webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-13 20:42:58 +02:00
Code Issues Packages Projects Releases Wiki Activity
11,491 Commits 2 Branches 1 Tag
ca4c354e085083dacf66071b23e507ea2ebb1b81
Commit Graph

11491 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Tremer
ca4c354e08 Bump release of all packages linked against OpenSSL 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-26 16:28:16 +00:00
Michael Tremer
d192815e83 core120: Ship everything that is linked against OpenSSL 
This will make sure that everything is using the new version
of the library.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-26 16:22:32 +00:00
Michael Tremer
1c0cfaa594 Disable Path MTU discovery 
This seems to be a failed concept and causes issues with transferring
large packets through an IPsec tunnel connection.

This configures the kernel to still respond to PMTU ICMP discovery
messages, but will not try this on its own.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-26 15:37:49 +00:00
Michael Tremer
f0e308ab2f core120: Fix typo in initscript name 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-26 15:34:10 +00:00
Michael Tremer
61fcd32f15 Rootfile update 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-26 13:06:34 +00:00
Michael Tremer
0eccedd1c8 dhcp: Allow adding extra DHCP interfaces 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-26 11:12:20 +00:00
Erik Kapfer via Development
39d11d265e OpenVPN: Ship missing OpenSSL configuration file for update 
Core 115 delivered a patch which prevents the '--ns-cert-type server is deprecated' message
and introduced also '--remote-cert-tls server' -->
https://patchwork.ipfire.org/patch/1441/ whereby the changed ovpn.cnf has not been delivered.

Signed-off-by: Erik Kapfer <erik.kapfer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-26 10:15:30 +00:00
Erik Kapfer via Development
52f61e496d OpenVPN: New AES-GCM cipher for N2N and RW 
AES-GCM 128, 196 and 256 bit has been added to Net-to-Net and Roadwarrior section.

HMAC selection for N2N will be disabled if AES-GCM is used since GCM provides an own message authentication (GMAC).
    'auth *' line in N2N.conf will be deleted appropriately if AES-GCM is used since '--tls-auth' is not available for N2N.
HMAC selection menu for Roadwarriors is still available since '--tls-auth' is available for RWs
    which uses the configuered HMAC even AES-GCM has been applied.

Signed-off-by: Erik Kapfer <erik.kapfer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-25 19:31:30 +00:00
Michael Tremer
87484f5c78 openssl-compat: Do not try to apply missing padlock patch 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-22 18:52:03 +00:00
Michael Tremer
b9c56c9e9c openssl-compat: Add missing library path 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-22 18:50:38 +00:00
Michael Tremer
8b080ef12b core120: Remove deprecated sshd configuration option 
This just created a warning and is now dropped

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-21 13:06:22 +00:00
Michael Tremer
c2646dff80 Revert "wget: Link against GnuTLS instead of OpenSSL" 
This reverts commit a46b159a8d.

wget 1.19.4 supports linking against OpenSSL 1.1.0.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-21 12:55:36 +00:00
Michael Tremer
c8e4391ecc core120: Remove forgotten PHP file 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-21 12:41:05 +00:00
Michael Tremer
53929f5ae8 core120: Ship updated OpenSSL 1.1.0 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-21 12:39:55 +00:00
Michael Tremer
9434bffaf2 Merge branch 'openssl-11' into next 2018-02-21 12:21:10 +00:00
Michael Tremer
cb8a6bf5a4 Start Core Update 120 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-21 12:20:57 +00:00
Michael Tremer
83d6101b9d core119: Reload apache after configuration changes 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-21 12:06:02 +00:00
Peter Müller
51bf74a1c8 disable Apache server signature 
Sending the server signature is unnecessary and might leak
some internal information (although ServerTokens is already
set to "Prod").

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-21 12:06:02 +00:00
Michael Tremer
3f42cf5cb9 backup: Don't backup apache configuration, keys only 
In the past the apache configuration was part of the backup
and may have been restored after Core Update 118 was installed
with PHP being dropped amongst other things.

This patch will make sure that only keys are being backuped.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-21 12:06:02 +00:00
Michael Tremer
bbe8e248fe Rootfile update 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-20 20:10:30 +00:00
Michael Tremer
ea3b9a4f88 strongswan: Update to 5.6.2 
Fixed a DoS vulnerability in the parser for PKCS#1 RSASSA-PSS
signatures that was caused by insufficient input validation.
One of the configurable parameters in algorithm identifier
structures for RSASSA-PSS signatures is the mask generation
function (MGF). Only MGF1 is currently specified for this purpose.
However, this in turn takes itself a parameter that specifies
the underlying hash function. strongSwan's parser did not
correctly handle the case of this parameter being absent,
causing an undefined data read.

