webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-19 23:43:00 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
c0dd2fd124a24bce5f22f4359e0908d56ae7f9c4
bpfire/config
History
Adolf Belka c0dd2fd124 openssl: Update to version 3.2.0 
- Update from version 3.1.4 to 3.2.0
- Update of rootfile
- Changelog
    3.2.0
	This release incorporates the following potentially significant or incompatible
	changes:
	  * The default SSL/TLS security level has been changed from 1 to 2.
	  * The `x509`, `ca`, and `req` apps now always produce X.509v3 certificates.
	  * Subject or issuer names in X.509 objects are now displayed as UTF-8 strings
	    by default.
	  From my understanding these above changes should not create any problem for
	   IPFire.
	This release adds the following new features:
	  * Support for client side QUIC, including support for
	    multiple streams (RFC 9000)
	  * Support for Ed25519ctx, Ed25519ph and Ed448ph in addition
	    to existing support for Ed25519 and Ed448 (RFC 8032)
	  * Support for deterministic ECDSA signatures (RFC 6979)
	  * Support for AES-GCM-SIV, a nonce-misuse-resistant AEAD (RFC 8452)
	  * Support for the Argon2 KDF, along with supporting thread pool
	    functionality (RFC 9106)
	  * Support for Hybrid Public Key Encryption (HPKE) (RFC 9180)
	  * Support for SM4-XTS
	  * Support for Brainpool curves in TLS 1.3
	  * Support for TLS Raw Public Keys (RFC 7250)
	  * Support for TCP Fast Open on Linux, macOS and FreeBSD,
	    where enabled and supported (RFC 7413)
	  * Support for TLS certificate compression, including library
	    support for zlib, Brotli and zstd (RFC 8879)
	  * Support for provider-based pluggable signature algorithms
	    in TLS 1.3 with supporting CMS and X.509 functionality
	    With a suitable provider this enables the use of post-quantum/quantum-safe
	    cryptography.
	  * Support for using the Windows system certificate store as a source of
	    trusted root certificates
	    This is not yet enabled by default and must be activated using an
	    environment variable. This is likely to become enabled by default
	    in a future feature release.
	  * Support for using the IANA standard names in TLS ciphersuite configuration
	  * Multiple new features and improvements to CMP protocol support
	The following known issues are present in this release and will be rectified
	in a future release:
	  * Provider-based signature algorithms cannot be configured using the
	    SignatureAlgorithms configuration file parameter (#22761)
	This release incorporates the following documentation enhancements:
	  * Added multiple tutorials on the OpenSSL library and in particular
	    on writing various clients (using TLS and QUIC protocols) with libssl

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
2023-12-30 06:53:26 +00:00
..
acpid
avahi
avahi-daemo: remove orange interface
2023-08-21 09:28:21 +00:00
backup
backup.pl: Fix for bug#11048 - add script for adding pass/no pass to ovpnconfig from backup
2023-10-20 08:41:01 +00:00
bash
bind
ca-certificates
ca-certificates: Update root CA certificates bundle
2023-12-04 22:28:49 +00:00
calamaris
cdrom
memtest: update to memtest86+ v6.00
2022-11-18 14:37:25 +00:00
cfgroot
manualpages: correct link to dns help page
2023-08-21 16:37:56 +00:00
clamav
collectd
collectd: Do not keep track of entropy any more
2022-07-14 09:40:53 +00:00
cron
crontab: add periodic cleanup the collectd RRD (graphs)
2022-09-23 10:38:11 +00:00
cups
cyrus-sasl
dehydrated
dehydrated: Keep going if re-issuing one certificate fails
2023-07-13 14:29:13 +00:00
dhcpc
dhcpcd: Only try to obtain an IP address for IPv4
2022-12-17 17:20:46 +00:00
dma
dracut
dracut: lower ram usage at compression
2023-05-16 18:52:08 +00:00
elinks
config/elinks/elinks.conf does not have to be executable
2021-05-20 10:01:50 +00:00
etc
