]>
git.ipfire.org Git - people/pmueller/ipfire-2.x.git/log
Arne Fitzenreiter [Wed, 7 Aug 2019 20:16:46 +0000 (22:16 +0200)]
clamav: update to 0.101.3
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Tue, 6 Aug 2019 09:17:41 +0000 (09:17 +0000)]
setup: add ignore to all no nic assigned errors
Arne Fitzenreiter [Tue, 6 Aug 2019 04:32:22 +0000 (04:32 +0000)]
u-boot-friendlyarm: add u-boot for nanopi-r1 to boot from eMMC
this is a heavy patched version and should replaced when stock
u-boot is able to boot from h3 eMMC.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Sun, 4 Aug 2019 08:54:50 +0000 (08:54 +0000)]
u-boot: enable boot from additional mmc device
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Thu, 1 Aug 2019 07:22:04 +0000 (07:22 +0000)]
u-boot: switch default sunxi dtb to nanopi-r1
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Thu, 1 Aug 2019 07:18:20 +0000 (07:18 +0000)]
led initskript: add nanopi-r1
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Thu, 1 Aug 2019 07:09:34 +0000 (07:09 +0000)]
partresize: add copy of broadcom firmware settings for nanopi-r1
I added this to partresize like the APU scon enable because this
is the only script that runs on flashimage at first boot only and
remount root writeable.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Wed, 31 Jul 2019 11:03:33 +0000 (11:03 +0000)]
rpi-firmware: create copy of RPI3 brcm 43430 configfile.
the AP21xx need a different config so store the rpi version as backup.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Tue, 30 Jul 2019 18:28:57 +0000 (18:28 +0000)]
kernel: remove old modules folder before kernel build
the build fails at creating source symlinks for external
modules build if it already exists.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Tue, 30 Jul 2019 18:24:09 +0000 (18:24 +0000)]
kernel: update arm-multi patchset
this add FriendlyElec nanopi-r1 devicetree file.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Wed, 24 Jul 2019 10:37:10 +0000 (12:37 +0200)]
pcenginges-firmware: skip build on arm
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Mon, 22 Jul 2019 20:11:44 +0000 (21:11 +0100)]
bird: Update to 2.0.4
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Arne Fitzenreiter [Wed, 17 Jul 2019 15:19:01 +0000 (17:19 +0200)]
pcengines-firmware: rootfile update
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Wed, 17 Jul 2019 15:16:25 +0000 (17:16 +0200)]
pcengines-firmware: update to 4.9.0.7
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Wed, 17 Jul 2019 11:15:33 +0000 (13:15 +0200)]
iperf3: update to 3.7
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Wed, 17 Jul 2019 11:15:01 +0000 (13:15 +0200)]
iperf: update to 2.0.13
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Wed, 17 Jul 2019 11:12:46 +0000 (13:12 +0200)]
initskripts: fix i586 rootfile
Arne Fitzenreiter [Tue, 16 Jul 2019 09:14:41 +0000 (11:14 +0200)]
unbound: rework dns-forwader handling
add check if red interface has an IPv4 address before test the servers at
red up and simply remove forwarders at down process.
This also fix the hung at dhcpd shutdown.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Peter Müller [Sun, 14 Jul 2019 14:38:00 +0000 (14:38 +0000)]
unbound-dhcp-leases-bridge: handle PTR generation parameter
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reported-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Arne Fitzenreiter [Sun, 14 Jul 2019 05:45:51 +0000 (07:45 +0200)]
unbound: update root.hints to
2019070301
IPv4 of server B has changed. Other changes are whitespace only.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Tue, 9 Jul 2019 08:54:55 +0000 (09:54 +0100)]
core135: Ship updated squid
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Wed, 10 Jul 2019 12:20:22 +0000 (14:20 +0200)]
squid: Update to 4.8
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Sat, 6 Jul 2019 09:34:00 +0000 (09:34 +0000)]
Core Update 135: ship updated tzdata
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 4 Jul 2019 10:21:42 +0000 (11:21 +0100)]
core135: Ship updated sysctl.conf
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Thu, 4 Jul 2019 19:15:00 +0000 (19:15 +0000)]
sysctl: improve KASLR effectiveness for mmap
By feeding more random bits into mmap allocation, the
effectiveness of KASLR will be improved, making attacks
trying to bypass address randomisation more difficult.
