bpfire

mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-23 09:22:59 +02:00

Author	SHA1	Message	Date
Michael Tremer	918ee4a4cf	strongswan: Manually install all routes for non-routed VPNs This is a regression from disabling charon.install_routes. VPNs are routing fine as long as traffic is passing through the firewall. Traps are not propertly used as long as these routes are not present and therefore we won't trigger any tunnels when traffic originates from the firewall. Fixes: #12045 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-04-08 16:44:57 +01:00
Arne Fitzenreiter	3005eb2234	kernel: update user regd patch from openwrt Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-03-30 16:56:56 +01:00
Matthias Fischer	6bc94afa0d	lua: Update to 5.3.5 For details see: http://www.lua.org/bugs.html Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-03-21 20:41:44 +00:00
Arne Fitzenreiter	c448474fc7	Revert "kernel: cleanup unused rpi patch" This reverts commit `a2d49659f3`. The patch is still needed to prevent strange crashes Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-03-13 09:39:07 +01:00
Matthias Fischer	d6d5999af1	hostapd: Update to 2.7 For details see: https://w1.fi/cgit/hostap/plain/hostapd/ChangeLog This patch sticks to 'wpa_supplicant: Update to 2.7'. Best, Matthias Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-03-04 09:26:58 +00:00
Erik Kapfer	5a3c9ef298	netsnmpd: OpenSSL patch is incl. in new version Signed-off-by: Erik Kapfer <ummeegge@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-03-04 09:26:58 +00:00
Matthias Fischer	aa88b2ef59	squid: Update to 4.6 For details see: http://www.squid-cache.org/Versions/v4/changesets/ The 'configure'-option "--disable-ipv6" was removed, it is no longer necessary. See: https://lists.ipfire.org/pipermail/development/2016-April/002046.html "The --disable-ipv6 build option is now deprecated. ... Squid-3.5.7 and later will perform IPv6 availability tests on startup in all builds. - Where IPv6 is unavailable Squid will continue exactly as it would have had the build option not been used. These Squid can have the build option removed now." The warning message concerning a "BCP 177 violation" while starting 'squid' can be ignored. Best, Matthias Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-03-02 14:07:38 +00:00
Michael Tremer	50d1bbf0f5	Merge branch 'ipsec' into next	2019-02-25 00:48:08 +00:00
Arne Fitzenreiter	c09758302b	kernel: update to 4.14.103 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-02-23 15:56:21 +01:00
Arne Fitzenreiter	173844d352	kernel: import cve-2019-8912 patch Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-02-22 21:20:57 +01:00
Arne Fitzenreiter	6957b699b3	kernel: apu leds: add more id's Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-02-22 18:02:45 +01:00
Arne Fitzenreiter	a2d49659f3	kernel: cleanup unused rpi patch Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-02-21 19:13:27 +01:00
Arne Fitzenreiter	17872019ba	kernel: update apu led patch for apu3 and 4 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-02-19 01:04:19 +01:00
Michael Tremer	8be516b3bc	strongswan: Do not create any NAT rules when using VTI/GRE Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:38:24 +00:00
Peter Müller	fee8b1c504	OpenSSH: update to 7.9p1 Update OpenSSH to 7.9p1 (release note is available at https://www.openssh.com/txt/release-7.9). Patching support for OpenSSL 1.1.0 is no longer required, thus the orphaned patchfile has been deleted. Signed-off-by: Peter Müller <peter.mueller@link38.eu> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-01-23 05:13:47 +00:00
Arne Fitzenreiter	be838808e1	Merge remote-tracking branch 'origin/master' into next	2019-01-23 21:19:01 +01:00
Michael Tremer	480e301442	xtables-addons: Fix generating GeoIP database Perl seems to have a very funny feature where you cannot rely on how it formats IP addresses into a binary string. This seems to be 16 bytes long for IPv4 addresses when we (and the kernel) only expect 4. This patch changes this so that the last 12 bytes are just being dropped. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-01-23 04:12:41 +00:00
Peter Müller	47051c2a0a	drop orphaned OpenSSL patches Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-01-17 14:42:37 +00:00
Erik Kapfer	32ba431458	openssl: Update to version 1.1.1a Disabled MD2 and Aria cipher. TLSv1.3 is now available with: TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 TLS_AES_256_GCM_SHA384 TLSv1.3 TLS_AES_128_GCM_SHA256 TLSv1.3 Signed-off-by: Erik Kapfer <ummeegge@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-01-17 14:33:20 +00:00
Matthias Fischer	042a5fe60a	tar: Update to 1.31, including fix for bug #11958 For details see: http://savannah.gnu.org/forum/forum.php?forum_id=9344 "- Fix heap-buffer-overrun with --one-top-level. - Support for zstd compression. - The -K option interacts properly with member names given in the command line. - Fix CVE-2018-20482" This patch was reverted because 'tar 1.31' crashed when installing PakFire packages with the option '--no-overwrite-dir'. See: https://bugzilla.ipfire.org/show_bug.cgi?id=11958 Included is now a patch from https://savannah.gnu.org/bugs/?55413, which seems to fix this issue. The test cases given in https://savannah.gnu.org/bugs/?55413#comment1 ran without problems. As always, please check and confirm. Best, Matthias Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-01-07 01:31:43 +00:00
Arne Fitzenreiter	5e6f343b7d	python: update to 2.7.15 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-01-06 15:51:53 +01:00
Arne Fitzenreiter	b15309e9d1	transmission: update to 2.94 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-01-05 13:47:31 +01:00
