]>
git.ipfire.org Git - people/ummeegge/ipfire-2.x.git/log
Erik Kapfer [Tue, 28 May 2019 09:38:59 +0000 (11:38 +0200)]
tshark: Update to 3.0.2
Incl. one vulnerability and several bug fixes. For full overview --> https://www.wireshark.org/docs/relnotes/wireshark-3.0.2.html .
- Disabled geoip support since libmaxminddb is not presant.
- Added dictionary in ROOTFILE to prevent "radius: Could not open file: '/usr/share/wireshark/radius/dictionary' " .
- Added CMAKE build type
- Removed profile examples and htmls completly from ROOTFILE.
Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 28 May 2019 11:01:30 +0000 (12:01 +0100)]
ccache: Automatically set size to 8GB
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 28 May 2019 10:44:32 +0000 (11:44 +0100)]
core133: Ship toolchain changes
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 28 May 2019 10:41:46 +0000 (11:41 +0100)]
Rootfile update
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 28 May 2019 10:36:06 +0000 (11:36 +0100)]
hyperscan: Limit amount of memory being used during build
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 27 May 2019 15:25:01 +0000 (16:25 +0100)]
ddns: Update to 011
Add support for two new providers and has some general bug fixes
included.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 27 May 2019 14:48:44 +0000 (15:48 +0100)]
core133: Ship updated IPS ruleset sources
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Stefan Schantl [Sun, 26 May 2019 18:11:55 +0000 (20:11 +0200)]
ruleset-sources: Update snort dl urls.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 27 May 2019 14:47:02 +0000 (15:47 +0100)]
tor: Ship updated CGI
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Erik Kapfer [Sun, 26 May 2019 15:02:56 +0000 (17:02 +0200)]
tor.cgi: Disable debugging output
Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 27 May 2019 14:42:50 +0000 (15:42 +0100)]
core133: Drop metadata for jansson package
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 27 May 2019 14:40:31 +0000 (15:40 +0100)]
core133: Ship hyperscan
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 27 May 2019 14:38:42 +0000 (15:38 +0100)]
hyperscan: Move rootfiles to arch directories
This package is only compiled on x86_64 and i586 and cannot
be packaged in any of the other architectures.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Stefan Schantl [Sun, 26 May 2019 17:56:47 +0000 (19:56 +0200)]
hyperscan: New package
This package adds hyperscan support to suricata
Fixes #12053.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Stefan Schantl [Sun, 26 May 2019 17:56:46 +0000 (19:56 +0200)]
ragel: New package
This is a build dependency of hyperscan
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Stefan Schantl [Sun, 26 May 2019 17:56:45 +0000 (19:56 +0200)]
colm: New package
This is a build dependency of ragel, which is a build dependency of
hyperscan.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Stefan Schantl [Sun, 26 May 2019 17:51:40 +0000 (19:51 +0200)]
asterisk: Remove dependency to jansson.
The package has become part of the main system.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Stefan Schantl [Sun, 26 May 2019 17:51:39 +0000 (19:51 +0200)]
jansson: Move to core system and update to 2.12
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 27 May 2019 13:37:23 +0000 (14:37 +0100)]
Rootfile update
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Arne Fitzenreiter [Sun, 26 May 2019 15:27:16 +0000 (17:27 +0200)]
core133: readd late core132 changes to core133
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Sun, 26 May 2019 15:23:54 +0000 (17:23 +0200)]
Merge branch 'master' into next
Arne Fitzenreiter [Sun, 26 May 2019 14:17:04 +0000 (16:17 +0200)]
core132: security conf should not executable
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Thu, 23 May 2019 00:50:29 +0000 (01:50 +0100)]
tor: Depend on libseccomp
Suggested-by: Erik Kapfer <erik.kapfer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Stefan Schantl [Fri, 24 May 2019 15:45:33 +0000 (17:45 +0200)]
ids-functions.pl: Do not delete the whitelist file on rulesdir cleanup.
