webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-05-11 09:48:24 +02:00
Code Issues Packages Projects Releases Wiki Activity
17,021 Commits 2 Branches 1 Tag
999b71cf47dc120eb1b0e558dc6a8dbbf66f7a17
Commit Graph

1240 Commits

Author SHA1 Message Date
Arne Fitzenreiter
7529349754 kernel: apu2 leds: update string for newer bios 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-08-05 17:19:52 +02:00
Matthias Fischer
51099ddfd7 squid: Update to 3.5.28 
For details see:
http://www.squid-cache.org/Versions/v3/3.5/changesets/

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-07-26 14:38:57 +01:00
Michael Tremer
a570226765 Merge branch 'next' into efi 2018-07-20 12:47:20 +00:00
Michael Tremer
011204d963 fireinfo: Import latest patches 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-07-20 12:06:11 +00:00
Michael Tremer
7c80f8c5cc syslinux: Update to 6.04-pre1 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-07-14 13:43:53 +01:00
Michael Tremer
4c2343931c parted: Update to 3.2 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-07-14 13:43:52 +01:00
Michael Tremer
b661333e3a syslinux: FTBFS with newer ld 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-07-14 13:43:50 +01:00
Michael Tremer
8a9605840c Remove dvdrtools for cdrkit 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-07-14 13:43:49 +01:00
Matthias Fischer
5bb288a244 dhcp: Update to 4.4.1 
For details see:
https://kb.isc.org/article/AA-01571/82/DHCP-4.4.1-Release-Notes.html

This should close https://bugzilla.ipfire.org/show_bug.cgi?id=11697 and
https://bugzilla.ipfire.org/show_bug.cgi?id=11293.

This update required some changes as described in:
https://bugzilla.ipfire.org/show_bug.cgi?id=11697#c6

Thanks to all testers! ;-)

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-06-04 13:52:43 +01:00
Arne Fitzenreiter
4dd7df2f82 Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next 2018-05-16 14:09:42 +02:00
Arne Fitzenreiter
959b404ee0 u-boot: add Raspberry Pi 3 Model B+ 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-05-16 10:43:58 +02:00
Arne Fitzenreiter
39a73adadf kernel: kirkwood: fix iConnect leds and modell name 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-05-13 07:59:01 +00:00
Matthias Fischer
1698eb73c7 openssh: Update to 7.7p1 
For details see:
http://www.openssh.com/txt/release-7.7

This release fixes:
https://bugzilla.ipfire.org/show_bug.cgi?id=11693
https://bugzilla.ipfire.org/show_bug.cgi?id=11694

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-05-07 11:33:41 +01:00
Arne Fitzenreiter
0d2cbbab85 Merge branch 'kernel-4.14' into next 2018-05-05 09:14:42 +02:00
Arne Fitzenreiter
79dbff45cb Merge remote-tracking branch 'origin/core120' into kernel-4.14 2018-04-28 09:09:00 +02:00
Michael Tremer
196b9090f9 dma: Apply compile fix 
dma segfaulted when built without string.h.

Fixes: #11701

Submitted upstream: https://github.com/corecode/dma/pull/58

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-04-24 12:35:51 +01:00
Michael Tremer
86fd194766 dma: Apply compile fix 
dma segfaulted when built without string.h.

Fixes: #11701

Submitted upstream: https://github.com/corecode/dma/pull/58

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-04-24 12:34:53 +01:00
Peter Müller
a83b738215 update ClamAV to 0.100.0 
Update ClamAV to 0.100.0, which brings some new features and bugfixes
(release notes are available here: https://blog.clamav.net/2018/04/clamav-01000-has-been-released.html).

Since the internal LLVM code is now deprecated and disabled by default,
patching clamav/libclamav/c++/llvm/lib/ExecutionEngine/JIT/Intercept.cpp
does not seem to be necessary anymore.

Further, the --disable-zlib-vcheck option has been removed since it
produces warnings during compilation.

