webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-23 17:32:57 +02:00
Code Issues Packages Projects Releases Wiki Activity
14,734 Commits 2 Branches 1 Tag
b11b4842c224b6196016d48e286b2b4dfe57c285
Commit Graph

14734 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Matthias Fischer
b11b4842c2 gmp 6.2.0: Fixed rootfile for i586 
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-06-19 17:14:58 +00:00
Matthias Fischer
a5427e456c libgpg-error: Update to 1.38 
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-06-19 17:14:58 +00:00
Matthias Fischer
2944c59ea9 libassuan: Update to 2.5.3 
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-06-19 17:14:58 +00:00
Matthias Fischer
acef0b81d3 libgcrypt: Update to 1.8.5 
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-06-19 17:14:58 +00:00
Matthias Fischer
32e4819b77 gmp 6.2.0: Fixed lfs for i586 
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-06-19 17:14:58 +00:00
Matthias Fischer
63eacedabc gmp: Update to 6.2.0 
Needed for gnutls 3.6.14

For details see:
https://gmplib.org/gmp6.2

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-06-19 17:14:58 +00:00
Matthias Fischer
44d2f538e1 gnutls: Update to 3.6.14 
For details see:
https://lists.gnupg.org/pipermail/gnutls-help/2020-June/004648.html

"** libgnutls: Fixed insecure session ticket key construction, since 3.6.4.
   The TLS server would not bind the session ticket encryption key with a
   value supplied by the application until the initial key rotation, allowing
   attacker to bypass authentication in TLS 1.3 and recover previous
   conversations in TLS 1.2 (#1011).
   [GNUTLS-SA-2020-06-03, CVSS: high]

** libgnutls: Fixed handling of certificate chain with cross-signed
   intermediate CA certificates (#1008).

** libgnutls: Fixed reception of empty session ticket under TLS 1.2 (#997).

** libgnutls: gnutls_x509_crt_print() is enhanced to recognizes commonName
   (2.5.4.3), decodes certificate policy OIDs (!1245), and prints Authority
   Key Identifier (AKI) properly (#989, #991).

** certtool: PKCS #7 attributes are now printed with symbolic names (!1246).

** libgnutls: Added several improvements on Windows Vista and later releases
   (!1257, !1254, !1256). Most notably the system random number generator now
   uses Windows BCrypt* API if available (!1255).

** libgnutls: Use accelerated AES-XTS implementation if possible (!1244).
   Also both accelerated and non-accelerated implementations check key block
   according to FIPS-140-2 IG A.9 (!1233).

** libgnutls: Added support for AES-SIV ciphers (#463).

** libgnutls: Added support for 192-bit AES-GCM cipher (!1267).

** libgnutls: No longer use internal symbols exported from Nettle (!1235)

** API and ABI modifications:
GNUTLS_CIPHER_AES_128_SIV: Added
GNUTLS_CIPHER_AES_256_SIV: Added
GNUTLS_CIPHER_AES_192_GCM: Added
gnutls_pkcs7_print_signature_info: Added"

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-06-19 17:14:58 +00:00
Matthias Fischer
c9f49bc693 borgbackup: Update to 1.1.13 
For details see:
https://borgbackup.readthedocs.io/en/stable/changes.html#changelog

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-06-19 17:14:58 +00:00
Matthias Fischer
ea791f45b4 haproxy: Update to 2.1.7 
For details see:
http://www.haproxy.org/download/2.1/src/CHANGELOG

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-06-19 17:14:58 +00:00
Michael Tremer
73c084b6a7 core147: Ship squid 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-06-19 17:14:58 +00:00
Matthias Fischer
3a40d33583 squid: Update to 4.12 
For details see:
http://www.squid-cache.org/Versions/v4/changesets/

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-06-19 17:14:58 +00:00
Michael Tremer
47686b1b6e Start Core Update 147 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-06-19 17:14:58 +00:00
Michael Tremer
9bdf5e71af networking: Set configured MTU to all network zones 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-06-19 17:14:58 +00:00
Michael Tremer
bf1ae6aa6a gcp: Google Cloud only supports an MTU of 1460 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-06-19 17:14:58 +00:00
Michael Tremer
68e060cb22 aws: Configure MTU to maximum of 9001 on GREEN/ORANGE 
AWS supports jumbo-frames which IPFire can take advantage of
to increase network throughput internally.

The MTU for RED was left as 1500 to avoid packet fragmentation
in the cloud network and have IPFire do that job.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-06-19 17:14:58 +00:00
Michael Tremer
46b0f9ab44 web: Hide certain menu items when running in cloud environments 
This used to be only hidden on AWS.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-06-19 17:14:58 +00:00
Michael Tremer
e7978f5671 gcloud: Add function to detect whether we are running on GCP 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-06-19 17:14:58 +00:00
Michael Tremer
4e58ab4bbf aws-functions.pl: Drop file and move functions to general-functions.pl 
There is not enough stuff that it is justified to have an own file.

This patch therefore merges everything into general-functions.pl.

