]>
git.ipfire.org Git - people/dweismueller/ipfire-2.x.git/log
Michael Tremer [Wed, 24 Sep 2014 18:39:43 +0000 (20:39 +0200)]
Merge branch 'master' into next
Michael Tremer [Wed, 24 Sep 2014 18:38:59 +0000 (20:38 +0200)]
core83: add changed files
Michael Tremer [Wed, 24 Sep 2014 18:31:55 +0000 (20:31 +0200)]
Create core update 83
Michael Tremer [Wed, 24 Sep 2014 16:48:35 +0000 (18:48 +0200)]
bash: Fix for CVE-2014-6271
A flaw was found in the way Bash evaluated certain specially crafted
environment variables. An attacker could use this flaw to override
or bypass environment restrictions to execute shell commands.
Certain services and applications allow remote unauthenticated
attackers to provide environment variables, allowing them to exploit
this issue.
Stefan Schantl [Sat, 20 Sep 2014 09:49:39 +0000 (11:49 +0200)]
urlfilter.cgi: Fix path to squidGuard binary when converting custom blacklists.
Fixes #10626.
Stefan Schantl [Tue, 16 Sep 2014 18:37:16 +0000 (20:37 +0200)]
logs.cgi/ids.dat: Change url for snort sid details.
Fixes #10578.
Arne Fitzenreiter [Tue, 9 Sep 2014 17:20:54 +0000 (19:20 +0200)]
openssl-compat: update to 0.9.8zb.
Arne Fitzenreiter [Tue, 9 Sep 2014 15:57:27 +0000 (17:57 +0200)]
Merge remote-tracking branch 'origin/master' into core82
Arne Fitzenreiter [Tue, 9 Sep 2014 15:54:27 +0000 (17:54 +0200)]
xen-image: add xz-aware xen version hint to README.
Michael Tremer [Sat, 6 Sep 2014 16:44:50 +0000 (18:44 +0200)]
general-functions.pl: Fix perl coding error
Michael Tremer [Thu, 4 Sep 2014 09:13:41 +0000 (11:13 +0200)]
general-functions.pl: Fix syntax error
Michael Tremer [Wed, 3 Sep 2014 20:23:04 +0000 (22:23 +0200)]
general-functions.pl: Subroutine getnetworkip() accepted multiple arguments
Michael Tremer [Sat, 6 Sep 2014 16:44:50 +0000 (18:44 +0200)]
general-functions.pl: Fix perl coding error
Arne Fitzenreiter [Fri, 5 Sep 2014 19:56:01 +0000 (21:56 +0200)]
rsync: update to 3.1.1.
Michael Tremer [Thu, 4 Sep 2014 09:13:41 +0000 (11:13 +0200)]
general-functions.pl: Fix syntax error
Michael Tremer [Wed, 3 Sep 2014 20:23:04 +0000 (22:23 +0200)]
general-functions.pl: Subroutine getnetworkip() accepted multiple arguments
Michael Tremer [Wed, 3 Sep 2014 19:49:01 +0000 (21:49 +0200)]
glibc: Import several fixes from RHEL.
Fixes #10611, CVE-2014-5119 among other bug fixes.
Alexander Marx [Mon, 1 Sep 2014 09:11:25 +0000 (11:11 +0200)]
Squid-accounting: revert setlocale because thevalues are not correctly with this setting
Michael Tremer [Thu, 28 Aug 2014 15:01:44 +0000 (17:01 +0200)]
proxy.cgi: Move ACL definitions up
ACl definitions could not be used in some other directives
unless they are defined earlier.
Michael Tremer [Thu, 28 Aug 2014 14:09:31 +0000 (16:09 +0200)]
squid: Update to 3.4.7
Solves a DoS issue "Ignore Range headers with unidentifiable byte-range values"
filed under security advisory SQUID-2014:2 and CVE-2014-3609.