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-04-23 11:20:52 +01:00
Arne Fitzenreiter
20406699e3 grub: update to 2.02 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-04-17 06:10:06 +02:00
Matthias Fischer
4217b4b6d8 beep 1.3: Fixes for CVE-2018-0492 
For details see:
https://src.fedoraproject.org/cgit/rpms/beep.git
https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-0492

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-04-11 20:03:19 +01:00
Arne Fitzenreiter
96a2ff029e kernel: update config 
disable isdn
disable audit
disable profiling on arm
disable scsi driver on arm

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-04-11 18:36:57 +02:00
Arne Fitzenreiter
302dba205b Merge remote-tracking branch 'origin/master' into kernel-4.14 2018-03-30 10:26:01 +02:00
Michael Tremer
d3cd99830a fetchmail: Permit building without SSLv3 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-03-27 20:53:31 +01:00
Michael Tremer
166ceacd6b openssl: Update to 1.1.0h 
CVE-2018-0739 (OpenSSL advisory) [Moderate severity] 27 March 2018:

Constructed ASN.1 types with a recursive definition (such as can be
found in PKCS7) could eventually exceed the stack given malicious
input with excessive recursion. This could result in a Denial Of
Service attack. There are no such structures used within SSL/TLS
that come from untrusted sources so this is considered safe.
Reported by OSS-fuzz.

This patch also entirely removes support for SSLv3. The patch to
disable it didn't apply and since nobody has been using this before,
we will not compile it into OpenSSL any more.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-03-27 16:03:44 +01:00
Arne Fitzenreiter
2a0947f2e3 u-boot: update to 2018.03 
todo: check wandboard version. there are internal changes to merge
the different wandboard images to one and u-boot.imx is not build
anymore. Which file is needed to boot on wandboard?

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-03-24 11:14:24 +01:00
Matthias Fischer
71e5a29c81 dmidecode 3.1: Added patch (Fix firmware version of TPM device) 
For details see:
http://git.savannah.gnu.org/cgit/dmidecode.git/commit/?id=174387405e98cd94c627832ae23abcb9be7e5623

"Both the operator (detected by clang, reported by Xorg) and the mask
for the minor firmware version field of TPM devices were wrong."

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-03-19 11:56:19 +00:00
Matthias Fischer
cc4816a1af clamav 0.99.4: removed gcc patch 
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-03-07 18:43:44 +00:00
Peter Müller via Development
5929493445 set OpenSSL 1.1.0 DEFAULT cipher list to secure value 
Only use secure cipher list for the OpenSSL DEFAULT list:
* ECDSA is preferred over RSA since it is faster and more scalable
* TLS 1.2 suites are preferred over anything older
* weak ciphers such as RC4 and 3DES have been eliminated
* AES-GCM is preferred over AES-CBC (known as "mac-then-encrypt" problem)
* ciphers without PFS are moved to the end of the cipher list

This patch leaves AES-CCM, AES-CCM8 and CHACHA20-POLY1305 suites
where they are since they are considered secure and there is no
need to change anything.

The DEFAULT cipher list is now (output of "openssl ciphers -v"):

ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-ECDSA-AES256-CCM8 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESCCM8(256) Mac=AEAD
ECDHE-ECDSA-AES256-CCM  TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESCCM(256) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES128-CCM8 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESCCM8(128) Mac=AEAD
ECDHE-ECDSA-AES128-CCM  TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESCCM(128) Mac=AEAD
ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA384
ECDHE-ECDSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=Camellia(256) Mac=SHA384
ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA256
ECDHE-ECDSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=Camellia(128) Mac=SHA256
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(128) Mac=AEAD
ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA384
ECDHE-RSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=Camellia(256) Mac=SHA384
ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA256
ECDHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=Camellia(128) Mac=SHA256
DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(256) Mac=AEAD
DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH       Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD
DHE-RSA-AES256-CCM8     TLSv1.2 Kx=DH       Au=RSA  Enc=AESCCM8(256) Mac=AEAD
DHE-RSA-AES256-CCM      TLSv1.2 Kx=DH       Au=RSA  Enc=AESCCM(256) Mac=AEAD
DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES128-CCM8     TLSv1.2 Kx=DH       Au=RSA  Enc=AESCCM8(128) Mac=AEAD
DHE-RSA-AES128-CCM      TLSv1.2 Kx=DH       Au=RSA  Enc=AESCCM(128) Mac=AEAD
DHE-RSA-AES256-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA256
DHE-RSA-CAMELLIA256-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=Camellia(256) Mac=SHA256
DHE-RSA-AES128-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA256
DHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=Camellia(128) Mac=SHA256
ECDHE-ECDSA-AES256-SHA  TLSv1 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA1
ECDHE-ECDSA-AES128-SHA  TLSv1 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA1
ECDHE-RSA-AES256-SHA    TLSv1 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA1
ECDHE-RSA-AES128-SHA    TLSv1 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA1
DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH       Au=RSA  Enc=Camellia(256) Mac=SHA1
DHE-RSA-AES128-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA1
DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH       Au=RSA  Enc=Camellia(128) Mac=SHA1
AES256-GCM-SHA384       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(256) Mac=AEAD
AES256-CCM8             TLSv1.2 Kx=RSA      Au=RSA  Enc=AESCCM8(256) Mac=AEAD
AES256-CCM              TLSv1.2 Kx=RSA      Au=RSA  Enc=AESCCM(256) Mac=AEAD
AES128-GCM-SHA256       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(128) Mac=AEAD
AES128-CCM8             TLSv1.2 Kx=RSA      Au=RSA  Enc=AESCCM8(128) Mac=AEAD
AES128-CCM              TLSv1.2 Kx=RSA      Au=RSA  Enc=AESCCM(128) Mac=AEAD
AES256-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA256
CAMELLIA256-SHA256      TLSv1.2 Kx=RSA      Au=RSA  Enc=Camellia(256) Mac=SHA256
AES128-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA256
CAMELLIA128-SHA256      TLSv1.2 Kx=RSA      Au=RSA  Enc=Camellia(128) Mac=SHA256
AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
CAMELLIA256-SHA         SSLv3 Kx=RSA      Au=RSA  Enc=Camellia(256) Mac=SHA1
AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1
CAMELLIA128-SHA         SSLv3 Kx=RSA      Au=RSA  Enc=Camellia(128) Mac=SHA1

