webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 18:45:54 +02:00
Code Issues Packages Projects Releases Wiki Activity
13,549 Commits 2 Branches 1 Tag
5fa51a839ea32ff0b0a2bc4ccd549296c5292fa8
Commit Graph

13549 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Matthias Fischer
5fa51a839e dhcpcd: Update to 7.2.3 
For details see: Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
https://roy.marples.name/blog/dhcpcd-7-2-3-released

"Minor update with the following changes:

   OpenBSD: compiles again
   BSD: Check RTM lengths incase of kernel issues
   DHCP6: Don't stop even when last router goes away
   DHCP6: Fix inform from RA
   hostname: Fix short hostname check"

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-06-25 08:18:05 +01:00
Arne Fitzenreiter
4b75e9c92e unbound: use nic carrier instead of /var/ipfire/red/active 
This speed boot with static settings and no link and
dhcp on intel nics if the mtu is changed by the dhcp lease
because the nic loose the carrier and restart the dhcp action
at mtu set.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-06-29 11:36:49 +02:00
Arne Fitzenreiter
527d14bf5a kernel: update to 4.14.131 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-06-27 18:18:41 +02:00
Michael Tremer
759be5855f linux: Fix rootfile to ship GeoIP modules 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-06-24 14:39:30 +01:00
Matthias Fischer
4e5802a9be mc: Update to 4.8.23 
For details see:
http://midnight-commander.org/wiki/NEWS-4.8.23

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-06-21 15:21:58 +01:00
Arne Fitzenreiter
4e69701332 intel-microcode: update to 20190618 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-06-22 21:05:21 +02:00
Arne Fitzenreiter
b10365c832 Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next 2019-06-22 16:01:16 +02:00
Arne Fitzenreiter
8c261d91e8 kernel: 4.14.129 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-06-22 16:00:37 +02:00
Arne Fitzenreiter
c6e032e13d finish core134 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-06-22 08:47:55 +02:00
Michael Tremer
c8ee8f37d4 Update contributors 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-06-21 01:39:42 +01:00
Michael Tremer
92f6c5ed86 core134: Ship updated firewall initscript 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-06-21 01:39:18 +01:00
Michael Tremer
7866fa2513 core134: Ship updated bind 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-06-21 01:39:18 +01:00
Matthias Fischer
f3959d13e8 bind: Update to 9.11.8 
For Details see:
https://downloads.isc.org/isc/bind9/9.11.8/RELEASE-NOTES-bind-9.11.8.html

"Security Fixes
    A race condition could trigger an assertion failure when a large number
    of incoming packets were being rejected.
    This flaw is disclosed in CVE-2019-6471. [GL #942]"

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-06-21 01:39:18 +01:00
Alexander Marx
1722701a9a BUG12015: Redirecting to Captive portal does not work after IPFire restart 
When the Captive portal is enabled, the needed firewall rules are applied. But when restarting IPFire,
the rules are not applied because there is no call to do so.
Added call to captivectrl in the initscrip 'firewall'.

Fixes: #12015

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-06-21 01:39:18 +01:00
Arne Fitzenreiter
744f16e45a core134: ship core133 late fixes again 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-06-21 11:58:58 +02:00
Arne Fitzenreiter
70dd356329 Merge remote-tracking branch 'origin/master' into next 2019-06-20 09:35:59 +02:00
Arne Fitzenreiter
3a8fef331d kernel: remove RPi DMA allignment revert 
TODO: test if RPi works without now or if we need to
revert more of the allignment patches.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-06-20 09:33:17 +02:00
Arne Fitzenreiter
70590cef48 Kernel: update to 4.14.128 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-06-19 21:01:29 +02:00
Michael Tremer
4b64da2914 core134: Ship updated vim 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-06-18 22:35:23 +01:00
Matthias Fischer
beac384541 Remove old vim 7.4 data 
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-06-18 22:35:07 +01:00
Matthias Fischer
98f55e136f vim: Update to 8.1 
Please note:
If this gets merged, the update process must deal with the otherwise remaining
files in '/usr/share/vim74' (~16 MB).

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-06-18 22:34:55 +01:00
Stéphane Pautrel
d3e8820330 Update French translation 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-06-18 20:02:28 +01:00
Arne Fitzenreiter
a04eedfe7d core134: add kernel to updater 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-06-18 18:55:11 +02:00
Arne Fitzenreiter
15ca18a3d9 Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next 2019-06-18 18:42:02 +02:00
Arne Fitzenreiter
82c279a518 kernel: update to 4.14.127 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-06-18 18:41:19 +02:00
Arne Fitzenreiter
1a129822af linux-pae: fix grub.conf creation on pv machines 
on some systems it seems that grub2 and it config also exist.
 2019-06-18 14:36:02 +02:00
Michael Tremer
7516e8b7f1 core134: Ship changed general-functions.pl 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-06-18 09:13:21 +01:00
Alexander Marx
cc724c142a BUG12070: Its not possible to use the underscore in email addresses 
Using IPFire's Mailservice does not allow to enter a senders mail address with the underscore.
The function used to verify that is used from general-functions.pl.
Now the function 'validemail' allows the underscore in the address.

Fixes: #12070

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-06-18 09:12:49 +01:00
Michael Tremer
82899ad1ce core134: Ship updated unbound 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-06-18 09:11:18 +01:00
Matthias Fischer
2f278de868 unbound: Update to 1.9.2 
For details see:
https://nlnetlabs.nl/pipermail/unbound-users/2019-June/011632.html

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-06-17 17:39:37 +01:00
Peter Müller
0dd16f4047 vpnmain.cgi: Fix writing ESP settings for PFS ciphers 
The changes introduced due to #12091 caused IPsec ESP
to be invalid if PFS ciphers were selected. Code has
to read "!$pfs" instead of just "$pfs", as it should trigger
for ciphers _without_ Perfect Forward Secrecy.

