bpfire

mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-20 16:02:59 +02:00

Author	SHA1	Message	Date
Matthias Fischer	9fa6a8d81d	squid: Update to 4.13 For details see: http://www.squid-cache.org/Versions/v4/changesets/ and http://lists.squid-cache.org/pipermail/squid-users/2020-August/022566.html Fixes (excerpt): "* SQUID-2020:8 HTTP(S) Request Splitting (CVE-2020-15811) This problem is serious because it allows any client, including browser scripts, to bypass local security and poison the browser cache and any downstream caches with content from an arbitrary source. * SQUID-2020:9 Denial of Service processing Cache Digest Response (CVE pending allocation) This problem allows a trusted peer to deliver to perform Denial of Service by consuming all available CPU cycles on the machine running Squid when handling a crafted Cache Digest response message. * SQUID-2020:10 HTTP(S) Request Smuggling (CVE-2020-15810) This problem is serious because it allows any client, including browser scripts, to bypass local security and poison the proxy cache and any downstream caches with content from an arbitrary source. * Bug 5051: Some collapsed revalidation responses never expire * SSL-Bump: Support parsing GREASEd (and future) TLS handshakes * Honor on_unsupported_protocol for intercepted https_port" Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-24 09:47:40 +00:00
Michael Tremer	0e457b13ea	smt: Fix check to detect if a system is running virtually /sys/hypervisor exists when a host has loaded the kvm modules. Fixes: #12472 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-21 09:52:15 +00:00
Michael Tremer	087e302381	general-functions.pl: Do not check IPsec subnets for VTI/GRE connections Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-20 17:56:03 +00:00
Michael Tremer	9a62b6daac	libvirt: Depend on ebtables libvirtd requires this to create some custom firewall rules Reported-by: Daniel Weismüller <daniel.weismueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-19 14:08:54 +00:00
Michael Tremer	882ab515f9	libvirt: Ship all CPU maps Reported-by: Daniel Weismüller <daniel.weismueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-19 14:08:53 +00:00
Michael Tremer	17d01f0138	core149: Ship zstd which is now part of the base system Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-19 12:12:08 +00:00
Michael Tremer	0e45bb1734	zstd: Do not ship libstd.so Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-19 12:11:43 +00:00
Matthias Fischer	9a2685f326	rsync: Update to 3.2.3 For details see: https://download.samba.org/pub/rsync/NEWS#3.2.3 Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-19 12:02:51 +00:00
Michael Tremer	f43ee38550	core149: Fix typo in apache initscript Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-19 11:56:56 +00:00
Matthias Fischer	9ac5418613	zstd 1.4.5: Deleted obsolete files from '/src/paks/' No longer needed => deleted because of: https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=c67ff7d72c2232b6994e1ff97277d4040711f97d Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-18 15:42:12 +00:00
Erik Kapfer	3caa418097	tshark: Update to version 3.2.6 The version jump from 3.2.3 to 3.2.6 includes several changes. 3.2.4 includes only bugfixes. 3.2.5 includes bugfixes and updated protocols. 3.2.6 includes also bugfixes and updated protocols. For a full overview, the release notes can be found in here --> https://www.wireshark.org/docs/relnotes/ . Signed-off-by: Erik Kapfer <ummeegge@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-18 15:42:05 +00:00
Peter Müller	10771d94ad	Postfix: update to 3.5.6 Please refer to http://www.postfix.org/announcements/postfix-3.5.6.html for release announcements. Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-18 10:19:49 +00:00
Michael Tremer	c67ff7d72c	zstd: Make this part of the core distributions Many packages link against it and we should make use of it when we have it. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-18 10:13:01 +00:00
Michael Tremer	f8a54e1961	qemu: Update rootfile Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-18 10:11:33 +00:00
Michael Tremer	5a918d828f	rsync: Update rootfile Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-18 10:10:13 +00:00
Michael Tremer	bef8b9c027	core149: Ship popt Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-17 17:55:55 +00:00
Matthias Fischer	7dcea61621	popt: Update to 1.18 Recommended for 'rsync 3.2.1'. Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-17 17:55:35 +00:00
Matthias Fischer	73202b3976	rsync: Update to 3.2.1 For details see: https://download.samba.org/pub/rsync/NEWS#3.2.1 Although 3.2.2 is in "release testing", I decided to push this release now to get things running. I activated zstd-support and added 'DEPS = zstd'. Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-17 17:55:26 +00:00
Matthias Fischer	6b264af51b	zstd 1.4.5: New package This packages adds a "lossless compression algorithm" - supported by 'rsync 3.2.1'. For details see: https://github.com/facebook/zstd/releases/tag/v1.4.5 Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-17 17:54:55 +00:00
