webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-11 19:47:15 +02:00
Code Issues Packages Projects Releases Wiki Activity
12,011 Commits 2 Branches 1 Tag
eeab80f8dcb7ad8564ac684e014f1a67be82923e
Commit Graph

1973 Commits

Author SHA1 Message Date
Michael Tremer
bc91a66281 core123: Ship updated iana-etc 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-06-19 11:34:38 +01:00
Michael Tremer
1feef6be7c core123: Ship /var/ipfire/backup/exclude 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-06-19 11:31:01 +01:00
Michael Tremer
b1f4acadde core123: Ship updated gnupg 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-06-19 11:30:26 +01:00
Michael Tremer
28aacf565b Start Core Update 123 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-06-18 16:43:04 +01:00
Michael Tremer
05b2d72588 core121: Create updater 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-06-06 14:03:07 +01:00
Peter Müller
d8ef6a9537 display country data for remote IPs on ovpnmain.cgi 
This makes debugging easier, especially when it comes to
GeoIP related firewall rules and database related issues
such as #11482.

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-05-09 14:51:20 +01:00
Peter Müller
ea566f8485 fix aesthetic issues in remote.cgi and ship them 
Fix some minor cosmetic issues on remote.cgi as well as a typo in
the language files ("sesstions" -> "sessions"). The changes are
listed in "filelists" for Core Update 121.

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-05-09 14:49:48 +01:00
Michael Tremer
339ee7e9f6 core121: Ship updated libidn 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-05-05 20:44:52 +01:00
Michael Tremer
27279edffc core121: Ship updated pcre 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-05-05 20:44:20 +01:00
Michael Tremer
e35c70ac23 core121: Ship update list of trusted CAs 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-05-05 20:39:50 +01:00
Arne Fitzenreiter
e990e4273f core121: fix typo fileslist -> filelist 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-05-05 18:01:53 +02:00
Michael Tremer
36d9e459c0 core121: Add filelist 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-04-30 11:26:10 +01:00
Peter Müller
8858180db5 remove forgotten Nagios files, if any 
When we decided to drop Nagios, some files were not removed on the
installations. Since the package does not exist anymore, "pakfire remove
nagios" does not work so we need to clean them up manually in case they
exist.

The third version of this patch makes sure Apache is restarted
afterwards, and includes some forgotten files [sic] as well as it is
now applying for Core Update 121.

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-04-27 11:04:26 +01:00
Peter Müller
2a20456f7d Start Core Update 121 
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-04-27 11:04:21 +01:00
Michael Tremer
c79cbc1594 core120: Update OepnVPN configurations for PMTU changes 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-04-09 11:36:46 +01:00
Michael Tremer
d6d058a56b core120: Update pakfire keystore 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-04-03 17:34:24 +01:00
Michael Tremer
6ae5439e5c core120: Ship changed pakfire files 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-04-03 17:33:04 +01:00
Michael Tremer
0471d32b85 core120: Import new pakfire keys 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-04-02 15:46:40 +01:00
Michael Tremer
74e715a5a2 pakfire: Import old key, too 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-04-02 15:46:40 +01:00
Michael Tremer
397d3a8e15 pakfire: Rename new key to pakfire-2018.key 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-04-02 15:46:40 +01:00
Michael Tremer
c98304604b core120: Ship updated QoS script and gnupg 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-03-26 19:04:41 +01:00
Michael Tremer
dfdfafc7af core120: Ship updated vnstat 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-03-20 20:36:15 +00:00
Michael Tremer
eb68e27dd2 pakfire: Import key when system boots up 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-03-19 19:44:50 +00:00
Michael Tremer
b2318b5e35 core120: Ship updated logrotate and restart unbound 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-03-18 13:51:38 +00:00
Erik Kapfer
e779b6bc7a PAM: Delete old lib and symlinks 
Core 119 update delivers an updated PAM whereby the libdir has been changed from /lib to /usr/lib
but the old libraries and symlinks are still presant. Since the system searches /lib before
/usr/lib , the old libs and symlinks are used which ends up in an `LIBPAM_EXTENSION_1.1' not found.

Signed-off-by: Erik Kapfer <erik.kapfer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-03-18 13:44:04 +00:00
Michael Tremer
35b892b0dd pakfire: Drop old key import mechanism 
This was error-prone and allowed to potentially inject another
key.

