]>
git.ipfire.org Git - people/pmueller/ipfire-2.x.git/log
Michael Tremer [Sat, 27 Sep 2014 18:43:23 +0000 (20:43 +0200)]
Merge remote-tracking branch 'teissler/Bug_10415' into next
Timo Eissler [Fri, 26 Sep 2014 20:15:13 +0000 (22:15 +0200)]
urlfilter.cgi: safe search enhancements
Fixes: #10415
Activate bing safe search.
Add nwshp to google url patterns.
Alexander Marx [Wed, 17 Sep 2014 13:52:45 +0000 (15:52 +0200)]
squid-accounting: set right permissions of html directory for graphs and logo
Michael Tremer [Fri, 26 Sep 2014 11:03:48 +0000 (13:03 +0200)]
core84: Add changed files from #10620
Michael Tremer [Fri, 26 Sep 2014 11:03:22 +0000 (13:03 +0200)]
Merge remote-tracking branch 'amarx/BUG10620' into next
Michael Tremer [Fri, 26 Sep 2014 11:02:28 +0000 (13:02 +0200)]
Merge remote-tracking branch 'amarx/BUG10615' into next
Michael Tremer [Fri, 26 Sep 2014 11:00:38 +0000 (13:00 +0200)]
core84: Add changed files from fw-checksubnet branch
Michael Tremer [Fri, 26 Sep 2014 10:59:26 +0000 (12:59 +0200)]
Merge remote-tracking branch 'amarx/fw-checksubnet' into next
Michael Tremer [Fri, 26 Sep 2014 10:58:13 +0000 (12:58 +0200)]
core84: Add changed files from the firewall-dnat branch
Michael Tremer [Fri, 26 Sep 2014 10:55:55 +0000 (12:55 +0200)]
Merge remote-tracking branch 'amarx/firewall-dnat' into next
Conflicts:
config/firewall/rules.pl
Michael Tremer [Fri, 26 Sep 2014 10:42:27 +0000 (12:42 +0200)]
bash: Import upstream patches for CVE-2014-6271 and CVE-2014-7169
Michael Tremer [Fri, 26 Sep 2014 10:25:48 +0000 (12:25 +0200)]
core84: Add dnsmasq update
Michael Tremer [Fri, 26 Sep 2014 10:24:16 +0000 (12:24 +0200)]
Create core update 84
Michael Tremer [Fri, 26 Sep 2014 10:21:18 +0000 (12:21 +0200)]
Merge branch 'master' into next
Michael Tremer [Thu, 25 Sep 2014 19:16:01 +0000 (21:16 +0200)]
dnsmasq: Update to 2.72
Arne Fitzenreiter [Thu, 25 Sep 2014 18:37:55 +0000 (20:37 +0200)]
core83: set version to core83.
Arne Fitzenreiter [Thu, 25 Sep 2014 18:36:06 +0000 (20:36 +0200)]
core83: reload init at update because glibc changes.
Michael Tremer [Thu, 25 Sep 2014 17:38:23 +0000 (19:38 +0200)]
bash: Import fix for CVE-2014-7169
http://www.openwall.com/lists/oss-security/2014/09/25/10
Michael Tremer [Wed, 24 Sep 2014 18:39:43 +0000 (20:39 +0200)]
Merge branch 'master' into next
Michael Tremer [Wed, 24 Sep 2014 18:38:59 +0000 (20:38 +0200)]
core83: add changed files
Michael Tremer [Wed, 24 Sep 2014 18:31:55 +0000 (20:31 +0200)]
Create core update 83
Michael Tremer [Wed, 24 Sep 2014 16:48:35 +0000 (18:48 +0200)]
bash: Fix for CVE-2014-6271
A flaw was found in the way Bash evaluated certain specially crafted
environment variables. An attacker could use this flaw to override
or bypass environment restrictions to execute shell commands.
Certain services and applications allow remote unauthenticated
attackers to provide environment variables, allowing them to exploit
this issue.
Stefan Schantl [Sat, 20 Sep 2014 09:49:39 +0000 (11:49 +0200)]
urlfilter.cgi: Fix path to squidGuard binary when converting custom blacklists.
Fixes #10626.
Alexander Marx [Fri, 5 Sep 2014 06:12:44 +0000 (08:12 +0200)]
fw-groups: fix language strings
Stefan Schantl [Tue, 16 Sep 2014 18:37:16 +0000 (20:37 +0200)]
logs.cgi/ids.dat: Change url for snort sid details.
Fixes #10578.
