webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-11 11:35:54 +02:00
Code Issues Packages Projects Releases Wiki Activity
11,452 Commits 2 Branches 1 Tag
bbe8e248fe143cfb618eb519dc552fa91858d902
Commit Graph

11452 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Tremer
bbe8e248fe Rootfile update 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-20 20:10:30 +00:00
Michael Tremer
ea3b9a4f88 strongswan: Update to 5.6.2 
Fixed a DoS vulnerability in the parser for PKCS#1 RSASSA-PSS
signatures that was caused by insufficient input validation.
One of the configurable parameters in algorithm identifier
structures for RSASSA-PSS signatures is the mask generation
function (MGF). Only MGF1 is currently specified for this purpose.
However, this in turn takes itself a parameter that specifies
the underlying hash function. strongSwan's parser did not
correctly handle the case of this parameter being absent,
causing an undefined data read.

This vulnerability has been registered as CVE-2018-6459.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-19 23:46:17 +00:00
Michael Tremer
a261cb06c6 IPsec: Try to restart always-on tunnels immediately 
When a tunnel that is in always-on configuration closes
unexpectedly, we can instruct strongSwan to restart it
immediately which is precisely what we do now.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-19 23:46:17 +00:00
Michael Tremer
2ec7a53b3e Rootfile update for armv5tel 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-17 18:55:38 +00:00
Michael Tremer
e36a7e3cf2 haproxy: Link against libatomic on ARM 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-17 13:36:37 +00:00
Michael Tremer
429af17883 i2c-tools: New package 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-16 20:01:55 +00:00
Michael Tremer
0f354672a2 flac: Update to 1.3.2 
The previous version fails to build on i586

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-16 19:14:33 +00:00
Michael Tremer
a1a5dd5566 Rootfile update 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-15 19:34:50 +00:00
Michael Tremer
4ef4d82baa core119: Ship changed proxy.cgi 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-14 22:23:20 +00:00
Bernhard Held
a2b2ac7854 proxy.cgi: remove excessive newlines in generated proxy.pac 
Remove excessive newlines in generated proxy.pac

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-14 22:22:49 +00:00
Michael Tremer
0642dc8923 Rootfile update 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-13 21:07:04 +00:00
Michael Tremer
eb93869763 Bump toolchain version 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-13 16:35:08 +00:00
Michael Tremer
1633e0146c Rootfile update for glibc on i586 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-13 16:34:55 +00:00
Michael Tremer
909ba0ad4a nagios-plugins: Update rootfiles 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-13 16:30:24 +00:00
Michael Tremer
e75dd42577 postfix: Update rootfile 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-13 16:20:55 +00:00
Michael Tremer
97b5588cf3 zlib: Fix name of logfile in toolchain build 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-13 10:24:04 +00:00
Michael Tremer
05551f7bdb sslh: Build without tcpwrappers 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-13 10:23:54 +00:00
Michael Tremer
54d5414848 toolchain: Add zlib 
ccache needs this and usually comes with an own bundled
version but fails to build in version 3.4.1.

Since this is a small library only and we really want
ccache to use compression, we will build this indepently
and let ccache use it from the system.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-12 14:24:12 +00:00
Michael Tremer
d8ac9a162c Bump toolchain version 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-12 13:07:38 +00:00
Michael Tremer
2dd9f3b379 Cleanup toolchain scripts 
No functional changes, just some tidy up

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-12 12:44:37 +00:00
Michael Tremer
d32233aa1b ccache: Update to 3.4.1 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-12 12:12:08 +00:00
Michael Tremer
71196131be PAM: Drop shipped configuration 
This is outdated, broken and has hardcoded passwords.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-12 12:09:22 +00:00
Michael Tremer
71cf8c8a6f Drop perl-DBD-mysql 
This package is not used by anything and depends on MySQL
which has been dropped, too.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-12 12:07:29 +00:00
Michael Tremer
2d5940daca Drop MySQL 
This is outdated and still on 5.0.x and nobody volunteered to
update this package.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-12 12:05:46 +00:00
Michael Tremer
c4713705d1 asterisk: Do not depend on MySQL any more 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-12 12:02:51 +00:00
Michael Tremer
4fcf8acfea postfix: Don't depend on amavis 
This can be used together but there is no need to
always install amavis when someone wants to use postfix

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-12 11:52:07 +00:00
Michael Tremer
db116a33d6 postfix: Don't depend on MySQL any more 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-12 11:51:46 +00:00
Michael Tremer
abf2b05474 postfix: Don't ship our own configuration 
This is outdated and half of it is not maintained any more.

