bpfire

mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 18:45:54 +02:00

Author	SHA1	Message	Date
Michael Tremer	c67ff7d72c	zstd: Make this part of the core distributions Many packages link against it and we should make use of it when we have it. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-18 10:13:01 +00:00
Michael Tremer	f8a54e1961	qemu: Update rootfile Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-18 10:11:33 +00:00
Michael Tremer	5a918d828f	rsync: Update rootfile Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-18 10:10:13 +00:00
Michael Tremer	bef8b9c027	core149: Ship popt Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-17 17:55:55 +00:00
Matthias Fischer	7dcea61621	popt: Update to 1.18 Recommended for 'rsync 3.2.1'. Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-17 17:55:35 +00:00
Matthias Fischer	73202b3976	rsync: Update to 3.2.1 For details see: https://download.samba.org/pub/rsync/NEWS#3.2.1 Although 3.2.2 is in "release testing", I decided to push this release now to get things running. I activated zstd-support and added 'DEPS = zstd'. Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-17 17:55:26 +00:00
Matthias Fischer	6b264af51b	zstd 1.4.5: New package This packages adds a "lossless compression algorithm" - supported by 'rsync 3.2.1'. For details see: https://github.com/facebook/zstd/releases/tag/v1.4.5 Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-17 17:54:55 +00:00
Matthias Fischer	112d36f00e	qemu: Update to 5.0.0 For details see: https://wiki.qemu.org/ChangeLog/5.0 Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-17 17:53:41 +00:00
Matthias Fischer	665261f56f	usbredir: Update to 0.8.0 For details see: https://gitlab.freedesktop.org/spice/usbredir/-/blob/master/ChangeLog "-Source code and bug tracker hosted in Freedesktop's instance of Gitlab -https://gitlab.freedesktop.org/spice/usbredir -usbredirfilter -Fix busy wait due endless recursion when interface_count is zero -usbredirhost: -Fix leak on error -usbredirserver: -Use 'busnum-devnum' instead of 'usbbus-usbaddr' -Add support for bind specific address -4 for ipv4, -6 for ipv6 -Reject empty vendorid from command line -Enable TCP keepalive" Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-17 17:53:40 +00:00
Matthias Fischer	196cdadab8	libvirt: Update to 6.5.0 For details see: https://libvirt.org/news.html This update "just came my way" - I hope its somehow useful. I also checked updates for dependencies - 'libusbredir 0.8.0' and 'qemu 5.0.0' follow. Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-17 17:53:38 +00:00
Peter Müller	454a21d8b0	Postfix: update to 3.5.4 Please refer to http://www.postfix.org/announcements/postfix-3.5.4.html for release announcements. Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-17 17:53:14 +00:00
Peter Müller	4591f94bc5	Tor: update to 0.4.3.6 Please refer to https://blog.torproject.org/new-release-tor-03511-0428-0436-security-fixes for release announcements. Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-17 17:53:03 +00:00
Matthias Fischer	2ebd7ec758	clamav: Update to 0.102.4 Fixes CVE-2020-3350, CVE-2020-3327, CVE-2020-3481 For details see: https://blog.clamav.net/2020/07/clamav-01024-security-patch-released.html Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-17 17:52:28 +00:00
Michael Tremer	e65a3be3ef	core149: Ship bind Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-17 17:52:18 +00:00
Matthias Fischer	d690f2a7ce	bind: Update to 9.11.21 For details see: https://downloads.isc.org/isc/bind9/9.11.21/RELEASE-NOTES-bind-9.11.21.html "Bug Fixes named could crash when cleaning dead nodes in lib/dns/rbtdb.c that were being reused. [GL #1968] Properly handle missing kyua command so that make check does not fail unexpectedly when CMocka is installed, but Kyua is not. [GL #1950] The validator could fail to accept a properly signed RRset if an unsupported algorithm appeared earlier in the DNSKEY RRset than a supported algorithm. It could also stop if it detected a malformed public key. [GL #1689]" Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-17 17:52:06 +00:00
Michael Tremer	1701a7097a	core149: Ship intel microcode Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-17 17:51:52 +00:00
Peter Müller	04b39060f7	intel-microcode: update to 20200616 Ice Lake Intel CPUs have been found of being vulnerable to MDS, thus requiring new microcodes for them. <sarcasm>Yay!</sarcasm> Please refer to https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20200616 for further information. Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-17 17:49:24 +00:00
Michael Tremer	63de1d010f	core149: Ship updated unbound Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-17 17:48:21 +00:00