Michael Tremer [Sun, 24 Aug 2014 13:22:04 +0000 (15:22 +0200)]
findutils: Cannot use exec here or the lockfile won't be removed
Michael Tremer [Sun, 24 Aug 2014 13:14:25 +0000 (15:14 +0200)]
minidlna: Update to 1.1.3
Fixes #10573
Michael Tremer [Sun, 24 Aug 2014 12:46:06 +0000 (14:46 +0200)]
findutils: Run updatedb once a week
As suggested in bug #10303
Arne Fitzenreiter [Sat, 23 Aug 2014 15:06:40 +0000 (17:06 +0200)]
Merge branch 'core82' of ssh://git.ipfire.org/pub/git/ipfire-2.x into core82
Arne Fitzenreiter [Sat, 23 Aug 2014 07:36:01 +0000 (09:36 +0200)]
perl-PDF-API2: rootfile fix for arm.
Arne Fitzenreiter [Fri, 22 Aug 2014 15:03:19 +0000 (17:03 +0200)]
samba: bump PAK_VER.
Arne Fitzenreiter [Fri, 22 Aug 2014 10:05:39 +0000 (12:05 +0200)]
sane: depends on cups libs.
Arne Fitzenreiter [Fri, 22 Aug 2014 07:27:18 +0000 (09:27 +0200)]
core82: add iputils to update.
Arne Fitzenreiter [Fri, 22 Aug 2014 07:17:27 +0000 (09:17 +0200)]
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next
Conflicts:
lfs/iputils
Arne Fitzenreiter [Thu, 21 Aug 2014 21:38:30 +0000 (23:38 +0200)]
core82: finish update
Michael Tremer [Thu, 21 Aug 2014 14:12:43 +0000 (16:12 +0200)]
firewall: Fix initialization when RED has not been brought up yet
Michael Tremer [Thu, 21 Aug 2014 08:47:11 +0000 (10:47 +0200)]
Rootfile update
Michael Tremer [Thu, 21 Aug 2014 08:46:34 +0000 (10:46 +0200)]
initscripts: Remove old firewall-reload symlink
Arne Fitzenreiter [Wed, 20 Aug 2014 19:56:35 +0000 (21:56 +0200)]
iputils: Ship tracepath
Arne Fitzenreiter [Tue, 19 Aug 2014 14:17:13 +0000 (16:17 +0200)]
ppp: update to 2.4.7.
Fix for ms-chap-v2.
fixes #10575.
Michael Tremer [Thu, 14 Aug 2014 10:45:37 +0000 (12:45 +0200)]
core82: Add changed files
Michael Tremer [Thu, 14 Aug 2014 10:27:56 +0000 (12:27 +0200)]
Move core updates 80 and 81 to oldcore.
Michael Tremer [Thu, 14 Aug 2014 10:27:15 +0000 (12:27 +0200)]
Create empty core update 82.
Michael Tremer [Mon, 11 Aug 2014 09:49:31 +0000 (11:49 +0200)]
proxy: Allow HTTP Basic authentication against Active Directory servers
Some clients may not support NTLMv2. Basic authentication can
now be activated. This is dangerous as it sends the credentials
in cleartext to the proxy server.
Axel Gembe [Mon, 11 Aug 2014 04:23:58 +0000 (12:23 +0800)]
general-functions.pl: validdomainname misinterprets RFC1035
The function validdomainname checks that each part of a domain name is at least
2 characters in length, but RFC1035 only makes a restriction on a "label" being
at most 63 characters in length. This change allows reverse DNS zones like
2.168.192.in-addr.arpa to be added to the DNS forward configuration, which was
incorrectly prevented before.
Signed-off-by: Axel Gembe <ago@multipixs.com>
Timo Eissler [Thu, 7 Aug 2014 18:11:22 +0000 (20:11 +0200)]
firewall: updated rootfiles
Timo Eissler [Thu, 7 Aug 2014 17:00:58 +0000 (19:00 +0200)]
firewall: fix faulty masquerading packets
Arne Fitzenreiter [Fri, 8 Aug 2014 06:51:53 +0000 (08:51 +0200)]
Merge branch 'master' into next
Arne Fitzenreiter [Fri, 8 Aug 2014 06:14:29 +0000 (08:14 +0200)]
core81: set need reboot flag and restart apache.
