]>
git.ipfire.org Git - people/teissler/ipfire-2.x.git/log
Przemek Zdroik [Thu, 23 Aug 2012 12:54:48 +0000 (14:54 +0200)]
apcupsd: including multimon.cgi in the package (in order to allow monitoring more than one ups)
Przemek Zdroik [Thu, 23 Aug 2012 15:00:43 +0000 (17:00 +0200)]
apcupsd: updated to version 3.14.10 (directly from sf.net)
Michael Tremer [Fri, 24 Aug 2012 13:58:38 +0000 (15:58 +0200)]
Add a script to create VLAN interfaces (on console).
Erik Kapfer [Fri, 24 Aug 2012 13:47:01 +0000 (15:47 +0200)]
nmap: Update to 6.01.
Erik Kapfer [Fri, 24 Aug 2012 13:44:11 +0000 (15:44 +0200)]
fping: New package.
Michael Tremer [Fri, 24 Aug 2012 13:37:36 +0000 (15:37 +0200)]
minidlna: Add initscript and all the other fancy install stuff.
Michael Tremer [Fri, 24 Aug 2012 13:29:29 +0000 (15:29 +0200)]
Merge branch 'outgoingfw' into next
Michael Tremer [Sun, 12 Aug 2012 18:45:21 +0000 (20:45 +0200)]
outgoingfw: Remove unused variable in generator script.
Michael Tremer [Fri, 10 Aug 2012 12:28:33 +0000 (14:28 +0200)]
icecc: Update to 0.9.7.
Add patch for ARM support.
Michael Tremer [Wed, 8 Aug 2012 08:48:55 +0000 (10:48 +0200)]
New package: minidlna.
Yet another UPnP/DLNA server.
Michael Tremer [Tue, 7 Aug 2012 18:29:06 +0000 (20:29 +0200)]
New packages: flac+libexif.
Michael Tremer [Tue, 7 Aug 2012 18:21:06 +0000 (20:21 +0200)]
nasm: Update to 2.10.03.
nasm >= 2.0 is required to build flac.
Michael Tremer [Tue, 7 Aug 2012 14:37:29 +0000 (16:37 +0200)]
outgoingfw: mode=1: Change policy ACCEPT -> RETURN.
Because of the early acceptance of packets, that pass the outgoing
firewall, it was possible to circumvent the MAC address filter on
blue.
The RETURN target forces the packets to go on. Other packets,
that do not pass the outgoing firewall will be dropped immediately.
Michael Tremer [Mon, 6 Aug 2012 18:20:40 +0000 (20:20 +0200)]
connections.cgi: Show return paths (NAT endpoints).
Michael Tremer [Sun, 5 Aug 2012 12:15:40 +0000 (14:15 +0200)]
core62: Add recent changes to filelist.
Michael Tremer [Sun, 5 Aug 2012 12:14:20 +0000 (14:14 +0200)]
Merge branch 'master' into next
Michael Tremer [Sun, 5 Aug 2012 12:13:09 +0000 (14:13 +0200)]
connections.cgi: Fix colour for orange firewall IP address.
Michael Tremer [Thu, 2 Aug 2012 16:24:32 +0000 (18:24 +0200)]
glibc: Ship the icon data.
This is required that the iconv function (part of glibc) works
properly.
Those files also need to be shipped with the next core update.
Michael Tremer [Sun, 22 Jul 2012 15:36:13 +0000 (17:36 +0200)]
connections.cgi: Highlight multicast (former class D) connections.
Michael Tremer [Sun, 22 Jul 2012 15:35:41 +0000 (17:35 +0200)]
connections.cgi: Fix parsing of IPsec config file.
Michael Tremer [Sun, 22 Jul 2012 15:34:00 +0000 (17:34 +0200)]
credits.cgi: Update PP information.
Arne Fitzenreiter [Sun, 22 Jul 2012 08:28:42 +0000 (10:28 +0200)]
start core62.