This has been discussed at 2017-12-04 (https://wiki.ipfire.org/devel/telco/2017-12-04)
and for a similar patch written for OpenSSL 1.0.x.

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-28 11:45:03 +00:00
Arne Fitzenreiter
1a7cfc2f10 Merge remote-tracking branch 'origin/core119' into kernel-4.14 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-02-27 12:38:18 +01:00
Michael Tremer
9434bffaf2 Merge branch 'openssl-11' into next 2018-02-21 12:21:10 +00:00
Michael Tremer
0f354672a2 flac: Update to 1.3.2 
The previous version fails to build on i586

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-16 19:14:33 +00:00
Michael Tremer
11e78f38b9 Package openssl-compat (1.0.2.n) 
This is provided for compatibility with binaries that have
been compiled against this version of OpenSSL.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-11 22:19:45 +00:00
Michael Tremer
7e63e4f806 transmission: Patch to build against OpenSSL 1.1 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-11 22:19:45 +00:00
Michael Tremer
0d0fe16e22 net-snmp: Patch to build against OpenSSL 1.1 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-11 22:19:45 +00:00
Michael Tremer
3b10b31303 elinks: Patch to build against OpenSSL 1.1 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-11 22:19:45 +00:00
Michael Tremer
07b8dcd0b2 openssh: Update to 7.6p1 and patch against OpenSSL 1.1 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-11 22:19:45 +00:00
Michael Tremer
5a9bbaa93d openssl: Update to version 1.1 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-11 22:19:45 +00:00
Michael Tremer
e9e3dd9fee qemu: Make it build with newer glibcs 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-11 20:56:12 +00:00
Michael Tremer
c19196e1c5 nfs: Fix building with newer glibcs 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-11 20:56:12 +00:00
Michael Tremer
ce7f9c3a0e libtirpc: Fix build against newer glibcs 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-11 20:56:12 +00:00
Michael Tremer
f794504ec6 dma: Don't only use TLSv1 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-11 20:56:12 +00:00
Michael Tremer
65a75e0ddf glibc: Update to 2.27 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-11 20:56:12 +00:00
Michael Tremer
f1a5a25a40 flex: Patch against SEGV with newer glibc 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-11 20:56:12 +00:00
Michael Tremer
6ffe2da8c9 iproute2: Update to 4.14.1 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-11 20:56:12 +00:00
Michael Tremer
f6b0901df9 hostname: Update to 3.20 
Drops dependency to obsolete RPCSVC code in glibc.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-11 20:56:12 +00:00
Michael Tremer
dca7011c1f make: Patch against SEGV when using globbing functions 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-11 20:56:12 +00:00
Michael Tremer
85439ac74c toolchain: Add bison 
This is required by glibc 2.27

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-11 20:56:12 +00:00
Arne Fitzenreiter
11b5e5cb8e toolchain: update to gcc-7.3.0 and enable retpolines on x86_64 and i586 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-02-11 20:56:12 +00:00
Arne Fitzenreiter
27ee5072c5 mdadm: fix build with gcc-7 2018-02-11 20:56:12 +00:00
Arne Fitzenreiter
eaec148fd8 sarg: update to 2.3.11 (needed for gcc-7) 2018-02-11 20:56:12 +00:00