Alexander Marx [Thu, 11 Sep 2014 15:13:07 +0000 (17:13 +0200)]
BUG10620: reload firewall.local in rules.pl, no longer in initscript
Alexander Marx [Thu, 11 Sep 2014 13:10:48 +0000 (15:10 +0200)]
BUG10615: fix wrong values in firewall.cgi
Alexander Marx [Thu, 11 Sep 2014 12:01:28 +0000 (14:01 +0200)]
BUG10615 part3: adapt rules.pl to use connectionlimit and ratelimit
Alexander Marx [Thu, 11 Sep 2014 11:59:54 +0000 (13:59 +0200)]
BUG10615 part2: Add ratelimit to firewallgui
Alexander Marx [Thu, 11 Sep 2014 08:59:25 +0000 (10:59 +0200)]
BUG10615 part1: Add connectionlimit to firewallgui
Arne Fitzenreiter [Tue, 9 Sep 2014 17:20:54 +0000 (19:20 +0200)]
openssl-compat: update to 0.9.8zb.
Arne Fitzenreiter [Tue, 9 Sep 2014 15:57:27 +0000 (17:57 +0200)]
Merge remote-tracking branch 'origin/master' into core82
Arne Fitzenreiter [Tue, 9 Sep 2014 15:54:27 +0000 (17:54 +0200)]
xen-image: add xz-aware xen version hint to README.
Michael Tremer [Sat, 6 Sep 2014 16:44:50 +0000 (18:44 +0200)]
general-functions.pl: Fix perl coding error
Michael Tremer [Thu, 4 Sep 2014 09:13:41 +0000 (11:13 +0200)]
general-functions.pl: Fix syntax error
Michael Tremer [Wed, 3 Sep 2014 20:23:04 +0000 (22:23 +0200)]
general-functions.pl: Subroutine getnetworkip() accepted multiple arguments
Michael Tremer [Sat, 6 Sep 2014 16:44:50 +0000 (18:44 +0200)]
general-functions.pl: Fix perl coding error
Arne Fitzenreiter [Fri, 5 Sep 2014 19:56:01 +0000 (21:56 +0200)]
rsync: update to 3.1.1.
Alexander Marx [Fri, 5 Sep 2014 06:09:54 +0000 (08:09 +0200)]
fw-groups: cleanup checksubnets
Now the checksubnets function from general-functions.pl is used.
Michael Tremer [Thu, 4 Sep 2014 09:13:41 +0000 (11:13 +0200)]
general-functions.pl: Fix syntax error
Michael Tremer [Wed, 3 Sep 2014 20:23:04 +0000 (22:23 +0200)]
general-functions.pl: Subroutine getnetworkip() accepted multiple arguments
Michael Tremer [Wed, 3 Sep 2014 19:49:01 +0000 (21:49 +0200)]
glibc: Import several fixes from RHEL.
Fixes #10611, CVE-2014-5119 among other bug fixes.
Alexander Marx [Mon, 1 Sep 2014 09:11:25 +0000 (11:11 +0200)]
Squid-accounting: revert setlocale because thevalues are not correctly with this setting
Michael Tremer [Thu, 28 Aug 2014 15:01:44 +0000 (17:01 +0200)]
proxy.cgi: Move ACL definitions up
ACl definitions could not be used in some other directives
unless they are defined earlier.
Michael Tremer [Thu, 28 Aug 2014 14:09:31 +0000 (16:09 +0200)]
squid: Update to 3.4.7
Solves a DoS issue "Ignore Range headers with unidentifiable byte-range values"
filed under security advisory SQUID-2014:2 and CVE-2014-3609.
Michael Tremer [Sun, 24 Aug 2014 13:22:04 +0000 (15:22 +0200)]
findutils: Cannot use exec here or the lockfile won't be removed
Michael Tremer [Sun, 24 Aug 2014 13:14:25 +0000 (15:14 +0200)]
minidlna: Update to 1.1.3
Fixes #10573
Michael Tremer [Sun, 24 Aug 2014 12:46:06 +0000 (14:46 +0200)]
findutils: Run updatedb once a week
As suggested in bug #10303
Arne Fitzenreiter [Sat, 23 Aug 2014 15:06:40 +0000 (17:06 +0200)]
Merge branch 'core82' of ssh://git.ipfire.org/pub/git/ipfire-2.x into core82
Arne Fitzenreiter [Sat, 23 Aug 2014 07:36:01 +0000 (09:36 +0200)]
perl-PDF-API2: rootfile fix for arm.
Arne Fitzenreiter [Fri, 22 Aug 2014 15:03:19 +0000 (17:03 +0200)]
samba: bump PAK_VER.
Arne Fitzenreiter [Fri, 22 Aug 2014 10:05:39 +0000 (12:05 +0200)]
sane: depends on cups libs.
Arne Fitzenreiter [Fri, 22 Aug 2014 07:27:18 +0000 (09:27 +0200)]
core82: add iputils to update.
