webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-16 05:53:00 +02:00
Code Issues Packages Projects Releases Wiki Activity
14,008 Commits 2 Branches 1 Tag
5bc042df2f633982d330d9edd29bfc21296dab46
Commit Graph

14008 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Stefan Schantl
5bc042df2f rust: Update to 1.39 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-29 08:50:31 +00:00
Stefan Schantl
8245498310 make.sh: Introduce RUSTFLAGS 
This allows to set arch-specific FLAGS when dealing with
software written in rust.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-29 08:49:25 +00:00
Arne Fitzenreiter
6a3acff934 core140: start 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-09 19:50:03 +01:00
Arne Fitzenreiter
a15dbe4497 Merge branch 'next' 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-09 18:37:16 +00:00
Arne Fitzenreiter
f23b944ecb core139: finish 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-09 18:48:07 +01:00
Arne Fitzenreiter
dd12d8c54c leds: use new APUx ACPI Bios leds if exist. 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-09 14:50:44 +01:00
Erik Kapfer
6a9d9ff4af ovpn: Fix LZO checkbox restore 
Triggered by --> https://community.ipfire.org/t/openvpn-is-lzo-compression-now-effectively-disabled/503 .

Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-06 16:39:55 +00:00
Arne Fitzenreiter
898dc600e6 pcengines-firmware: fix rootfile 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-06 03:18:09 +01:00
Peter Müller
f7c8d15089 Core Update 139: ship updated OpenSSH 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-05 18:00:26 +00:00
Peter Müller
81502fe6f3 OpenSSH: update to 8.1p1 
Please refer to https://www.openssh.com/txt/release-8.1 for release notes.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-05 18:00:11 +00:00
Arne Fitzenreiter
43fa700e11 pcengines-firmware: update to 4.10.0.3 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-05 18:53:16 +01:00
Arne Fitzenreiter
6fb7936c16 intel-microcode: update to 20191115 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-05 12:48:13 +01:00
Arne Fitzenreiter
0894092e2c linux-firmware: update to 20191022 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-05 12:44:45 +01:00
Arne Fitzenreiter
7ff42686ec core139: add cpio to updater 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-02 17:11:30 +00:00
Matthias Fischer
01493f7a44 cpio: Update to 2.13 
For details see:
https://www.gnu.org/software/cpio/

Fix CVE-2015-1197
Fix CVE-2016-2037
Fix CVE-2019-14866

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-02 17:10:15 +00:00
Matthias Fischer
9d6e22e3fc nano: Update to 4.6 
For details see:
https://www.nano-editor.org/news.php

... and a long list of other changes in https://www.nano-editor.org/dist/latest/ChangeLog ...

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-02 17:09:55 +00:00
Peter Müller
18f1b46e1a spectre-meltdown-checker: update to 0.42 
See https://github.com/speed47/spectre-meltdown-checker/releases/tag/v0.42
for release announcements.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-02 17:09:41 +00:00
Peter Müller
6d0a2f8b1e Postfix: update to 3.4.8 
See http://www.postfix.org/announcements/postfix-3.4.8.html for release
announcements.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-02 17:09:09 +00:00
Peter Müller
c701ddcba5 update ca-certificates CA bundle 
Update the CA certificates list to what Mozilla NSS ships currently.

The original file can be retrieved from:
https://hg.mozilla.org/mozilla-central/raw-file/tip/security/nss/lib/ckfw/builtins/certdata.txt

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-02 17:07:00 +00:00
Arne Fitzenreiter
4622af5f15 core139: add hwdata to updater 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-02 17:05:15 +00:00
Peter Müller
bf9fa6d864 hwdata: update PCI/USB databases 
PCI IDs: 2019-11-26 03:15:03
USB IDs: 2019-11-05 20:34:06

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-02 17:02:20 +00:00
Arne Fitzenreiter
bedfda83c9 dhcpcd.exe: remove red.down run on "NOCARRIER" 
after "NOCARRIER" the dhcp client always run "EXPIRE" event.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-01 18:33:19 +01:00
Arne Fitzenreiter
941520c69c Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next 2019-12-01 16:36:43 +01:00
Arne Fitzenreiter
d346d47467 up/down beep: move from ppp ip-up/down to general red.up/down 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-01 15:29:59 +01:00
Arne Fitzenreiter
455291f90e 70-dhcpdd.exe: don't run red.down scripts at "PREINIT" 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-01 14:43:49 +01:00
Arne Fitzenreiter
86409ab100 core139: add dhcp and network changes to updater 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-01 00:45:02 +01:00
Arne Fitzenreiter
fff96e3945 networking red: add delay to wait for carrier 
some nic's need some time after link up to get a carrier

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-11-30 22:26:00 +01:00
Arne Fitzenreiter
f938083fb5 dhcpcd: 10-mtu break if carrier was lost 
some nic's like Intel e1000e needs a reinit to change the
mtu. In this case the dhcp hook reinit the nic and terminate now
to let the dhcpcd reinit the card in backgrounnd without running the
rest of the hooks.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-11-30 22:21:42 +01:00
Michael Tremer
4775d54ba6 clamav: Allow downloads to take up to 10 minutes 
freshclam did not have a receive timeout set and a default of
60s was used. That causes that the large main database cannot
be downloaded over a line with a 16 MBit/s downlink.

This patch increases that timeout and should allow a successful
download on slower connections, too.

