bpfire

mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-10 19:15:54 +02:00

Author	SHA1	Message	Date
Matthias Fischer	d6d5999af1	hostapd: Update to 2.7 For details see: https://w1.fi/cgit/hostap/plain/hostapd/ChangeLog This patch sticks to 'wpa_supplicant: Update to 2.7'. Best, Matthias Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-03-04 09:26:58 +00:00
Erik Kapfer	5a3c9ef298	netsnmpd: OpenSSL patch is incl. in new version Signed-off-by: Erik Kapfer <ummeegge@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-03-04 09:26:58 +00:00
Matthias Fischer	aa88b2ef59	squid: Update to 4.6 For details see: http://www.squid-cache.org/Versions/v4/changesets/ The 'configure'-option "--disable-ipv6" was removed, it is no longer necessary. See: https://lists.ipfire.org/pipermail/development/2016-April/002046.html "The --disable-ipv6 build option is now deprecated. ... Squid-3.5.7 and later will perform IPv6 availability tests on startup in all builds. - Where IPv6 is unavailable Squid will continue exactly as it would have had the build option not been used. These Squid can have the build option removed now." The warning message concerning a "BCP 177 violation" while starting 'squid' can be ignored. Best, Matthias Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-03-02 14:07:38 +00:00
Michael Tremer	50d1bbf0f5	Merge branch 'ipsec' into next	2019-02-25 00:48:08 +00:00
Arne Fitzenreiter	c09758302b	kernel: update to 4.14.103 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-02-23 15:56:21 +01:00
Arne Fitzenreiter	173844d352	kernel: import cve-2019-8912 patch Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-02-22 21:20:57 +01:00
Arne Fitzenreiter	6957b699b3	kernel: apu leds: add more id's Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-02-22 18:02:45 +01:00
Arne Fitzenreiter	710153a89c	partresize: add "apu1" for apus with new bios.	2019-02-22 18:01:18 +01:00
Arne Fitzenreiter	a2d49659f3	kernel: cleanup unused rpi patch Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-02-21 19:13:27 +01:00
Arne Fitzenreiter	8f49959d70	partresize: enable serial console on PC Engines APU Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-02-19 15:26:41 +01:00
Arne Fitzenreiter	17872019ba	kernel: update apu led patch for apu3 and 4 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-02-19 01:04:19 +01:00
Michael Tremer	9bc1760052	unbound: Drop certificates for local control connection These are a cause of worry because they are sometimes generated with an invalid timestamp and therefore render unbound being unusable. There is no strong reason to use self-signed certificates for extra security here. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-17 13:46:51 +00:00
Peter Müller	e01e07ec8b	apply default firewall policy for ORANGE, too If firewall default policy is set to DROP, this setting was not applied to outgoing ORANGE traffic as well, which was misleading. Fixes #11973 Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Cc: Michael Tremer <michael.tremer@ipfire.org> Cc: Oliver Fuhrer <oliver.fuhrer@bluewin.ch> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-07 15:15:32 +00:00
Michael Tremer	8be516b3bc	strongswan: Do not create any NAT rules when using VTI/GRE Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:38:24 +00:00
Michael Tremer	f9dd134645	ipsec-interfaces: Resolve any remote hostnames Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	d985ce5ae9	ipsec-interfaces: Move conditional block into the loop Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	38f6bdb740	ipsec: Drop delayed restart setting This is a very bad race-condition situation and is not solved by an unintuitive setting. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	517683eeb1	ipsec: Drop VPN_IP setting This is now a per-connection setting Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	6826364580	ipsec-*: Name some more configuration variables Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	1ca2f88a74	ipsec-interfaces: Uses local IP address from connection first, then default Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	c94aa25475	ipsec-interfaces: Fix typo in variable name Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	c821440ced	ipsec: Filter better for GRE/VTI interfaces This tried to delete the GREEN interface before Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	6a45a1f101	ipsec: TTL only applies for GRE interfaces and not VTI Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	54bac01402	ipsec: Find correct RED IP address when using %defaultroute Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	3dc21d43bf	ipsec: Log a message when an interface could not be created Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	1a45f9a70a	ipsec-interfaces: Don't add any interfaces when IPsec is disabled Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	a56357b8be	Revert "ipsec-interfaces: Run when IPsec is disabled" This reverts commit 3c3a1cfdb9b473fae9b792e8c211c9940fafc658. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	4cf038dcfe	ipsec-interfaces: Run when IPsec is disabled This needs to run even when IPsec is disable to remove and interfaces Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	05af70c2f3	ipsec-interfaces: Use correct righthost variable Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	68e69b676f	network: Create IPsec interfaces when network is brought up Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	3446a17293	ipsecctrl: Call ipsec-interfaces script when turning up/shutting down connections Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	b8c153bca5	IPsec: Add (experimental) script that creates GRE/VTI interfaces Signed-off-by: root <root@interim-edge-a.ec2.internal>	2019-02-04 18:20:36 +00:00