Michael Tremer [Thu, 7 Aug 2014 19:06:13 +0000 (21:06 +0200)]
Merge remote-tracking branch 'ms/ddns.cgi-fixes' into next
Conflicts:
html/cgi-bin/ddns.cgi
Stefan Schantl [Sat, 26 Jul 2014 16:26:37 +0000 (18:26 +0200)]
ddns.cgi: Support hostname details without seperating dots.
To keep compatiblity with the settings file of the old DDNS update script
(setddns.pl) we keept the storrage of the hostname information in
two parts (hostname and domain) and connected both with a dot to get a valid
FQDN again. OpenDNS and may some other providers do not use a dotted format
for this information, so one of these two values were empty.
We now can handle such cases in a right way.
Michael Tremer [Thu, 7 Aug 2014 18:58:33 +0000 (20:58 +0200)]
ddns.cgi: Fix CGI clearing all settings.
Michael Tremer [Thu, 7 Aug 2014 18:40:14 +0000 (20:40 +0200)]
ddns.cgi: Fix coding style.
Michael Tremer [Thu, 7 Aug 2014 18:33:10 +0000 (20:33 +0200)]
ddns.cgi: Allow enabling/disabling entries.
Michael Tremer [Thu, 7 Aug 2014 13:11:47 +0000 (15:11 +0200)]
Merge remote-tracking branch 'amarx/ACCOUNTING' into next
Alexander Marx [Thu, 7 Aug 2014 13:10:11 +0000 (15:10 +0200)]
squid-accounting: get trafficdata from LAST month, when month has changed
Michael Tremer [Thu, 7 Aug 2014 12:59:17 +0000 (14:59 +0200)]
Merge remote-tracking branch 'amarx/ACCOUNTING' into next
Conflicts:
make.sh
Michael Tremer [Thu, 7 Aug 2014 12:50:42 +0000 (14:50 +0200)]
Merge remote-tracking branch 'ms/firewall-no-nat' into next
Conflicts:
doc/language_issues.nl
doc/language_issues.tr
Michael Tremer [Thu, 7 Aug 2014 12:49:50 +0000 (14:49 +0200)]
Add batctl and libnl-3.
Arne Fitzenreiter [Thu, 7 Aug 2014 02:31:58 +0000 (04:31 +0200)]
core81: change updatescript for core81.
Arne Fitzenreiter [Wed, 6 Aug 2014 22:58:21 +0000 (00:58 +0200)]
core81: add changes to core81 updater.
Arne Fitzenreiter [Wed, 6 Aug 2014 22:57:23 +0000 (00:57 +0200)]
openssl: update to 1.0.1i.
Arne Fitzenreiter [Wed, 6 Aug 2014 18:26:08 +0000 (20:26 +0200)]
ddns: rootfile update.
Arne Fitzenreiter [Wed, 6 Aug 2014 16:05:14 +0000 (18:05 +0200)]
check_mk_agent: extract backup include before uninstall.
Alexander Marx [Wed, 6 Aug 2014 13:10:41 +0000 (15:10 +0200)]
squid-accounting: create billpreview file as temporary file
Michael Tremer [Wed, 6 Aug 2014 12:37:21 +0000 (14:37 +0200)]
firewall-no-nat: Use network masks to identify the subnets.
In the POSTROUTING chains of the NAT table, there is
no more information about on which interface the packet
has arrived (green0, etc.).
Alexander Marx [Wed, 6 Aug 2014 11:50:42 +0000 (13:50 +0200)]
squid-accounting: changed permissions on acct-lib.pl
Alexander Marx [Wed, 6 Aug 2014 11:41:54 +0000 (13:41 +0200)]
squid-accounting: change permissions and reread languagefiles on uninstall
Alexander Marx [Wed, 6 Aug 2014 06:59:43 +0000 (08:59 +0200)]
Per-PDF-API2: new perl module used by squid-accounting
Michael Tremer [Wed, 6 Aug 2014 08:30:44 +0000 (10:30 +0200)]
check_mk_agent: Bump release version to 4.