There are no functional changes.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-06-19 17:14:58 +00:00
Michael Tremer
b6a5888105 gcp: Add host route for gateway during initialisation 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-06-19 17:14:58 +00:00
Michael Tremer
45a2dcd09a gcp: Always automatically enable serial console 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-06-19 17:14:58 +00:00
Michael Tremer
89b10e7095 gcp: Add initscript to import configuration 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-06-19 17:14:58 +00:00
Michael Tremer
86c6459873 cloud-init: Launch custom script when detecting Google Cloud 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-06-19 17:14:58 +00:00
Arne Fitzenreiter
46bccfc219 core146: add openvpn 
openvpn was missed in core145 so add it again.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-16 11:36:20 +00:00
Arne Fitzenreiter
e9c62e37f4 vulnerabilities.cgi: add srdbs (CVE-2020-0543) 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-13 12:23:46 +02:00
Arne Fitzenreiter
4d43b3dcb1 intel-microcode: update to 20200609 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-12 17:47:29 +02:00
Arne Fitzenreiter
f3a59d63e2 kernel: update to 4.14.184 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-12 16:04:48 +02:00
Peter Müller
92e828b3b0 kernel: disable CONFIG_UPROBES 
Quoted from #12433:
> Uprobes is the user-space counterpart to kprobes: they enable instrumentation
> applications (such as 'perf probe') to establish unintrusive probes in
> user-space binaries and libraries, by executing handler functions when the
> probes are hit by user-space applications.
>
> ( These probes come in the form of single-byte breakpoints, managed by the
> kernel and kept transparent to the probed application. )

IMHO this can be safely disabled, as there is little if any need to debug
userspace programs _that_ deeply on an IPFire machine.

Fixes: #12433

Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-10 15:18:36 +00:00
Peter Müller
a5e577d083 kernel: enable CONFIG_FORTIFY_SOURCE on armv5tel 
Partially fixes: #12369

Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-10 15:17:40 +00:00
Peter Müller
3eb393ff2e kernel: enable CONFIG_FORTIFY_SOUCRE on aarch64 
Partially fixes: #12369

Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-10 15:17:24 +00:00
Peter Müller
4ee87ee248 kernel: enable CONFIG_SLUB_DEBUG on aarch64 and armv5tel 
Fixes: #12377

Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-10 15:16:57 +00:00
Arne Fitzenreiter
325a2680c8 kernel: fix diabling CONFIG_MODFIFY_LDT_SYSCALL 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-10 16:21:49 +02:00
Arne Fitzenreiter
2b51e4aeab Revert "kernel: enable CONFIG_RANDOMIZE_BASE on aarch64" 
with enabled CONFIG_RAMDOIZE_BASE the linking of xtables
and maybee other external kernel modules fail on aarch64

This reverts commit 8379ab44b8.
 2020-06-10 16:20:34 +02:00
Peter Müller
e694bbd17f kernel: enable CONFIG_RANDOMIZE_BASE on armv5tel 
Partially fixes: #12363

Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-09 22:20:26 +00:00
Peter Müller
8379ab44b8 kernel: enable CONFIG_RANDOMIZE_BASE on aarch64 
Partially fixes: #12363

Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-09 22:19:50 +00:00
Peter Müller
e4d1f96869 kernel: enable CONFIG_HARDENED_USERCOPY on aarch64 and armv5tel 
Fixes: #12365

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-09 15:37:33 +00:00
Peter Müller
7617da3bba kernel: enable CONFIG_SECCOMP on aarch64 and armv5tel 
Fixes: #12366

Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-08 21:22:44 +00:00
Peter Müller
d7174d7c3a kernel: disable CONFIG_ACPI_CUSTOM_METHOD on x86_64 and i586 
This is dangerous as it allows replacing the running kernel without
rebooting. Kernel Self Protection Project people recommend to keep it
disabled.

Fixes: #12372

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-08 21:22:32 +00:00
Peter Müller
b1f24c4353 kernel: disable CONFIG_MODIFY_LDT_SYSCALL on i586 and x86_64 
Fixes: #12382

Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-08 21:22:05 +00:00
Arne Fitzenreiter
8a86d257cf squid-accounting: remove deps that are moved to core 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-05 20:43:58 +00:00
Arne Fitzenreiter
625104ec57 Merge branch 'master' into next 2020-06-04 15:16:39 +00:00
Michael Tremer
405c7326d2 core145: Remove double-added configuration lines for OpenVPN 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-04 15:13:33 +00:00
Arne Fitzenreiter
90c1e763b6 Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next 2020-06-04 08:59:28 +02:00
Arne Fitzenreiter
7674247947 start core146 and add the kernel 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-04 08:49:28 +02:00
Arne Fitzenreiter
a43b370411 kernel: update to 4.14.183 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-04 08:37:00 +02:00
Michael Tremer
4963d555f6 core145: Update OpenVPN server configuration only when necessary 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-03 14:46:31 +00:00
Michael Tremer
495613fb35 core145: Update OpenVPN server configuration only when necessary 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-03 14:45:04 +00:00
Arne Fitzenreiter
b923dd3de0 kernel: backport "random: try to actively add entropy" 
this backports https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/drivers/char/random.c?id=50ee7529ec4500c88f8664560770a7a1b65db72b
to gather enough entropy for initialise the crng faster.
Of some machines like the APU it will need forever if
the machine only wait for entropy without doing anything else.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-03 08:03:01 +00:00
Arne Fitzenreiter
5b0c35e092 drop xen-inage-builder 
this depends on linux-pae and has failed to boot
since a while.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-02 18:37:22 +02:00
Arne Fitzenreiter
83d5892a86 kernel: drop extra i586-pae kernel 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-02 18:34:44 +02:00
Peter Müller
e6514b3af8 kernel: disable CONFIG_DEBUG_LIST on i586(-pae) 
Fixes: #12378

Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-06-02 11:15:51 +00:00