Arne Fitzenreiter [Fri, 22 Aug 2014 07:17:27 +0000 (09:17 +0200)]
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next
Conflicts:
lfs/iputils
Arne Fitzenreiter [Thu, 21 Aug 2014 21:38:30 +0000 (23:38 +0200)]
core82: finish update
Michael Tremer [Thu, 21 Aug 2014 14:12:43 +0000 (16:12 +0200)]
firewall: Fix initialization when RED has not been brought up yet
Michael Tremer [Thu, 21 Aug 2014 08:47:11 +0000 (10:47 +0200)]
Rootfile update
Michael Tremer [Thu, 21 Aug 2014 08:46:34 +0000 (10:46 +0200)]
initscripts: Remove old firewall-reload symlink
Arne Fitzenreiter [Wed, 20 Aug 2014 19:56:35 +0000 (21:56 +0200)]
iputils: Ship tracepath
Arne Fitzenreiter [Tue, 19 Aug 2014 14:17:13 +0000 (16:17 +0200)]
ppp: update to 2.4.7.
Fix for ms-chap-v2.
fixes #10575.
Michael Tremer [Thu, 14 Aug 2014 10:45:37 +0000 (12:45 +0200)]
core82: Add changed files
Michael Tremer [Thu, 14 Aug 2014 10:27:56 +0000 (12:27 +0200)]
Move core updates 80 and 81 to oldcore.
Michael Tremer [Thu, 14 Aug 2014 10:27:15 +0000 (12:27 +0200)]
Create empty core update 82.
Michael Tremer [Mon, 11 Aug 2014 09:49:31 +0000 (11:49 +0200)]
proxy: Allow HTTP Basic authentication against Active Directory servers
Some clients may not support NTLMv2. Basic authentication can
now be activated. This is dangerous as it sends the credentials
in cleartext to the proxy server.
Axel Gembe [Mon, 11 Aug 2014 04:23:58 +0000 (12:23 +0800)]
general-functions.pl: validdomainname misinterprets RFC1035
The function validdomainname checks that each part of a domain name is at least
2 characters in length, but RFC1035 only makes a restriction on a "label" being
at most 63 characters in length. This change allows reverse DNS zones like
2.168.192.in-addr.arpa to be added to the DNS forward configuration, which was
incorrectly prevented before.
Signed-off-by: Axel Gembe <ago@multipixs.com>
Timo Eissler [Thu, 7 Aug 2014 18:11:22 +0000 (20:11 +0200)]
firewall: updated rootfiles
Timo Eissler [Thu, 7 Aug 2014 17:00:58 +0000 (19:00 +0200)]
firewall: fix faulty masquerading packets
Arne Fitzenreiter [Fri, 8 Aug 2014 06:51:53 +0000 (08:51 +0200)]
Merge branch 'master' into next
Arne Fitzenreiter [Fri, 8 Aug 2014 06:14:29 +0000 (08:14 +0200)]
core81: set need reboot flag and restart apache.
Michael Tremer [Thu, 7 Aug 2014 19:06:13 +0000 (21:06 +0200)]
Merge remote-tracking branch 'ms/ddns.cgi-fixes' into next
Conflicts:
html/cgi-bin/ddns.cgi
Stefan Schantl [Sat, 26 Jul 2014 16:26:37 +0000 (18:26 +0200)]
ddns.cgi: Support hostname details without seperating dots.
To keep compatiblity with the settings file of the old DDNS update script
(setddns.pl) we keept the storrage of the hostname information in
two parts (hostname and domain) and connected both with a dot to get a valid
FQDN again. OpenDNS and may some other providers do not use a dotted format
for this information, so one of these two values were empty.
We now can handle such cases in a right way.
Michael Tremer [Thu, 7 Aug 2014 18:58:33 +0000 (20:58 +0200)]
ddns.cgi: Fix CGI clearing all settings.
Michael Tremer [Thu, 7 Aug 2014 18:40:14 +0000 (20:40 +0200)]
ddns.cgi: Fix coding style.
Michael Tremer [Thu, 7 Aug 2014 18:33:10 +0000 (20:33 +0200)]
ddns.cgi: Allow enabling/disabling entries.
Michael Tremer [Thu, 7 Aug 2014 13:11:47 +0000 (15:11 +0200)]
Merge remote-tracking branch 'amarx/ACCOUNTING' into next
Alexander Marx [Thu, 7 Aug 2014 13:10:11 +0000 (15:10 +0200)]
squid-accounting: get trafficdata from LAST month, when month has changed
Michael Tremer [Thu, 7 Aug 2014 12:59:17 +0000 (14:59 +0200)]
Merge remote-tracking branch 'amarx/ACCOUNTING' into next
Conflicts:
make.sh
Michael Tremer [Thu, 7 Aug 2014 12:50:42 +0000 (14:50 +0200)]
Merge remote-tracking branch 'ms/firewall-no-nat' into next
Conflicts:
doc/language_issues.nl
doc/language_issues.tr
Michael Tremer [Thu, 7 Aug 2014 12:49:50 +0000 (14:49 +0200)]
Add batctl and libnl-3.