Arne Fitzenreiter [Sun, 22 Jul 2012 08:25:10 +0000 (10:25 +0200)]
close core61.
Michael Tremer [Sat, 21 Jul 2012 10:44:41 +0000 (12:44 +0200)]
Add credits.cgi to updater.
Michael Tremer [Sat, 21 Jul 2012 10:34:51 +0000 (12:34 +0200)]
Re-add donation button from credits.cgi.
This reverts commit
39d36c000a493a12c3ed85d3abf094001e463388 .
Michael Tremer [Thu, 19 Jul 2012 20:12:05 +0000 (22:12 +0200)]
services.cgi: Fix wrong memory usage display.
Michael Tremer [Thu, 19 Jul 2012 12:06:47 +0000 (14:06 +0200)]
calamaris: Make decompressing large logs more memory-friendly.
Thanks to Roger Devaux for reporting and testing.
Calamaris is now able to process big log files consuming about
10M or RAM (was several gigabytes before).
Michael Tremer [Thu, 19 Jul 2012 11:14:52 +0000 (13:14 +0200)]
connections.cgi: Show name for "unknown" protocols.
Michael Tremer [Thu, 19 Jul 2012 10:42:35 +0000 (12:42 +0200)]
connections.cgi: Correctly colour OpenVPN n2n connections.
Michael Tremer [Thu, 19 Jul 2012 10:28:12 +0000 (12:28 +0200)]
index.cgi: Print OpenVPN N2N status in the same way as IPsec connections.
Michael Tremer [Thu, 19 Jul 2012 10:08:37 +0000 (12:08 +0200)]
ovpnmain.cgi: Sort out issues with FRAGMENT and MSSFIX.
Both had no proper default values which has been fixed.
Michael Tremer [Thu, 19 Jul 2012 09:17:09 +0000 (11:17 +0200)]
Add connections.cgi to core update 61.
Michael Tremer [Wed, 18 Jul 2012 11:04:49 +0000 (13:04 +0200)]
proxy.cgi: Add option to add own configuration settings.
Bernhard Bitsch [Wed, 18 Jul 2012 10:56:41 +0000 (12:56 +0200)]
proxy.cgi: Check upstream proxy address and better neighbour detection.
Michael Tremer [Wed, 18 Jul 2012 10:21:23 +0000 (12:21 +0200)]
Update connections.cgi: Show byte counters.
The connections.cgi file has been rewritten to read
the needed information directly from the kernel.
Byte counters have been added which show how much data
has been transmitted over one connection in each
direction.
Arne Fitzenreiter [Tue, 10 Jul 2012 11:26:45 +0000 (13:26 +0200)]
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next
Arne Fitzenreiter [Tue, 10 Jul 2012 11:25:58 +0000 (13:25 +0200)]
core61: add updated files to updater.
Arne Fitzenreiter [Sat, 7 Jul 2012 17:37:56 +0000 (19:37 +0200)]
pakfire: add function to extract backup includes.
this is needed to fix some addons with missing includes at the next
update. (eg. nagios).
Arne Fitzenreiter [Sat, 7 Jul 2012 17:12:56 +0000 (19:12 +0200)]
index.cgi: Add warning if deprecated reiser4 found.
Arne Fitzenreiter [Fri, 6 Jul 2012 20:51:49 +0000 (22:51 +0200)]
usb-modeswitch-data: update database to
20120531 .
Arne Fitzenreiter [Fri, 6 Jul 2012 15:05:51 +0000 (17:05 +0200)]
GeoIP: update database to
04072012 .
Arne Fitzenreiter [Tue, 3 Jul 2012 13:00:45 +0000 (15:00 +0200)]
proxy.cgi: add more speed steps and some filetypes.
Arne Fitzenreiter [Tue, 3 Jul 2012 11:41:13 +0000 (13:41 +0200)]
squid: update to 3.1.20.
Arne Fitzenreiter [Tue, 3 Jul 2012 07:53:39 +0000 (09:53 +0200)]
core61: add php to update.
