webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-27 03:07:43 +02:00
Code Issues Packages Projects Releases Wiki Activity
14,896 Commits 2 Branches 1 Tag
8aeb3ba45f493744e95188151c2fe6f5c8a3b74e
Commit Graph

14896 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Arne Fitzenreiter
2b51e4aeab Revert "kernel: enable CONFIG_RANDOMIZE_BASE on aarch64" 
with enabled CONFIG_RAMDOIZE_BASE the linking of xtables
and maybee other external kernel modules fail on aarch64

This reverts commit 8379ab44b8.
 2020-06-10 16:20:34 +02:00
Peter Müller
e694bbd17f kernel: enable CONFIG_RANDOMIZE_BASE on armv5tel 
Partially fixes: #12363

Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-09 22:20:26 +00:00
Peter Müller
8379ab44b8 kernel: enable CONFIG_RANDOMIZE_BASE on aarch64 
Partially fixes: #12363

Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-09 22:19:50 +00:00
Peter Müller
e4d1f96869 kernel: enable CONFIG_HARDENED_USERCOPY on aarch64 and armv5tel 
Fixes: #12365

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-09 15:37:33 +00:00
Peter Müller
7617da3bba kernel: enable CONFIG_SECCOMP on aarch64 and armv5tel 
Fixes: #12366

Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-08 21:22:44 +00:00
Peter Müller
d7174d7c3a kernel: disable CONFIG_ACPI_CUSTOM_METHOD on x86_64 and i586 
This is dangerous as it allows replacing the running kernel without
rebooting. Kernel Self Protection Project people recommend to keep it
disabled.

Fixes: #12372

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-08 21:22:32 +00:00
Peter Müller
b1f24c4353 kernel: disable CONFIG_MODIFY_LDT_SYSCALL on i586 and x86_64 
Fixes: #12382

Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-08 21:22:05 +00:00
Stefan Schantl
d2b364f032 red.up: Do not download/update location database. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2020-06-08 21:20:17 +02:00
Arne Fitzenreiter
8a86d257cf squid-accounting: remove deps that are moved to core 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-05 20:43:58 +00:00
Arne Fitzenreiter
625104ec57 Merge branch 'master' into next 2020-06-04 15:16:39 +00:00
Michael Tremer
405c7326d2 core145: Remove double-added configuration lines for OpenVPN 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-04 15:13:33 +00:00
Arne Fitzenreiter
90c1e763b6 Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next 2020-06-04 08:59:28 +02:00
Arne Fitzenreiter
7674247947 start core146 and add the kernel 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-04 08:49:28 +02:00
Arne Fitzenreiter
a43b370411 kernel: update to 4.14.183 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-04 08:37:00 +02:00
Stefan Schantl
51b6f07ce5 geoip-functions.pl: Provide the available locations in upper case. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2020-06-03 19:29:55 +02:00
Stefan Schantl
decef80c7e geoip-functions.pl: Remove non existing country codes. 
o1 (Other country) and yu (Yugoslavia) have been used in the past
and are not part of libloc and therefore cannot be used anymore.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2020-06-03 19:15:43 +02:00
Michael Tremer
4963d555f6 core145: Update OpenVPN server configuration only when necessary 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-03 14:46:31 +00:00
Michael Tremer
495613fb35 core145: Update OpenVPN server configuration only when necessary 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-03 14:45:04 +00:00
Arne Fitzenreiter
b923dd3de0 kernel: backport "random: try to actively add entropy" 
this backports https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/drivers/char/random.c?id=50ee7529ec4500c88f8664560770a7a1b65db72b
to gather enough entropy for initialise the crng faster.
Of some machines like the APU it will need forever if
the machine only wait for entropy without doing anything else.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-03 08:03:01 +00:00
Arne Fitzenreiter
5b0c35e092 drop xen-inage-builder 
this depends on linux-pae and has failed to boot
since a while.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-02 18:37:22 +02:00
Arne Fitzenreiter
83d5892a86 kernel: drop extra i586-pae kernel 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-02 18:34:44 +02:00
Peter Müller
e6514b3af8 kernel: disable CONFIG_DEBUG_LIST on i586(-pae) 
Fixes: #12378

Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-02 11:15:51 +00:00
Peter Müller
4264e41a61 kernel: enable CONFIG_SCHED_STACK_END_CHECK on x86_64, armv5tel and aarch64 
> This option checks for a stack overrun on calls to schedule(). If the stack
> end location is found to be over written always panic as the content of the
> corrupted region can no longer be trusted. This is to ensure no erroneous
> behaviour occurs which could result in data corruption or a sporadic crash at a
> later stage once the region is examined. The runtime overhead introduced is
> minimal.

Fixes: #12376

Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-02 11:15:34 +00:00
Peter Müller
c2749c1bed kernel: disable CONFIG_USELIB on x86_64 and i586(-pae) 
> This option enables the uselib syscall a system call used in the dynamic
> linker from libc5 and earlier. glibc does not use this system call. If you
> intend to run programs built on libc5 or earlier you may need to enable this
> syscall. Current systems running glibc can safely disable this.

