]>
git.ipfire.org Git - people/pmueller/ipfire-2.x.git/log
Michael Tremer [Thu, 14 Dec 2017 15:55:27 +0000 (15:55 +0000)]
Start Core Update 118
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Arne Fitzenreiter [Tue, 12 Dec 2017 20:36:25 +0000 (21:36 +0100)]
finish core117
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Tue, 12 Dec 2017 19:40:01 +0000 (19:40 +0000)]
pakfire: Properly check if we have our key with our fingerprint
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 12 Dec 2017 19:28:16 +0000 (19:28 +0000)]
pakfire: Drop importing CACert's PGP key
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Arne Fitzenreiter [Sun, 10 Dec 2017 07:18:06 +0000 (08:18 +0100)]
make.sh limit build to 23 parallel threads.
perl will not work with more parallel build processes.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Sun, 10 Dec 2017 06:59:43 +0000 (07:59 +0100)]
strip: use toolchain binary inside of chroot to strip
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Fri, 8 Dec 2017 13:58:26 +0000 (13:58 +0000)]
openssl: Update to 1.0.2n
OpenSSL Security Advisory [07 Dec 2017]
========================================
Read/write after SSL object in error state (CVE-2017-3737)
==========================================================
Severity: Moderate
OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state"
mechanism. The intent was that if a fatal error occurred during a handshake then
OpenSSL would move into the error state and would immediately fail if you
attempted to continue the handshake. This works as designed for the explicit
handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()),
however due to a bug it does not work correctly if SSL_read() or SSL_write() is
called directly. In that scenario, if the handshake fails then a fatal error
will be returned in the initial function call. If SSL_read()/SSL_write() is
subsequently called by the application for the same SSL object then it will
succeed and the data is passed without being decrypted/encrypted directly from
the SSL/TLS record layer.
In order to exploit this issue an application bug would have to be present that
resulted in a call to SSL_read()/SSL_write() being issued after having already
received a fatal error.
This issue does not affect OpenSSL 1.1.0.
OpenSSL 1.0.2 users should upgrade to 1.0.2n
This issue was reported to OpenSSL on 10th November 2017 by David Benjamin
(Google). The fix was proposed by David Benjamin and implemented by Matt Caswell
of the OpenSSL development team.
rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)
=========================================================
Severity: Low
There is an overflow bug in the AVX2 Montgomery multiplication procedure
used in exponentiation with 1024-bit moduli. No EC algorithms are affected.
Analysis suggests that attacks against RSA and DSA as a result of this defect
would be very difficult to perform and are not believed likely. Attacks
against DH1024 are considered just feasible, because most of the work
necessary to deduce information about a private key may be performed offline.
The amount of resources required for such an attack would be significant.
However, for an attack on TLS to be meaningful, the server would have to share
the DH1024 private key among multiple clients, which is no longer an option
since CVE-2016-0701.
This only affects processors that support the AVX2 but not ADX extensions
like Intel Haswell (4th generation).
Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732
and CVE-2015-3193.
Due to the low severity of this issue we are not issuing a new release of
OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it
becomes available. The fix is also available in commit
e502cc86d in the OpenSSL
git repository.
OpenSSL 1.0.2 users should upgrade to 1.0.2n
This issue was reported to OpenSSL on 22nd November 2017 by David Benjamin
(Google). The issue was originally found via the OSS-Fuzz project. The fix was
developed by Andy Polyakov of the OpenSSL development team.
Note
====
Support for version 1.0.1 ended on 31st December 2016. Support for versions
0.9.8 and 1.0.0 ended on 31st December 2015. Those versions are no longer
receiving security updates.
References
==========
URL for this Security Advisory:
https://www.openssl.org/news/secadv/
20171207 .txt
Note: the online version of the advisory may be updated with additional details
over time.
For details of OpenSSL severity classifications please see:
https://www.openssl.org/policies/secpolicy.html
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Sun, 3 Dec 2017 13:16:16 +0000 (14:16 +0100)]
pakfire - 'functions.pl': fixed typo
Just read this typo in a forum posting. Couldn't resist...
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Mon, 4 Dec 2017 17:25:55 +0000 (18:25 +0100)]
Update for numerous lfs-files: removed deprecated configure options
Also includes some reformatting, but no changes to configuration.
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 4 Dec 2017 17:51:53 +0000 (17:51 +0000)]
OpenVPN: Allow to set routes to IPsec networks
This makes hub-and-spoke designs with OpenVPN RW and
IPsec N2N easier to configure
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 4 Dec 2017 17:31:53 +0000 (17:31 +0000)]
IPsec: Allow configuring inactivity timeout when in on-demand mode
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 4 Dec 2017 13:12:38 +0000 (13:12 +0000)]
IPsec: Drop support for MODP with subgroup
These come from questionable sources and are not considered
to be secure any more: https://eprint.iacr.org/2016/961
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 2 Dec 2017 12:25:09 +0000 (12:25 +0000)]
core117: Ship updated CGI files
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Wed, 15 Nov 2017 22:10:43 +0000 (23:10 +0100)]
display GeoIP information on active network connections
Display GeoIP information on active network connections in WebUI.