Michael Tremer [Wed, 6 Aug 2014 08:28:57 +0000 (10:28 +0200)]
Merge remote-tracking branch 'morlix/check_mk'
Arne Fitzenreiter [Wed, 6 Aug 2014 07:36:31 +0000 (09:36 +0200)]
Merge branch 'master' of git.ipfire.org:/pub/git/ipfire-2.x
Arne Fitzenreiter [Wed, 6 Aug 2014 07:30:13 +0000 (09:30 +0200)]
lzo: Downgrade to 2.0.6 (CVE-2014-4607 patched).
openvpn fails at lzo_init with lzo-2.07 and 2.08 on armv5tel.
Alexander Marx [Wed, 6 Aug 2014 06:58:43 +0000 (08:58 +0200)]
Squid-accounting: new addon for measuring proxy traffic per user/ip
Stefan Schantl [Tue, 5 Aug 2014 19:24:44 +0000 (21:24 +0200)]
ddns.cgi: Fix enable/disable handling of entries.
When the "enabled" checkbox is checked a "on" will be returned,
if the box is unchecked checkboxes will return nothing.
As a result of this behaviour the ddns.conf contained entries which have been disabled in the WUI.
We now check if the checkbox returns a "on", otherwise we will set the "enabled" value to "off" to
prevent from this problem.
Michael Tremer [Tue, 5 Aug 2014 17:49:28 +0000 (19:49 +0200)]
ddns: Update to 004.
Arne Fitzenreiter [Tue, 29 Jul 2014 19:57:07 +0000 (21:57 +0200)]
firewall: add more pscan matches and filter INVALID conntrack packages.
Erik Kapfer [Thu, 31 Jul 2014 06:43:24 +0000 (08:43 +0200)]
OpenVPN: Added a check for empty 'CERT_NAME' field.
Fixes: #10581
Michael Tremer [Mon, 4 Aug 2014 17:39:16 +0000 (19:39 +0200)]
tor: Update to 0.2.4.23
http://www.heise.de/security/meldung/Erfolgreicher-Angriff-auf-Tor-Anonymisierung-
2278774 .html
Stefan Schantl [Thu, 31 Jul 2014 19:45:38 +0000 (21:45 +0200)]
ddns.cgi: Check for valid FQDN before doing nslookup.
We now check if the used hostname is a valid FQDN before doing the nslookup to
determine if a DDNS host is up do date.
Stefan Schantl [Fri, 1 Aug 2014 17:56:52 +0000 (19:56 +0200)]
ddns.cgi: Fix token auth for provider regfish.com.
In the past the regfish.com auth token was stored as username similar than freedns.afraid.com. We now expected
the token key stored as password, to keep compatiblity with old installations I've added some compatible code
to prevent users from various issues.
Erik Kapfer [Thu, 31 Jul 2014 06:43:24 +0000 (08:43 +0200)]
OpenVPN: Added a check for empty 'CERT_NAME' field.
Fixes: #10581
Michael Tremer [Wed, 30 Jul 2014 11:15:33 +0000 (13:15 +0200)]
Merge remote-tracking branch 'dweismueller/owncloud-7' into next
Erik Kapfer [Tue, 29 Jul 2014 20:29:28 +0000 (22:29 +0200)]
ids.cgi fix snort rules download url.
fixes: 10579
Arne Fitzenreiter [Tue, 29 Jul 2014 20:01:19 +0000 (22:01 +0200)]
Merge remote-tracking branch 'origin/master' into next
Conflicts:
config/cfgroot/general-functions.pl
Arne Fitzenreiter [Tue, 29 Jul 2014 19:57:07 +0000 (21:57 +0200)]
firewall: add more pscan matches and filter INVALID conntrack packages.