Arne Fitzenreiter [Thu, 7 Aug 2014 02:31:58 +0000 (04:31 +0200)]
core81: change updatescript for core81.
Arne Fitzenreiter [Wed, 6 Aug 2014 22:58:21 +0000 (00:58 +0200)]
core81: add changes to core81 updater.
Arne Fitzenreiter [Wed, 6 Aug 2014 22:57:23 +0000 (00:57 +0200)]
openssl: update to 1.0.1i.
Arne Fitzenreiter [Wed, 6 Aug 2014 18:26:08 +0000 (20:26 +0200)]
ddns: rootfile update.
Arne Fitzenreiter [Wed, 6 Aug 2014 16:05:14 +0000 (18:05 +0200)]
check_mk_agent: extract backup include before uninstall.
Alexander Marx [Wed, 6 Aug 2014 13:10:41 +0000 (15:10 +0200)]
squid-accounting: create billpreview file as temporary file
Michael Tremer [Wed, 6 Aug 2014 12:37:21 +0000 (14:37 +0200)]
firewall-no-nat: Use network masks to identify the subnets.
In the POSTROUTING chains of the NAT table, there is
no more information about on which interface the packet
has arrived (green0, etc.).
Alexander Marx [Wed, 6 Aug 2014 11:50:42 +0000 (13:50 +0200)]
squid-accounting: changed permissions on acct-lib.pl
Alexander Marx [Wed, 6 Aug 2014 11:41:54 +0000 (13:41 +0200)]
squid-accounting: change permissions and reread languagefiles on uninstall
Alexander Marx [Wed, 6 Aug 2014 06:59:43 +0000 (08:59 +0200)]
Per-PDF-API2: new perl module used by squid-accounting
Michael Tremer [Wed, 6 Aug 2014 08:30:44 +0000 (10:30 +0200)]
check_mk_agent: Bump release version to 4.
Michael Tremer [Wed, 6 Aug 2014 08:28:57 +0000 (10:28 +0200)]
Merge remote-tracking branch 'morlix/check_mk'
Arne Fitzenreiter [Wed, 6 Aug 2014 07:36:31 +0000 (09:36 +0200)]
Merge branch 'master' of git.ipfire.org:/pub/git/ipfire-2.x
Arne Fitzenreiter [Wed, 6 Aug 2014 07:30:13 +0000 (09:30 +0200)]
lzo: Downgrade to 2.0.6 (CVE-2014-4607 patched).
openvpn fails at lzo_init with lzo-2.07 and 2.08 on armv5tel.
Alexander Marx [Wed, 6 Aug 2014 06:58:43 +0000 (08:58 +0200)]
Squid-accounting: new addon for measuring proxy traffic per user/ip
Stefan Schantl [Tue, 5 Aug 2014 19:24:44 +0000 (21:24 +0200)]
ddns.cgi: Fix enable/disable handling of entries.
When the "enabled" checkbox is checked a "on" will be returned,
if the box is unchecked checkboxes will return nothing.
As a result of this behaviour the ddns.conf contained entries which have been disabled in the WUI.
We now check if the checkbox returns a "on", otherwise we will set the "enabled" value to "off" to
prevent from this problem.
Michael Tremer [Tue, 5 Aug 2014 17:49:28 +0000 (19:49 +0200)]
ddns: Update to 004.
Arne Fitzenreiter [Tue, 29 Jul 2014 19:57:07 +0000 (21:57 +0200)]
firewall: add more pscan matches and filter INVALID conntrack packages.
Erik Kapfer [Thu, 31 Jul 2014 06:43:24 +0000 (08:43 +0200)]
OpenVPN: Added a check for empty 'CERT_NAME' field.
Fixes: #10581
Michael Tremer [Mon, 4 Aug 2014 17:39:16 +0000 (19:39 +0200)]
tor: Update to 0.2.4.23
http://www.heise.de/security/meldung/Erfolgreicher-Angriff-auf-Tor-Anonymisierung-
2278774 .html
Stefan Schantl [Thu, 31 Jul 2014 19:45:38 +0000 (21:45 +0200)]
ddns.cgi: Check for valid FQDN before doing nslookup.
We now check if the used hostname is a valid FQDN before doing the nslookup to
determine if a DDNS host is up do date.