webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-10 19:15:54 +02:00
Code Issues Packages Projects Releases Wiki Activity
9,569 Commits 2 Branches 1 Tag
c267b2da2dc5617b0daee33f3fceb4f81a3bb3cf
Commit Graph

2678 Commits

Author SHA1 Message Date
Arne Fitzenreiter
038169b894 kernel: uppdate to 3.14.55 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2015-10-23 11:00:03 +02:00
Arne Fitzenreiter
4c5c4f3afc Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next 2015-10-21 21:02:19 +02:00
Arne Fitzenreiter
52daacc5c4 kernel: update to 3.14.54 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2015-10-21 18:48:32 +02:00
Michael Tremer
364452506f Merge remote-tracking branch 'ms/dhcp-rfc2136-broken-down' into next 2015-10-21 13:50:31 +01:00
Michael Tremer
80fbd89949 ipsec: Add block rules to avoid conntrack entries 
If an IPsec VPN connections is not established, there are
rare cases when packets are supposed to be sent through
that said tunnel and incorrectly handled.

Those packets are sent to the default gateway an entry
for this connection is created in the connection tracking
table (usually only happens to UDP). All following packets
are sent the same route even after the tunnel has been
brought up. That leads to SIP phones not being able to
register among other things.

This patch adds firewall rules that these packets are
rejected. That will sent a notification to the client
that the tunnel is not up and avoid the connection to
be added to the connection tracking table.

Apart from a small performance penalty there should
be no other side-effects.

Fixes: #10908

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Cc: tomvend@rymes.com
Cc: daniel.weismueller@ipfire.org
Cc: morlix@morlix.de
Reviewed-by: Timo Eissler <timo.eissler@ipfire.org>
 2015-10-15 22:44:47 +01:00
Arne Fitzenreiter
1f011c6594 backports: add Tevii S482 patch 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2015-10-01 11:14:58 +02:00
Michael Tremer
dfe630f77c Merge remote-tracking branch 'ms/experimental-vlan-hotplugging' into next 2015-09-28 14:33:49 +01:00
Arne Fitzenreiter
1f2bda9ba3 backports: enable build on x86_64. 
backports 4.1.1-1 is not stable so we need to stay on the older version.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2015-09-27 11:27:40 +02:00
Lars Schuhmacher
e3edceeb7a Mark required input fields with a star 
Mark required input fields with a star as nowadays this is
the de-facto default. Before, it was the other way around and
optional fields were marked.

Signed-off-by: Lars Schumacher <larsen007@web.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-09-21 16:40:41 +01:00
Michael Tremer
b1fb211827 Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next 2015-09-21 16:12:25 +01:00
Osmar Gonzalez
0a39488e4a Corrected typo in networking.c 
Corrected "Misssing" to "Missing".

Signed-off-by: Osmar Gonzalez <mibs510@gmail.com>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-09-20 13:31:15 +01:00
Arne Fitzenreiter
4d4f36ef55 kernel: Update pcengines apu led patch for x86_64 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2015-09-20 12:46:12 +02:00
Matthias Fischer
7f263dc736 Fixed some typos in initscript 
"Createing= => "Creating"...

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-09-19 18:50:54 +01:00
Matthias Fischer
f62ac3224c dnsmasq: latest upstream patches 
dnsmasq: latest upstream patches

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-09-14 23:30:32 +01:00
Douglas Duckworth
6ee104aeb7 snort: Remove trailing slash in pid path 
Fixes: https://bugzilla.ipfire.org/show_bug.cgi?id=10924

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-09-14 23:19:50 +01:00
Michael Tremer
27957a3f2b Merge remote-tracking branch 'ms/x86_64' into next 2015-09-11 15:06:09 +01:00
Michael Tremer
257ce821ee fireinfo: Import upstream fixes 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-09-09 15:32:09 +01:00
Michael Tremer
71940784ef fireinfo: Import upstream patch 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-09-01 00:12:31 +01:00
matthias.fischer@ipfire.org
f10a246946 squid 3.4.14: Import latest patch from upstream 
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-08-31 23:26:38 +01:00
Alexander Marx
0f14446a89 Squid-accounting: New Version using dma mailservice 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-08-28 12:42:53 +01:00
Michael Tremer
8f4af2b25a Merge branch 'dma' into next 2015-08-25 13:57:40 +01:00
Michael Tremer
377eaee288 openssl: Fix build on x86_64 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-08-22 23:29:45 +02:00
Michael Tremer
612c14d58b glibc: Fix build with make version 4.0 and greater 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-08-22 17:22:16 +01:00
Michael Tremer
191976efbd pcre: Fix more buffer overflows 
This reverts commit cec620efdf.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-08-21 21:29:46 +01:00
Michael Tremer
982ac2f7a2 postfix: Uninstall sendmail alternative when uninstalling 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-08-21 09:54:20 +01:00
Alexander Marx
5267e19c3a make postfix ready for alternatives (chkconfig) 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-08-21 09:36:13 +01:00
Michael Tremer
ea0033d962 SSH: Replace old RSA keys with a new set 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-08-20 23:26:49 +01:00
Michael Tremer
04da8aa70a Do not create any DSA keys any more 
DSA is considered weak cryptography