Use newly implemented function in /var/ipfire/geoip-functions.pl .
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Wed, 15 Nov 2017 21:56:36 +0000 (22:56 +0100)]
display GeoIP information on ipinfo.cgi
Display GeoIP information on ipinfo.cgi and use newly implemented
function in /var/ipfire/geoip-functions.pl .
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 2 Dec 2017 12:23:39 +0000 (12:23 +0000)]
core117: Ship updated sudo package
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Wed, 29 Nov 2017 17:16:46 +0000 (18:16 +0100)]
mc: Update to 4.8.20
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Sat, 2 Dec 2017 09:10:23 +0000 (10:10 +0100)]
sudo: Fix for lfs-file (Typo)
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Sat, 2 Dec 2017 09:16:39 +0000 (10:16 +0100)]
nano: Update to 2.9.1
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 2 Dec 2017 12:22:00 +0000 (12:22 +0000)]
Drop separate ffmpeg-libs package
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 1 Dec 2017 16:31:25 +0000 (16:31 +0000)]
strip: Explicitely call right binaries
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 1 Dec 2017 15:41:15 +0000 (15:41 +0000)]
ffmpeg: Update to 3.4
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 30 Nov 2017 17:01:24 +0000 (17:01 +0000)]
nasm: Update to 2.13.02
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 30 Nov 2017 16:09:48 +0000 (16:09 +0000)]
Update strongswan rootfile
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 30 Nov 2017 14:36:28 +0000 (14:36 +0000)]
misc-progs: syslogdctrl: Fix data type of protocol variable
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 29 Nov 2017 12:41:16 +0000 (12:41 +0000)]
core117: Regenerate language cache
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 29 Nov 2017 12:40:53 +0000 (12:40 +0000)]
core117: Ship updated strongswan
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 29 Nov 2017 12:39:04 +0000 (12:39 +0000)]
strongswan: Update to 5.6.1
Drop support for Padlock which is not in wide usage
any more and creates some rootfile trouble every time.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 29 Nov 2017 12:15:41 +0000 (12:15 +0000)]
English is the reference language
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 29 Nov 2017 12:11:58 +0000 (12:11 +0000)]
captive: Translate times for coupon expiry time
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 29 Nov 2017 12:06:01 +0000 (12:06 +0000)]
core117: Ship updated netexternal.cgi
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Wed, 15 Nov 2017 21:49:00 +0000 (22:49 +0100)]
add GeoIP and rDNS information to used nameservers
Add GeoIP and rDNS information to DNS nameserver list at netexternal.cgi
Use newly implemented GeoIP function in /var/ipfire/geoip-functions.pl
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 29 Nov 2017 12:04:05 +0000 (12:04 +0000)]
core117: Ship updated ids.dat
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Tue, 21 Nov 2017 19:27:45 +0000 (20:27 +0100)]
show IDS rule names correctly in WebUI log
The WebUI IDS log did not display the rule name for alerts
where a signature with a five digit number was triggered
(some Emerging Threats signatures are using them).
Changing the regular expression so it will match on five
digit SIDs, too.
Fixes #11519.
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 29 Nov 2017 12:02:50 +0000 (12:02 +0000)]
core117: Ship updated index.cgi
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Fri, 24 Nov 2017 19:28:02 +0000 (20:28 +0100)]
link to DNS server status page on index.cgi
Show a link to the DNS server status at netexternal.cgi
on index.cgi in WebUI.
For the lazy ones... :-)
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Fri, 24 Nov 2017 19:32:55 +0000 (20:32 +0100)]
correct wrong headline at hardwaregraphs.cgi
The page description (title and headline) should print
"hardware graphs" instead of only mentioning HDDs.
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 29 Nov 2017 12:00:33 +0000 (12:00 +0000)]
core117: Ship updated netother.cgi
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 29 Nov 2017 12:00:13 +0000 (12:00 +0000)]
Update translations
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Fri, 24 Nov 2017 19:39:34 +0000 (20:39 +0100)]
translate 'firewall hits' at netother.cgi
Also translate 'firewall hits' at the network status
(other) page in WebUI.
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 29 Nov 2017 11:59:08 +0000 (11:59 +0000)]
core117: Ship updated credits.cgi
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Tue, 28 Nov 2017 19:41:53 +0000 (20:41 +0100)]
update links to www.ipfire.org at credits.cgi
The links to the IPFire homepage in the credits.cgi file should
point to the HTTPS version of the site now.
