webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-15 13:32:59 +02:00
Code Issues Packages Projects Releases Wiki Activity
15,308 Commits 2 Branches 1 Tag
a5aba922a86254bf43eecbc0a875be2331b96120
Commit Graph

3834 Commits

Author SHA1 Message Date
Michael Tremer
42772dcb4f samba: Allow rewriting configuration from CLI 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-13 17:06:19 +01:00
Michael Tremer
36bcdbf7e4 samba: Refactor user management 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-13 17:06:19 +01:00
Michael Tremer
33637fc047 samba: Automatically migrate role setting 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-13 17:06:18 +01:00
Michael Tremer
1c14930212 samba: Always show printer options 
Samba is always linked against CUPS and therefore there is
no way to disable printing anyways.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-13 17:06:16 +01:00
Michael Tremer
5aa5f6777a samba: Remove reset options 
This only requires that we have to change multiple files with
the same settings.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-13 17:06:16 +01:00
Michael Tremer
e0be282c09 sambactrl: Remove unused reset command 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-13 17:06:16 +01:00
Michael Tremer
2a4ac08fcc samba: Remove deprecated encrypt/null passwords options 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-13 17:06:15 +01:00
Michael Tremer
65deced182 samba: Update SECURITY option in settings, too 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-13 17:06:15 +01:00
Michael Tremer
69c0addc8b samba: Remove socket options 
It is not useful to set this on a modern server. The Linux
kernel will be tuning any send and receive buffer sizes.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-13 17:06:15 +01:00
Michael Tremer
92d2e06568 samba: Remove deprecated syslog options 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-13 17:06:15 +01:00
Michael Tremer
2bed30b224 samba: Migrate older backups too and use standard update mechasism 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-13 17:06:15 +01:00
Michael Tremer
2db43d839e samba: Migrate configuration from Samba 3.6 to 4.x 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-13 17:06:15 +01:00
Michael Tremer
b67f02d512 /var/ipfire/ethernet/settings: Drop BROADCAST variable 
This variable is no longer being used and was only used to
assign IP addresses to the individual interfaces.

However, the kernel knows best which IP address to select
as broadcast address for each network. Therefore we depend
on the kernel which allows us to support RFC3021.

Fixes: #12486 - no /31 transfer net available on red
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-07 11:46:46 +00:00
Arne Fitzenreiter
1dd31d858e samba: update to 4.13.0 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 12:19:04 +00:00
Arne Fitzenreiter
b5efeaa092 samba initskript: create needed subdirs for pipes in /var/run/samba 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 12:18:56 +00:00
Erik Kapfer
aa4ed7637c iptraf-ng: Update to version 1.2.1 
Update includes several fixes and enhancements.
The full overview of changes are located in here --> https://github.com/iptraf-ng/iptraf-ng/blob/master/CHANGES .

rvnamed has been merged into iptraf-ng. Fix division by zero patch has been merged into new version, patch is not needed anymore. logrotate configuration for iptraf-ng has been included.

Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-09-30 09:58:51 +00:00
Michael Tremer
df8920100d exoscale: Fix assigning domain name 
The whole hostname was used as domain name because there
was no . in it where the string could have been split.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-09-29 13:47:09 +00:00
Michael Tremer
a7d8d35288 exoscale: Get SSH key from meta-data API 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-09-29 08:05:44 +00:00
Michael Tremer
9e09e1c47b setup: Remove tampering with MAC addresses 
There are NICs with 06: and we cannot simply replace the
first byte of the address.

I have no idea why this hack is needed and I believe we
do not need it at all.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-09-27 11:19:56 +00:00
Michael Tremer
e06d8de976 exoscale: Add cloud setup script 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-09-25 16:08:46 +00:00
Michael Tremer
5ae3706d20 cloud-init: Extend to support Exoscale 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-09-25 10:37:06 +00:00
Stefan Schantl
8be7a2206c libloc: Update to 0.9.4 
Also update to the shipped database to 2020-09-21.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-09-24 17:36:38 +00:00
Michael Tremer
b45faf9e70 IPsec: Bring down connections after reloading configuration 
It could happen that the remote peer re-established the connection
before "ipsec reload" removed it from the daemon.

Now, we write the configuration files first, reload them
and then bring down any connections that are still established.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-09-24 17:36:38 +00:00
Matthias Fischer
fcb991813b logwatch: Update to 7.5.4 
Sorry, there is no changelog available.

For a better overview I moved 'logwatch-7.3.6-date_manip6.patch' to a directory of its own.

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-09-24 17:36:38 +00:00
Michael Tremer
b171c68349 collectd: Link against libip4tc 
libiptc is no longer being shipped by iptables and has been split
into a version for IPv4 and IPv6.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-09-24 17:36:38 +00:00
Michael Tremer
57b277786e fontconfig: update to 2.13.1 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-09-24 17:36:37 +00:00
Arne Fitzenreiter
3a69555f90 kernel: add patch agains CVE-2020-14386 
fixes #12483

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-09-12 09:38:10 +02:00
Arne Fitzenreiter
9dafa28a1c Revert "kernel: add patch against CVE-2020-14386" 
This reverts commit f04023b1ca.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-09-11 22:16:27 +02:00
Arne Fitzenreiter
f04023b1ca kernel: add patch against CVE-2020-14386 
fixes #12483

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-09-11 21:27:15 +02:00
Arne Fitzenreiter
2c8819992e vim: update to 8.2 and fix crash with gcc-10 
the configure.ac has a bug that detects gcc-10 as gcc-1 and so not use
some quirks. Also there is a bug with FORTIFY-SOURCE=2 that crash
if the matchparen plugin is used (enabled by default).