This vulnerability has been registered as CVE-2018-6459.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-19 23:46:17 +00:00
Michael Tremer
a261cb06c6 IPsec: Try to restart always-on tunnels immediately 
When a tunnel that is in always-on configuration closes
unexpectedly, we can instruct strongSwan to restart it
immediately which is precisely what we do now.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-19 23:46:17 +00:00
Michael Tremer
2ec7a53b3e Rootfile update for armv5tel 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-17 18:55:38 +00:00
Michael Tremer
e36a7e3cf2 haproxy: Link against libatomic on ARM 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-17 13:36:37 +00:00
Michael Tremer
429af17883 i2c-tools: New package 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-16 20:01:55 +00:00
Michael Tremer
0f354672a2 flac: Update to 1.3.2 
The previous version fails to build on i586

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-16 19:14:33 +00:00
Michael Tremer
a1a5dd5566 Rootfile update 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-15 19:34:50 +00:00
Erik Kapfer
a4fd232541 OpenVPN: Added needed directive for v2.4 update 
script-security: The support for the 'system' flag has been removed due to security implications
    with shell expansions when executing scripts via system() call.
    For more informations: https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage .

ncp-disable: Negotiable crypto parameters has been disabled for the first.

Signed-off-by: Erik Kapfer <erik.kapfer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-15 10:41:41 +00:00
Michael Tremer
4ef4d82baa core119: Ship changed proxy.cgi 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-14 22:23:20 +00:00
Bernhard Held
a2b2ac7854 proxy.cgi: remove excessive newlines in generated proxy.pac 
Remove excessive newlines in generated proxy.pac

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-14 22:22:49 +00:00
Michael Tremer
0642dc8923 Rootfile update 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-13 21:07:04 +00:00
Michael Tremer
eb93869763 Bump toolchain version 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-13 16:35:08 +00:00
Michael Tremer
1633e0146c Rootfile update for glibc on i586 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-13 16:34:55 +00:00
Michael Tremer
909ba0ad4a nagios-plugins: Update rootfiles 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-13 16:30:24 +00:00
Michael Tremer
e75dd42577 postfix: Update rootfile 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-13 16:20:55 +00:00
Michael Tremer
97b5588cf3 zlib: Fix name of logfile in toolchain build 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-13 10:24:04 +00:00
Michael Tremer
05551f7bdb sslh: Build without tcpwrappers 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-13 10:23:54 +00:00
Michael Tremer
54d5414848 toolchain: Add zlib 
ccache needs this and usually comes with an own bundled
version but fails to build in version 3.4.1.

Since this is a small library only and we really want
ccache to use compression, we will build this indepently
and let ccache use it from the system.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-12 14:24:12 +00:00
Michael Tremer
d8ac9a162c Bump toolchain version 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-12 13:07:38 +00:00
Michael Tremer
2dd9f3b379 Cleanup toolchain scripts 
No functional changes, just some tidy up

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-12 12:44:37 +00:00
Michael Tremer
d32233aa1b ccache: Update to 3.4.1 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-12 12:12:08 +00:00
Michael Tremer
71196131be PAM: Drop shipped configuration 
This is outdated, broken and has hardcoded passwords.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-12 12:09:22 +00:00
Michael Tremer
71cf8c8a6f Drop perl-DBD-mysql 
This package is not used by anything and depends on MySQL
which has been dropped, too.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-12 12:07:29 +00:00
Michael Tremer
2d5940daca Drop MySQL 
This is outdated and still on 5.0.x and nobody volunteered to
update this package.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-12 12:05:46 +00:00
Michael Tremer
c4713705d1 asterisk: Do not depend on MySQL any more 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-12 12:02:51 +00:00
Michael Tremer
4fcf8acfea postfix: Don't depend on amavis 
This can be used together but there is no need to
always install amavis when someone wants to use postfix

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-12 11:52:07 +00:00
Michael Tremer
db116a33d6 postfix: Don't depend on MySQL any more 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-12 11:51:46 +00:00
Michael Tremer
abf2b05474 postfix: Don't ship our own configuration 
This is outdated and half of it is not maintained any more.

Users should configure postfix themselves based on the
default configuration.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-12 11:50:51 +00:00
Michael Tremer
3e8ce0dd86 Drop pammysql 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-12 11:44:28 +00:00
Michael Tremer
e3e17107ba Drop tcpwrapper 
This library has been unused for quite a while

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-12 11:42:47 +00:00