Daniel Weismüller [Tue, 29 Jul 2014 13:55:36 +0000 (15:55 +0200)]
owncloud: updatet to version 7.0.0
Michael Tremer [Tue, 29 Jul 2014 10:14:23 +0000 (12:14 +0200)]
Revert "General-functions.pl: rewrite IpInSubnet replace inet_ntoa"
This reverts commit
ab92dc0c84cc6c11f90e753439567d80bac23e2b .
See comment in last commit
Michael Tremer [Tue, 29 Jul 2014 10:12:38 +0000 (12:12 +0200)]
Revert "General-functions.pl: rewrite getnetworkip without inet_aton"
This reverts commit
1be398ae381d4d0cdbd50272bff4434121d36f65 .
Some users reported some issues with the generated firewall ruleset
with the new function:
http://forum.ipfire.org/index.php?topic=11124.0
Michael Tremer [Tue, 29 Jul 2014 10:07:02 +0000 (12:07 +0200)]
rngd: Silence initscript when rngd is already started.
When a hardware random number generator is found by udev
it will start rngd automatically which is what we also do
by default in the initialisation sequence of the system
(e.g. for RDRAND).
The user will then see an error message that rngd has
already been started which was confusing.
Michael Tremer [Sun, 27 Jul 2014 20:46:20 +0000 (22:46 +0200)]
general-functions.pl: Replace lots of broken network code.
The state of some code especially in general-functions.pl
is in such a bad shape and faulty.
This is a first step that replaces some of the network
functions with those who have been tested and work for
undefined inputs.
The old functions have been left in place as stubs
and must be removed at some time.
Michael Tremer [Sun, 27 Jul 2014 10:36:11 +0000 (12:36 +0200)]
Merge remote-tracking branch 'stevee/next-ddns-opendns.com-fix' into next
Stefan Schantl [Sat, 26 Jul 2014 16:26:37 +0000 (18:26 +0200)]
ddns.cgi: Support hostname details without seperating dots.
To keep compatiblity with the settings file of the old DDNS update script
(setddns.pl) we keept the storrage of the hostname information in
two parts (hostname and domain) and connected both with a dot to get a valid
FQDN again. OpenDNS and may some other providers do not use a dotted format
for this information, so one of these two values were empty.
We now can handle such cases in a right way.
Michael Tremer [Sun, 27 Jul 2014 10:02:17 +0000 (12:02 +0200)]
Update translations.
Michael Tremer [Sun, 27 Jul 2014 10:01:50 +0000 (12:01 +0200)]
Merge remote-tracking branch 'ms/squid-ad' into next
Michael Tremer [Sat, 26 Jul 2014 20:12:49 +0000 (22:12 +0200)]
mpfr: Update to 3.2.1.
Michael Tremer [Sat, 26 Jul 2014 20:09:20 +0000 (22:09 +0200)]
gmp: Update to 6.0.0.
Michael Tremer [Sat, 26 Jul 2014 19:34:45 +0000 (21:34 +0200)]
Merge remote-tracking branch 'morlix/bacula' into next
Conflicts:
make.sh
Michael Tremer [Sat, 26 Jul 2014 19:34:06 +0000 (21:34 +0200)]
Merge remote-tracking branch 'morlix/check_mk' into next
Michael Tremer [Sat, 26 Jul 2014 19:16:23 +0000 (21:16 +0200)]
Revert "firewall: Filter logging of broadcasts from the internal networks."
This reverts commit
63f2fb7fda9112d9e39414328e5d4fab28809c63 .
Arne Fitzenreiter [Sat, 26 Jul 2014 18:54:54 +0000 (20:54 +0200)]
core80: fix permissions before config update.
Michael Tremer [Sat, 26 Jul 2014 18:42:37 +0000 (18:42 +0000)]
boost: Don't run more than two build processes at once
Timo Eissler [Fri, 25 Jul 2014 18:32:00 +0000 (20:32 +0200)]
check_mk_agent: fixed backup include filename
Michael Tremer [Thu, 24 Jul 2014 20:54:52 +0000 (22:54 +0200)]
boost: New package.
Michael Tremer [Thu, 24 Jul 2014 11:32:05 +0000 (13:32 +0200)]
logs: Add dynamic DNS logging section.