webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-14 13:02:58 +02:00
Code Issues Packages Projects Releases Wiki Activity
19,332 Commits 2 Branches 1 Tag
ef7d41ef9ea09efd48b934319deb9742e7e41ea1
Commit Graph

10293 Commits

Author SHA1 Message Date
Michael Tremer
ef7d41ef9e Merge remote-tracking branch 'origin/next' 2022-08-13 12:48:49 +00:00
Peter Müller
bf372864d4 python3-Cython: Add 32-bit ARM rootfile 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2022-08-11 18:44:29 +00:00
Adolf Belka
cb170abd3b fmt: Convert from build only to run time also for mpd 
- libfmt required in run time by mpd
- mpd changelog specifically said fmt was a build only dependency
- Bug#12909 flagged up that fmt was also a run time dependency for mpd

Fixes: Bug#12909
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
 2022-08-11 18:35:03 +00:00
Peter Müller
2b6cb76588 Core Update 170: Ship vpnmain.cgi 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2022-08-11 18:33:22 +00:00
Michael Tremer
f605a2d303 amazon-ssm-agent: Enable build for aarch64 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
 2022-08-11 18:29:13 +00:00
Michael Tremer
8f43a91a3f go: Add for aarch64 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
 2022-08-11 18:29:13 +00:00
Peter Müller
b8d84561e1 Core Update 170: sed supports PCRE indeed 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2022-08-11 10:29:12 +00:00
Peter Müller
ff4b1fc130 Core Update 170: Hrmpf, fix sed call again 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2022-08-10 21:04:36 +00:00
Peter Müller
8b97ba21c6 Core Update 170: Ship intel-microcode 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2022-08-10 19:57:21 +00:00
Michael Tremer
c4fc6eb017 nqptp: New package 
This is a PTP clock synchronisation daemon.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-08-10 10:44:31 +00:00
Michael Tremer
3efa7be901 libsodium: New package 
Sodium is a new, easy-to-use software library for encryption,
decryption, signatures, password hashing and more.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-08-10 10:44:31 +00:00
Michael Tremer
200e39b79f libplist: New package 
A library to handle Apple Property List format in binary or XML.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-08-10 10:44:31 +00:00
Peter Müller
fe803a3f89 Revert "linux: Enable randstruct on ARM as well" 
This reverts commit f38e8a35c2.

(Thank you, Arne!)
 2022-08-09 10:43:05 +00:00
Peter Müller
26a91db187 Revert "Revert "linux: Do not allow slab caches to be merged"" 
This reverts commit 1695af3862.

https://lists.ipfire.org/pipermail/development/2022-August/014112.html
 2022-08-09 09:29:42 +00:00
Peter Müller
4865b7f6b8 Revert "Revert "kernel: update to 5.15.59"" 
This reverts commit f25f1b55af.
 2022-08-08 13:17:30 +00:00
Peter Müller
5a18ee55e6 Revert "linux: Randomize layout of sensitive kernel structures" 
This reverts commit 4c46e7f818.
 2022-08-08 13:17:19 +00:00
Peter Müller
a08173658c Core Update 170: Ship zlib 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2022-08-08 10:11:21 +00:00
Peter Müller
f25f1b55af Revert "kernel: update to 5.15.59" 
This reverts commit 43df4a0373.
 2022-08-08 10:10:35 +00:00
Peter Müller
1695af3862 Revert "linux: Do not allow slab caches to be merged" 
This reverts commit 06b4164dfe.
 2022-08-08 10:10:17 +00:00
Adolf Belka
30ea66cf4b pyfuse3: Install to provide fuse capability for borgbackup 
- v3 version adds specific armv6l based rootfile as xxxMACHINExxx does not get correct
   substitution

Fixes: Bug#12611
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
 2022-08-07 09:32:40 +00:00
Peter Müller
06b4164dfe linux: Do not allow slab caches to be merged 
From the kernel documentation:

> For reduced kernel memory fragmentation, slab caches can be
> merged when they share the same size and other characteristics.
> This carries a risk of kernel heap overflows being able to
> overwrite objects from merged caches (and more easily control
> cache layout), which makes such heap attacks easier to exploit
> by attackers. By keeping caches unmerged, these kinds of exploits
> can usually only damage objects in the same cache. [...]

Thus, it is more sane to leave slab merging disabled. KSPP and ClipOS
recommend this as well.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-08-06 13:51:02 +00:00
Arne Fitzenreiter
43df4a0373 kernel: update to 5.15.59 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
 2022-08-06 07:45:02 +00:00
Peter Müller
c2de1bd7a5 Core Update 170: Ship nano 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2022-08-06 07:22:02 +00:00
Jon Murphy
645c2eb8dc tftpd: add missing directory 
- starting tftpd currently throws "missing directory" error
- this change corrects the issue

