bpfire

mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-27 11:13:24 +02:00

Author	SHA1	Message	Date
Arne Fitzenreiter	2caca41217	kernel: enable PCA953X GPIO extender for ClearFog boards fixes: #12000 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-02-16 21:44:52 +01:00
Arne Fitzenreiter	ede9247310	kernel: update to 4.14.101 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-02-15 17:46:54 +01:00
Michael Tremer	5368ccb0fc	core128: Ship kdig Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-13 11:32:00 +00:00
Erik Kapfer	2397e51335	knot: Reduced version of knot with kdig only Signed-off-by: Erik Kapfer <ummeegge@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-13 11:31:37 +00:00
Michael Tremer	59d673ae44	core128: Ship libedit Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-13 11:31:24 +00:00
Erik Kapfer	17b3255b7f	libedit: A command line editor library Dependency for knot (kdig). Signed-off-by: Erik Kapfer <ummeegge@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-13 11:30:58 +00:00
Matthias Fischer	17d9d42571	powertop: Update to 2.10 Hi, Triggered by: https://forum.ipfire.org/viewtopic.php?f=69&t=22274 For details see: https://01.org/powertop/downloads/powertop-v2.10 Best, Matthias Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-13 11:29:39 +00:00
Matthias Fischer	941a3dec4e	dhcpcd: Update to 7.1.1 For details see: https://roy.marples.name/blog/dhcpcd-7-1-1-released "A minor update, highlights include: IPv4LL: Fixed build with this disabled IPv4LL: Remember last address between carrier resets BSD: Fixed initial link infos reported as LINK_STATE_UNKNOWN FreeBSD: Avoid panicing kernel when RTA_IFP is set for IPv6 prefix routes" Best, Matthias Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-13 11:28:30 +00:00
Matthias Fischer	d5b7f82a40	curl: Update to 7.64.0 Hi, For details see: https://curl.haxx.se/changes.html This came rather unexpected - if I'd known, I'd have waited with 7.63.0. "Changes: cookies: leave secure cookies alone hostip: support wildcard hosts http: Implement trailing headers for chunked transfers http: added options for allowing HTTP/0.9 responses timeval: Use high resolution timestamps on Windows Bugfixes: CVE-2018-16890: NTLM type-2 out-of-bounds buffer read CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow CVE-2019-3823: SMTP end-of-response out-of-bounds read FAQ: remove mention of sourceforge for github OS400: handle memory error in list conversion OS400: upgrade ILE/RPG binding. README: add codacy code quality badge Revert http_negotiate: do not close connection THANKS: added several missing names from year <= 2000 build: make 'tidy' target work for metalink builds cmake: added checks for variadic macros cmake: updated check for HAVE_POLL_FINE to match autotools cmake: use lowercase for function name like the rest of the code configure: detect xlclang separately from clang configure: fix recv/send/select detection on Android configure: rewrite --enable-code-coverage conncache_unlock: avoid indirection by changing input argument type cookie: fix comment typo cookies: allow secure override when done over HTTPS cookies: extend domain checks to non psl builds cookies: skip custom cookies when redirecting cross-site curl --xattr: strip credentials from any URL that is stored curl -J: refuse to append to the destination file curl/urlapi.h: include "curl.h" first curl_multi_remove_handle() don't block terminating c-ares requests darwinssl: accept setting max-tls with default min-tls disconnect: separate connections and easy handles better disconnect: set conn->data for protocol disconnect docs/version.d: mention MultiSSL docs: fix the --tls-max description docs: use $(INSTALL_DATA) to install man page docs: use meaningless port number in CURLOPT_LOCALPORT example gopher: always include the entire gopher-path in request http2: clear pause stream id if it gets closed if2ip: remove unused function Curl_if_is_interface_name libssh: do not let libssh create socket libssh: enable CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION for libssh libssh: free sftp_canonicalize_path() data correctly libtest/stub_gssapi: use "real" snprintf mbedtls: use VERIFYHOST multi: multiplexing improvements multi: set the EXPIRE_TIMEOUT timers at TIMER_STARTSINGLE time ntlm: fix NTMLv2 compliance ntlm_sspi: add support for channel binding openssl: adapt to 3.0.0, OpenSSL_version_num() is deprecated openssl: fix the SSL_get_tlsext_status_ocsp_resp call openvms: fix OpenSSL discovery on VAX openvms: fix typos in documentation os400: add a missing closing bracket os400: fix extra parameter syntax error pingpong: change default response timeout to 120 seconds pingpong: ignore regular timeout in disconnect phase printf: fix format specifiers runtests.pl: Fix perl call to include srcdir schannel: fix compiler warning schannel: preserve original certificate path parameter schannel: stop calling it "winssl" sigpipe: if mbedTLS is used, ignore SIGPIPE smb: fix incorrect path in request if connection reused ssh: log the libssh2 error message when ssh session startup fails test1558: verify CURLINFO_PROTOCOL on file:// transfer test1561: improve test name test1653: make it survive torture tests tests: allow tests to pass by 2037-02-12 tests: move objnames- from lib into tests timediff: fix math for unsigned time_t timeval: Disable MSVC Analyzer GetTickCount warning tool_cb_prg: avoid integer overflow travis: added cmake build for osx urlapi: Fix port parsing of eol colon urlapi: distinguish possibly empty query urlapi: fix parsing ipv6 with zone index urldata: rename easy_conn to just conn winbuild: conditionally use /DZLIB_WINAPI wolfssl: fix memory-leak in threaded use spnego_sspi: add support for channel binding" Best, Matthias Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-13 11:27:53 +00:00
Arne Fitzenreiter	39d43c5b99	kernel: update to 4.14.98 todo: check if RPi dwc dma patch still need to reverted before release Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-02-08 20:50:37 +01:00
