webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-13 20:42:58 +02:00
Code Issues Packages Projects Releases Wiki Activity
15,244 Commits 2 Branches 1 Tag
63d55ec0c9b8bfda704e85ee2dcb4cecb81fb972
Commit Graph

15244 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Tremer
63d55ec0c9 core152: Ship knot 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-12 10:07:27 +00:00
Matthias Fischer
dd4093dcf3 knot: Update to 3.0.1 
For details see:
https://www.knot-dns.cz/2020-10-10-version-301.html

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-12 10:07:02 +00:00
Michael Tremer
b98d3a7e10 core152: Ship unbound 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-12 10:06:22 +00:00
Matthias Fischer
14f02911df unbound: Update to 1.12.0 
For details see:
https://lists.nlnetlabs.nl/pipermail/unbound-users/2020-October/006979.html

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-12 10:04:28 +00:00
Michael Tremer
e0aad107b5 Merge branch 'master' into next 2020-10-10 11:49:07 +00:00
Michael Tremer
a9f69cbf01 core151: Apply local SSH configuration 
Fixes: #12494
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-10 11:48:26 +00:00
Michael Tremer
5e4f76bb71 core151: Ship /etc/os-release 
Fixes: #12495
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-10 11:43:44 +00:00
Michael Tremer
d6b43978e7 borgbackup: Bump release 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-10 11:42:37 +00:00
Jonatan Schlag
bd78dec95b Borgbackup: Ship testsuite also for i586 and armv5tel 
Fixes: #12438

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-10 11:42:09 +00:00
Michael Tremer
d5808f3095 core152: Fix typo in rootfile 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-07 14:27:29 +00:00
Michael Tremer
b67f02d512 /var/ipfire/ethernet/settings: Drop BROADCAST variable 
This variable is no longer being used and was only used to
assign IP addresses to the individual interfaces.

However, the kernel knows best which IP address to select
as broadcast address for each network. Therefore we depend
on the kernel which allows us to support RFC3021.

Fixes: #12486 - no /31 transfer net available on red
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-07 11:46:46 +00:00
Michael Tremer
391540d9d8 samba: Link against avahi 
We should use avahi to announce file sharing services to
the network using mDNS, too.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-07 08:09:36 +00:00
Michael Tremer
42c19f78d8 avahi: Disable custom stack protector configuration 
We already pass -fstack-protector-strong, which might be overridden
by -fstack-protector-all. We also know that SSP works in our version
of libc and do not need to link against libssp.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-07 08:04:38 +00:00
Michael Tremer
ffd8eafa52 libtalloc: Move to /usr and drop Python module 
We do not use the Python module and can therefore
only have one rootfile for all architectures.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 16:35:26 +00:00
Michael Tremer
7bdfa67a4b python3: Rootfile update for i586 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 16:21:09 +00:00
Michael Tremer
5f6f2e0b7c python3: Update rootfile for armv5tel 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 15:13:54 +00:00
Michael Tremer
bcbcd15f64 Revert "core152: Load changed /etc/sysctl.conf" 
This reverts commit b125988d3f.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 12:26:43 +00:00
Michael Tremer
a9d90b1b3f Revert "sysctl.conf: prevent autoloading of TTY line disciplines" 
This reverts commit 14c65ab71c.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 12:26:26 +00:00
Arne Fitzenreiter
42fca29033 libtalloc: add new package because samba4 not provide this anymore 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 12:20:09 +00:00
Arne Fitzenreiter
1dd31d858e samba: update to 4.13.0 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 12:19:04 +00:00
Arne Fitzenreiter
b3e5529459 samba: remove SO_xxxBUF size definitions from default config 
this option is not recommended for samba4

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 12:19:01 +00:00
Arne Fitzenreiter
9584917795 rpcsvc-proto: build before samba 
samba4 depends on this package

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 12:19:00 +00:00
Arne Fitzenreiter
bbcaca5662 perl-Parse-Yapp: add package 
samba4 depends on this perl module

