webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-18 23:12:59 +02:00
Code Issues Packages Projects Releases Wiki Activity
12,702 Commits 2 Branches 1 Tag
c32fc72e36daf8510949aa8a0fea695cc080c9d3
Commit Graph

5668 Commits

Author SHA1 Message Date
Michael Tremer
6c920b19cd IPsec: Rename ipsec-block script to ipsec-policy 
This is a more general name for a script that will be extended
soon to do more than just add blocking rules.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-04 18:20:36 +00:00
Matthias Fischer
2378f373dd dhcpcd: Update to 7.1.0 
For some informations about this update see:
https://roy.marples.name/blog/dhcpcd-7-1-0-released

"dhcpcd-7.1.0 has been released with the following changes:

- OpenBSD: works alongside slaacd(8)
- NetBSD: sets SO_RERROR on to detect receive socket overflow
- BSD: route improvements to avoid listening for own changes
- Linux: use NETLINK_BROADCAST_ERROR
- BSD: avoid late address deletion messages by testing address existance
- IP6: implement IP6 address sharing
- BSD: catch UP/DOWN events when interfaces does support media changes
- IPv4LL: remember old address when carrier is lost

Many other minor fixes and documenation updates have been submitted by various
community members for this release..."

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-04 00:39:25 +00:00
Matthias Fischer
d2b7811b15 curl: Update to 7.63.0 
For details see:
https://curl.haxx.se/changes.html

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-04 00:14:59 +00:00
Wolfgang Apolinarski
33f7d610fb Updated apr, stabilized apache build 
- Updated apr to 1.6.5
- Stabilized apache build (rebuild)

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-03 21:41:33 +00:00
Arne Fitzenreiter
329788dee5 kernel: update to 4.14.97 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-02-03 12:45:52 +01:00
Michael Tremer
2a915f98cb haproxy: Bump version to support TLSv1.3 (and PCRE JIT) 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-01 17:34:02 +00:00
Matthias Fischer
57bc05a53d apache: Update to 2.4.38 
For details see:
http://mirror.checkdomain.de/apache//httpd/CHANGES_2.4.38

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-01 17:09:49 +00:00
Jonatan Schlag
46114d79d9 Add new package borgbackup 
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-01 16:27:23 +00:00
Jonatan Schlag
def9f4a3e0 Add new package python3-msgpack 
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-01 16:27:16 +00:00
Jonatan Schlag
3be819876b Add new package python3-llfuse 
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-01 16:27:06 +00:00
Jonatan Schlag
662b2a812f Add new package python3-setuptools-scm 
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-01 16:26:59 +00:00
Jonatan Schlag
2d17377aa0 Add new package python3-settuptools 
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-01 16:26:39 +00:00
Matthias Fischer
61ee842911 ghostscript: Update to 9.26 
For details see:
https://www.ghostscript.com/doc/9.26/News.htm

This version fixes CVE-2019-6116 ("code execution via subroutines within pseudo-operators")

Some details (german) can be found here:
https://www.heise.de/security/meldung/Boeser-Bug-in-PostScript-trifft-ghostscript-und-damit-Viele-mehr-4286563.html

I saw this article and found it could be the time for an update...

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-27 22:26:55 +00:00
Peter Müller
75936b067f Postfix: update to 3.3.2 
See http://www.postfix.org/announcements/postfix-3.3.2.html for release
note. This makes Postfix TLS 1.3/OpenSSL 1.1.1a ready.

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-23 05:41:33 +00:00
Peter Müller
07c36be56f update ca-certificates CA bundle 
Update the CA certificates list to what Mozilla NSS ships currently.

The original file can be retrieved from:
https://hg.mozilla.org/mozilla-central/raw-file/tip/security/nss/lib/ckfw/builtins/certdata.txt

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-23 05:40:21 +00:00
Peter Müller
fee8b1c504 OpenSSH: update to 7.9p1 
Update OpenSSH to 7.9p1 (release note is available at
https://www.openssh.com/txt/release-7.9). Patching support
for OpenSSL 1.1.0 is no longer required, thus the orphaned
patchfile has been deleted.