In my point of view, the last sentence matches our situation.

Fixes: #12379

Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-02 11:15:13 +00:00
Peter Müller
b5e1ccaee2 kernel: enable CONFIG_DEBUG_WX on aarch64 
Since this is described as 'Generate a warning if any W+X mappings are
found at boot.', it most likely does not break anything and can be
safely enabled.

Fixes: #12373

Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-02 11:14:50 +00:00
Peter Müller
efd508e9f6 kernel: enable page poisoning on x86_64 
This is already active on i586 and prevents information leaks from freed
data.

Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-02 11:14:15 +00:00
Peter Müller
442a7f5ea2 Kernel: drop Memstick support 
These are not needed anymore since Sony announced EOL in 2010 and there
is no legitimate use case for such hardware on a firewall system.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-02 11:13:14 +00:00
Peter Müller
90ecad4f66 Kernel: drop bluetooth support 
The bluetooth addon was recently removed by commit
592be1d206, which is why we do not need to
carry the corresponding kernel modules around anymore.

The second version of this patch correctly updates kernel configuration
files via "make oldconfig" as requested by Arne.

Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Cc: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-02 11:12:58 +00:00
Stefan Schantl
296af3b9ec libloc: Rootfile update. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2020-06-01 21:13:19 +02:00
Stefan Schantl
89be703297 libloc: Import latest upstream patches. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2020-06-01 21:13:03 +02:00
Stefan Schantl
5127276ba1 xtables-addons: Create directory for geoip databases (kernel module). 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2020-06-01 21:11:58 +02:00
Arne Fitzenreiter
bea09ff261 core145: found more urlfilter db files to cleanup 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-05-30 18:04:33 +00:00
Arne Fitzenreiter
30830d62a0 core145: remove converted urlfilter database 
to force rebuilt with new db.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-05-30 17:33:40 +00:00
Michael Tremer
371661367c netatalk: Add krb5 as a dependency 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-05-29 10:27:15 +00:00
Matthias Fischer
fead20a917 knot: Update to 2.9.5 
For details see:
https://www.knot-dns.cz/2020-05-25-version-295.html

"Bugfixes:

 Old ZSK can be withdrawn too early during a ZSK rollover if maximum
 zone TTL is computed automatically
 Server responds SERVFAIL to ANY queries on empty non-terminal nodes

Improvements:

 Also module onlinesign returns minimized responses to ANY queries
 Linking against libcap-ng can be disabled via a configure option"

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-05-27 11:07:55 +00:00
Stefan Schantl
cf45236b2a Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next-switch-to-libloc 2020-05-26 19:02:48 +02:00
Stefan Schantl
d4beed2ce9 Locale-Country: Fix rootfile 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2020-05-26 19:01:39 +02:00
Stefan Schantl
fb47a9be0c libloc: Update to 0.9.1 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2020-05-26 19:01:18 +02:00
Stefan Schantl
bdf1e52606 geoip-database: Drop package 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2020-05-26 19:00:40 +02:00
Matthias Fischer
ca33424de5 minidlna: Update to 1.2.1 
For details see:
https://sourceforge.net/projects/minidlna/files/minidlna/1.2.1/

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-05-26 11:13:06 +00:00
Matthias Fischer
6e670b9c9d ffmpeg: Update to 4.2.3 
For details see:
http://ffmpeg.org/download.html#release_4.2

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-05-26 11:12:51 +00:00
Michael Tremer
6d78ec1a1c core145: Enable OpenVPN metrics collection 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-05-26 11:12:39 +00:00
Michael Tremer
75bb55e716 openvpn: Create database schema if not exists 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-05-26 11:12:23 +00:00
Matthias Fischer
5336aaa6fa make.sh: Suppress 'ls :cannot access *.bz2'-message 
The message "ls: cannot access '*.bz2': No such file or directory" comes
from the 'ls' command prior to creating the *.md5-files for *.bz2, *.img.xz
and *.iso files.

But on most builds we have especially no more bzip2 compressed images anymore.

This message can usually be ignored and is just irritating.

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-05-26 11:12:04 +00:00
Matthias Fischer
442717a127 nano: Update to 4.9.3 
For details see:
https://www.nano-editor.org/news.php

"One more bug introduced in version 4.9 is fixed: a crash when
the terminal screen is resized while at a lock-file prompt."

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-05-26 11:11:51 +00:00
Stefan Schantl
8b58dbf32a Merge branch 'switch-to-libloc' into next-switch-to-libloc 2020-05-25 19:58:54 +02:00
Michael Tremer
91b23ce05b squidGuard: Fix generating databases with libdb >= 5 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-05-22 12:47:32 +00:00
Michael Tremer
7479c99349 ids-functions.pl: Quote array of subnets 
Reported-by: Daniel Weismüller <daniel.weismueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-05-20 12:39:17 +00:00
Arne Fitzenreiter
76a1dedb4f move perl-DBI and perl-DBD-SQLite to core system 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-05-20 09:47:25 +00:00
Arne Fitzenreiter
b2896abb64 update credits.cgi 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-05-20 09:15:36 +00:00