Michael Tremer	b89ae1a4e3	ipsecctrl: Don't wait when a connection is to be started Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	6cf8bc9161	IPsec: Move opening ports from ipsecctrl into ipsec-policy script Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Michael Tremer	6c920b19cd	IPsec: Rename ipsec-block script to ipsec-policy This is a more general name for a script that will be extended soon to do more than just add blocking rules. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-02-04 18:20:36 +00:00
Peter Müller	fee8b1c504	OpenSSH: update to 7.9p1 Update OpenSSH to 7.9p1 (release note is available at https://www.openssh.com/txt/release-7.9). Patching support for OpenSSL 1.1.0 is no longer required, thus the orphaned patchfile has been deleted. Signed-off-by: Peter Müller <peter.mueller@link38.eu> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-01-23 05:13:47 +00:00
Arne Fitzenreiter	be838808e1	Merge remote-tracking branch 'origin/master' into next	2019-01-23 21:19:01 +01:00
Peter Müller	903052ddea	use HTTPS for downloading GeoIP database files Signed-off-by: Peter Müller <peter.mueller@link38.eu> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-01-23 04:12:49 +00:00
Michael Tremer	480e301442	xtables-addons: Fix generating GeoIP database Perl seems to have a very funny feature where you cannot rely on how it formats IP addresses into a binary string. This seems to be 16 bytes long for IPv4 addresses when we (and the kernel) only expect 4. This patch changes this so that the last 12 bytes are just being dropped. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-01-23 04:12:41 +00:00
Peter Müller	d38e7e256d	use HTTPS for downloading GeoIP database files Signed-off-by: Peter Müller <peter.mueller@link38.eu> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-01-21 21:03:38 +00:00
Arne Fitzenreiter	9b86a7ec28	Merge remote-tracking branch 'origin/master' into next	2019-01-19 19:58:48 +01:00
Arne Fitzenreiter	271bac39a0	xt_geoip_updte: fix download url the maxmind server delivers an old version if there are two slashes before the database filename. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-01-19 15:16:43 +01:00
Peter Müller	47051c2a0a	drop orphaned OpenSSL patches Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-01-17 14:42:37 +00:00
Erik Kapfer	32ba431458	openssl: Update to version 1.1.1a Disabled MD2 and Aria cipher. TLSv1.3 is now available with: TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 TLS_AES_256_GCM_SHA384 TLSv1.3 TLS_AES_128_GCM_SHA256 TLSv1.3 Signed-off-by: Erik Kapfer <ummeegge@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-01-17 14:33:20 +00:00
Michael Tremer	f0092a6e3e	keepalived: Move change of conntrack sysctl option into package The setting cannot be set on the default system because the ip_vs module is not loaded by default and there is no reason to load it just because we would be able to set the setting. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-01-13 12:50:26 +01:00
Matthias Fischer	042a5fe60a	tar: Update to 1.31, including fix for bug #11958 For details see: http://savannah.gnu.org/forum/forum.php?forum_id=9344 "- Fix heap-buffer-overrun with --one-top-level. - Support for zstd compression. - The -K option interacts properly with member names given in the command line. - Fix CVE-2018-20482" This patch was reverted because 'tar 1.31' crashed when installing PakFire packages with the option '--no-overwrite-dir'. See: https://bugzilla.ipfire.org/show_bug.cgi?id=11958 Included is now a patch from https://savannah.gnu.org/bugs/?55413, which seems to fix this issue. The test cases given in https://savannah.gnu.org/bugs/?55413#comment1 ran without problems. As always, please check and confirm. Best, Matthias Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-01-07 01:31:43 +00:00
Stefan Schantl	b76a8a008d	xt_geoip_update: Adjust script to download and use the GeoLite2 database Fixes #11961. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-01-07 01:21:01 +00:00
Stefan Schantl	a77870146f	xtables-addons: Use shipped xt_geoip_build Use the shipped xt_geoip_build directly instead of holding a copy in our GIT. Reference #11959 Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-01-07 01:20:22 +00:00
Michael Tremer	7d5caee6bd	Add initscript for conntrackd The daemon will be started by default when a configuration file exists. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-01-06 08:59:25 +00:00
Arne Fitzenreiter	5e6f343b7d	python: update to 2.7.15 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-01-06 15:51:53 +01:00

1 2 3 4 5 ...

3421 Commits