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-23 05:13:47 +00:00
Arne Fitzenreiter
be838808e1 Merge remote-tracking branch 'origin/master' into next 2019-01-23 21:19:01 +01:00
Arne Fitzenreiter
7c26f07dab Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next 2019-01-23 21:18:44 +01:00
Arne Fitzenreiter
b9d494e773 kernel: update to 4.14.95 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-01-23 18:44:26 +01:00
Michael Tremer
480e301442 xtables-addons: Fix generating GeoIP database 
Perl seems to have a very funny feature where you cannot rely on
how it formats IP addresses into a binary string.

This seems to be 16 bytes long for IPv4 addresses when we (and the kernel)
only expect 4.

This patch changes this so that the last 12 bytes are just being dropped.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-23 04:12:41 +00:00
Peter Müller
0661be620b tzdata: update to 2018i 
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-23 02:53:20 +00:00
Michael Tremer
b7ddf23b72 strongswan: Update to 5.7.2 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-22 05:32:42 +00:00
Arne Fitzenreiter
503a6f155b kernel: update to 4.14.94 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-01-22 07:41:18 +01:00
Matthias Fischer
6f1aa31f01 logrotate: Update to 3.15 
For details see:
https://github.com/logrotate/logrotate/releases

- timer unit: change trigger fuzz from 12h to 1h (#230)
- service unit: only run if /var/log is mounted (#230)
- preserve fractional part of timestamps when compressing (#226)
- re-indent source code using spaces only (#188)
- minage: avoid rounding issue while comparing the amount of seconds (#36)
- never remove old log files if rotate -1 is specified (#202)
- return non-zero exit status if a config file contains an error (#199)
- make copytruncate work with rotate 0 (#191)
- warn user if both size and the time interval options are used (#192)
- pass rotated log file name as the 2nd argument of the postrotate script
  when sharedscript is not enabled (#193)
- rename logrotate-default to logrotate.conf (#187)

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-21 10:20:12 +00:00
Peter Müller
63cf6d5cef drop openssl-compat package 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-17 14:41:07 +00:00
Erik Kapfer
32ba431458 openssl: Update to version 1.1.1a 
Disabled MD2 and Aria cipher.

TLSv1.3 is now available with:

TLS_CHACHA20_POLY1305_SHA256 TLSv1.3
TLS_AES_256_GCM_SHA384  TLSv1.3
TLS_AES_128_GCM_SHA256  TLSv1.3

Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-17 14:33:20 +00:00
Michael Tremer
f0092a6e3e keepalived: Move change of conntrack sysctl option into package 
The setting cannot be set on the default system because the ip_vs
module is not loaded by default and there is no reason to load it
just because we would be able to set the setting.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-13 12:50:26 +01:00
Arne Fitzenreiter
f622fd8ed0 linux-initrd: fix build of uInit on aarch64 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-01-12 20:01:00 +01:00
Stefan Schantl
f107bb39c5 Revert "GeoIP: Drop legacy GeoIP perl module." 
This reverts commit 9d1708e081.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-11 00:08:54 +00:00
Matthias Fischer
035f6c75ae xtables-addons: Fix typo in lfs 
Just some typos...

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-11 00:08:46 +00:00
Michael Tremer
01db691a1e Bump kernel version to ship a new PAE kernel 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-10 22:48:25 +00:00
Matthias Fischer
e3429b4aad clamav: Update to 0.101.1 
For details see:
https://blog.clamav.net/2019/01/clamav-01011-patch-has-been-released.html

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-07 01:33:05 +00:00
Matthias Fischer
042a5fe60a tar: Update to 1.31, including fix for bug #11958 
For details see:

http://savannah.gnu.org/forum/forum.php?forum_id=9344

"- Fix heap-buffer-overrun with --one-top-level.
- Support for zstd compression.
- The -K option interacts properly with member names given in the command line.
- Fix CVE-2018-20482"

This patch was reverted because 'tar 1.31' crashed when installing PakFire packages
with the option '--no-overwrite-dir'.
See: https://bugzilla.ipfire.org/show_bug.cgi?id=11958

Included is now a patch from https://savannah.gnu.org/bugs/?55413, which seems to fix this issue.
The test cases given in https://savannah.gnu.org/bugs/?55413#comment1 ran without problems.