Fixes #12087.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Sun, 26 May 2019 14:05:41 +0000 (16:05 +0200)]
core132: set correct permissions of security settings file.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Sat, 25 May 2019 05:39:38 +0000 (07:39 +0200)]
vulnerabilities.cgi: again change colours
red - vulnerable
blue - mitigated
green - not affected
because we not really trust the mitigations so they shound not green.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Sat, 25 May 2019 04:54:35 +0000 (06:54 +0200)]
vulnerabilities.cgi fix string handling
remove lf at the end for correct matching
and not strip "Mitigated:" if it was not full working and still
vulnerable.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Wed, 22 May 2019 10:08:43 +0000 (11:08 +0100)]
vulnerabilities.cgi: Regard mitigations that only mitigate something still as vulnerable
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 22 May 2019 10:05:20 +0000 (11:05 +0100)]
vulnerabilities.cgi: Simplify regexes
We can do the split in one.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 24 May 2019 05:55:03 +0000 (06:55 +0100)]
Merge branch 'toolchain' into next
Michael Tremer [Fri, 24 May 2019 05:54:16 +0000 (06:54 +0100)]
Merge remote-tracking branch 'ms/faster-build' into next
Michael Tremer [Fri, 24 May 2019 05:39:37 +0000 (06:39 +0100)]
core133: Ship updated squid
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Fri, 24 May 2019 18:46:59 +0000 (20:46 +0200)]
squid: Update to 4.7
For details see:
http://www.squid-cache.org/Versions/v4/changesets/
Fixes among other things the old 'filedescriptors' problem, so this patch was deleted.
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 24 May 2019 05:37:21 +0000 (06:37 +0100)]
core133: Ship updated bind
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Fri, 24 May 2019 18:53:15 +0000 (20:53 +0200)]
bind: Update to 9.11.7
For details see:
http://ftp.isc.org/isc/bind9/9.11.7/RELEASE-NOTES-bind-9.11.7.html
"Security Fixes
The TCP client quota set using the tcp-clients option could be exceeded in some cases.
This could lead to exhaustion of file descriptors.
This flaw is disclosed in CVE-2018-5743. [GL #615]"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 24 May 2019 05:35:46 +0000 (06:35 +0100)]
Start Core Update 133
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 24 May 2019 05:30:46 +0000 (06:30 +0100)]
.gitignore: Ignore some backup files
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 23 May 2019 00:50:29 +0000 (01:50 +0100)]
tor: Depend on libseccomp
Suggested-by: Erik Kapfer <erik.kapfer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 22 May 2019 14:29:32 +0000 (15:29 +0100)]
unbound: Safe Search: Enable Restrict-Moderate for YouTube
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 22 May 2019 10:23:07 +0000 (11:23 +0100)]
Update German translations
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 22 May 2019 10:08:43 +0000 (11:08 +0100)]
vulnerabilities.cgi: Regard mitigations that only mitigate something still as vulnerable
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 22 May 2019 10:05:20 +0000 (11:05 +0100)]
vulnerabilities.cgi: Simplify regexes
We can do the split in one.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Arne Fitzenreiter [Wed, 22 May 2019 10:34:41 +0000 (12:34 +0200)]
Merge branch 'master' into next
Arne Fitzenreiter [Wed, 22 May 2019 10:34:03 +0000 (12:34 +0200)]
vulnerablities: change to logic colours
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Wed, 22 May 2019 08:38:02 +0000 (10:38 +0200)]
Merge branch 'next'
Arne Fitzenreiter [Wed, 22 May 2019 08:33:20 +0000 (10:33 +0200)]
finish: core132
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Wed, 22 May 2019 08:22:53 +0000 (10:22 +0200)]
vulnerablities.cgi: add colours for vuln,smt and unknown output.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Tue, 21 May 2019 18:42:51 +0000 (20:42 +0200)]
kernel: update to 4.14.121
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Tue, 21 May 2019 18:36:16 +0000 (20:36 +0200)]
vnstat: fix errormessage at first boot
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Tue, 21 May 2019 13:03:21 +0000 (15:03 +0200)]
configroot: create main/security settings file
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Tue, 21 May 2019 13:02:54 +0000 (15:02 +0200)]
web-user-interface: update rootfile
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Mon, 20 May 2019 20:55:55 +0000 (21:55 +0100)]
core132: Ship vulnerabilities.cgi
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 20 May 2019 20:54:05 +0000 (21:54 +0100)]
SMT: Show status on vulnerabilities.cgi
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 20 May 2019 20:39:03 +0000 (21:39 +0100)]
vulnerabilities.cgi: Disable debugging output
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 20 May 2019 20:38:20 +0000 (21:38 +0100)]
Add the new vulnerabilities CGI file to the System menu
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 20 May 2019 20:30:26 +0000 (21:30 +0100)]
SMT: Apply settings according to configuration
SMT can be forced on.
By default, all systems that are vulnerable to RIDL/Fallout
will have SMT disabled by default.