Suggested-by: Tim Fitzgeorge <ipfb@tfitzgeorge.me.uk>
Fixes: #12246
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-11-30 10:53:59 +00:00
Matthias Fischer
78756496c9 bind: Update to 9.11.13 
For details see:

https://downloads.isc.org/isc/bind9/9.11.13/RELEASE-NOTES-bind-9.11.13.html

"Security Fixes

    Set a limit on the number of concurrently served pipelined TCP queries.
    This flaw is disclosed in CVE-2019-6477. [GL #1264]"

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-11-30 09:57:49 +00:00
Matthias Fischer
1f1c2f4364 clamav: Update to 0.102.1 
For details see:
https://blog.clamav.net/2019/11/clamav-01021-and-01015-patches-have.html

"Fix for the following vulnerability affecting 0.102.0 and 0.101.4 and prior:

CVE-2019-15961:
A Denial-of-Service (DoS) vulnerability may occur when scanning
a specially crafted email file as a result of excessively long scan
times. The issue is resolved by implementing several maximums in parsing
MIME messages and by optimizing use of memory allocation.

Build system fixes to build clamav-milter, to correctly link with
libxml2 when detected, and to correctly detect fanotify for on-access
scanning feature support.

Signature load time is significantly reduced by changing to a more
efficient algorithm for loading signature patterns and allocating the AC
trie. Patch courtesy of Alberto Wu.

Introduced a new configure option to statically link libjson-c with
libclamav. Static linking with libjson is highly recommended to prevent
crashes in applications that use libclamav alongside another JSON
parsing library.

Null-dereference fix in email parser when using the --gen-json metadata
option.

Fixes for Authenticode parsing and certificate signature (.crb database)
bugs."

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-11-30 09:57:25 +00:00
Arne Fitzenreiter
df1aca40eb core139: add unbound to updater 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-11-30 09:56:29 +00:00
Matthias Fischer
0786c686ea unbound: Update to 1.9.5 
For details see:
https://nlnetlabs.nl/pipermail/unbound-users/2019-November/011897.html

"This release is a fix for vulnerability CVE-2019-18934, that can cause
shell execution in ipsecmod.

Bug Fixes:
- Fix for the reported vulnerability.

The CVE number for this vulnerability is CVE-2019-18934"

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-11-30 09:55:22 +00:00
Arne Fitzenreiter
b0e2dffde9 core139: add captive.cgi to updater 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-11-30 09:54:14 +00:00
Alexander Marx
650aac182e BUG12245: captive portal - clients are not automatically removed 
With this patch the clients are updated and those who are expired get deleted from the hash.
In addition the table of active clients is now sorted.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-11-30 09:53:04 +00:00
Michael Tremer
1a23cf7324 bird: Fix path of configuration file in backup 
The backup did not pack the configuration file
due to an incorrect path.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-11-30 09:51:23 +00:00
Arne Fitzenreiter
007b99e540 core139: add pcregrep to updater 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-11-30 09:49:58 +00:00
Erik Kapfer
eb0adc17d6 pcre: Add pcregrep to core system 
Triggered by --> https://community.ipfire.org/t/pcregrep-on-ipfire/259 .

This patch adds pcregrep only from the actual package not from pcre-compat.

Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-11-30 09:49:15 +00:00
Arne Fitzenreiter
7942ff9875 core139: add updated calamaris mkreport 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-11-30 09:48:00 +00:00
Matthias Fischer
ee506d5027 calamaris: Bug fix for proxy reports staying empty after Core 136 upgrade 
After upgrading to Core 136, 'calamaris' "Proxy reports" stayed empty.
GUI always show "No reports available".

Tested manually on console stops and throws an error:

...
root@ipfire: ~ # /usr/bin/perl /var/ipfire/proxy/calamaris/bin/mkreport
1 0 2019 8 10 2019 -d 10 -P 30 -t 10 -D 2 -u -r -1 -R 100 -s
Can't use 'defined(%hash)' (Maybe you should just omit the defined()?)
at /var/ipfire/proxy/calamaris/bin/calamaris line 2609.
...

Line 2609 was changed and reports are built again.

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-11-30 09:46:19 +00:00
Arne Fitzenreiter
e557cecbdd python: update to 2.7.17 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-11-28 18:41:18 +01:00
Arne Fitzenreiter
4baee8fa4c kernel: fix x86_64 rootfile 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-11-15 16:29:42 +01:00
Arne Fitzenreiter
906d9265cd set core to 139 and pakfire to 138 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-11-15 16:28:02 +01:00
Arne Fitzenreiter
699381b699 core138: insert emergency core update for new intel vulnarabilities. 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-11-15 06:10:37 +00:00
Peter Müller
9c7adf49f3 intel-microcode: update to 20191112 
For release notes, refer to:
- https://blogs.intel.com/technology/2019/11/ipas-november-2019-intel-platform-update-ipu/
- https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20191112

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-11-15 05:44:31 +00:00
Arne Fitzenreiter
bf671bb2ae kernel: update to 4.14.154 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-11-14 21:23:08 +00:00
Arne Fitzenreiter
6fb52ca1e5 vulnearabilities.cgi: add tsx async abort and itlb_multihit 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-11-14 21:22:49 +00:00
Arne Fitzenreiter
aee6dd0ba4 Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next 2019-11-14 22:13:23 +01:00
Arne Fitzenreiter
44b227b102 kernel: update to 4.14.154 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-11-14 22:12:12 +01:00
Arne Fitzenreiter
b007a35292 vulnearabilities.cgi: add tsx async abort and itlb_multihit 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-11-14 22:10:04 +01:00