Fixes #12099

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Cc: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-06-17 16:14:27 +01:00
Arne Fitzenreiter
1307df2257 Merge branch 'master' into next 2019-06-15 18:10:35 +02:00
Arne Fitzenreiter
faec909e1a vpnmain.cgi: remove wrongh "shift-space" 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-06-15 17:38:47 +02:00
Arne Fitzenreiter
f5662122b5 hyperscan: increase min RAM per buildprocess to 1GB 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-06-14 22:09:47 +02:00
Michael Tremer
bc051eac54 core133: Ship jansson in update 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-06-14 06:22:52 +01:00
Arne Fitzenreiter
f081e454a6 finish core133 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-06-12 19:57:21 +02:00
Michael Tremer
527078e439 core134: Ship updated OpenSSL 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-06-12 17:25:13 +01:00
Peter Müller
69772b7dda OpenSSL: lower priority for CBC ciphers in default cipherlist 
In order to avoid CBC ciphers as often as possible (they contain
some known vulnerabilities), this changes the OpenSSL default
ciphersuite to:

TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any      Au=any  Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_256_GCM_SHA384  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(256) Mac=AEAD
TLS_AES_128_GCM_SHA256  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(128) Mac=AEAD
ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA384
ECDHE-ECDSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=Camellia(256) Mac=SHA384
ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA384
ECDHE-RSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=Camellia(256) Mac=SHA384
ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA256
ECDHE-ECDSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=Camellia(128) Mac=SHA256
ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA256
ECDHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=Camellia(128) Mac=SHA256
DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH       Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD
DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(256) Mac=AEAD
DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES256-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA256
DHE-RSA-CAMELLIA256-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=Camellia(256) Mac=SHA256
DHE-RSA-AES128-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA256
DHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=Camellia(128) Mac=SHA256
ECDHE-ECDSA-AES256-SHA  TLSv1 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA1
ECDHE-ECDSA-AES128-SHA  TLSv1 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA1
ECDHE-RSA-AES256-SHA    TLSv1 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA1
ECDHE-RSA-AES128-SHA    TLSv1 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA1
DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH       Au=RSA  Enc=Camellia(256) Mac=SHA1
DHE-RSA-AES128-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA1
DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH       Au=RSA  Enc=Camellia(128) Mac=SHA1
AES256-GCM-SHA384       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(256) Mac=AEAD
AES128-GCM-SHA256       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(128) Mac=AEAD
AES256-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA256
CAMELLIA256-SHA256      TLSv1.2 Kx=RSA      Au=RSA  Enc=Camellia(256) Mac=SHA256
AES128-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA256
CAMELLIA128-SHA256      TLSv1.2 Kx=RSA      Au=RSA  Enc=Camellia(128) Mac=SHA256
AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
CAMELLIA256-SHA         SSLv3 Kx=RSA      Au=RSA  Enc=Camellia(256) Mac=SHA1
AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1
CAMELLIA128-SHA         SSLv3 Kx=RSA      Au=RSA  Enc=Camellia(128) Mac=SHA1

Since TLS servers usually override the clients' preference with their
own, this will neither break existing setups nor introduce huge
differences in the wild. Unfortunately, CBC ciphers cannot be disabled
at all, as they are still used by popular web sites.

TLS 1.3 ciphers will be added implicitly and can be omitted in the
ciphersting. Chacha20/Poly1305 is preferred over AES-GCM due to missing
AES-NI support for the majority of installations reporting to Fireinfo
(see https://fireinfo.ipfire.org/processors for details, AES-NI support
is 28.22% at the time of writing).

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-06-12 17:24:00 +01:00
Michael Tremer
ce46df9b83 Start Core Update 134 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-06-12 17:18:23 +01:00
Michael Tremer
e263c29c92 unbound: Make some zones type-transparent 
If we remove other records (like MX) from the response, we won't
be able to send mail to those hosts any more.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-06-12 17:14:28 +01:00
Michael Tremer
91056adea5 unbound: Add yandex.com to safe search feature 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-06-12 17:11:32 +01:00
Michael Tremer
043e7aa50f unbound: safe search: Resolve hosts at startup 
unbound is not able to expand CNAMEs in local-data. Therefore we
have to do it manually at startup.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-06-13 11:12:07 +01:00
Peter Müller
fa7de475fe Tor: fix permissions after updating, too 
Fixes #12088

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reported-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-06-12 05:45:42 +01:00
Michael Tremer
5d65813aa3 core133: Ship updated wpa_supplicant 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-06-11 07:00:38 +01:00
Matthias Fischer
33fb0c91ec wpa_supplicant: Update to 2.8 
For details see:
https://w1.fi/cgit/hostap/plain/wpa_supplicant/ChangeLog

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-06-11 07:00:05 +01:00
Michael Tremer
894eaf5184 smt: Only disable SMT when the kernel thinks it is vulnerable 
On virtual machines, it does not make sense to disable SMT for the
virtual cores. This has to be done by the hypervisor.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-06-11 17:07:23 +00:00
Peter Müller
8e101c0bda ship language files in Core Update 133 
These were missing in Core Update 132, and some strings
(especially on the "CPU vulnerabilities" page) missed translations.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-06-10 19:44:59 +01:00
Michael Tremer
35f12f2998 Rootfile update 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-06-10 09:58:15 +01:00
Stefan Schantl
33afb0681f convert-ids-modifysids-file: Fix check if the ids is running. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-06-10 09:46:00 +01:00
Matthias Fischer
3f7cec61c9 hostapd: Update to 2.8 
For details see:
https://w1.fi/cgit/hostap/plain/hostapd/ChangeLog

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-06-10 09:45:54 +01:00