bpfire

mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-11 19:55:52 +02:00

Author	SHA1	Message	Date
Michael Tremer	e432689aa9	DNS: Fall back to permissive mode if recursor mode is unavailable The tests when assigning DNS name servers has been extended so that if no working forwarder can be found, we will test if the local recursor mode is an option. If not, we will configure unbound's validator module into permissive mode so that at least some DNS functionality is available. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-02-27 21:38:03 +00:00
Matthias Fischer	e01b933cc2	squid 3.5.24: latest patch (14142) (Fixed: wrong squid version from previous commit) "Bump SSL client on [more] errors encountered before ssl_bump evaluation" Best, Matthias Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-02-15 14:55:26 +00:00
Matthias Fischer	a0a33a8f10	BUG11271 / GeoIP: Download GeoIP database via HTTPS For details see: https://bugzilla.ipfire.org/show_bug.cgi?id=11271 Download GEoIP database per HTTPS download. Best, Matthias Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-02-04 13:31:35 +00:00
Matthias Fischer	48db07db14	squid: Update to 3.5.24 Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-01-29 19:27:07 +00:00
Arne Fitzenreiter	ba957627e2	kernel: support for newer eMMC modules Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2017-01-19 18:21:38 +01:00
Matthias Fischer	d38c8a6794	GeoIP: Update to 1.25 / changed database path Database path changed to '/usr/share/GeoIP' Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-01-16 16:54:59 +00:00
Michael Tremer	5056b4f104	Drop mldonkey files The packages has been dropped years ago. However, some files remained in the source tree. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-01-16 16:53:35 +00:00
Jonatan Schlag	b1b6e9f396	Fix the backup iso script once again. In commit `391560854f` was an error in the case statement. On i?586 the check fails. Removing the "" fixes the error. Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-01-04 11:21:28 +00:00
Jonatan Schlag	391560854f	Improvement of backup iso script The backup iso script did not check the arch of the host. On x86_64 host the wrong iso was downloaded. Furthermore, there were some if clauses which could cause trouble which I also tried to improve. (For example: -e is valid if we have a directory or a file, but we want to check for a file only ) Fixes: 11258 Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-01-02 19:12:14 +00:00
Matthias Fischer	22dbd018f1	squid 3.5.23: latest patch (14129) Seems to be a serious one. "Bug #3940 pt2: Make 'cache deny' do what is documented". (Duplicate of Bug 3783) For details see: http://bugs.squid-cache.org/show_bug.cgi?id=3940 Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2016-12-29 15:37:07 +00:00
Arne Fitzenreiter	e11038354b	hwdata: update databases pci.ids 2016.12.19 usb.ids 2016.12.05 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2016-12-22 21:53:39 +01:00
Matthias Fischer	a1bc7f3ab9	squid: Update to 3.5.23 Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2016-12-17 17:26:38 +00:00
Matthias Fischer	3c22a549ab	squid 3.5.22: latest patches (14123-14126) Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2016-12-17 17:26:36 +00:00
Michael Tremer	b2f96a94e3	unbound: EDNS buffer size defaults to 4096 If this is changed, a warning will be shown. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2016-12-14 12:51:46 +00:00
Michael Tremer	8f3034d0db	unbound: Test for working EDNS buffer size and adjust accordingly Some networks have equipment that fails to forward DNS queries with EDNS and the DO bit set. They might even lose the replies. This patch will adjust unbound so that it will not try to receive too large replies and falls back to TCP earlier. This creates some higher load on the DNS servers but at least gives us working DNS. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2016-12-14 12:45:07 +00:00
Matthias Fischer	a5f09f8e5b	squid 3.5.22: latest patches (14119-14122) Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2016-12-12 11:20:21 +00:00
Matthias Fischer	4ce082a4dd	squid 3.5.22: latest patches (14114-14118) Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2016-12-06 14:19:20 +00:00
Matthias Fischer	262c48be60	squid 3.5.22: latest patches (14103-14113) Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2016-12-06 14:19:12 +00:00
Matthias Fischer	cc8f79f95f	squid 3.5.22: latest patches (14100-14102) Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2016-12-06 14:19:06 +00:00
Matthias Fischer	cc2a2209d8	squid 3.5.22: latest patch (14099) Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2016-12-06 14:19:03 +00:00
Michael Tremer	2aa15dee66	unbound: Fix DNS forwarder test The previous version aborted when the validation test suceeded, but this is not always sufficient in case a provider filters any DNSKEY, DS or RRSIG records. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2016-12-01 17:13:07 +00:00
Michael Tremer	cd812106b1	unbound: Do not try removing forwarders when unbound is not running Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2016-11-29 12:28:23 +00:00
Michael Tremer	adb11e90df	Always enable asynchronous logging This patch always enables asynchronous logging which slows down the system a lot on slow storage and some virtual environments. It also removes the configuration options in the web user interface, since this is not configurable any more. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2016-11-29 12:18:41 +00:00
