]>
git.ipfire.org Git - people/pmueller/ipfire-2.x.git/log
Arne Fitzenreiter [Mon, 6 Jan 2014 07:53:30 +0000 (08:53 +0100)]
apache: Add message for generating host certs.
On rpi this need 3.5 minutes so it is better to show that this need a while.
Michael Tremer [Sun, 5 Jan 2014 01:42:21 +0000 (02:42 +0100)]
general-functions.pl: Format output of age().
The output of the age() function was a bit messy with
some translations. It was now much simplified and it
now shows the time in a standardized format.
Michael Tremer [Sun, 5 Jan 2014 01:18:43 +0000 (02:18 +0100)]
vpnmain.cgi: Re-design algorithm selection.
Michael Tremer [Sun, 5 Jan 2014 00:34:40 +0000 (01:34 +0100)]
IPsec: Add MODP-2048 subgroups.
Michael Tremer [Sun, 5 Jan 2014 00:27:53 +0000 (01:27 +0100)]
IPsec: Add Brainpool elliptic curves.
Michael Tremer [Sun, 5 Jan 2014 00:11:10 +0000 (01:11 +0100)]
IPsec: Add Camellia cipher for IKE and ESP.
Michael Tremer [Sat, 4 Jan 2014 17:31:10 +0000 (18:31 +0100)]
darkdos theme: Fix link to jquery.
Michael Tremer [Sat, 4 Jan 2014 17:29:47 +0000 (18:29 +0100)]
Add darkdos theme to IPFire 2.15.
Logan Schmidt [Wed, 6 Nov 2013 08:06:54 +0000 (02:06 -0600)]
Added new theme: darkdos
Red styled theme inspired by maniac's theme.
Michael Tremer [Sat, 4 Jan 2014 16:20:15 +0000 (17:20 +0100)]
openvpn: Use AES-256-CBC as default cipher.
Applies to new installations, only.
Michael Tremer [Sat, 4 Jan 2014 15:21:56 +0000 (16:21 +0100)]
toolchain: Fix compiling due to Stack Protector changes.
Arne Fitzenreiter [Sat, 4 Jan 2014 10:49:01 +0000 (11:49 +0100)]
Merge remote-tracking branch 'origin/master' into fifteen
Michael Tremer [Thu, 2 Jan 2014 16:37:53 +0000 (17:37 +0100)]
OpenVPN verify script must be owned by root.
Michael Tremer [Thu, 2 Jan 2014 16:36:28 +0000 (17:36 +0100)]
core75: Include ovpnmain.cgi.
Arne Fitzenreiter [Mon, 30 Dec 2013 18:36:46 +0000 (19:36 +0100)]
Set version to 2.15 beta1.
Arne Fitzenreiter [Mon, 30 Dec 2013 12:55:34 +0000 (13:55 +0100)]
Merge remote-tracking branch 'origin/next' into fifteen
Conflicts:
config/rootfiles/core/70/exclude
config/rootfiles/core/70/meta
config/rootfiles/core/71/exclude
config/rootfiles/core/71/meta
config/rootfiles/core/72/filelists/strongswan
config/rootfiles/core/72/meta
config/rootfiles/core/73/exclude
config/rootfiles/core/73/meta
config/rootfiles/core/fifteen/exclude
config/rootfiles/core/fifteen/filelists/strongswan
config/rootfiles/core/fifteen/meta
config/rootfiles/oldcore/70/exclude
config/rootfiles/oldcore/70/meta
config/rootfiles/oldcore/71/exclude
config/rootfiles/oldcore/71/meta
config/rootfiles/oldcore/72/filelists/strongswan
config/rootfiles/oldcore/72/meta
config/rootfiles/oldcore/73/exclude
config/rootfiles/oldcore/73/filelists/GeoIP
config/rootfiles/oldcore/73/filelists/hwdata
config/rootfiles/oldcore/73/filelists/openssh
config/rootfiles/oldcore/73/filelists/php
config/rootfiles/oldcore/73/meta
Arne Fitzenreiter [Mon, 30 Dec 2013 12:45:10 +0000 (13:45 +0100)]
Merge remote-tracking branch 'origin/next' into fifteen
Arne Fitzenreiter [Mon, 30 Dec 2013 12:01:49 +0000 (13:01 +0100)]
close core75.