Fixes: #11539
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-03-16 14:37:21 +00:00
Michael Tremer
ceed3534e1 core120: Import new pakfire PGP key 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-03-16 14:28:17 +00:00
Michael Tremer
dcd60d274e core120: Ship updated qos.cgi 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-03-06 15:13:56 +00:00
Michael Tremer
318434affb core120: Ship updated proxy.cgi 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-03-06 15:12:42 +00:00
Michael Tremer
01bec95655 core120: Ship updated unbound init script 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-03-05 15:21:56 +00:00
Michael Tremer
568a227bd3 vpnmain.cgi: Fix reading common names from certificates 
OpenSSL has changed the output of the subject lines of
certificates.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-03-01 19:59:14 +00:00
Michael Tremer
e707599d2c core120: Call openvpnctrl with full path 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-28 10:48:29 +00:00
Michael Tremer
d192815e83 core120: Ship everything that is linked against OpenSSL 
This will make sure that everything is using the new version
of the library.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-26 16:22:32 +00:00
Michael Tremer
1c0cfaa594 Disable Path MTU discovery 
This seems to be a failed concept and causes issues with transferring
large packets through an IPsec tunnel connection.

This configures the kernel to still respond to PMTU ICMP discovery
messages, but will not try this on its own.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-26 15:37:49 +00:00
Michael Tremer
f0e308ab2f core120: Fix typo in initscript name 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-26 15:34:10 +00:00
Michael Tremer
0eccedd1c8 dhcp: Allow adding extra DHCP interfaces 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-26 11:12:20 +00:00
Erik Kapfer via Development
39d11d265e OpenVPN: Ship missing OpenSSL configuration file for update 
Core 115 delivered a patch which prevents the '--ns-cert-type server is deprecated' message
and introduced also '--remote-cert-tls server' -->
https://patchwork.ipfire.org/patch/1441/ whereby the changed ovpn.cnf has not been delivered.

Signed-off-by: Erik Kapfer <erik.kapfer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-26 10:15:30 +00:00
Michael Tremer
8b080ef12b core120: Remove deprecated sshd configuration option 
This just created a warning and is now dropped

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-21 13:06:22 +00:00
Michael Tremer
c8e4391ecc core120: Remove forgotten PHP file 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-21 12:41:05 +00:00
Michael Tremer
53929f5ae8 core120: Ship updated OpenSSL 1.1.0 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-21 12:39:55 +00:00
Michael Tremer
cb8a6bf5a4 Start Core Update 120 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-21 12:20:57 +00:00
Michael Tremer
83d6101b9d core119: Reload apache after configuration changes 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-21 12:06:02 +00:00
Michael Tremer
3f42cf5cb9 backup: Don't backup apache configuration, keys only 
In the past the apache configuration was part of the backup
and may have been restored after Core Update 118 was installed
with PHP being dropped amongst other things.

This patch will make sure that only keys are being backuped.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-21 12:06:02 +00:00
Michael Tremer
ea3b9a4f88 strongswan: Update to 5.6.2 
Fixed a DoS vulnerability in the parser for PKCS#1 RSASSA-PSS
signatures that was caused by insufficient input validation.
One of the configurable parameters in algorithm identifier
structures for RSASSA-PSS signatures is the mask generation
function (MGF). Only MGF1 is currently specified for this purpose.
However, this in turn takes itself a parameter that specifies
the underlying hash function. strongSwan's parser did not
correctly handle the case of this parameter being absent,
causing an undefined data read.

This vulnerability has been registered as CVE-2018-6459.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-19 23:46:17 +00:00
Michael Tremer
a261cb06c6 IPsec: Try to restart always-on tunnels immediately 
When a tunnel that is in always-on configuration closes
unexpectedly, we can instruct strongSwan to restart it
immediately which is precisely what we do now.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-19 23:46:17 +00:00
Michael Tremer
429af17883 i2c-tools: New package 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-16 20:01:55 +00:00
Michael Tremer
4ef4d82baa core119: Ship changed proxy.cgi 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-14 22:23:20 +00:00
Michael Tremer
71cf8c8a6f Drop perl-DBD-mysql 
This package is not used by anything and depends on MySQL
which has been dropped, too.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-12 12:07:29 +00:00
Michael Tremer
2d5940daca Drop MySQL 
This is outdated and still on 5.0.x and nobody volunteered to
update this package.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-12 12:05:46 +00:00
Michael Tremer
3e8ce0dd86 Drop pammysql 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-12 11:44:28 +00:00