Matthias Fischer	53e1abbb57	unbound: Update to 1.11.0 For details see: https://lists.nlnetlabs.nl/pipermail/unbound-users/2020-July/006921.html Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-17 17:47:36 +00:00
Michael Tremer	c2607bc492	7zip: Move files to /usr Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-17 17:23:37 +00:00
Michael Tremer	6168163681	u-boot: Fix build with GCC 10 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-17 15:09:51 +00:00
Michael Tremer	9b34655840	grub: Run autoreconf after applying patches Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-17 15:09:24 +00:00
Michael Tremer	8d25e59811	core149: Ship everything that was recently updated Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-17 10:21:40 +00:00
Marcel Follert	6992457365	socat: New package Signed-off-by: Marcel Follert (Smooky) <smooky@v16.de> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-17 10:10:11 +00:00
Matthias Fischer	db376b5895	iproute2: Update to 5.8.0 For details see: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/log/?h=v5.8.0 Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-17 10:09:25 +00:00
Matthias Fischer	2fa9dfa8d9	apache: Update to 2.4.46 For details see: https://mirrors.ae-online.de/apache//httpd/CHANGES_2.4.46 Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-17 10:09:20 +00:00
Matthias Fischer	62e68ad323	logrotate: Update to 3.17.0 For details see: https://github.com/logrotate/logrotate/releases/tag/3.17.0 Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-17 10:09:17 +00:00
Erik Kapfer	942446b553	OpenVPN: Add tls-version-min for TLSv1.2 ovpnmain.cgi delivers now 'tls-version-min 1.2' for Roadwarrior and N2N. Since the server needs it only on server side, this patch do not includes it for Roadwarrior clients. N2N do not uses push options therefor this directive will be included on both sides. To integrate the new directive into actual working OpenVPN server environment, the following commands should be executed via update.sh. Code block start: if test -f "/var/ipfire/ovpn/server.conf"; then # Add tls-version-minimum to OpenVPN server if not already there if ! grep -q '^tls-version-min' /var/ipfire/ovpn/server.conf > /dev/null 2>&1; then # Stop server before append the line /usr/local/bin/openvpnctrl -k # Append new directive echo >> "tls-version-min 1.2" /var/ipfire/ovpn/server.conf # Make sure server.conf have the correct permissions to prevent such # --> https://community.ipfire.org/t/unable-to-start-the-openvpn-server/2465/54?u=ummeegge # case chown nobody:nobody /var/ipfire/ovpn/server.conf # Start server again /usr/local/bin/openvpnctrl -s fi fi Code block end Signed-off-by: Erik Kapfer <ummeegge@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-17 10:09:15 +00:00
Erik Kapfer	0d1054abc9	curl: Update to version 7.71.1 Several bugfixes and vulnerabilities has been fixed since the current available version 7.64.0 . For a full overview, the changelog is located in here --> https://curl.haxx.se/changes.html, a security problem overview in here --> https://curl.haxx.se/docs/security.html . Signed-off-by: Erik Kapfer <ummeegge@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-17 10:09:10 +00:00
Stefan Schantl	80dd69380d	hyperscan: Update to 5.3.0 Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Reviewed-by: Michael Tremer <Michael.tremer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-17 10:09:08 +00:00
Erik Kapfer	ba50f66da3	OpenVPN: max-clients value has been enhanced The --max-client value has been enhanced from 255 clients to 1024 clients. Error message gives now explanation if the maximum has been reached. Patch has been triggered by https://community.ipfire.org/t/openvpn-max-vpn-clients-quantity-and-connections/2925 . Signed-off-by: Erik Kapfer <ummeegge@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-17 10:09:03 +00:00
Michael Tremer	b970ae902a	haproxy: Update to 2.2.2 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-17 10:08:25 +00:00
Michael Tremer	fa8edb9bd7	index.cgi: Show a note to people who are running IPFire on i?86 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-17 10:08:23 +00:00
Michael Tremer	c0fe5ea579	index.cgi: Drop Reiser4 warning We have dropped Reiser4 in 2013. There won't be any systems out there any more running it. We can safely drop this warning. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-17 10:08:22 +00:00
Stephan Feddersen	6408a43c0d	WIO. new version Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-17 10:08:17 +00:00
Stephan Feddersen	6a73c7b94c	WIO: new french translation Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-17 10:08:16 +00:00
Stephan Feddersen	48aae162c6	WIO: code cleanup Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-17 10:08:14 +00:00
