webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-20 16:02:59 +02:00
Code Issues Packages Projects Releases Wiki Activity
10,412 Commits 2 Branches 1 Tag
8fa523e028ecfa8acb33bac7d48f2fe9cb60a86e
Commit Graph

10412 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Tremer
8fa523e028 libpng: Update to version 1.2.57 
These all fix a potential "NULL dereference" bug that has existed in libpng
since version 0.71 of June 26, 1995.  To be vulnerable, an application
has to load a text chunk into the png structure, then delete all text, then
add another text chunk to the same png structure, which seems to be
an unlikely sequence, but it has happened.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-12-29 16:04:29 +00:00
Matthias Fischer
22dbd018f1 squid 3.5.23: latest patch (14129) 
Seems to be a serious one.
"Bug #3940 pt2: Make 'cache deny' do what is documented".
(Duplicate of Bug 3783)

For details see:

http://bugs.squid-cache.org/show_bug.cgi?id=3940

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-12-29 15:37:07 +00:00
Matthias Fischer
fb7cd4cb4f nano: Update to 2.7.2 
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-12-27 11:40:10 +01:00
Arne Fitzenreiter
e11038354b hwdata: update databases 
pci.ids 2016.12.19
usb.ids 2016.12.05

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2016-12-22 21:53:39 +01:00
Arne Fitzenreiter
7ba5691854 start core109 updater 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2016-12-22 20:39:38 +01:00
Matthias Fischer
dcc3b47f00 bind: Update to 9.11.0-P1 
http://ftp.isc.org/isc/bind9/9.11.0-P1/RELEASE-NOTES-bind-9.11.0-P1.html:
"BIND 9.11.0-P1 addresses the security issue described in CVE-2016-8864"

https://access.redhat.com/security/cve/cve-2016-8864:
"A denial of service flaw was found in the way BIND handled responses
containing a DNAME answer. A remote attacker could use this flaw to
make named exit unexpectedly with an assertion failure via a specially
crafted DNS response."

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-12-19 12:08:34 +00:00
Matthias Fischer
ba6fc476fb snort: Update to 2.9.9.0 
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-12-18 15:19:52 +00:00
Matthias Fischer
a1bc7f3ab9 squid: Update to 3.5.23 
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-12-17 17:26:38 +00:00
Matthias Fischer
3c22a549ab squid 3.5.22: latest patches (14123-14126) 
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-12-17 17:26:36 +00:00
Michael Tremer
c2adb460d6 Revert "unbound: Deactivate qname-minimization & harden-below-nxdomain" 
This reverts commit 86e9d04bfb.

This seems to be working with unbound 1.6.0 so that this can be
re-enabled for better privacy.

http://lists.ipfire.org/pipermail/development/2016-December/002807.html
 2016-12-16 11:59:59 +00:00
Matthias Fischer
ef2bb43402 unbound: Update to 1.6.0 
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>

For details, see:
http://www.unbound.net/download.html
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-12-16 10:29:18 +00:00
Michael Tremer
b2f96a94e3 unbound: EDNS buffer size defaults to 4096 
If this is changed, a warning will be shown.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-12-14 12:51:46 +00:00
Michael Tremer
8f3034d0db unbound: Test for working EDNS buffer size and adjust accordingly 
Some networks have equipment that fails to forward DNS queries
with EDNS and the DO bit set. They might even lose the replies.

This patch will adjust unbound so that it will not try to receive
too large replies and falls back to TCP earlier. This creates
some higher load on the DNS servers but at least gives us
working DNS.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-12-14 12:45:07 +00:00
Arne Fitzenreiter
b26b242a9c finish core108 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2016-12-13 23:29:21 +01:00
Matthias Fischer
a5f09f8e5b squid 3.5.22: latest patches (14119-14122) 
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-12-12 11:20:21 +00:00
Matthias Fischer
d15c59e6e5 nano: Update to 2.7.1 
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-12-12 10:58:21 +00:00
Michael Tremer
6426c4066f core108: Ship updated squid 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-12-06 14:20:16 +00:00
Matthias Fischer
4ce082a4dd squid 3.5.22: latest patches (14114-14118) 
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-12-06 14:19:20 +00:00
Matthias Fischer
262c48be60 squid 3.5.22: latest patches (14103-14113) 
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-12-06 14:19:12 +00:00
Matthias Fischer
cc8f79f95f squid 3.5.22: latest patches (14100-14102) 
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-12-06 14:19:06 +00:00
Matthias Fischer
cc2a2209d8 squid 3.5.22: latest patch (14099) 
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-12-06 14:19:03 +00:00
Michael Tremer
67214dc2eb core108: Ship updated NTP 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-12-06 14:17:05 +00:00
Matthias Fischer
31986a351c ntp: Update to 4.2.8p9 
"It addresses 1 high-, 2 medium-, 2 medium-/low-, and 5 low-severity
security issues, 28 bugfixes, and contains other improvements over 4.2.8p8."