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 29 Nov 2017 11:57:37 +0000 (11:57 +0000)]
captive: Escape any special characters in title on PDF vouchers
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 29 Nov 2017 11:54:37 +0000 (11:54 +0000)]
make.sh: Create /tools_${arch} link only when building a toolchain
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 28 Nov 2017 17:49:25 +0000 (17:49 +0000)]
core117: Ship latest updates of syslogging
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Mon, 20 Nov 2017 18:40:32 +0000 (19:40 +0100)]
add language strings
Add language strings for changed config.dat CGI file.
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Mon, 20 Nov 2017 18:40:17 +0000 (19:40 +0100)]
allow changing remote syslog protocol to TCP
Add option to change remote syslog protocol to TCP, which
is more reliable than UDP, but might be unsupported on
older syslog servers.
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Mon, 20 Nov 2017 18:40:11 +0000 (19:40 +0100)]
allow remote syslog via TCP in syslogdctrl.c
Make syslogctrl.c use TCP as remote logging file if specified so.
Thanks to Michael for reviewing this.
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 28 Nov 2017 17:44:49 +0000 (17:44 +0000)]
make.sh: Simplify maths to determine cursor position
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 28 Nov 2017 17:36:07 +0000 (17:36 +0000)]
make.sh: Improve formatting of options
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 28 Nov 2017 17:34:02 +0000 (17:34 +0000)]
make.sh: Fix position of SKIP message when building packages
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 28 Nov 2017 17:14:29 +0000 (17:14 +0000)]
ssl: Drop package which isn't maintained any more
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 28 Nov 2017 13:46:07 +0000 (13:46 +0000)]
Drop vsftpd which isn't actively maintained any more
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 28 Nov 2017 15:55:19 +0000 (15:55 +0000)]
pound: Drop package which isn't very actively maintained any more
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 28 Nov 2017 17:28:09 +0000 (17:28 +0000)]
make.sh: Drop generating a global rootfile
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 28 Nov 2017 17:27:36 +0000 (17:27 +0000)]
make.sh: Fix printing a log line
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 28 Nov 2017 17:22:23 +0000 (17:22 +0000)]
make.sh: Continue producing nice output after screen has been resized
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 28 Nov 2017 17:19:27 +0000 (17:19 +0000)]
core117: Ship updated vpnmain.cgi
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 28 Nov 2017 17:17:22 +0000 (17:17 +0000)]
vpnmain.cgi: Disable compression by default
The compression is causing some interoperatibility issues
and does not really compress data very much - even when the
data is quite compressible.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 28 Nov 2017 14:14:16 +0000 (14:14 +0000)]
apache: Wait until apache has stopped when we want to stop it
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 7 Nov 2017 20:30:52 +0000 (20:30 +0000)]
apache: Ensure that not everyone can read the keys
This would become a security risk if anyone gets
shell access as any user to copy out the HTTPS keys.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Arne Fitzenreiter [Tue, 28 Nov 2017 06:01:33 +0000 (07:01 +0100)]
boost: disable parallel build
this need more than 1GB ram on arm
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Mon, 27 Nov 2017 17:20:59 +0000 (18:20 +0100)]
samba: import security updates from redhead
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Thu, 23 Nov 2017 16:09:00 +0000 (16:09 +0000)]
make.sh: Don't try to dump a non-existing logfile
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 23 Nov 2017 16:07:42 +0000 (16:07 +0000)]
make.sh: Show architecture we are building the toolchain for
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 23 Nov 2017 16:06:59 +0000 (16:06 +0000)]
make.sh: Fix typo
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 23 Nov 2017 14:46:55 +0000 (14:46 +0000)]
make.sh: Refactor build status code
This replaces the old lines that make the build
output pretty and replaces it by a version that showns
progress as it is going on as well as providing useful
output when the console is non-interactive.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 23 Nov 2017 11:56:18 +0000 (11:56 +0000)]
Compress toolchain using XZ
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 23 Nov 2017 12:39:57 +0000 (12:39 +0000)]
make.sh: Refactor renice and root check
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 23 Nov 2017 12:35:17 +0000 (12:35 +0000)]
make.sh: Cleanup prepareenv
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 23 Nov 2017 12:24:38 +0000 (12:24 +0000)]
make.sh: TARGET_ARCH has been replaced by BUILD_ARCH
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 23 Nov 2017 12:18:41 +0000 (12:18 +0000)]
make.sh: Merge make-functions into make.sh
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 23 Nov 2017 11:39:23 +0000 (11:39 +0000)]
Move toolchain from /tools to /tools_${arch}
This will allow us to run multiple builds on the same
system at the same time (or at least have them on disk).
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 23 Nov 2017 12:01:39 +0000 (12:01 +0000)]
make.sh: Drop option to generate a source ISO
This is a very weird way to distribute sources in 2017.