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-08-20 23:22:08 +01:00
Michael Tremer
cec620efdf Revert "pcre: Fix more buffer overflows" 
This reverts commit b62425e3e3.
 2015-08-19 20:30:50 +01:00
Michael Tremer
b62425e3e3 pcre: Fix more buffer overflows 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-08-17 23:36:36 +01:00
Matthias Fischer
f831e573d4 dnsmasq: latest upstream patches 
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-08-17 20:53:21 +01:00
Michael Tremer
9eb008dc92 glibc: Import security fixes from upstream 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-08-17 20:49:34 +01:00
Michael Tremer
e628f99413 Remove left-over squid patch file 2015-08-07 20:37:53 +01:00
Michael Tremer
3db584817d Remove old VLAN initscript 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-08-05 12:43:53 +01:00
Michael Tremer
d08045eaa6 dnsmasq: Update to 2.75 
Rather severe regression in handling DNSSEC with CNAMEs.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-08-01 20:23:34 +01:00
Larsen
60f8111d53 squid-accounting: Fix typos in src/squid-accounting/acct.en.pl 
Fix typos in src/squid-accounting/acct.en.pl

Signed-off-by: Lars Schuhmacher <larsen007@web.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-07-29 16:20:37 +01:00
Michael Tremer
a722eae9dd ddns: Update to version 008 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-07-16 12:02:08 +02:00
Michael Tremer
b720e70288 cups: Update to 1.7.5 and fix for CVE-2015-1158 and CVE-2015-1159 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-07-14 17:15:00 +02:00
Michael Tremer
5929298ea1 pcre: Fix CVE-2015-5073 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-07-14 17:14:13 +02:00
Arne Fitzenreiter
c9ab30c5d3 kernel: fix trim dataloss on some solid state discs 
disable trim on SuperSSpeed S238
update queued trim blacklist from kernel 4.2rc1
(add Samsung SSD 8xx and some Crucial and Micron SSD)
 2015-07-13 22:00:57 +02:00
Michael Tremer
031becc0e2 pakfire: Resolve dependencies for upgraded packages 
When updating more than one package, only new dependencies
for the first one are resolved. The rest was ignored.

This patch fixes that.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-07-09 21:01:10 +02:00
Michael Tremer
5555c4b887 pakfire: Fix installing dependencies when updating packages 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-07-09 20:53:33 +02:00
Michael Tremer
8c8383e55e Remove dnsmasq patches 
These are not applied any more because dnsmasq was updated
to the latest release version.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-07-09 13:10:46 +02:00
Michael Tremer
d6c40f585d squid: Apply fix for Squid Advisory SQUID-2015:2 
Squid configured with cache_peer and operating on explicit proxy
traffic does not correctly handle CONNECT method peer responses.

The bug is important because it allows remote clients to bypass
security in an explicit gateway proxy.

However, the bug is exploitable only if you have configured
cache_peer to receive CONNECT requests.

  http://www.squid-cache.org/Advisories/SQUID-2015_2.txt

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-07-09 13:10:38 +02:00
Arne Fitzenreiter
c50d4f54b6 kernel: fix missing rootdev on xen installation. 2015-07-09 13:10:23 +02:00
Michael Tremer
15d5073d5b Merge branch 'next' 2015-07-07 10:42:56 +02:00
Michael Tremer
3a9a74d839 python: Cleanup patches 
I accidentially added a wrong patch and left in a reference
to a removed one.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-06-18 21:22:51 +02:00
Michael Tremer
67bc7ab222 python: Build libffi before python and link against it 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-06-18 21:04:19 +02:00
Michael Tremer
1ae0db1a74 Python: Update to 2.7.9 
This reverts commit 3d9b9dd30e.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-06-18 21:04:18 +02:00
Michael Tremer
dff6612b02 Merge remote-tracking branch 'mfischer/dnsmasq' into next 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Conflicts:
	lfs/dnsmasq
 2015-06-18 13:12:33 +02:00