Michael Tremer [Mon, 30 Dec 2013 12:00:13 +0000 (13:00 +0100)]
Move Core Updates 70-74 to oldcore directory.
Arne Fitzenreiter [Mon, 30 Dec 2013 09:35:25 +0000 (10:35 +0100)]
Merge branch 'fifteen' of ssh://git.ipfire.org/pub/git/ipfire-2.x into fifteen
Arne Fitzenreiter [Mon, 30 Dec 2013 09:34:33 +0000 (10:34 +0100)]
firstsetup: init udev hwdb at first boot.
Michael Tremer [Sun, 29 Dec 2013 20:13:55 +0000 (21:13 +0100)]
openvpn: Move verify script out of configuration directory.
Michael Tremer [Sun, 29 Dec 2013 19:56:16 +0000 (20:56 +0100)]
openssl-compat: Enable cryptodev again.
This is compiled in and therefore not an externally loadable
engine.
Michael Tremer [Sun, 29 Dec 2013 19:46:41 +0000 (20:46 +0100)]
openssl: Don't propose too weak ciphers.
Michael Tremer [Sun, 29 Dec 2013 19:41:25 +0000 (20:41 +0100)]
Create core update 75.
Arne Fitzenreiter [Sun, 29 Dec 2013 19:32:47 +0000 (20:32 +0100)]
Merge branch 'fifteen' of ssh://git.ipfire.org/pub/git/ipfire-2.x into fifteen
Arne Fitzenreiter [Sun, 29 Dec 2013 19:14:01 +0000 (20:14 +0100)]
bluetooth: update udev rules.
Michael Tremer [Sat, 28 Dec 2013 16:06:38 +0000 (17:06 +0100)]
pakfire: Prevent an infinite loop with empty server list.
Michael Tremer [Wed, 25 Dec 2013 14:12:34 +0000 (15:12 +0100)]
openvpn: Fix verify script.
Former versions of openvpn called the script where the arguments
in the certificate's common name where separated by /.
Now, those are separated by ", " (comma, space).
Michael Tremer [Sat, 28 Dec 2013 16:06:38 +0000 (17:06 +0100)]
pakfire: Prevent an infinite loop with empty server list.
Michael Tremer [Fri, 27 Dec 2013 12:37:40 +0000 (13:37 +0100)]
fifteen: Add openssl and depending packages to core update.
Michael Tremer [Fri, 27 Dec 2013 12:32:38 +0000 (13:32 +0100)]
Merge branch 'openssl-update' into fifteen
Alexander Marx [Fri, 27 Dec 2013 10:09:34 +0000 (11:09 +0100)]
Firewall: remove old firewall scripts in update.sh
Michael Tremer [Fri, 27 Dec 2013 10:29:10 +0000 (11:29 +0100)]
sslh: Move binary to /usr/sbin.
Michael Tremer [Fri, 27 Dec 2013 10:11:29 +0000 (11:11 +0100)]
sslh: Cleanup initscript.
Calling setxtaccess has been removed and never have been used
at this place.
Also, it is checked if the external IP address was properly
read from file.
Erik Kapfer [Mon, 23 Dec 2013 16:38:41 +0000 (17:38 +0100)]
fetchmail: Update to 6.3.26.
Erik Kapfer [Mon, 23 Dec 2013 16:38:41 +0000 (17:38 +0100)]
git: Update to 1.8.5.2.
Erik Kapfer [Mon, 23 Dec 2013 16:38:41 +0000 (17:38 +0100)]
wget: Update to 1.14.
Erik Kapfer [Mon, 23 Dec 2013 16:38:41 +0000 (17:38 +0100)]
Net-SSLeay: Update to 1.55.