Changed sysctl values are:
vm.mmap_rnd_bits = 32 (default: 28)
vm.mmap_rnd_compat_bits = 16 (default: 8)
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Arne Fitzenreiter [Thu, 4 Jul 2019 18:42:47 +0000 (20:42 +0200)]
unbound: check if red/iface exists before read it
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Peter Müller [Thu, 4 Jul 2019 17:51:00 +0000 (17:51 +0000)]
tzdata: update to 2019b
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 3 Jul 2019 13:57:04 +0000 (14:57 +0100)]
core135: Ship forgotten ddns package
This was updated before, but I forgot to ship it in the updater.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 1 Jul 2019 06:55:53 +0000 (07:55 +0100)]
core135: Ship cloud-init changes
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 1 Jul 2019 06:54:19 +0000 (07:54 +0100)]
Revert "Generate a VHD image"
This reverts commit
ee0e3beb39da302fb9735b8b3846ee675192b350 .
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 21 Jun 2019 03:54:54 +0000 (04:54 +0100)]
azure: Do not drop last byte of MAC addresses
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 16 Jun 2019 12:39:07 +0000 (13:39 +0100)]
Enable serial console on all Azure instances
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 15 Jun 2019 10:22:28 +0000 (11:22 +0100)]
cloud-init: Move detection functions into initscript function library
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 13 Jun 2019 11:18:52 +0000 (12:18 +0100)]
Generate a VHD image
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 14 Jun 2019 16:28:39 +0000 (16:28 +0000)]
cloud-init: Import experimental configuration script for Azure
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 14 Jun 2019 15:42:09 +0000 (15:42 +0000)]
cloud-init: Execute setup script for Azure if needed
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 14 Jun 2019 15:31:35 +0000 (15:31 +0000)]
cloud-init: Add function to detect if we are running on Azure
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 14 Jun 2019 15:25:40 +0000 (15:25 +0000)]
Rename AWS initscript to cloud-init
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 21 Jun 2019 03:54:47 +0000 (04:54 +0100)]
flash-image: Align image to 1MB boundary
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 1 Jul 2019 06:52:57 +0000 (07:52 +0100)]
core135: Ship updated packages/files
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 1 Jul 2019 06:50:48 +0000 (07:50 +0100)]
Start Core Update 135
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Fri, 28 Jun 2019 08:23:41 +0000 (10:23 +0200)]
nettle: Update to 3.5.1
For details see:
https://git.lysator.liu.se/nettle/nettle/blob/master/ChangeLog
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Thu, 27 Jun 2019 20:07:40 +0000 (22:07 +0200)]
dhcpcd: Update to 7.2.3
For details see: Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
https://roy.marples.name/blog/dhcpcd-7-2-3-released
"Minor update with the following changes:
OpenBSD: compiles again
BSD: Check RTM lengths incase of kernel issues
DHCP6: Don't stop even when last router goes away
DHCP6: Fix inform from RA
hostname: Fix short hostname check"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Arne Fitzenreiter [Sat, 29 Jun 2019 09:36:49 +0000 (11:36 +0200)]
unbound: use nic carrier instead of /var/ipfire/red/active
This speed boot with static settings and no link and
dhcp on intel nics if the mtu is changed by the dhcp lease
because the nic loose the carrier and restart the dhcp action
at mtu set.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Thu, 27 Jun 2019 16:18:41 +0000 (18:18 +0200)]
kernel: update to 4.14.131
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Mon, 24 Jun 2019 13:39:30 +0000 (14:39 +0100)]
linux: Fix rootfile to ship GeoIP modules
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Mon, 24 Jun 2019 11:07:32 +0000 (13:07 +0200)]
mc: Update to 4.8.23
For details see:
http://midnight-commander.org/wiki/NEWS-4.8.23
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Arne Fitzenreiter [Sat, 22 Jun 2019 18:59:32 +0000 (20:59 +0200)]
intel-microcode: update to
20190618
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Sat, 22 Jun 2019 14:01:16 +0000 (16:01 +0200)]
Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next
Arne Fitzenreiter [Sat, 22 Jun 2019 14:00:37 +0000 (16:00 +0200)]
kernel: 4.14.129
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Sat, 22 Jun 2019 06:47:55 +0000 (08:47 +0200)]
finish core134
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Fri, 21 Jun 2019 00:39:42 +0000 (01:39 +0100)]
Update contributors
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 21 Jun 2019 00:38:59 +0000 (01:38 +0100)]
core134: Ship updated firewall initscript
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 21 Jun 2019 00:38:22 +0000 (01:38 +0100)]
core134: Ship updated bind
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Fri, 21 Jun 2019 12:31:26 +0000 (14:31 +0200)]
bind: Update to 9.11.8
For Details see:
https://downloads.isc.org/isc/bind9/9.11.8/RELEASE-NOTES-bind-9.11.8.html
"Security Fixes
A race condition could trigger an assertion failure when a large number
of incoming packets were being rejected.