Peter Müller	159cab272a	OpenSSL: remove ciphers without Forward Secrecy from default ciphersuite Ciphers not supplying (Perfect) Forward Secrecy are considered dangerous since they allow content decryption in retrospect, if an attacker is able to gain access to the servers' private key used for the corresponding TLS session. Since IPFire machines establish very few TLS connections by themselves, and destinations (IPFire.org infrastructure, mirrors, IPS rule sources, etc.) provide support for Forward Secrecy ciphers - some are even enforcing them -, it is safe to drop support for anything else. This patch reduces the OpenSSL default cipher list to: TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384 ECDHE-ECDSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=Camellia(256) Mac=SHA384 ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384 ECDHE-RSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=Camellia(256) Mac=SHA384 ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256 ECDHE-ECDSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=Camellia(128) Mac=SHA256 ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256 ECDHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=Camellia(128) Mac=SHA256 DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256 DHE-RSA-CAMELLIA256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA256 DHE-RSA-AES128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(128) Mac=SHA256 DHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA256 ECDHE-ECDSA-AES256-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1 ECDHE-ECDSA-AES128-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA1 ECDHE-RSA-AES256-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1 ECDHE-RSA-AES128-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1 DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1 DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA1 DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1 DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA1 Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Acked-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-17 10:07:56 +00:00
Michael Tremer	44bfc40640	glibc: aarch64: Ignore uninitialised variables in the stage2 build, too Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-17 10:05:40 +00:00
Michael Tremer	815ca15dc4	make.sh: Increase maximum size of ramdisk to 8GB The previous 4GB were not enough for a full GCC bootstrap in the toolchain stage. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-16 10:29:43 +00:00
Michael Tremer	6d6f306179	perl: Fix build in toolchain stage perl searches for headers and libraries in the wrong paths and detects GCC 10 as GCC 1.x. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-16 10:29:43 +00:00
Michael Tremer	c9e4607e88	make: Run autoreconf after applying patches Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-16 10:29:43 +00:00
Michael Tremer	de57b780be	glibc: Pass -Wno-error=maybe-uninitialized This is required to build glibc in the toolchain stage on aarch64 due to messy headers on the host system. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-16 10:29:43 +00:00
Michael Tremer	a7f6809c7f	glibc: Drop any custom CFLAGS glibc is nothing special and can and should be built with the same flags than the rest of the system. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-16 10:29:43 +00:00
Michael Tremer	d9d28c2c35	make.sh: Bump toolchain version Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-16 10:29:43 +00:00
Michael Tremer	5eec0f21a6	make.sh: Add -fcf-protection for x86_64/i586 Instrument binaries to guard against ROP/JOP attacks. This flag in only available on x86_64 and i586. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-16 10:29:43 +00:00
Michael Tremer	87f3b1e568	make.sh: Enable -fstack-clash-protection for x86_64/aarch64 This patch turns on instrumentation to avoid skipping the guard page in large stack frames. Without this flag, vulnerabilities can result in where the stack overlaps with the heap, or thread stacks spill into other regions of memory. This flag in only available on x86_64 and aarch64. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-16 10:29:43 +00:00
Michael Tremer	854df4df81	gcc: Bundle against OS versions of gmp/mpfr Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-16 10:29:43 +00:00
Michael Tremer	465e54a37b	mpfr: Update to 4.1.0 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-16 10:29:43 +00:00
Michael Tremer	50f77459a7	cmake: Do not limit compile processes to only two We can launch more when we have the memory for it Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2020-08-16 10:29:43 +00:00

1 2 3 4 5 ...

14995 Commits