Erik Kapfer [Mon, 23 Dec 2013 16:23:17 +0000 (17:23 +0100)]
imspector: Fix build with openssl 1.0.1.
Michael Tremer [Wed, 25 Dec 2013 19:44:24 +0000 (20:44 +0100)]
Merge branch 'fifteen' of ssh://git.ipfire.org/pub/git/ipfire-2.x into openssl-update
Alexander Marx [Tue, 24 Dec 2013 08:11:49 +0000 (09:11 +0100)]
Firewall: editedt update.sh to get rid of errormessages
Erik Kapfer [Mon, 23 Dec 2013 16:23:17 +0000 (17:23 +0100)]
openssl: Update to 1.0.1e.
Contains also the old openssl-0.9.8 libs for compatibility purposes.
Michael Tremer [Wed, 25 Dec 2013 14:12:34 +0000 (15:12 +0100)]
openvpn: Fix verify script.
Former versions of openvpn called the script where the arguments
in the certificate's common name where separated by /.
Now, those are separated by ", " (comma, space).
Arne Fitzenreiter [Tue, 24 Dec 2013 09:05:07 +0000 (10:05 +0100)]
fifteen: fix rootfile.
Arne Fitzenreiter [Mon, 23 Dec 2013 21:28:27 +0000 (22:28 +0100)]
partresize: fix partresize for new arm image layout.
Arne Fitzenreiter [Mon, 23 Dec 2013 21:27:58 +0000 (22:27 +0100)]
Merge branch 'fifteen' of ssh://git.ipfire.org/pub/git/ipfire-2.x into fifteen
Arne Fitzenreiter [Mon, 23 Dec 2013 21:25:13 +0000 (22:25 +0100)]
Merge branch 'fifteen' of ssh://git.ipfire.org/pub/git/ipfire-2.x into fifteen
Arne Fitzenreiter [Mon, 23 Dec 2013 21:24:23 +0000 (22:24 +0100)]
Merge remote-tracking branch 'stevee/imx6q-wandboard-rbased' into fifteen
Michael Tremer [Mon, 23 Dec 2013 14:18:47 +0000 (15:18 +0100)]
fifteen: Add url-filter.cgi to updater.
This file has been updated for core update 73,
but unfortunately was forgotten to be put into the
updater.
Michael Tremer [Mon, 23 Dec 2013 14:18:12 +0000 (15:18 +0100)]
fifteen: Add credits.cgi to core update.
Alexander Marx [Mon, 23 Dec 2013 14:14:25 +0000 (15:14 +0100)]
Firewall: added amarx to credits.cgi
Michael Tremer [Mon, 23 Dec 2013 13:59:56 +0000 (14:59 +0100)]
Merge remote-tracking branch 'amarx/firewall-beta10' into fifteen
Alexander Marx [Mon, 23 Dec 2013 13:52:33 +0000 (14:52 +0100)]
Firewall: Edited update.sh for fifteen core update
Michael Tremer [Mon, 23 Dec 2013 13:36:19 +0000 (14:36 +0100)]
fifteen: Adjust path to firewall converter scripts.
Alexander Marx [Mon, 23 Dec 2013 10:05:04 +0000 (11:05 +0100)]
Firewall: now it is possible to connect from one ipfire to a green network of another openvpn connected ipfire
Please take care to put this into the docu! One can create DROP rules if
the remote ipfire should NOT be able to connect to the others internal
networks. Therefor you have to take the green interface IP as SOURCE!
Alexander Marx [Mon, 23 Dec 2013 07:08:27 +0000 (08:08 +0100)]
Firewall: changed outgoingfw converter to reflect new counters
Stefan Schantl [Sat, 21 Dec 2013 16:15:44 +0000 (17:15 +0100)]
Kernel: Provide a working kernel configuration for wandboard.
Stefan Schantl [Sat, 21 Dec 2013 16:15:03 +0000 (17:15 +0100)]
Kernel: Add support for PCI Express on wandboard.
When manualy a PCI Express Slot has been soldered to the board, any kind of
PCI-E hardware can be used after loading the pcie_imx kernel module.