This flaw is disclosed in CVE-2019-6471. [GL #942]"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Alexander Marx [Thu, 20 Jun 2019 05:04:30 +0000 (07:04 +0200)]
BUG12015: Redirecting to Captive portal does not work after IPFire restart
When the Captive portal is enabled, the needed firewall rules are applied. But when restarting IPFire,
the rules are not applied because there is no call to do so.
Added call to captivectrl in the initscrip 'firewall'.
Fixes: #12015
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Arne Fitzenreiter [Fri, 21 Jun 2019 09:58:58 +0000 (11:58 +0200)]
core134: ship core133 late fixes again
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Thu, 20 Jun 2019 07:35:59 +0000 (09:35 +0200)]
Merge remote-tracking branch 'origin/master' into next
Arne Fitzenreiter [Thu, 20 Jun 2019 07:33:17 +0000 (09:33 +0200)]
kernel: remove RPi DMA allignment revert
TODO: test if RPi works without now or if we need to
revert more of the allignment patches.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Wed, 19 Jun 2019 19:01:29 +0000 (21:01 +0200)]
Kernel: update to 4.14.128
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Tue, 18 Jun 2019 21:35:23 +0000 (22:35 +0100)]
core134: Ship updated vim
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Wed, 19 Jun 2019 11:24:06 +0000 (13:24 +0200)]
Remove old vim 7.4 data
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Wed, 19 Jun 2019 11:24:05 +0000 (13:24 +0200)]
vim: Update to 8.1
Please note:
If this gets merged, the update process must deal with the otherwise remaining
files in '/usr/share/vim74' (~16 MB).
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Stéphane Pautrel [Tue, 18 Jun 2019 19:01:23 +0000 (20:01 +0100)]
Update French translation
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Arne Fitzenreiter [Tue, 18 Jun 2019 16:49:46 +0000 (18:49 +0200)]
core134: add kernel to updater
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Tue, 18 Jun 2019 16:42:02 +0000 (18:42 +0200)]
Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next
Arne Fitzenreiter [Tue, 18 Jun 2019 16:41:19 +0000 (18:41 +0200)]
kernel: update to 4.14.127
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Tue, 18 Jun 2019 12:36:02 +0000 (14:36 +0200)]
linux-pae: fix grub.conf creation on pv machines
on some systems it seems that grub2 and it config also exist.
Michael Tremer [Tue, 18 Jun 2019 08:13:21 +0000 (09:13 +0100)]
core134: Ship changed general-functions.pl
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Alexander Marx [Tue, 18 Jun 2019 07:55:35 +0000 (09:55 +0200)]
BUG12070: Its not possible to use the underscore in email addresses
Using IPFire's Mailservice does not allow to enter a senders mail address with the underscore.
The function used to verify that is used from general-functions.pl.
Now the function 'validemail' allows the underscore in the address.
Fixes: #12070
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 17 Jun 2019 16:40:37 +0000 (17:40 +0100)]
core134: Ship updated unbound
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Mon, 17 Jun 2019 19:11:00 +0000 (21:11 +0200)]
unbound: Update to 1.9.2
For details see:
https://nlnetlabs.nl/pipermail/unbound-users/2019-June/011632.html
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Mon, 17 Jun 2019 14:08:00 +0000 (14:08 +0000)]
vpnmain.cgi: Fix writing ESP settings for PFS ciphers
The changes introduced due to #12091 caused IPsec ESP
to be invalid if PFS ciphers were selected. Code has
to read "!$pfs" instead of just "$pfs", as it should trigger
for ciphers _without_ Perfect Forward Secrecy.
Fixes #12099
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Cc: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Arne Fitzenreiter [Sat, 15 Jun 2019 16:09:06 +0000 (18:09 +0200)]
Merge branch 'master' into next
Arne Fitzenreiter [Sat, 15 Jun 2019 15:38:47 +0000 (17:38 +0200)]
vpnmain.cgi: remove wrongh "shift-space"
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Fri, 14 Jun 2019 20:09:47 +0000 (22:09 +0200)]
hyperscan: increase min RAM per buildprocess to 1GB
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Fri, 14 Jun 2019 05:22:52 +0000 (06:22 +0100)]
core133: Ship jansson in update
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Arne Fitzenreiter [Wed, 12 Jun 2019 17:57:21 +0000 (19:57 +0200)]
finish core133
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Wed, 12 Jun 2019 16:25:13 +0000 (17:25 +0100)]
core134: Ship updated OpenSSL
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Mon, 10 Jun 2019 18:55:00 +0000 (18:55 +0000)]
OpenSSL: lower priority for CBC ciphers in default cipherlist
In order to avoid CBC ciphers as often as possible (they contain
some known vulnerabilities), this changes the OpenSSL default
ciphersuite to:
TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD
TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD
ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384
ECDHE-ECDSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=Camellia(256) Mac=SHA384
ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384
ECDHE-RSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=Camellia(256) Mac=SHA384
ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256
ECDHE-ECDSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=Camellia(128) Mac=SHA256
ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256
ECDHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=Camellia(128) Mac=SHA256
DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD
DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256
DHE-RSA-CAMELLIA256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA256
DHE-RSA-AES128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(128) Mac=SHA256
DHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA256
ECDHE-ECDSA-AES256-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1
ECDHE-ECDSA-AES128-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA1
ECDHE-RSA-AES256-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1
ECDHE-RSA-AES128-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1
DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1
DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA1
DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1
DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA1
AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD
AES128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(128) Mac=AEAD
AES256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA256
CAMELLIA256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA256
AES128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA256
CAMELLIA128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=Camellia(128) Mac=SHA256
AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
CAMELLIA256-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA1
AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1
CAMELLIA128-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(128) Mac=SHA1
Since TLS servers usually override the clients' preference with their
own, this will neither break existing setups nor introduce huge
differences in the wild. Unfortunately, CBC ciphers cannot be disabled
at all, as they are still used by popular web sites.