Systems that are not vulnerable to that will keep SMT enabled.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 20 May 2019 20:17:17 +0000 (21:17 +0100)]
Add new CGI file to show CPU vulnerability status
This is supposed to help users to have an idea about
the status of the used hardware.
Additionally, it allows users to enable/disable SMT.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 20 May 2019 18:10:15 +0000 (19:10 +0100)]
suricata: Ship updated rule download script
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Stefan Schantl [Mon, 20 May 2019 18:06:22 +0000 (20:06 +0200)]
update-ids-ruleset: Release ids_page_lock when the downloader fails.
Fixes #12085.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Sat, 18 May 2019 15:14:00 +0000 (15:14 +0000)]
ids.cgi: Fix upstream proxy validation
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 20 May 2019 17:04:49 +0000 (18:04 +0100)]
spectre-meltdown-checker: Update to 0.41
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Stéphane Pautrel [Mon, 20 May 2019 09:59:12 +0000 (10:59 +0100)]
Update French translation
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 20 May 2019 09:56:13 +0000 (10:56 +0100)]
zoneconf: Reindent with tabs
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 20 May 2019 09:55:02 +0000 (10:55 +0100)]
Update translations
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Florian Bührle [Sun, 19 May 2019 21:33:45 +0000 (23:33 +0200)]
Added reboot notice
Added a reboot notice and made table rows more distinguishable by
alternating their background color. This improves usability.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Florian Bührle [Sun, 19 May 2019 21:04:24 +0000 (23:04 +0200)]
zoneconf: Switch rows/columns
This change is necessary because the table can grow larger than the main
container if a user has many NICs on their machine.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 20 May 2019 09:52:42 +0000 (10:52 +0100)]
Update contributors
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 20 May 2019 09:52:16 +0000 (10:52 +0100)]
core132: Ship updated ovpnmain.cgi file
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Erik Kapfer [Sat, 27 Apr 2019 14:05:51 +0000 (16:05 +0200)]
ovpn_reorganize_encryption: Integrate LZO from global to advanced section
Fixes: #11819
- Since the Voracle vulnerability, LZO is better placed under advanced section cause under specific circumstances it is exploitable.
- Warning/hint has been added in the option defaults description.
Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 20 May 2019 09:51:09 +0000 (10:51 +0100)]
Update translations
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Erik Kapfer [Sat, 27 Apr 2019 14:05:50 +0000 (16:05 +0200)]
ovpn_reorganize_encryption: Added tls-auth into global section
- Since HMAC selection is already in global section, it makes sense to keep the encryption togehter.
- Given tls-auth better understandable name.
Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Erik Kapfer [Sat, 27 Apr 2019 14:05:49 +0000 (16:05 +0200)]
ovpn_reorganize_encryption: Integrate HMAC selection to global section
Fixes: #12009 and #11824
- Since HMACs will be used in any configuration it is better placed in the global menu.
- Adapted global section to advanced and marked sections with a headline for better overview.
- Deleted old headline in advanced section cause it is not needed anymore.
- Added check if settings do not includes 'DAUTH', if possible SHA512 will be used and written to settings file.
Old configurations with SHA1 will be untouched.
Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 20 May 2019 09:48:25 +0000 (10:48 +0100)]
tshark: Drop special package scripts
We are not doing anything different from the default here,
so we do not need an extra copy of them.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Erik Kapfer [Sun, 19 May 2019 04:37:03 +0000 (06:37 +0200)]
tshark: New addon
Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Oliver Fuhrer [Sun, 19 May 2019 13:30:52 +0000 (15:30 +0200)]
BUG 11696: VPN Subnets missing from wpad.dat
This patch fixes the behavior in 11696 and adds IPSEC and OpenVPN n2n subnets to wpad.dat so they don't pass through the proxy.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 20 May 2019 09:09:26 +0000 (10:09 +0100)]
tor: Bump release version
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Sat, 18 May 2019 14:40:00 +0000 (14:40 +0000)]
Tor: specify correct user for default configuration
While being built with user/group set to "tor", the default
configuration still contains the old username.