Arne Fitzenreiter [Sat, 21 Dec 2013 09:05:39 +0000 (10:05 +0100)]
Merge remote-tracking branch 'origin/next' into fifteen
Arne Fitzenreiter [Fri, 20 Dec 2013 22:31:40 +0000 (23:31 +0100)]
kernel: update to 3.10.25.
Alexander Marx [Fri, 20 Dec 2013 11:53:46 +0000 (12:53 +0100)]
Firewall: when DNAT external port is given and dest port is empty, theres now an errormessage displayed
Alexander Marx [Fri, 20 Dec 2013 10:56:18 +0000 (11:56 +0100)]
Firewall: Now servicegroups and networkgroups can be renamed
Alexander Marx [Fri, 20 Dec 2013 08:40:24 +0000 (09:40 +0100)]
Firewall: added JS to automatically select radiobuttons in fwhosts
Alexander Marx [Thu, 19 Dec 2013 16:32:37 +0000 (17:32 +0100)]
FIrewall: Rewrote complete counters for firewall-groups (hosts,networks, network-groups)
Alexander Marx [Thu, 19 Dec 2013 16:26:12 +0000 (17:26 +0100)]
Firewall: Bugfix - When editing a DNAT rule and setting prot to "all" the port from previus rule was not resettet
Arne Fitzenreiter [Thu, 19 Dec 2013 21:46:48 +0000 (22:46 +0100)]
collectd initskript: parse new lm_sensors config.
Arne Fitzenreiter [Thu, 19 Dec 2013 21:45:34 +0000 (22:45 +0100)]
lm_sensors: update to 3.3.4.
Stefan Schantl [Thu, 19 Dec 2013 20:42:56 +0000 (21:42 +0100)]
Kernel: Add SATA support on imx6 wandboard.
The imx6q wandboard has a soldered SATA port which can be used by loading the ahci_imx kernel module.
Stefan Schantl [Thu, 19 Dec 2013 20:34:09 +0000 (21:34 +0100)]
Kernel: Add support for wifi and bluetooth on imx6 wandboards.
Stefan Schantl [Thu, 19 Dec 2013 20:31:39 +0000 (21:31 +0100)]
Kernel: Add terminal driver support on imx platforms.
Stefan Schantl [Thu, 19 Dec 2013 20:29:11 +0000 (21:29 +0100)]
Kernel: Add CK01 clock support for imx6 wandboard.
Stefan Schantl [Thu, 19 Dec 2013 20:26:15 +0000 (21:26 +0100)]
Kernel: In case of busy i2c try again to get ACK on imx platforms.
Stefan Schantl [Thu, 19 Dec 2013 20:15:30 +0000 (21:15 +0100)]
Kernel: Add initial support for compulab utilite.
Stefan Schantl [Thu, 19 Dec 2013 20:11:54 +0000 (21:11 +0100)]
Kernel: Add initial support for imx6q wandboard.
The required entries for the device tree are taken from kernel 3.12.
Stefan Schantl [Tue, 12 Nov 2013 20:54:12 +0000 (21:54 +0100)]
Rework of flash-images.
Stefan Schantl [Sat, 16 Nov 2013 21:12:55 +0000 (16:12 -0500)]
uboot: Update to 2013.10.
Arne Fitzenreiter [Thu, 19 Dec 2013 09:55:57 +0000 (10:55 +0100)]
xen-downloader: build only on i586.
Arne Fitzenreiter [Wed, 18 Dec 2013 10:29:48 +0000 (11:29 +0100)]
kernel: update to 3.10.24.
Michael Tremer [Mon, 16 Dec 2013 11:31:19 +0000 (12:31 +0100)]
Merge remote-tracking branch 'amarx/difflang' into fifteen
Alexander Marx [Thu, 12 Dec 2013 14:44:45 +0000 (15:44 +0100)]
Firewall: Bugfix: in /etc/init.d/firewall the REDNAT chain was affected BEFORE NAT_SOURCE. Outgoing SNAT rules where not working though
Michael Tremer [Mon, 16 Dec 2013 11:28:08 +0000 (12:28 +0100)]
iptables: Update to 1.4.21.