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-08-29 18:08:57 +00:00
Michael Tremer
0e457b13ea smt: Fix check to detect if a system is running virtually 
/sys/hypervisor exists when a host has loaded the kvm modules.

Fixes: #12472
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-08-21 09:52:15 +00:00
Matthias Fischer
9ac5418613 zstd 1.4.5: Deleted obsolete files from '/src/paks/' 
No longer needed => deleted because of:
https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=c67ff7d72c2232b6994e1ff97277d4040711f97d

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-08-18 15:42:12 +00:00
Matthias Fischer
6b264af51b zstd 1.4.5: New package 
This packages adds a "lossless compression algorithm" - supported by 'rsync 3.2.1'.

For details see:
https://github.com/facebook/zstd/releases/tag/v1.4.5

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-08-17 17:54:55 +00:00
Stephan Feddersen
6a73c7b94c WIO: new french translation 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-08-17 10:08:16 +00:00
Stephan Feddersen
48aae162c6 WIO: code cleanup 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-08-17 10:08:14 +00:00
Peter Müller
159cab272a OpenSSL: remove ciphers without Forward Secrecy from default ciphersuite 
Ciphers not supplying (Perfect) Forward Secrecy are considered dangerous
since they allow content decryption in retrospect, if an attacker is
able to gain access to the servers' private key used for the
corresponding TLS session.

Since IPFire machines establish very few TLS connections by themselves, and
destinations (IPFire.org infrastructure, mirrors, IPS rule sources, etc.)
provide support for Forward Secrecy ciphers - some are even enforcing
them -, it is safe to drop support for anything else.

This patch reduces the OpenSSL default cipher list to:
TLS_AES_256_GCM_SHA384  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(256) Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any      Au=any  Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_128_GCM_SHA256  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(128) Mac=AEAD
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA384
ECDHE-ECDSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=Camellia(256) Mac=SHA384
ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA384
ECDHE-RSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=Camellia(256) Mac=SHA384
ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA256
ECDHE-ECDSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=Camellia(128) Mac=SHA256
ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA256
ECDHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=Camellia(128) Mac=SHA256
DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(256) Mac=AEAD
DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH       Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD
DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES256-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA256
DHE-RSA-CAMELLIA256-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=Camellia(256) Mac=SHA256
DHE-RSA-AES128-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA256
DHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=Camellia(128) Mac=SHA256
ECDHE-ECDSA-AES256-SHA  TLSv1 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA1
ECDHE-ECDSA-AES128-SHA  TLSv1 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA1
ECDHE-RSA-AES256-SHA    TLSv1 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA1
ECDHE-RSA-AES128-SHA    TLSv1 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA1
DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH       Au=RSA  Enc=Camellia(256) Mac=SHA1
DHE-RSA-AES128-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA1
DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH       Au=RSA  Enc=Camellia(128) Mac=SHA1

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-08-17 10:07:56 +00:00
Michael Tremer
6d6f306179 perl: Fix build in toolchain stage 
perl searches for headers and libraries in the wrong paths
and detects GCC 10 as GCC 1.x.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-08-16 10:29:43 +00:00
Michael Tremer
30ddc2e27a kbd: Update to 2.2.0 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-08-16 10:29:42 +00:00
Michael Tremer
8ba15ff89a syslinux: Fix build with GCC 10 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-08-16 10:29:42 +00:00
Michael Tremer
ac2d807d1c ipfire-netboot: Fix build with GCC 10 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-08-16 10:29:42 +00:00
Michael Tremer
fed525f280 7zip: Fix build against GCC 10 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-08-16 10:29:42 +00:00
Arne Fitzenreiter
f8561a5c16 grub: update to 2.04 
fixes: #12463

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Acked-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-08-14 15:10:14 +00:00
Michael Tremer
8531a9503c smt: Do not disable SMT in virtual machines 
Processors in virtual machines are *virtual*. Therefore this
only degrades the performance of the guest, but does not increase
it's security.

This patch always leaves SMT enabled in all virtual environments.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-08-05 18:51:43 +00:00
Michael Tremer
138c94a96d oci: Add automatic configuration script 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-08-05 18:51:38 +00:00
Michael Tremer
7c24a0d973 oci: Add detection for Oracle Cloud 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-08-05 18:51:33 +00:00
Arne Fitzenreiter
03cd6810d3 libloc: fix i586 perl module 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-08-03 19:52:38 +02:00
Stefan Schantl
99659ce50b libloc: Only update database once a week 
Ensure to download and update the database only once a week, even the
script will be called by cron each hour.

Fixes #12462.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-07-29 17:15:56 +00:00
Michael Tremer
e43c3206d3 network: Fix typo for MTU value 
Reported here:

  https://community.ipfire.org/t/strange-etc-init-d-networking-any-for-blue/2831

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-07-28 18:33:33 +00:00
Michael Tremer
2ae1c23f62 location: Restart IPsec after firewall was restarted 
strongswan creates rules in iptables which are being dropped when
the firewall is being restarted.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-07-28 18:32:20 +00:00
Arne Fitzenreiter
be03f10353 libloc: use regular stack-protector on i586 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-07-22 20:46:13 +02:00