webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-15 21:43:00 +02:00
Code Issues Packages Projects Releases Wiki Activity
14,097 Commits 2 Branches 1 Tag
c8dcd46537bebe4f59cd7c22d09c45e98bfecb1f
Commit Graph

3630 Commits

Author SHA1 Message Date
Arne Fitzenreiter
3d9b9dd30e Revert "Python: Update to 2.7.9" 
This reverts commit 765423cebe.

build fails.
 2015-06-10 14:49:40 +02:00
Michael Tremer
41ed4795fe strongswan: Update to 5.3.1 
Fixed a denial-of-service and potential remote code execution vulnerability
triggered by IKEv1/IKEv2 messages that contain payloads for the respective
other IKE version. Such payload are treated specially since 5.2.2 but because
they were still identified by their original payload type they were used as
such in some places causing invalid function pointer dereferences.
The vulnerability has been registered as CVE-2015-3991.

https://www.strongswan.org/blog/2015/06/01/strongswan-vulnerability-%28cve-2015-3991%29.html

The increased buffer size has been fixed in bug #943 upstream
  https://wiki.strongswan.org/issues/943
 2015-06-04 19:26:44 +02:00
Michael Tremer
e528fb2c73 rebuildhosts: Don't break when RED not online 
The hosts file was not regenerated when RED was not connected
which should not be happening.

This patch checks if the file exists. If not, the gateway
line will not be written to /etc/hosts.
 2015-06-03 18:00:13 +02:00
Michael Tremer
bd33c33227 rebuildhosts: Fix SEGV when not online 
Fixes #10867
 2015-06-03 17:55:55 +02:00
Lars Schuhmacher
b29a624081 pakfire: Add information about probable causes when pakfire cannot connect 
Add information about probable causes when pakfire cannot connect. This
includes port 11371 TCP and incorrect date/time settings.

Signed-off-by: Lars Schuhmacher <larsen007@web.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-06-02 23:47:46 +02:00
Arne Fitzenreiter
e97d4c9896 Merge branch 'master' into next 
Conflicts:
	lfs/netsnmpd
 2015-05-31 20:08:58 +02:00
Arne Fitzenreiter
cb3c00e01e cyrus-imapd: add backupinclude. 2015-05-31 16:02:39 +02:00
Arne Fitzenreiter
79fac0111b remove unused net-snmp pakfiles. 2015-05-31 11:37:10 +02:00
Arne Fitzenreiter
648f200187 netsnmpd: extract backup include at update. 2015-05-31 11:35:34 +02:00
Michael Tremer
1292598207 Merge remote-tracking branch 'mfischer/python' into next 2015-05-26 14:30:27 +02:00
Arne Fitzenreiter
d6a15c76a7 Merge remote-tracking branch 'origin/core90' 2015-05-21 11:16:35 +02:00
Michael Tremer
888c41dea8 dnsmasq: Import patches from upstream 2015-05-20 23:39:28 +02:00
Michael Tremer
efbd3a9abc dnsmasq: Import patches from upstream 2015-05-20 23:35:38 +02:00
Arne Fitzenreiter
888726854f linux-pae: fix grub entry for xen hvm machines. 2015-05-20 11:00:12 +02:00
Matthias Fischer
bbe4537de3 dnsmasq: again - latest upstream patches 2015-05-17 00:39:39 +02:00
Arne Fitzenreiter
1af34aa810 pakfire: skip corrupt "meta-" file. 
This was created by a bug in dep resolve at upgrade.
 2015-05-16 13:00:12 +02:00
Michael Tremer
9f1f68f17a pakfire: fix dep resolve at upgrade. 2015-05-16 12:57:28 +02:00
Arne Fitzenreiter
7b9233935e core90: fix missing filename in metafile. 2015-05-13 19:44:15 +02:00
Michael Tremer
c8f8bf328f firewall: Add H.323 to the conntrack helpers 2015-05-12 13:33:27 +02:00
Michael Tremer
50354ffe3a firewall: Add IRC to the conntrack helpers 2015-05-12 13:27:24 +02:00
Michael Tremer
a93bf69617 firewall: Add amanda to the conntrack helpers 2015-05-12 13:25:04 +02:00
Michael Tremer
d57c6162cb firewall: Make conntrack helpers configurable 2015-05-12 13:16:40 +02:00
Michael Tremer
4071b2d61b firewall: iptables will load the conntrack modules automatically 2015-05-11 13:04:14 +02:00
Michael Tremer
0f5350608e firewall: Accept related ICMP packets again 
This rule is required to forward ICMP error messages for
aborted TCP connections and the like.
 2015-05-11 13:00:34 +02:00
Matthias Fischer
7cbd533265 dnsmasq: import latest upstream patches 2015-05-09 21:21:34 +02:00
Michael Tremer
d81456730c strongswan: Use --wait option for iptables commands 2015-05-07 22:40:08 +02:00
Michael Tremer
a9600358d8 ipsecctrl: Use --wait switch for all iptables commands 2015-05-07 21:06:44 +02:00
Michael Tremer
d9e80e0b09 ipsecctrl: Remove unused code block 2015-05-07 21:05:50 +02:00
Arne Fitzenreiter
ad39b30985 qemu: update to 2.3.0 2015-05-06 19:12:06 +02:00
Michael Tremer
9acda8fa69 Merge remote-tracking branch 'amarx/BUG10834' into next 2015-05-06 16:57:55 +02:00
Alexander Marx
1d47c971e6 BUG10834: fixes ovpn-ccd-convert 
When restoring an old backup, all OpenVPN RW's get the dynamic network.
 2015-05-06 16:18:00 +02:00
Arne Fitzenreiter
5ea73f5660 dracut: add sdhci-pci module to initrd. 
fixes #10792
 2015-05-05 22:34:30 +02:00
Michael Tremer
afa91a4df5 fireinfo: Fix SEGV on QEMU without KVM 2015-05-04 16:02:39 +02:00
Alexander Marx
a8e3b15d77 squid-accounting: fix monthly dbmove funktion to put values in history table 2015-05-03 12:54:05 +02:00
Michael Tremer
6caea1086d Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next 2015-04-29 11:26:35 +02:00
Michael Tremer
85a6f39c39 Merge remote-tracking branch 'stevee/core-90-ddnsctrl' into next 2015-04-29 11:26:20 +02:00
Michael Tremer
5f20677864 dnsmasq: Import more upstream fixes 
Fixes: #10786