TLS 1.3 ciphers will be added implicitly and can be omitted in the
ciphersting. Chacha20/Poly1305 is preferred over AES-GCM due to missing
AES-NI support for the majority of installations reporting to Fireinfo
(see https://fireinfo.ipfire.org/processors for details, AES-NI support
is 28.22% at the time of writing).
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 12 Jun 2019 16:18:23 +0000 (17:18 +0100)]
Start Core Update 134
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 12 Jun 2019 16:14:28 +0000 (17:14 +0100)]
unbound: Make some zones type-transparent
If we remove other records (like MX) from the response, we won't
be able to send mail to those hosts any more.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 12 Jun 2019 16:11:32 +0000 (17:11 +0100)]
unbound: Add yandex.com to safe search feature
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 13 Jun 2019 10:12:07 +0000 (11:12 +0100)]
unbound: safe search: Resolve hosts at startup
unbound is not able to expand CNAMEs in local-data. Therefore we
have to do it manually at startup.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Mon, 10 Jun 2019 19:02:00 +0000 (19:02 +0000)]
Tor: fix permissions after updating, too
Fixes #12088
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reported-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 11 Jun 2019 06:00:38 +0000 (07:00 +0100)]
core133: Ship updated wpa_supplicant
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Tue, 11 Jun 2019 13:32:15 +0000 (15:32 +0200)]
wpa_supplicant: Update to 2.8
For details see:
https://w1.fi/cgit/hostap/plain/wpa_supplicant/ChangeLog
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 11 Jun 2019 17:07:23 +0000 (17:07 +0000)]
smt: Only disable SMT when the kernel thinks it is vulnerable
On virtual machines, it does not make sense to disable SMT for the
virtual cores. This has to be done by the hypervisor.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Mon, 10 Jun 2019 18:22:00 +0000 (18:22 +0000)]
ship language files in Core Update 133
These were missing in Core Update 132, and some strings
(especially on the "CPU vulnerabilities" page) missed translations.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 10 Jun 2019 08:58:15 +0000 (09:58 +0100)]
Rootfile update
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Stefan Schantl [Sun, 9 Jun 2019 15:55:34 +0000 (17:55 +0200)]
convert-ids-modifysids-file: Fix check if the ids is running.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Sun, 9 Jun 2019 10:10:07 +0000 (12:10 +0200)]
hostapd: Update to 2.8
For details see:
https://w1.fi/cgit/hostap/plain/hostapd/ChangeLog
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 8 Jun 2019 10:34:37 +0000 (11:34 +0100)]
Rootfile update
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 7 Jun 2019 10:14:11 +0000 (11:14 +0100)]
Rootfile update
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 7 Jun 2019 10:13:01 +0000 (11:13 +0100)]
core133: Ship updated knot package
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Thu, 6 Jun 2019 18:30:56 +0000 (20:30 +0200)]
knot: Update to 2.8.2
For details see:
https://www.knot-dns.cz/2019-06-05-version-282.html
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 5 Jun 2019 11:46:37 +0000 (12:46 +0100)]
Update contributors
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Erik Kapfer [Tue, 4 Jun 2019 13:00:24 +0000 (15:00 +0200)]
suricata: Enable EVE logging
The EVE output facility outputs alerts, metadata, file info and protocol specific records through JSON.
for further informations please see --> https://suricata.readthedocs.io/en/suricata-4.1.2/output/eve/index.html .
Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Acked-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Stefan Schantl [Wed, 5 Jun 2019 18:56:35 +0000 (20:56 +0200)]
convert-ids-modifysids-file: Adjust code to use changed write_modify_sids_file function
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 5 Jun 2019 11:42:53 +0000 (12:42 +0100)]
core133: Ship snort configuration converter
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>