Signed-off-by: Jon Murphy <jon.murphy@ipfire.org>
Acked-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-08-05 09:12:54 +00:00
Adolf Belka
006f9fda6b python3-outcome: Dependency for python3-trio 
Fixes: Bug#12611
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
 2022-08-05 09:09:30 +00:00
Adolf Belka
37f8c0617a python3-sortedcontainers: Dependency for python3-trio 
Fixes: Bug#12611
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
 2022-08-05 09:09:30 +00:00
Adolf Belka
f1e30a702a python3-sniffio: Dependency for python3-trio 
Fixes: Bug#12611
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
 2022-08-05 09:09:30 +00:00
Adolf Belka
fea3c1eaf4 python3-attrs: Dependency for python3-trio 
Fixes: Bug#12611
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
 2022-08-05 09:09:30 +00:00
Adolf Belka
d62b0fb202 python3-async_generator: Dependency for python3-trio 
Fixes: Bug#12611
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
 2022-08-05 09:09:30 +00:00
Adolf Belka
36fab535bf python3-attr: Dependency for python3-trio 
Fixes: Bug#12611
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
 2022-08-05 09:09:30 +00:00
Adolf Belka
0c161e8cfb python3-trio: Dependency for python3-pyfuse3 
Fixes: Bug#12611
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
 2022-08-05 09:09:29 +00:00
Adolf Belka
a0b068783c python3-Cython: Required for build of pyfuse3 
- rootfile has all entries commented out as not needed for execution only build

Fixes: Bug#12611
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
 2022-08-05 09:09:29 +00:00
Adolf Belka
9cb200c4d9 pyfuse3: Install to provide fuse capability for borgbackup 
Fixes: Bug#12611
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
 2022-08-05 09:09:29 +00:00
Peter Müller
f38e8a35c2 linux: Enable randstruct on ARM as well 
My fault, again. :-/

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2022-08-04 12:38:01 +00:00
Peter Müller
494d2b4bf3 linux: Update ARM kernel configuration files 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2022-08-04 12:32:43 +00:00
Peter Müller
893427ad8b linux: Update rootfiles 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2022-08-04 12:11:53 +00:00
Peter Müller
668cf4c0d0 GnuTLS: Zut alors, update rootfile 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2022-08-04 12:04:01 +00:00
Peter Müller
86077bafc0 qemu: Update to 7.0.0 
Please refer to https://wiki.qemu.org/ChangeLog/7.0 for the changelog of
this version.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2022-08-03 10:59:32 +00:00
Peter Müller
4c46e7f818 linux: Randomize layout of sensitive kernel structures 
To quote from the kernel documentation:

> If you say Y here, the layouts of structures that are entirely
> function pointers (and have not been manually annotated with
> __no_randomize_layout), or structures that have been explicitly
> marked with __randomize_layout, will be randomized at compile-time.
> This can introduce the requirement of an additional information
> exposure vulnerability for exploits targeting these structure
> types.
>
> Enabling this feature will introduce some performance impact,
> slightly increase memory usage, and prevent the use of forensic
> tools like Volatility against the system (unless the kernel
> source tree isn't cleaned after kernel installation).
>
> The seed used for compilation is located at
> scripts/gcc-plgins/randomize_layout_seed.h. It remains after
> a make clean to allow for external modules to be compiled with
> the existing seed and will be removed by a make mrproper or
> make distclean.
>
> Note that the implementation requires gcc 4.7 or newer.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-08-03 10:59:03 +00:00
Peter Müller
56256e6d2b Core Update 170: Delete stale GnuTLS library 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2022-08-03 10:58:06 +00:00
Peter Müller
7e451c52dc GnuTLS: Update to 3.7.7 
Please refer to https://lists.gnupg.org/pipermail/gnutls-help/2022-July/004746.html
the release notes of this version, and https://www.gnutls.org/security-new.html#GNUTLS-SA-2022-07-07
for the accompanying security advisory.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2022-08-03 10:57:24 +00:00
Peter Müller
38a5d03f59 linux: Enable PCI passthrough for QEMU 
Fixes: #12754
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-08-03 10:57:05 +00:00
Peter Müller
2c4a5bcdf3 Core Update 170: Ship Bash 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2022-08-03 10:56:37 +00:00
Peter Müller
ef43621772 fmt: Update to 9.0.0 
Please refer to https://github.com/fmtlib/fmt/releases/tag/9.0.0 for the
release announcement of this version.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2022-08-03 10:56:01 +00:00
Peter Müller
d8d6b12403 linux: Do not enable dangerous legacy DRM drivers 
https://lists.ipfire.org/pipermail/development/2022-July/013886.html

This leaves current Nvidia Nouveau support untouched.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-08-03 10:55:21 +00:00
Peter Müller
ef439b6871 linux: Update rootfiles to reflect dropped support of dprintk 
See: 883e29630c

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2022-08-03 10:54:07 +00:00
Peter Müller
de7a483f6a linux: Update aarch64 rootfile 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2022-08-02 15:22:15 +00:00
Peter Müller
6e9f717a33 Core Update 170: Delete orphaned comment from update.sh 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2022-08-02 15:19:07 +00:00
Jon Murphy
4e15397dba update.sh: clean out old collectd statistics 
- processes-mysqld
- processes-snort
- processes-rtorrent
- processes-asterisk
- processes-java
- processes-spamd
- entropy

Signed-off-by: Jon Murphy <jon.murphy@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
 2022-08-02 15:18:31 +00:00
Peter Müller
beb821de57 Core Update 170: Fix sed call 
Fixes: #12907
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2022-08-02 15:09:55 +00:00