
0f354672a2 flac: Update to 1.3.2 
The previous version fails to build on i586

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-16 19:14:33 +00:00
Michael Tremer
a1a5dd5566 Rootfile update 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-15 19:34:50 +00:00
Erik Kapfer
a4fd232541 OpenVPN: Added needed directive for v2.4 update 
script-security: The support for the 'system' flag has been removed due to security implications
    with shell expansions when executing scripts via system() call.
    For more informations: https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage .

ncp-disable: Negotiable crypto parameters has been disabled for the first.

Signed-off-by: Erik Kapfer <erik.kapfer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-15 10:41:41 +00:00
Michael Tremer
4ef4d82baa core119: Ship changed proxy.cgi 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-14 22:23:20 +00:00
Bernhard Held
a2b2ac7854 proxy.cgi: remove excessive newlines in generated proxy.pac 
Remove excessive newlines in generated proxy.pac

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-14 22:22:49 +00:00
Michael Tremer
0642dc8923 Rootfile update 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-13 21:07:04 +00:00
Michael Tremer
eb93869763 Bump toolchain version 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-13 16:35:08 +00:00
Michael Tremer
1633e0146c Rootfile update for glibc on i586 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-13 16:34:55 +00:00
Michael Tremer
909ba0ad4a nagios-plugins: Update rootfiles 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-13 16:30:24 +00:00
Michael Tremer
e75dd42577 postfix: Update rootfile 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-13 16:20:55 +00:00
Michael Tremer
97b5588cf3 zlib: Fix name of logfile in toolchain build 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-13 10:24:04 +00:00
Michael Tremer
05551f7bdb sslh: Build without tcpwrappers 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-13 10:23:54 +00:00
Michael Tremer
54d5414848 toolchain: Add zlib 
ccache needs this and usually comes with an own bundled
version but fails to build in version 3.4.1.

Since this is a small library only and we really want
ccache to use compression, we will build this indepently
and let ccache use it from the system.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-12 14:24:12 +00:00
Michael Tremer
d8ac9a162c Bump toolchain version 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-12 13:07:38 +00:00
Michael Tremer
2dd9f3b379 Cleanup toolchain scripts 
No functional changes, just some tidy up

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-12 12:44:37 +00:00
Michael Tremer
d32233aa1b ccache: Update to 3.4.1 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-12 12:12:08 +00:00
Michael Tremer
71196131be PAM: Drop shipped configuration 
This is outdated, broken and has hardcoded passwords.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-12 12:09:22 +00:00
Michael Tremer
71cf8c8a6f Drop perl-DBD-mysql 
This package is not used by anything and depends on MySQL
which has been dropped, too.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-12 12:07:29 +00:00
Michael Tremer
2d5940daca Drop MySQL 
This is outdated and still on 5.0.x and nobody volunteered to
update this package.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-12 12:05:46 +00:00
Michael Tremer
c4713705d1 asterisk: Do not depend on MySQL any more 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-12 12:02:51 +00:00
Michael Tremer
4fcf8acfea postfix: Don't depend on amavis 
This can be used together but there is no need to
always install amavis when someone wants to use postfix

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-12 11:52:07 +00:00
Michael Tremer
db116a33d6 postfix: Don't depend on MySQL any more 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-12 11:51:46 +00:00
Michael Tremer
abf2b05474 postfix: Don't ship our own configuration 
This is outdated and half of it is not maintained any more.

Users should configure postfix themselves based on the
default configuration.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-12 11:50:51 +00:00
Michael Tremer
3e8ce0dd86 Drop pammysql 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-12 11:44:28 +00:00
Michael Tremer
e3e17107ba Drop tcpwrapper 
This library has been unused for quite a while

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-12 11:42:47 +00:00
Michael Tremer
a350ea6dea Drop mISDN userspace tools 
This is unsupported for quite a while and nobody should be using this.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-12 11:41:50 +00:00
Michael Tremer
922ec43f99 Drop capi4k-utils 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-12 11:33:51 +00:00
Michael Tremer
690a8b9d89 core119: Remove dropped lcr package during update 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-12 11:31:14 +00:00
Michael Tremer
0d29afc2c1 core119: Import changed packages 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-12 11:29:53 +00:00
Michael Tremer
338087530c Start Core Update 119 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-12 11:22:58 +00:00
Michael Tremer
77930de834 Rootfile update for bison 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-12 11:18:01 +00:00
Erik Kapfer
ea6dd5b0ac OpenVPN: Mark unsecure ciphers and DH-parameter as 'weak' in WUI menu 
64 bit block ciphers like Blowfish, TDEA and CAST5 are vulnerable to the so called 'Birthday attacks' .
    Infos for 'Sweet32' Birthday attacks can be found in here
        https://sweet32.info/ .
    An Overview of 64 bit clock ciphers can also be found in here
        http://en.citizendium.org/wiki/Block_cipher/Catalogs/Cipher_list#64-bit_blocks

1024 bit Diffie-Hellman parameter has also been marked as weak causing the 'Logjam Attack' .
   Infos for 'Logjam Attack' can be found in here
        https://weakdh.org/ .

Signed-off-by: Erik Kapfer <erik.kapfer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-11 23:41:42 +00:00
Michael Tremer
cb18f19307 index.cgi: Properly show IPsec subnets 
Fixes: #11604

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-11 23:23:54 +00:00
Erik Kapfer
bd42f9f968 CRL updater: Update script for OpenVPNs CRL 
Update script for OpenVPNs CRL cause OpenVPN refactors the CRL handling since v.2.4.0 .
    Script checks the next update field from the CRL and executes an update before it expires.
    Script is placed under fcron.daily for daily checks.

Signed-off-by: Erik Kapfer <erik.kapfer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-11 22:20:28 +00:00
Michael Tremer
59d77d2eae openssl: Properly pass CFLAGS and LDFLAGS to build 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-11 22:19:45 +00:00
Michael Tremer
11e78f38b9 Package openssl-compat (1.0.2.n) 
This is provided for compatibility with binaries that have
been compiled against this version of OpenSSL.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-11 22:19:45 +00:00
Michael Tremer
56f8478e4d openssl: Rootfile update 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-11 22:19:45 +00:00
Erik Kapfer
3b83dffc19 OpenVPN: Update to version 2.4.4 
Changed LFS and ROOTFILE for OpenVPN 2.4.4 update.

Signed-off-by: Erik Kapfer <erik.kapfer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-11 22:19:45 +00:00