logrotate: Rotate wtmp files monthly, and keep them for a year
2023-09-15 06:53:43 +00:00
etc-aarch64
Install sysctl.conf only on those architectures where needed
2021-04-11 12:12:56 +00:00
etc-armv6l
switch arm 32 bit arch from armv5tel to armv6l
2021-07-05 07:42:39 +02:00
etc-x86_64
sysctl.conf: remove vm.mmap_rnd_compat_bits from x86_86 config
2023-01-08 17:21:59 +01:00
extrahd
extrahd: add forgotten udev_event handler to mount partitions via udev
2023-09-28 09:17:46 +00:00
findutils
firewall
firewall: Reject outgoing TCP connections to port 25 by default
2023-11-21 19:04:44 +00:00
flash-images/grub
grub: update to 2.12-rc1
2023-11-24 12:53:51 +00:00
freeradius
fstrim
fwhosts
icmp-types file does not have to be executable
2021-05-04 15:51:15 +00:00
gnump3d
gnump3d: Update perl directory in gnump3d.conf to current version
2023-07-31 09:21:37 +00:00
grub2
dracut: Enable automatic assembly of any RAID/LVM devices
2022-05-16 18:31:12 +00:00
guardian
Bought a 'd' - fixed an old typo
2021-10-13 12:22:49 +00:00
haproxy
hostapd
hostapd: Enable QCA vendor extensions to nl80211
2023-04-24 18:42:25 +00:00
httpd
OpenVPN: Add support for 2FA / One-Time Password
2022-06-17 10:20:17 +00:00
icinga
include
initrd/dhcpc
ipblocklist
ipblocklist-sources: Correct the info url - Fixes bug#12938
2022-09-26 08:53:47 +00:00
iptraf-ng
kernel
kernel: update to 6.6.8
2023-12-21 13:50:59 +01:00
lcdproc
lib/firmware/brcm
libid3tag
libid3tag: Addition of pkgconfig file
2021-04-12 09:35:29 +00:00
libvirt
logwatch
ipblocklist: Add neccessary files for logwatch.
2022-07-07 17:28:05 +02:00
lua
lua: Update to version 5.4.4
2022-02-06 10:50:43 +00:00
lvm
lvm: Fixes bug-13151 - update 69-dm-lvm.rules
2023-06-25 13:46:14 +00:00
menu
apcupsd: Make apcupsd link in services page access its apcupsd WUI menu.
2023-09-05 15:15:53 +00:00
minidlna
monit
mpfire
netpbm
netsnmpd
nginx
ntp
Ship NTP changes
2022-06-20 20:43:34 +00:00
ovpn
openvpn-authenticator: Break read loop when daemon goes away
2023-01-07 21:01:48 +00:00
pmacct
pmacct: fix bug 13159
2023-07-13 14:22:04 +00:00
profile.d
proxy
qemu
Drop support for i586
2021-12-04 23:27:26 +01:00
qos
Revert "parse-func.pl: Adjust regular expression to changed 'tc' output"
2023-06-25 13:42:51 +00:00
rootfiles
openssl: Update to version 3.2.0
2023-12-30 06:53:26 +00:00
rpi-firmware
rpi-firmware: update to 20211127
2021-11-27 14:21:31 +00:00
rsnapshot
rsnapshot: New addon
2023-05-18 11:24:29 +00:00
samba
samba: Add helper script to pipe password
2021-01-27 21:06:57 +00:00
sarg
shadow
shadow: Update to version 4.11.1 and fix bug 12762
2022-01-18 21:23:42 +00:00
ssh
SSH: do not send spoofable TCP keep alive messages
2022-04-23 14:27:56 +00:00
ssl
OpenSSL: Add ffdhe4096 Diffie-Hellman parameter
2022-11-18 14:38:50 +00:00
strongswan
stunnel
suricata
ruleset-sources: Adjust download URL for snort community ruleset
2023-08-02 09:10:00 +00:00
syslinux
cdrom: Drop menu option for HDT
2022-06-04 08:36:58 +00:00
sysstat
time
tor
transmission
u-boot
u-boot: create signed bootscript at build time
2022-11-21 11:06:52 +00:00
udev
extrahd: use udev rule to mount extrahd partitions
2023-09-17 12:10:42 +00:00
unbound
unbound-dhcp-leases-bridge: Reload unbound to import leases
2023-07-13 14:26:52 +00:00
updxlrator
Ensure /var/ipfire/updatexlrator/updxlrator-lib.pl is not writable by "nobody"
2022-11-18 13:33:45 +00:00
urlfilter
urlfilter: Download University of Toulouse list via HTTPS
2022-07-09 15:03:12 +00:00
vdr
vdradmin
vim
w_scan
wio
wio: moved files from src/wio directory to standard IPFire location
2023-05-18 09:47:47 +00:00
wpa_supplicant
wpa_supplicant: Import fresh default configuration
2021-01-12 10:39:14 +00:00
xinetd
xtables-addons
xtables-addons: update to 3.13
2021-07-05 07:42:36 +02:00
zabbix_agentd
zabbix_agentd: Fix ipfire.net.gateway.ping
2023-10-30 10:04:03 +00:00