For a complete list, see:
http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-12-06 14:15:19 +00:00
Michael Tremer
6268c62384 tor: Update to 0.2.8.10 
Brings various major bugfixes and privacy enhancements

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-12-03 13:30:02 +00:00
Michael Tremer
2aa15dee66 unbound: Fix DNS forwarder test 
The previous version aborted when the validation test
suceeded, but this is not always sufficient in case a
provider filters any DNSKEY, DS or RRSIG records.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-12-01 17:13:07 +00:00
Michael Tremer
cd812106b1 unbound: Do not try removing forwarders when unbound is not running 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-11-29 12:28:23 +00:00
Michael Tremer
adb11e90df Always enable asynchronous logging 
This patch always enables asynchronous logging which slows
down the system a lot on slow storage and some virtual environments.

It also removes the configuration options in the web
user interface, since this is not configurable any more.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-11-29 12:18:41 +00:00
Michael Tremer
b7f2fe819b core108: Ship updated ddns 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-11-28 21:51:13 +00:00
Stefan Schantl
0b5b6a594c ddns: Import patches for schokokeks.org support. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-11-28 21:50:24 +00:00
Michael Tremer
49750f72de Start Core Update 108 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-11-28 21:48:21 +00:00
Michael Tremer
e2b19d984c strongswan: Update to 5.5.1 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-11-28 21:38:29 +00:00
Michael Tremer
86e9d04bfb unbound: Deactivate qname-minimization & harden-below-nxdomain 
This causes trouble when you try to resolve a record like
a.b.blah.com where b.blah.com responds with NXDOMAIN. unbound
won't try to resolve a.b.blah.com because it is assumed that
everything longer than b.blah.com does not exist which is
probably not good usability.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-11-25 17:45:39 +00:00
Alexander Marx
bc4a68812b BUG11242: Fix for adding 2 VPN Hosts/network with same name 
If one has an IPSec network named "aaa" and an OpenVPn Host with the same name
it was not possible to group them together because of the same name.
Now the Network type is also checked wich allows Entries with same name, but different networks.

Fixes: #11242

Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-11-17 14:11:50 +00:00
Arne Fitzenreiter
c6bc0fb03e Merge remote-tracking branch 'origin/master' into next 2016-11-04 21:12:25 +01:00
Arne Fitzenreiter
34f6a3f1b5 Merge remote-tracking branch 'origin/core107' 2016-11-04 20:52:00 +01:00
Arne Fitzenreiter
2d646e9838 ntp: init with hardcoded ip if dns not work 
DNSSec need the correct time to validate the zones so we need
a workaround to init the time without dns.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2016-11-04 19:31:07 +01:00
Michael Tremer
d4af85f252 unbound: Send out replies from where they came in 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-11-04 18:23:25 +00:00
Michael Tremer
08fc1aa43b core107: Restart unbound to activate configuration changes 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-11-04 17:46:24 +00:00
Michael Tremer
7ebc0a16e2 unbound: Allow list of INSECURE_ZONES being set in sysconfig 
A list of DNS zones can be given for which DNSSEC validation
will be disabled.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-11-04 17:43:05 +00:00
Michael Tremer
3ddad158cd unbound: Allow recursion from everywhere 
Users use the IPFire DNS service from VPNs and other
routed networks.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-11-04 17:08:13 +00:00
Arne Fitzenreiter
2872f345b0 guardian: add path to update-lang-cache 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2016-11-03 06:51:49 +01:00
Arne Fitzenreiter
f8571e07be guardian: add languange cache regeneration at (un)install 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2016-11-02 20:26:58 +01:00
Michael Tremer
a6dcc5bb77 unbound: Fix for DNS forwarding of .local zones 
These are traditionally used for Windows domains and should not
be used for that. However if they are used like this, DNSSEC
validation cannot be used.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-11-02 15:51:49 +00:00
Michael Tremer
f8aa041f1a unbound: Fix for DNS forwarding of .local zones 
These are traditionally used for Windows domains and should not
be used for that. However if they are used like this, DNSSEC
validation cannot be used.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-11-02 15:42:40 +00:00
Arne Fitzenreiter
f95b8b9f7b set pakfire version to 107 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2016-10-31 21:31:09 +01:00
Arne Fitzenreiter
38183e52dd start core107 updater 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2016-10-27 21:07:55 +02:00
Matthias Fischer
5e818d6afb log.dat: cosmetical upgrade 
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-10-25 12:15:07 +01:00
Matthias Fischer
76fd8bcf7b hdparm: Update to 9.50 
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-10-25 12:15:01 +01:00
Arne Fitzenreiter
4bdbf22ee4 kernel: fix CVE-2016-5159 (Dirty COW) 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2016-10-22 20:20:22 +02:00
Arne Fitzenreiter
ed7a7f77db kernel: add support aes-ni support for aes-192 and 256 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2016-10-22 16:52:40 +02:00