Let's save the environment and stop using CDs.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 20 Nov 2017 15:46:53 +0000 (15:46 +0000)]
core117: Reload apache for change of configuration
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Sun, 19 Nov 2017 16:24:36 +0000 (17:24 +0100)]
disable SSL compression and session tickets in Apache
Ensure that Apache never uses SSL compression, which is vulnerable,
and turn off session tickets since the might cause impact to PFS.
Based against next, supersedes first version.
Reported-by: Wolfgang Apolinarski <wolfgang.apolinarski@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 13 Nov 2017 23:18:55 +0000 (23:18 +0000)]
Retire the IPFire CA
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 13 Nov 2017 23:18:00 +0000 (23:18 +0000)]
core117: Ship updated CA bundle
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Sun, 12 Nov 2017 06:49:53 +0000 (07:49 +0100)]
update ca-certificate CA bundle
Update the CA certificate list to what Mozilla NSS ships currently.
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 13 Nov 2017 22:41:58 +0000 (22:41 +0000)]
core117: Ship changes in pakfire
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Sun, 12 Nov 2017 14:40:28 +0000 (15:40 +0100)]
validate GPG keys by fingerprint
Validate GPG keys by fingerprint and not by 8-bit key-ID.
This makes exploiting bug #11539 harder, but not impossible
and does not affect existing installations.
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 13 Nov 2017 22:39:36 +0000 (22:39 +0000)]
core117: Ship latest GeoIP changes
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 9 Nov 2017 22:32:04 +0000 (22:32 +0000)]
GeoIP: Add lookup function for convenience
Instead of opening the database again for each lookup,
we will read it into memory on first use and every lookup
after that will be coming from cache.
Reviewed-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 9 Nov 2017 22:32:03 +0000 (22:32 +0000)]
geoip-functions.pl: Fix typos and formatting
Reviewed-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 13 Nov 2017 21:56:27 +0000 (21:56 +0000)]
make.sh: Default to armv5tel on armv7* build hosts
We won't offer a native port to ARMv7 in the near future
and to default to an architecture that is working on these
machines, we select armv5tel as default
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 13 Nov 2017 21:49:15 +0000 (21:49 +0000)]
Revert "make.sh: Use -pipe in CFLAGS when host has >1GB of memory"
This reverts commit
7e1639a4810e5e70db94fdb0a0a98593d50d4290 .
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 11 Nov 2017 12:47:37 +0000 (12:47 +0000)]
captive portal: Require authorization before redirecting to proxy
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 7 Nov 2017 16:20:53 +0000 (16:20 +0000)]
core117: Ship updated routing.cgi
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Alexander Marx [Tue, 7 Nov 2017 14:10:06 +0000 (15:10 +0100)]
BUG11466: fix routing.cgi the function call in routing.cgi was fixed to call the new "exact" function.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Alexander Marx [Tue, 7 Nov 2017 13:53:27 +0000 (14:53 +0100)]
Network-functions: add check if variables are defined
in function network_equal and network2bin a check for undefined variables were missing.
added them.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 7 Nov 2017 16:16:50 +0000 (16:16 +0000)]
core117: Ship updated network-functions.pl
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Alexander Marx [Tue, 7 Nov 2017 13:17:27 +0000 (14:17 +0100)]
BUG11466: Fix network_equal function
The network_equal function only tested the subnet addresses of two given networks which lead to
errormessages saying "This is the green network"
The fix tests netwok and subnet IP's to fix this
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 6 Nov 2017 18:11:49 +0000 (18:11 +0000)]
core117: Ship changed files of the webUI
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Mon, 6 Nov 2017 17:12:48 +0000 (18:12 +0100)]
link to HTTPS version of www.ipfire.org in WebUI
Change links to www.ipfire.org in WebUI themes since the website
now uses HTTPS.
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Mon, 6 Nov 2017 17:27:04 +0000 (18:27 +0100)]
Tor: Use relay mode as default setting
Set the default operating mode to "relay" in the Tor WebUI
configuration page.
Running a Tor exit relay may cause legal trouble in some
countries and should not be the default setting to prevent
users from accidentally running an exit router.
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 6 Nov 2017 18:10:02 +0000 (18:10 +0000)]
Start Core Update 117
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 7 Nov 2017 15:02:28 +0000 (16:02 +0100)]
unbound: Silence error when upstream name servers cannot be read
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 7 Nov 2017 14:43:14 +0000 (15:43 +0100)]
make.sh: Calculate MAKETUNING depending on available memory
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 7 Nov 2017 14:27:31 +0000 (15:27 +0100)]
make.sh: Remove setting the EDITOR variable which we don't use
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 7 Nov 2017 14:25:11 +0000 (15:25 +0100)]
make.sh: Add function to determine how many CPU cores the build host has
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>