Arne Fitzenreiter [Sat, 14 Dec 2013 21:01:16 +0000 (22:01 +0100)]
finalize core 74.
Alexander Marx [Fri, 13 Dec 2013 07:03:23 +0000 (08:03 +0100)]
TOOLS: new script langdiff added. With this script one can check a languagefile against another and gets a txtfile conatining the missing lines.
Michael Tremer [Thu, 12 Dec 2013 20:20:56 +0000 (21:20 +0100)]
core74: Add httpscert script.
Michael Tremer [Thu, 12 Dec 2013 20:18:56 +0000 (21:18 +0100)]
httpscert: Increase size of the RSA key to 4096.
RSA keys with length of 1024 bits are considered weak.
Michael Tremer [Thu, 12 Dec 2013 20:17:53 +0000 (21:17 +0100)]
httpscert: Use regular random source.
Previous to this patch, the kernel image file and internal
configuration settings have been used as a source for random
data, which is not random at all.
Michael Tremer [Thu, 12 Dec 2013 20:15:24 +0000 (21:15 +0100)]
strongswan: Disable rdrand plugin.
Disabled because of security concerns.
Michael Tremer [Thu, 12 Dec 2013 20:05:56 +0000 (21:05 +0100)]
wirelesscrtl: Add --wait to iptables command line.
With a huge number of access rules, inserting all rules
into the kernel took a long while in which other iptables
tried to access the kernel's ruleset as well, which then
lead to resource conflicts.
Since iptables 1.4.20, the --wait parameter is supported
that will wait for a global xtables lock and then proceed.
Michael Tremer [Wed, 11 Dec 2013 20:59:22 +0000 (21:59 +0100)]
Always create squid.conf.
In some cases, /var/ipfire/proxy/squid.conf does not belong to
nobody:nobody, so we do this explicitely.
Michael Tremer [Tue, 10 Dec 2013 12:31:38 +0000 (13:31 +0100)]
Merge remote-tracking branch 'amarx/firewall-fifteen-beta9' into fifteen
Alexander Marx [Tue, 10 Dec 2013 11:21:48 +0000 (12:21 +0100)]
Firewall: rebuild complete counter procedure in firewall-groups. This way the counters are on the fly generated and stable. also this is a prequisite to the new option that firewall-servicegroups can be rolled out by installation
Arne Fitzenreiter [Mon, 9 Dec 2013 23:15:01 +0000 (00:15 +0100)]
Merge branch 'next' into fifteen
Arne Fitzenreiter [Mon, 9 Dec 2013 23:14:12 +0000 (00:14 +0100)]
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next
Arne Fitzenreiter [Mon, 9 Dec 2013 23:13:20 +0000 (00:13 +0100)]
Merge branch 'master' into next
Arne Fitzenreiter [Mon, 9 Dec 2013 23:07:36 +0000 (00:07 +0100)]
samba: update to 3.6.22.
Samba 3.6.22 have been issued as security releases in order
to address CVE-2013-4408 (DCE-RPC fragment length field is incorrectly checked)
and CVE-2012-6150 (pam_winbind login without require_membership_of
restrictions).
Arne Fitzenreiter [Mon, 9 Dec 2013 16:13:34 +0000 (17:13 +0100)]
Merge branch 'fifteen' of ssh://git.ipfire.org/pub/git/ipfire-2.x into fifteen
Arne Fitzenreiter [Mon, 9 Dec 2013 16:10:59 +0000 (17:10 +0100)]
kernel: update to 3.10.23.
Alexander Marx [Mon, 9 Dec 2013 10:06:50 +0000 (11:06 +0100)]
Firewall: added DNS (UDP,TCP) to default services
Alexander Marx [Mon, 9 Dec 2013 08:33:21 +0000 (09:33 +0100)]
Firewall: Fix BETA8 - It was not possible to delete single services from servicegroups