webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-18 23:12:59 +02:00
Code Issues Packages Projects Releases Wiki Activity
15,219 Commits 2 Branches 1 Tag
b5efeaa092e4eb0df6a5e0021720cef593a2fca6
Commit Graph

7718 Commits

Author SHA1 Message Date
Arne Fitzenreiter
2598b19088 samba: default.global: remove unsuppoted "map to guest = false" 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 12:18:56 +00:00
Michael Tremer
6d5de038d0 core152: Ship Python 3 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 12:16:46 +00:00
Peter Müller
2ab916576f Python3: update to 3.8.2 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 12:14:32 +00:00
Peter Müller
3c73b7fbf0 python3-botocore: update to 1.16.1 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 12:13:06 +00:00
Peter Müller
33e86e2d4e python3-colorama: update to 0.4.3 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 12:12:59 +00:00
Peter Müller
a1e3c67cad python3-dateutil: update to 2.8.1 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 12:12:54 +00:00
Peter Müller
85bf02ab09 python3-docutils: update to 0.16 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 12:12:45 +00:00
Peter Müller
7597a209ea python3-jmespath: update to 0.9.5 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 12:12:36 +00:00
Peter Müller
a4de7e7b0a python3-pyasn1: update to 0.4.8 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 12:10:26 +00:00
Peter Müller
1be989f46d python3-rsa: update to 4.0 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 12:10:18 +00:00
Peter Müller
9a2f6c5d8a python3-s3transfer: update to 0.3.3 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 12:09:57 +00:00
Peter Müller
06c3032442 python3-six: update to 1.14.0 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 12:09:37 +00:00
Michael Tremer
27bd3dfcef core152: Ship Python 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 12:09:07 +00:00
Arne Fitzenreiter
8f19090504 python: update to 2.7.18 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 12:07:34 +00:00
Michael Tremer
b125988d3f core152: Load changed /etc/sysctl.conf 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 12:05:11 +00:00
Peter Müller
14c65ab71c sysctl.conf: prevent autoloading of TTY line disciplines 
Malicious/vulnerable TTY line disciplines have been subject of some
kernel exploits such as CVE-2017-2636, and since - to put it in Greg
Kroah-Hatrman's words - we do not "trust the userspace to do the right
thing", this reduces local kernel attack surface.

Further, there is no legitimate reason why an unprivileged user should
load kernel modules during runtime, anyway.

See also:
- https://lkml.org/lkml/2019/4/15/890
- https://a13xp0p0v.github.io/2017/03/24/CVE-2017-2636.html

Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Cc: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 12:04:14 +00:00
Michael Tremer
6ec99a3372 Start Core Update 152 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-06 12:03:34 +00:00
Peter Müller
b7b65e736e sysctl.conf: prevent unintentional writes into attacker-controlled files and FIFOs 
Similar to hard- and symlink protection introduced a while ago, this
patch enables protections against unintentional writes into
attacker-controlled regular files or FIFOs, where a program expected to
create new ones. This makes exploiting TOCTOU flaws harder.

See also: https://www.kernel.org/doc/Documentation/sysctl/fs.txt

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-05 15:07:47 +00:00
Erik Kapfer
22a6277fc9 freeradius: Update to version 3.0.21 
Update includes several fixes (incl. CVE-2019-17185) and feature improvements.
A full overview of all changes can be found in here --> https://raw.githubusercontent.com/FreeRADIUS/freeradius-server/v3.0.x/doc/ChangeLog .

The freeradius-no-buildtime-cert-gen patch applies also with this version.

Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-02 14:59:23 +00:00
Erik Kapfer
b789edf973 lynis: Update to version 3.0.0 
Several Fixes (incl. CVE-2019-13033 and CVE-2020-13882) and features has been added since the last version 2.6.4 .
For a full overview of the changes take a look in here --> https://cisofy.com/changelog/lynis/ .

Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-02 14:59:09 +00:00
Erik Kapfer
44bbc60696 libsolv: Update to version 0.7.14 
Several fixes and features has been added.
A full overview of all changes can be found in here --> https://github.com/openSUSE/libsolv/blob/master/package/libsolv.changes .

Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-10-02 14:54:18 +00:00
Michael Tremer
74f47b18b1 core151: Ship & load /etc/sysctl.conf 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-09-30 17:16:12 +00:00
Peter Müller
dc5a89c948 sysctl.conf: drop RST packets for sockets in TIME-WAIT state 
RFC 1337 describes various TCP (side channel) attacks against
prematurely closed connections stalling in TIME-WAIT state, such as DoS
or injecting arbitrary TCP segments, and recommends to silently discard
RST packets for sockets in this state.

While applications still tied to such sockets should tolerate invalid
input (thanks to Jon Postel), there is little legitimate reason to send
such RST packets altogether.

At the time of writing, no collateral damage related to active RFC 1337
implementations is known. Measuerements in productive environments did
not reveal any side effects either, which is why I consider enabling RFC
1337 implementation to be a safe change.