This patch adjusts it to the correct value. The issue was
caused by insufficient testing, which I apologise for.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Arne Fitzenreiter [Mon, 20 May 2019 05:24:04 +0000 (07:24 +0200)]
make.sh: comment to update backupiso if version change
It was to offten forgotten to update the backupiso script
that need to download the matching iso from the servers
so i added a comment.
no functional change
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Mon, 20 May 2019 05:14:12 +0000 (07:14 +0200)]
core132: add log.dat to updater
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Erik Kapfer [Sun, 19 May 2019 13:54:32 +0000 (15:54 +0200)]
suricata: Fixed logs.dat regex for suricata
Fixes: #12084
Since the Suricata regex did not match the messages output, Suricata was not displayed in the "System Logs" section in the WUI.
Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Stefan Schantl [Sun, 19 May 2019 16:52:23 +0000 (18:52 +0200)]
suricata: Limit to a maximum of "16" netfilter queues.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Sat, 18 May 2019 08:25:54 +0000 (09:25 +0100)]
Update contributors
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 17 May 2019 22:36:53 +0000 (23:36 +0100)]
Update translations
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Alexander Marx [Thu, 24 May 2018 10:38:39 +0000 (12:38 +0200)]
BUG11505: Captive Portal: no way to remove an uploaded logo
added a delete button
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 17 May 2019 19:30:13 +0000 (20:30 +0100)]
core132: Ship updated apache configuration
A reload would be sufficient.
I could not find why apache needs to be restarted.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Wed, 15 May 2019 17:01:00 +0000 (17:01 +0000)]
httpd: prefer AES-GCM ciphers over AES-CBC
CBC ciphers are vulnerable to a bunch of attacks (being
rather academic so far) such as MAC-then-encrypt or
padding oracle.
These seem to be more serious (see
https://blog.qualys.com/technology/2019/04/22/zombie-poodle-and-goldendoodle-vulnerabilities
for further readings) which is why they should be used
for interoperability purposes only.
I plan to remove AES-CBC ciphers for the WebUI at the
end of the year, provided overall security landscape
has not changed until that.
This patch changes the WebUI cipherlist to:
TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD
TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD
ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384
ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256
ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384
ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256
(AES-CBC + ECDSA will be preferred over RSA for performance
reasons. As this cipher order cannot be trivially rebuilt with
OpenSSL cipher stings, it has to be hard-coded.)
All working clients will stay compatible.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 17 May 2019 18:52:27 +0000 (19:52 +0100)]
Fix version information in backupiso script
Fixes: #12083
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Arne Fitzenreiter [Fri, 17 May 2019 05:10:52 +0000 (07:10 +0200)]
kernel: update to 4.14.120
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Thu, 16 May 2019 12:26:04 +0000 (14:26 +0200)]
kernel: update to 4.14.119
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Wed, 15 May 2019 11:17:26 +0000 (13:17 +0200)]
intel-microcode: update to
20190514
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Tue, 14 May 2019 09:02:03 +0000 (10:02 +0100)]
Update kernel rootfiles for armv5tel
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 13 May 2019 15:31:14 +0000 (16:31 +0100)]
Update kernel rootfiles for aarch64
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 12 May 2019 09:21:32 +0000 (10:21 +0100)]
xtables-addons: Explicitely add path for alternative kernels
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 12 May 2019 09:20:57 +0000 (10:20 +0100)]
linux: Fix touching incorrect version.h
This file has moved and the touch command created an empty version
of the file which caused that builds depending on that did not
complete.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 12 May 2019 08:28:10 +0000 (09:28 +0100)]
linux: objtool does not exist on all platforms
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 11 May 2019 03:24:29 +0000 (04:24 +0100)]
core132: Ship changes to unbound
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 11 May 2019 03:19:37 +0000 (04:19 +0100)]
unbound: Add Safe Search
This is a feature that will filter adult content from search
engine's results.
The old method of rewriting the HTTP request no longer works.
This method changes the DNS response for supported search engines
which violates our belief in DNSSEC and won't allow these search
engines to ever enable DNSSEC.
However, there is no better solution available to this and this
an optional feature, too.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Michael Tremer [Sat, 11 May 2019 03:18:08 +0000 (04:18 +0100)]
core132: Ship updated urlfilter.cgi
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 30 Apr 2019 16:06:08 +0000 (17:06 +0100)]
URL Filter: Drop Safe Search feature
This is not working for quite some time now because all search
engines have moved over to HTTPS. Therefore we no longer can
manipulate the URL query string.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 11 May 2019 01:20:15 +0000 (02:20 +0100)]
igmpproxy: Update to 0.2.1
This updates the package to its latest upstream version and should
be able to support IGMPv3.
Fixes: #12074
Suggested-by: Marc Roland <marc.roland@outlook.com>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>