Matthias Fischer	27a9f86ec4	borgbackup: Fix build on i586 Fixes ... '/usr/src/config/rootfiles/packages//borgbackup' -> '/install/packages/package/ROOTFILES' tar: usr/lib/python3.6/site-packages/borg/chunker.cpython-36m-i586-linux-gnu.so: Cannot stat: No such file or directory tar: usr/lib/python3.6/site-packages/borg/compress.cpython-36m-i586-linux-gnu.so: Cannot stat: No such file or directory tar: usr/lib/python3.6/site-packages/borg/crypto.cpython-36m-i586-linux-gnu.so: Cannot stat: No such file or directory tar: usr/lib/python3.6/site-packages/borg/hashindex.cpython-36m-i586-linux-gnu.so: Cannot stat: No such file or directory tar: usr/lib/python3.6/site-packages/borg/platform_linux.cpython-36m-i586-linux-gnu.so: Cannot stat: No such file or directory tar: Exiting with failure status due to previous errors make: *** [borgbackup:58: dist] Error 2 ... Best, Matthias Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-07 21:35:28 +00:00
Matthias Fischer	7a7c30e119	python3-llfuse: Fix build on i586 Fixes "tar: usr/lib/python3.6/site-packages/llfuse.cpython-36m-i586-linux-gnu.so: Cannot stat: No such file or directory" Best, Matthias Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-07 21:35:23 +00:00
Michael Tremer	02a8a241bb	core128: Ship updated firewall initscript Require reboot after the update Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-07 15:15:37 +00:00
Peter Müller	e01e07ec8b	apply default firewall policy for ORANGE, too If firewall default policy is set to DROP, this setting was not applied to outgoing ORANGE traffic as well, which was misleading. Fixes #11973 Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Cc: Michael Tremer <michael.tremer@ipfire.org> Cc: Oliver Fuhrer <oliver.fuhrer@bluewin.ch> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-07 15:15:32 +00:00
Peter Müller	fd16f5d8c1	Tor: update to 0.3.5.7 Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-07 15:15:26 +00:00
Michael Tremer	8be516b3bc	strongswan: Do not create any NAT rules when using VTI/GRE Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:38:24 +00:00
Michael Tremer	41f3351320	Drop "OpenVPN" part from VPN N2N stats page Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	1e2b257789	Add routed IPsec connections to traffic graphs section Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	7ba652af8c	firewall: Write correct rules bound to interface for routes IPsec tunnels Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	f9dd134645	ipsec-interfaces: Resolve any remote hostnames Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	d985ce5ae9	ipsec-interfaces: Move conditional block into the loop Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	38f6bdb740	ipsec: Drop delayed restart setting This is a very bad race-condition situation and is not solved by an unintuitive setting. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	517683eeb1	ipsec: Drop VPN_IP setting This is now a per-connection setting Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	26c2cc580b	ipsec: Add translation strings for recent changes Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	6826364580	ipsec-*: Name some more configuration variables Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	1ca2f88a74	ipsec-interfaces: Uses local IP address from connection first, then default Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	c32fc72e36	ipsec-policy: Correct open ports for connections on aliases Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	ae0d069827	ipsec: Allow to select local IP address used for peer on UI Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	455fdcb17a	ipsec: Re-arrange inputs for peer addresses, subnets, etc. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	7e25093d42	ipsec: Don't allow to select VTI in transport mode Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	605c391aaf	vpnmain.cgi: Don't populate GREEN subnet when green doesn't exist Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	c94aa25475	ipsec-interfaces: Fix typo in variable name Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	327d1223f3	strongswan: No longer create any routes automatically Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	c821440ced	ipsec: Filter better for GRE/VTI interfaces This tried to delete the GREEN interface before Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	6a45a1f101	ipsec: TTL only applies for GRE interfaces and not VTI Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	54bac01402	ipsec: Find correct RED IP address when using %defaultroute Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	3dc21d43bf	ipsec: Log a message when an interface could not be created Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	1a45f9a70a	ipsec-interfaces: Don't add any interfaces when IPsec is disabled Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	a56357b8be	Revert "ipsec-interfaces: Run when IPsec is disabled" This reverts commit 3c3a1cfdb9b473fae9b792e8c211c9940fafc658. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	216bd9b389	vpnmain.cgi: Move advanced IPsec settings to connection page This is required to make the initial setup easier for GRE/VTI connections Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	4cf038dcfe	ipsec-interfaces: Run when IPsec is disabled This needs to run even when IPsec is disable to remove and interfaces Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	05af70c2f3	ipsec-interfaces: Use correct righthost variable Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	f2d45a45ab	IPsec: Do not allow 0.0.0.0/0 as remote subnet This renders the whole machine inaccessible Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	68e69b676f	network: Create IPsec interfaces when network is brought up Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	3446a17293	ipsecctrl: Call ipsec-interfaces script when turning up/shutting down connections Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	b8c153bca5	IPsec: Add (experimental) script that creates GRE/VTI interfaces Signed-off-by: root <root@interim-edge-a.ec2.internal>	2019-02-04 18:20:36 +00:00
Michael Tremer	90aa4f1083	IPsec: Use left/rightprotoport in GRE mode Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	b89ae1a4e3	ipsecctrl: Don't wait when a connection is to be started Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	5a9c9ff312	ipsec-policy: Don't install any block rules for connections with an interface Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	b54cd874b9	ipsec-policy: Permit GRE traffic for GRE connections Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00

1 2 3 4 5 ...

12778 Commits