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 12:18:58 +00:00
Arne Fitzenreiter
b5efeaa092 samba initskript: create needed subdirs for pipes in /var/run/samba 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 12:18:56 +00:00
Arne Fitzenreiter
2598b19088 samba: default.global: remove unsuppoted "map to guest = false" 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 12:18:56 +00:00
Arne Fitzenreiter
e4ee298623 samba.cgi: remove unsupported DISPLAY CHARSET 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 12:18:50 +00:00
Arne Fitzenreiter
c771fe7c4f samba.cgi: remove unsupported security = share 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 12:18:42 +00:00
Michael Tremer
6d5de038d0 core152: Ship Python 3 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 12:16:46 +00:00
Peter Müller
2ab916576f Python3: update to 3.8.2 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 12:14:32 +00:00
Peter Müller
3c73b7fbf0 python3-botocore: update to 1.16.1 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 12:13:06 +00:00
Peter Müller
33e86e2d4e python3-colorama: update to 0.4.3 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 12:12:59 +00:00
Peter Müller
a1e3c67cad python3-dateutil: update to 2.8.1 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 12:12:54 +00:00
Peter Müller
85bf02ab09 python3-docutils: update to 0.16 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 12:12:45 +00:00
Peter Müller
7597a209ea python3-jmespath: update to 0.9.5 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 12:12:36 +00:00
Peter Müller
a4de7e7b0a python3-pyasn1: update to 0.4.8 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 12:10:26 +00:00
Peter Müller
1be989f46d python3-rsa: update to 4.0 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 12:10:18 +00:00
Peter Müller
9a2f6c5d8a python3-s3transfer: update to 0.3.3 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 12:09:57 +00:00
Peter Müller
06c3032442 python3-six: update to 1.14.0 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 12:09:37 +00:00
Michael Tremer
27bd3dfcef core152: Ship Python 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 12:09:07 +00:00
Arne Fitzenreiter
8f19090504 python: update to 2.7.18 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 12:07:34 +00:00
Michael Tremer
b125988d3f core152: Load changed /etc/sysctl.conf 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 12:05:11 +00:00
Peter Müller
14c65ab71c sysctl.conf: prevent autoloading of TTY line disciplines 
Malicious/vulnerable TTY line disciplines have been subject of some
kernel exploits such as CVE-2017-2636, and since - to put it in Greg
Kroah-Hatrman's words - we do not "trust the userspace to do the right
thing", this reduces local kernel attack surface.

Further, there is no legitimate reason why an unprivileged user should
load kernel modules during runtime, anyway.

See also:
- https://lkml.org/lkml/2019/4/15/890
- https://a13xp0p0v.github.io/2017/03/24/CVE-2017-2636.html

Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Cc: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 12:04:14 +00:00
Michael Tremer
6ec99a3372 Start Core Update 152 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 12:03:34 +00:00
Arne Fitzenreiter
5e4126c33b Merge branch 'next' 2020-10-05 20:24:35 +00:00
Peter Müller
b7b65e736e sysctl.conf: prevent unintentional writes into attacker-controlled files and FIFOs 
Similar to hard- and symlink protection introduced a while ago, this
patch enables protections against unintentional writes into
attacker-controlled regular files or FIFOs, where a program expected to
create new ones. This makes exploiting TOCTOU flaws harder.

See also: https://www.kernel.org/doc/Documentation/sysctl/fs.txt

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-05 15:07:47 +00:00
Erik Kapfer
22a6277fc9 freeradius: Update to version 3.0.21 
Update includes several fixes (incl. CVE-2019-17185) and feature improvements.
A full overview of all changes can be found in here --> https://raw.githubusercontent.com/FreeRADIUS/freeradius-server/v3.0.x/doc/ChangeLog .

The freeradius-no-buildtime-cert-gen patch applies also with this version.

Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-02 14:59:23 +00:00
Erik Kapfer
b789edf973 lynis: Update to version 3.0.0 
Several Fixes (incl. CVE-2019-13033 and CVE-2020-13882) and features has been added since the last version 2.6.4 .
For a full overview of the changes take a look in here --> https://cisofy.com/changelog/lynis/ .

Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-02 14:59:09 +00:00
Erik Kapfer
44bbc60696 libsolv: Update to version 0.7.14 
Several fixes and features has been added.
A full overview of all changes can be found in here --> https://github.com/openSUSE/libsolv/blob/master/package/libsolv.changes .

Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-02 14:54:18 +00:00
Michael Tremer
b637be144c haproxy: Update to 2.2.4 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-01 09:30:48 +00:00
Michael Tremer
eed7b35ba5 dnsdist: Update to 1.5.1 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-01 09:20:48 +00:00