Users should configure postfix themselves based on the
default configuration.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-12 11:50:51 +00:00
Michael Tremer
3e8ce0dd86 Drop pammysql 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-12 11:44:28 +00:00
Michael Tremer
e3e17107ba Drop tcpwrapper 
This library has been unused for quite a while

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-12 11:42:47 +00:00
Michael Tremer
a350ea6dea Drop mISDN userspace tools 
This is unsupported for quite a while and nobody should be using this.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-12 11:41:50 +00:00
Michael Tremer
922ec43f99 Drop capi4k-utils 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-12 11:33:51 +00:00
Michael Tremer
690a8b9d89 core119: Remove dropped lcr package during update 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-12 11:31:14 +00:00
Michael Tremer
0d29afc2c1 core119: Import changed packages 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-12 11:29:53 +00:00
Michael Tremer
338087530c Start Core Update 119 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-12 11:22:58 +00:00
Michael Tremer
77930de834 Rootfile update for bison 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-12 11:18:01 +00:00
Erik Kapfer
ea6dd5b0ac OpenVPN: Mark unsecure ciphers and DH-parameter as 'weak' in WUI menu 
64 bit block ciphers like Blowfish, TDEA and CAST5 are vulnerable to the so called 'Birthday attacks' .
    Infos for 'Sweet32' Birthday attacks can be found in here
        https://sweet32.info/ .
    An Overview of 64 bit clock ciphers can also be found in here
        http://en.citizendium.org/wiki/Block_cipher/Catalogs/Cipher_list#64-bit_blocks

1024 bit Diffie-Hellman parameter has also been marked as weak causing the 'Logjam Attack' .
   Infos for 'Logjam Attack' can be found in here
        https://weakdh.org/ .

Signed-off-by: Erik Kapfer <erik.kapfer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-11 23:41:42 +00:00
Michael Tremer
cb18f19307 index.cgi: Properly show IPsec subnets 
Fixes: #11604

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-11 23:23:54 +00:00
Michael Tremer
0102fcabdb make.sh: Bump toolchain version 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-11 20:56:12 +00:00
Michael Tremer
e9e3dd9fee qemu: Make it build with newer glibcs 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-11 20:56:12 +00:00
Michael Tremer
c19196e1c5 nfs: Fix building with newer glibcs 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-11 20:56:12 +00:00
Michael Tremer
59a6d4e439 glibc: Enable obsolete NSL 
This will re-activate the deprecated NIS code on which lots of
software relies on so that we can have some extra time to migrate.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-11 20:56:12 +00:00
Michael Tremer
c0878e43e1 Config: Set PREFIX either to TOOLS_DIR or /usr 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-11 20:56:12 +00:00
Michael Tremer
b034e75303 make.sh: CFLAGS: There is no evidence that supports enabling retpoline in user space is a good idea 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-11 20:56:12 +00:00
Michael Tremer
ce7f9c3a0e libtirpc: Fix build against newer glibcs 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-11 20:56:12 +00:00
Michael Tremer
25e33293bd binutils: Update to 2.30 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-11 20:56:12 +00:00
Michael Tremer
f794504ec6 dma: Don't only use TLSv1 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-11 20:56:12 +00:00
Michael Tremer
b349f4da63 postfix: Temporarily disable NIS 
This makes postfix FTBFS because glibc has removed their
RPC headers.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-11 20:56:12 +00:00
Michael Tremer
65a75e0ddf glibc: Update to 2.27 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-11 20:56:12 +00:00
Michael Tremer
f1a5a25a40 flex: Patch against SEGV with newer glibc 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-11 20:56:12 +00:00