Matthias Fischer	112d36f00e	qemu: Update to 5.0.0 For details see: https://wiki.qemu.org/ChangeLog/5.0 Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-17 17:53:41 +00:00
Matthias Fischer	665261f56f	usbredir: Update to 0.8.0 For details see: https://gitlab.freedesktop.org/spice/usbredir/-/blob/master/ChangeLog "-Source code and bug tracker hosted in Freedesktop's instance of Gitlab -https://gitlab.freedesktop.org/spice/usbredir -usbredirfilter -Fix busy wait due endless recursion when interface_count is zero -usbredirhost: -Fix leak on error -usbredirserver: -Use 'busnum-devnum' instead of 'usbbus-usbaddr' -Add support for bind specific address -4 for ipv4, -6 for ipv6 -Reject empty vendorid from command line -Enable TCP keepalive" Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-17 17:53:40 +00:00
Matthias Fischer	196cdadab8	libvirt: Update to 6.5.0 For details see: https://libvirt.org/news.html This update "just came my way" - I hope its somehow useful. I also checked updates for dependencies - 'libusbredir 0.8.0' and 'qemu 5.0.0' follow. Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-17 17:53:38 +00:00
Peter Müller	454a21d8b0	Postfix: update to 3.5.4 Please refer to http://www.postfix.org/announcements/postfix-3.5.4.html for release announcements. Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-17 17:53:14 +00:00
Peter Müller	4591f94bc5	Tor: update to 0.4.3.6 Please refer to https://blog.torproject.org/new-release-tor-03511-0428-0436-security-fixes for release announcements. Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-17 17:53:03 +00:00
Matthias Fischer	2ebd7ec758	clamav: Update to 0.102.4 Fixes CVE-2020-3350, CVE-2020-3327, CVE-2020-3481 For details see: https://blog.clamav.net/2020/07/clamav-01024-security-patch-released.html Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-17 17:52:28 +00:00
Michael Tremer	e65a3be3ef	core149: Ship bind Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-17 17:52:18 +00:00
Matthias Fischer	d690f2a7ce	bind: Update to 9.11.21 For details see: https://downloads.isc.org/isc/bind9/9.11.21/RELEASE-NOTES-bind-9.11.21.html "Bug Fixes named could crash when cleaning dead nodes in lib/dns/rbtdb.c that were being reused. [GL #1968] Properly handle missing kyua command so that make check does not fail unexpectedly when CMocka is installed, but Kyua is not. [GL #1950] The validator could fail to accept a properly signed RRset if an unsupported algorithm appeared earlier in the DNSKEY RRset than a supported algorithm. It could also stop if it detected a malformed public key. [GL #1689]" Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-17 17:52:06 +00:00
Michael Tremer	1701a7097a	core149: Ship intel microcode Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-17 17:51:52 +00:00
Peter Müller	04b39060f7	intel-microcode: update to 20200616 Ice Lake Intel CPUs have been found of being vulnerable to MDS, thus requiring new microcodes for them. <sarcasm>Yay!</sarcasm> Please refer to https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20200616 for further information. Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-17 17:49:24 +00:00
Michael Tremer	63de1d010f	core149: Ship updated unbound Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-17 17:48:21 +00:00
Matthias Fischer	53e1abbb57	unbound: Update to 1.11.0 For details see: https://lists.nlnetlabs.nl/pipermail/unbound-users/2020-July/006921.html Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-17 17:47:36 +00:00
Michael Tremer	c2607bc492	7zip: Move files to /usr Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-17 17:23:37 +00:00
Michael Tremer	6168163681	u-boot: Fix build with GCC 10 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-17 15:09:51 +00:00
Michael Tremer	9b34655840	grub: Run autoreconf after applying patches Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-17 15:09:24 +00:00
Michael Tremer	8d25e59811	core149: Ship everything that was recently updated Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-17 10:21:40 +00:00
Marcel Follert	6992457365	socat: New package Signed-off-by: Marcel Follert (Smooky) <smooky@v16.de> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-17 10:10:11 +00:00
Matthias Fischer	db376b5895	iproute2: Update to 5.8.0 For details see: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/log/?h=v5.8.0 Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-17 10:09:25 +00:00
Matthias Fischer	2fa9dfa8d9	apache: Update to 2.4.46 For details see: https://mirrors.ae-online.de/apache//httpd/CHANGES_2.4.46 Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-17 10:09:20 +00:00
Matthias Fischer	62e68ad323	logrotate: Update to 3.17.0 For details see: https://github.com/logrotate/logrotate/releases/tag/3.17.0 Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-17 10:09:17 +00:00