As always, please check and confirm.

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-07 01:31:43 +00:00
Stefan Schantl
9d1708e081 GeoIP: Drop legacy GeoIP perl module. 
The legacy GeoIP perl module cannot handle the new GeoLite2 databases
provided from maxmind and therefore needs to be dropped.

Reference #11960

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-07 01:21:27 +00:00
Stefan Schantl
a77870146f xtables-addons: Use shipped xt_geoip_build 
Use the shipped xt_geoip_build directly instead of holding a copy in our GIT.

Reference #11959

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-07 01:20:22 +00:00
Stefan Schantl
9f6849b3ad xtables-addons: Update to 3.2 
Reference #11959

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-07 00:35:16 +00:00
Michael Tremer
045d54c324 perl-Net-CIDR-Lite: Fix whitespace 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-07 00:31:46 +00:00
Stefan Schantl
985741db61 perl-Net-CIDR-Lite: New package. 
This is a runtime dependency of the xt_geoip_build perl script
shipped by xtables-addons in version 3.2.

Reference #11960.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-07 00:30:49 +00:00
Michael Tremer
7d5caee6bd Add initscript for conntrackd 
The daemon will be started by default when a configuration
file exists.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-06 08:59:25 +00:00
Michael Tremer
d68e150e86 proxy: Drop web browser check 
This is neither reliable nor up to date and is therefore removed

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-08 15:54:56 +01:00
Michael Tremer
d09cb651b5 Revert "tar: Update to 1.31" 
This reverts commit bb473fd1d6.

tar crashes when used with --no-overwrite-dir. See #11958.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-05 21:11:44 +00:00
Matthias Fischer
d01b31914a snort: Update to 2.9.12 
For details see:

Release notes:
https://snort.org/downloads/snort/release_notes_2.9.12.txt

Changelog:
https://snort.org/downloads/snort/changelog_2.9.12.txt

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-05 15:42:34 +00:00
Arne Fitzenreiter
5e6f343b7d python: update to 2.7.15 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-01-06 15:51:53 +01:00
Arne Fitzenreiter
b15309e9d1 transmission: update to 2.94 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-01-05 13:47:31 +01:00
Matthias Fischer
bb473fd1d6 tar: Update to 1.31 
For details see:
http://savannah.gnu.org/forum/forum.php?forum_id=9344

"- Fix heap-buffer-overrun with --one-top-level.
- Support for zstd compression.
- The -K option interacts properly with member names given in the command line.
- Fix CVE-2018-20482"

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-04 02:42:40 +00:00
Michael Tremer
2aff684f37 libvirt: The package no longer depends on jansson 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-03 15:12:39 +00:00
Erik Kapfer
e6f7f8e7ba database_attribute: Deliver/create index.txt.attr 
Fixes #11904

Since OpenSSL-1.1.0x the database attribute file for IPSec and OpenVPN wasn´t created while initial PKI generation.
OpenVPN delivered an error message but IPSec did crashed within the first attempt.
This problem persists also after X509 deletion and new generation.

index.txt.attr will now be delivered by the system but also deleted and recreated while setting up a new x509.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-03 14:52:53 +00:00
Matthias Fischer
4c83d9fbdc mc: Update to 4.8.22 
For details see:
http://midnight-commander.org/wiki/NEWS-4.8.22

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-02 17:20:21 +00:00
Michael Tremer
cdaad0cdd3 libvirt: Bump package version 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-02 16:24:39 +00:00
Matthias Fischer
c86d893830 squid: Update to 4.5 
For details see:
http://www.squid-cache.org/Versions/v4/changesets/

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-12-31 00:37:51 +00:00