Stefan Schantl	0b5b6a594c	ddns: Import patches for schokokeks.org support. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2016-11-28 21:50:24 +00:00
Arne Fitzenreiter	34f6a3f1b5	Merge remote-tracking branch 'origin/core107'	2016-11-04 20:52:00 +01:00
Arne Fitzenreiter	2d646e9838	ntp: init with hardcoded ip if dns not work DNSSec need the correct time to validate the zones so we need a workaround to init the time without dns. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2016-11-04 19:31:07 +01:00
Michael Tremer	7ebc0a16e2	unbound: Allow list of INSECURE_ZONES being set in sysconfig A list of DNS zones can be given for which DNSSEC validation will be disabled. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2016-11-04 17:43:05 +00:00
Michael Tremer	3ddad158cd	unbound: Allow recursion from everywhere Users use the IPFire DNS service from VPNs and other routed networks. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2016-11-04 17:08:13 +00:00
Arne Fitzenreiter	2872f345b0	guardian: add path to update-lang-cache Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2016-11-03 06:51:49 +01:00
Arne Fitzenreiter	f8571e07be	guardian: add languange cache regeneration at (un)install Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2016-11-02 20:26:58 +01:00
Michael Tremer	a6dcc5bb77	unbound: Fix for DNS forwarding of .local zones These are traditionally used for Windows domains and should not be used for that. However if they are used like this, DNSSEC validation cannot be used. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2016-11-02 15:51:49 +00:00
Arne Fitzenreiter	4bdbf22ee4	kernel: fix CVE-2016-5159 (Dirty COW) Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2016-10-22 20:20:22 +02:00
Arne Fitzenreiter	ed7a7f77db	kernel: add support aes-ni support for aes-192 and 256 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2016-10-22 16:52:40 +02:00
Arne Fitzenreiter	5a2ebd32c0	Merge branch 'master' into next	2016-10-22 10:33:46 +02:00
Michael Tremer	96473f525d	Revert "setup: Store passwords in SHA format" This reverts commit `eef9b2529c`. It appears that htpasswd is not salting any passwords that are stored with the SHA (-s) algorithm. MD5 passwords however are salted. That leads us to the conclusion that the "MD5 algorithm" in htpasswd is more secure than the "SHA algorithm" although the hash function itself should be stronger. With a rainbow table, cracking "SHA" is easily done. A rainbow table for "MD5" + salt would be way too large to be efficiently stored. Hence this commit is reverted to old behaviour to avoid the clear failure of design in SHA. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>	2016-10-15 22:38:01 +01:00
Michael Tremer	6920fbe86d	unbound: Omit reverse PTRs if address equals GREEN Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2016-10-15 22:34:43 +01:00
Arne Fitzenreiter	9f9d4e3c74	unbound/dhcp: stop lease bridge if dhcp was needed to killed Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2016-10-15 22:33:54 +01:00
Michael Tremer	868d2a1fff	unbound: Omit reverse PTRs if address equals GREEN Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2016-10-15 22:32:21 +01:00
Arne Fitzenreiter	d1778a773e	unbound/dhcp: stop lease bridge if dhcp was needed to killed Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2016-10-13 17:21:28 +02:00
Matthias Fischer	11073720a2	squid: Update to 3.5.22 Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2016-10-12 22:40:42 +01:00
Michael Tremer	1b4d5ad9af	unbound: Move "listen on all" to main configuration file Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2016-10-12 22:37:26 +01:00
Arne Fitzenreiter	d221f41fbe	unbound: bind to all interfaces this allow to add interfaces without restart unbound. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2016-10-12 22:43:21 +02:00
Arne Fitzenreiter	3a6752d928	setup: restart unbound after network config change Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2016-10-12 22:39:41 +02:00
Arne Fitzenreiter	f824cd285b	setclock: accept also empty logfile timestamp Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2016-10-09 12:10:15 +02:00
Arne Fitzenreiter	0807ce69ee	setclock: prevent time bacjump by empty rtc batteries This is a work around to prevent not working dns resolution if the time jumps before the DNSSec signing key. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2016-10-08 15:43:54 +02:00
Arne Fitzenreiter	0d7ca700bd	unbound: skip green interface if ip was set to 1.1.1.1 this is a reserved marker for unused green ip. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2016-10-07 11:27:33 +02:00
Michael Tremer	eef9b2529c	setup: Store passwords in SHA format htpasswd doesn't protect passwords very well. MD5 was used before and now any newly created passwords will use the SHA format. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2016-10-04 22:41:48 +01:00
Arne Fitzenreiter	a48a2034f5	unbound: fix update forwarders if unbound was not running psgrep has no "-q" switch so i use pidof. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2016-10-04 19:24:26 +02:00
Arne Fitzenreiter	f75c279b97	unbound: fix reverse lockup of webif defined hosts and make the own host resolveable. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2016-10-03 17:53:13 +02:00
Arne Fitzenreiter	642b831b72	Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next	2016-10-02 16:36:57 +02:00

1 2 3 4 5 ...

2913 Commits