Fixes DNSSEC validation when falling back to TCP.
 2015-04-29 11:24:23 +02:00
Stefan Schantl
2bcd81934d ddns: Add more upstream patches. 2015-04-28 21:06:19 +02:00
Arne Fitzenreiter
0e2f9b011b openssl: disable ssse3 on amd cpu's 
amd with ssse3 (bulldozer and fusion) has serious performance problems
with the vpaes code. (-evp is 40% slower)
 2015-04-28 20:51:03 +02:00
Michael Tremer
1cbc5ca0a4 Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next 2015-04-28 11:14:45 +02:00
Arne Fitzenreiter
f68ae02d39 openssl: auto enable padlock engine. 2015-04-27 22:15:20 +02:00
Michael Tremer
30ca037fb3 glibc: Fix CVE-2013-7423 and CVE-2015-1781 
CVE-2013-7423: Fix invalid file descriptor reuse while sending DNS query
CVE-2015-1781: Fix buffer overflow in gethostbyname_r with misaligned buffer
 2015-04-27 21:20:46 +02:00
Michael Tremer
ffe32bf7ae strongswan: Increase stroke buffer size to 8k 2015-04-27 20:58:45 +02:00
Michael Tremer
6ac0a1a38f dnsmasq: Import latest fixes from upstream 2015-04-27 18:10:34 +02:00
Stefan Schantl
1b1401b9df Drop obsolete ddns patches. 2015-04-26 17:14:36 +02:00
Stefan Schantl
b0b8729a32 ddns: Add upstream patch for fixing bug 10815. 2015-04-26 17:12:55 +02:00
Stefan Schantl
1a8999b3d6 ddnsctrl: New binary. 
This helper binary is used to grand the ddns update client super user rights,
when launched out of the webinterface.
 2015-04-26 16:48:45 +02:00
Michael Tremer
37de68c965 openssl: Enable all assembly optimisations build SSE2 optimised version 
Fixes #10814
 2015-04-23 13:33:35 +02:00
Michael Tremer
a235f22952 firewall: Remove option to disable the SIP ALG 2015-04-22 18:13:56 +02:00
Michael Tremer
b1109b8af5 Enhance the security of the netfilter conntrack helpers 
This is suggested here
  https://home.regit.org/netfilter-en/secure-use-of-helpers/
and deprecated in the kernel (#10665).
 2015-04-22 18:10:59 +02:00