Erik Kapfer	942446b553	OpenVPN: Add tls-version-min for TLSv1.2 ovpnmain.cgi delivers now 'tls-version-min 1.2' for Roadwarrior and N2N. Since the server needs it only on server side, this patch do not includes it for Roadwarrior clients. N2N do not uses push options therefor this directive will be included on both sides. To integrate the new directive into actual working OpenVPN server environment, the following commands should be executed via update.sh. Code block start: if test -f "/var/ipfire/ovpn/server.conf"; then # Add tls-version-minimum to OpenVPN server if not already there if ! grep -q '^tls-version-min' /var/ipfire/ovpn/server.conf > /dev/null 2>&1; then # Stop server before append the line /usr/local/bin/openvpnctrl -k # Append new directive echo >> "tls-version-min 1.2" /var/ipfire/ovpn/server.conf # Make sure server.conf have the correct permissions to prevent such # --> https://community.ipfire.org/t/unable-to-start-the-openvpn-server/2465/54?u=ummeegge # case chown nobody:nobody /var/ipfire/ovpn/server.conf # Start server again /usr/local/bin/openvpnctrl -s fi fi Code block end Signed-off-by: Erik Kapfer <ummeegge@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-17 10:09:15 +00:00
Erik Kapfer	0d1054abc9	curl: Update to version 7.71.1 Several bugfixes and vulnerabilities has been fixed since the current available version 7.64.0 . For a full overview, the changelog is located in here --> https://curl.haxx.se/changes.html, a security problem overview in here --> https://curl.haxx.se/docs/security.html . Signed-off-by: Erik Kapfer <ummeegge@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-17 10:09:10 +00:00
Stefan Schantl	80dd69380d	hyperscan: Update to 5.3.0 Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Reviewed-by: Michael Tremer <Michael.tremer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-17 10:09:08 +00:00
Erik Kapfer	ba50f66da3	OpenVPN: max-clients value has been enhanced The --max-client value has been enhanced from 255 clients to 1024 clients. Error message gives now explanation if the maximum has been reached. Patch has been triggered by https://community.ipfire.org/t/openvpn-max-vpn-clients-quantity-and-connections/2925 . Signed-off-by: Erik Kapfer <ummeegge@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-17 10:09:03 +00:00
Michael Tremer	b970ae902a	haproxy: Update to 2.2.2 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-17 10:08:25 +00:00
Michael Tremer	fa8edb9bd7	index.cgi: Show a note to people who are running IPFire on i?86 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-17 10:08:23 +00:00
Michael Tremer	c0fe5ea579	index.cgi: Drop Reiser4 warning We have dropped Reiser4 in 2013. There won't be any systems out there any more running it. We can safely drop this warning. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-17 10:08:22 +00:00
Stephan Feddersen	6408a43c0d	WIO. new version Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-17 10:08:17 +00:00
Stephan Feddersen	6a73c7b94c	WIO: new french translation Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-17 10:08:16 +00:00
Stephan Feddersen	48aae162c6	WIO: code cleanup Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-17 10:08:14 +00:00
Peter Müller	159cab272a	OpenSSL: remove ciphers without Forward Secrecy from default ciphersuite Ciphers not supplying (Perfect) Forward Secrecy are considered dangerous since they allow content decryption in retrospect, if an attacker is able to gain access to the servers' private key used for the corresponding TLS session. Since IPFire machines establish very few TLS connections by themselves, and destinations (IPFire.org infrastructure, mirrors, IPS rule sources, etc.) provide support for Forward Secrecy ciphers - some are even enforcing them -, it is safe to drop support for anything else. This patch reduces the OpenSSL default cipher list to: TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384 ECDHE-ECDSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=Camellia(256) Mac=SHA384 ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384 ECDHE-RSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=Camellia(256) Mac=SHA384 ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256 ECDHE-ECDSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=Camellia(128) Mac=SHA256 ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256 ECDHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=Camellia(128) Mac=SHA256 DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256 DHE-RSA-CAMELLIA256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA256 DHE-RSA-AES128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(128) Mac=SHA256 DHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA256 ECDHE-ECDSA-AES256-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1 ECDHE-ECDSA-AES128-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA1 ECDHE-RSA-AES256-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1 ECDHE-RSA-AES128-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1 DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1 DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA1 DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1 DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA1 Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Acked-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-17 10:07:56 +00:00

1 2 3 4 5 ...

15007 Commits