Matthias Fischer	c86d893830	squid: Update to 4.5 For details see: http://www.squid-cache.org/Versions/v4/changesets/ Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2018-12-31 00:37:51 +00:00
Matthias Fischer	a2bcb4135b	squid: Update to 4.4 (stable) For details see: http://www.squid-cache.org/Versions/v4/changesets/ In July 2018, 'squid 4' was "released for production use", see: https://wiki.squid-cache.org/Squid-4 "The features have been set and large code changes are reserved for later versions." I've tested almost all 4.x-versions and patch series before with good results. Right now, 4.4 is running here with no seen problems together with 'squidclamav', 'squidguard' and 'privoxy'. I too would declare this version stable. Best, Matthias Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2018-12-18 22:30:51 +00:00
Stefan Schantl	848ac69009	grub: xfs: Accept filesystem with sparse inodes Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Tested-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2018-12-13 13:07:53 +00:00
Michael Tremer	7e17de5f86	fireinfo: Add authentication for upstream proxies Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2018-12-11 19:38:21 +00:00
Arne Fitzenreiter	ed4bbe44d1	kernel: fix dwc2 (usb) dma crashes on RPi1-3 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2018-12-10 20:45:54 +01:00
Arne Fitzenreiter	1e2e78e6ff	Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next	2018-11-02 15:16:22 +00:00
Arne Fitzenreiter	5edc6b10e0	directfb: fix comile on 32bit arm Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2018-11-02 15:14:11 +00:00
Matthias Fischer	e2bd68dfad	squid 3.5.28: latest patches (01-02) For details see: http://www.squid-cache.org/Versions/v3/3.5/changesets/ Best, Matthias Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2018-11-01 10:29:05 +00:00
Michael Tremer	02776a0dc2	Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next	2018-10-29 10:51:44 +00:00
Arne Fitzenreiter	d823d5f072	hostapd: add switch to disable neigborhood scan this may violate regulatory rules because 40Mhz channels should disabled if there are other networks but nearly every commercial router ignore this. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2018-10-27 16:47:12 +02:00
Michael Tremer	edacf85320	libvirt: Update to 4.6.0 Fixes builds against glibc >= 2.28 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2018-10-24 09:25:57 +01:00
Michael Tremer	2678d600f9	parted: Fix build with glibc >= 2.28 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2018-10-24 09:15:28 +01:00
Michael Tremer	5814cf9931	syslinux: Fix build with glibc >= 2.28 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2018-10-24 09:14:43 +01:00
Michael Tremer	8d4da55a5d	collectd: Fix compiling against newer xfsprogs Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2018-10-23 16:45:33 +01:00
Michael Tremer	c3f74288c7	nfs: Update to 2.3.3 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2018-10-22 19:52:23 +01:00
Michael Tremer	2557cea21c	reiserfsprogs: Update to 3.6.27 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2018-10-22 10:53:18 +01:00
Michael Tremer	e28e813eeb	ppp: Build against openssl libcrypt has been removed from glibc and openssl can be used instead for cryptographic operations. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2018-10-21 22:03:21 +01:00
Michael Tremer	e63cc45b48	gzip: Fix build with glibc >= 2.28 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2018-10-19 14:20:48 +01:00
Michael Tremer	d1654fd000	findutils: Fix building against glibc >= 2.28 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2018-10-19 13:39:58 +01:00
Michael Tremer	68dba55dda	bison: Fix building with glibc >= 2.28 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2018-10-19 09:00:04 +01:00
Michael Tremer	7b0f7a6e1d	m4: Fix building with glibc >= 2.28 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2018-10-19 08:59:46 +01:00
Michael Tremer	537401bb12	gcc: Fix building with glibc >= 2.28 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2018-10-19 08:59:25 +01:00
Matthias Fischer	74189c1d55	openssh: Update to 7.8p1 For details see: http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ChangeLog I didn't find an official lfs-patch for openssl-1.1-compatibility, so I used the patch from here: https://git.archlinux.org/svntogit/packages.git/plain/trunk/openssl-1.1.0.patch?h=packages/openssh Building ran without any errors. I tested with both machines (test on Core 120 - and productive - on Core 122) and found no errors so far: ... [root@ipfiretest ~]# ssh -V OpenSSH_7.8p1, OpenSSL 1.1.0h 27 Mar 2018 ... ... root@ipfire: / # ssh -V OpenSSH_7.8p1, OpenSSL 1.1.0h 27 Mar 2018 ... All ssh-connections ran fine but I'm not REALLY sure if this is sufficient for anyone else. Could someone please check and confirm!? Best, Matthias Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Tested-by: Peter Müller <peter.mueller@link38.eu> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2018-09-20 14:51:44 +01:00
Michael Tremer	fd0a0384f0	rng-tools: Update to 6.4 Also add a patch that keeps RDRAND enabled on i586 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Fixes: #11853	2018-09-09 17:42:17 +01:00
Michael Tremer	046ef135e6	Merge remote-tracking branch 'origin/efi' into next	2018-08-16 12:49:13 +01:00
Arne Fitzenreiter	7529349754	kernel: apu2 leds: update string for newer bios Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2018-08-05 17:19:52 +02:00
Matthias Fischer	51099ddfd7	squid: Update to 3.5.28 For details see: http://www.squid-cache.org/Versions/v3/3.5/changesets/ Best, Matthias Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2018-07-26 14:38:57 +01:00
Michael Tremer	a570226765	Merge branch 'next' into efi	2018-07-20 12:47:20 +00:00

1 2 3 4 5 ...

1037 Commits