See also: https://tools.ietf.org/html/rfc1337

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-09-30 17:14:07 +00:00
Michael Tremer
a839e63f74 stunnel: Package /var/lib/stunnel 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-09-30 17:10:39 +00:00
Erik Kapfer
70f6a96b46 stunnel: Update to version 5.56 
The version jump from 5.44 to 5.56 includes several 'LOW' and 'HIGH' urgent bugfixes which are also secure relevant.
A full overview of fixes and new features can be found in here --> https://www.stunnel.org/NEWS.html .

Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-09-30 17:10:23 +00:00
Erik Kapfer
327ded3408 keepalived: Update to version 2.1.5 
The version jump from 2.0.20 to 2.1.5 includes several improvemnts and fixes.
The release notes can be overviewed in here --> https://www.keepalived.org/release-notes/Release-2.1.4.html .

Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-09-30 13:32:38 +00:00
Michael Tremer
54f0daca3f core151: Ship OpenSSH 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-09-30 10:01:37 +00:00
Adolf Belka
501defe601 bacula: Update to 9.6.6 
- Update bacula from version 9.6.5 to 9.6.6
	This is a minor bug release
	See https://sourceforge.net/projects/bacula/files/bacula/9.6.6/ReleaseNotes/
	Source file available at https://sourceforge.net/projects/bacula/files/bacula/9.6.6/bacula-9.6.6.tar.gz
Signed-off-by: Adolf Belka <ahb.ipfire@gmail.com>

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-09-30 10:00:03 +00:00
Adolf Belka
d8f992b349 bacula: Update to backup/includes definition 
- Modified backup/includes file to backup the /var/bacula/working directory contents
	rather than explicitly naming the state filename.
	State filename could be varied if user modifies the port number for the file daemon
	as the port number is part of the state filename
Signed-off-by: Adolf Belka <ahb.ipfire@gmail.com>

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-09-30 10:00:01 +00:00
Erik Kapfer
aa4ed7637c iptraf-ng: Update to version 1.2.1 
Update includes several fixes and enhancements.
The full overview of changes are located in here --> https://github.com/iptraf-ng/iptraf-ng/blob/master/CHANGES .

rvnamed has been merged into iptraf-ng. Fix division by zero patch has been merged into new version, patch is not needed anymore. logrotate configuration for iptraf-ng has been included.

Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-09-30 09:58:51 +00:00
Erik Kapfer
dba1a21403 git: Update to version 2.28.0 
Several changes s been made since version 2.12.2 .
The documentation RelNotes of Git can be found in here --> https://github.com/git/git/tree/master/Documentation/RelNotes .

Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-09-30 09:58:26 +00:00
Michael Tremer
a8c0eae029 core151: Ship exoscale files 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-09-29 08:28:23 +00:00
Michael Tremer
f5c3f63f5f Merge remote-tracking branch 'ms/exoscale' into next 2020-09-29 08:22:58 +00:00
Michael Tremer
e65810ba3d core151: Link to individual rootfiles for boost for each arch 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-09-29 08:22:32 +00:00
Michael Tremer
cac84e16a0 binutils: Update to 2.35.1 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-09-29 08:21:08 +00:00
Michael Tremer
4ece7b2987 boost: Add rootfile for armv5tel 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-09-29 07:59:46 +00:00
Jonatan Schlag
09a4ff4027 Ship testsuite of BorgBackup 
BorgBackup seems to need this testsuite on all systems, because it does
some selftests when starting a backup.

Fixes: #12438

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-09-28 10:11:54 +00:00
Michael Tremer
e06d8de976 exoscale: Add cloud setup script 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-09-25 16:08:46 +00:00
Michael Tremer
76d5db4dde boost: Add rootfile for i586 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-09-25 08:35:24 +00:00
Michael Tremer
29b1beab34 boost: Move x86_64 rootfile to arch subdir 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-09-25 08:34:57 +00:00
Michael Tremer
196436202b boost: Update rootfile for aarch64 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-09-25 08:31:19 +00:00
Michael Tremer
9384df5964 Revert "core151: Ship libloc" 
This reverts commit 6cfa52d99e.

libloc is now being updated in Core Update 150.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-09-24 17:43:52 +00:00
Michael Tremer
312a06cbb5 Merge branch 'master' into next 2020-09-24 17:42:41 +00:00
Michael Tremer
277721c2b7 core150: Ship libloc 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-09-24 17:41:41 +00:00
Michael Tremer
d3e88e3485 crontab: Update misleading comment 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-09-24 17:40:38 +00:00
Michael Tremer
b57d9769b5 fcron: Fix invalid syntax in update-location-database cronjob 
Fixes: #12484
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-09-24 17:40:20 +00:00
Michael Tremer
4522b5f6b0 libloc: Update rootfile 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-09-24 17:38:53 +00:00
Michael Tremer
84722d8f24 libloc: Update rootfile 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-09-24 17:36:38 +00:00
Michael Tremer
83def5e68f crontab: Update misleading comment 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-09-24 17:36:38 +00:00
Michael Tremer
8416a1ca72 openssl: Update to 1.1.1h 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-09-24 17:36:38 +00:00