Arne Fitzenreiter [Tue, 3 Jul 2012 07:48:49 +0000 (09:48 +0200)]
php: security update to 5.3.14.
The release fixes multiple security issues: A weakness in the DES implementation of crypt and a heap overflow issue in the phar extension
PHP 5.4.4 and PHP 5.3.14 fixes over 30 bugs. Please note that the use of php://fd streams is now restricted to the CLI SAPI.
Arne Fitzenreiter [Mon, 2 Jul 2012 13:16:23 +0000 (15:16 +0200)]
samba: update to 3.5.16.
Michael Tremer [Wed, 20 Jun 2012 18:53:10 +0000 (20:53 +0200)]
openvpn: Properly handle fragment size.
Allow settings FRAGMENT=0.
Erik Kapfer [Wed, 20 Jun 2012 17:58:38 +0000 (19:58 +0200)]
openvpn: Introduce CCD.
Erik Kapfer [Wed, 20 Jun 2012 17:54:45 +0000 (19:54 +0200)]
openvpn: Honour DAYS_VALID for CA certificates.
Erik Kapfer [Wed, 20 Jun 2012 17:54:09 +0000 (19:54 +0200)]
openvpn: Sort connections by name.
Michael Tremer [Wed, 20 Jun 2012 13:40:28 +0000 (15:40 +0200)]
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next
Michael Tremer [Wed, 20 Jun 2012 09:57:44 +0000 (11:57 +0200)]
Add logwatch changes to next core update.
Michael Tremer [Wed, 20 Jun 2012 09:54:00 +0000 (11:54 +0200)]
Merge remote-tracking branch 'jlentfer/logwatch' into next
Jan Lentfer [Wed, 20 Jun 2012 08:42:35 +0000 (10:42 +0200)]
logwatch: Enable Date::Manip 6.x support (using interface v5)
Arne Fitzenreiter [Tue, 19 Jun 2012 19:24:51 +0000 (21:24 +0200)]
clamav: update to 0.97.5.
Arne Fitzenreiter [Mon, 18 Jun 2012 17:59:15 +0000 (19:59 +0200)]
redirect_wrapper: fix logfile path in log output.
fixes #10126.
Arne Fitzenreiter [Mon, 18 Jun 2012 17:42:20 +0000 (19:42 +0200)]
lang.de: Fix pakfire updated string.
fixes #10112.
Michael Tremer [Sun, 17 Jun 2012 18:27:19 +0000 (20:27 +0200)]
Merge remote-tracking branch 'jlentfer/foomatic' into next
Jan Lentfer [Sun, 17 Jun 2012 18:23:35 +0000 (20:23 +0200)]
foomatic: Clean out /usr/share/foomatic prior to build to prevent hangs
Jan Lentfer [Sat, 16 Jun 2012 10:31:18 +0000 (12:31 +0200)]
asterisk: Update to 1.8.13.0.
The 1.4 branch of asterisk does not build with the new flex and bison.
Also, the 1.4 branch was EOL'ed April 2012. The 1.8 branch has long
term support until 2015.
This patch also update chan_capi to the most recent version (HEAD),
as this is the only one that compiles with asterisk 1.8.
Asterisk 1.8 ships addons as part of the main tarball.
Asterisk 1.8 has no build in mp3 support anymore, mp3 libs need to be
downloaded seperatly via svn
(see asterisk-1.8.13.0/contrib/scripts/get_mp3_source.sh).
This patch DOES NOT include mp3 support.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jan Lentfer [Sat, 16 Jun 2012 10:27:04 +0000 (12:27 +0200)]
lcr: Update to 1.10.
This is a prerequisite for updating asterisk.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jan Lentfer [Sat, 16 Jun 2012 10:24:32 +0000 (12:24 +0200)]
pam: Update 0.99.10.0.
The prior verion in base system did not build with
the new version of bison and flex.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jan Lentfer [Sat, 16 Jun 2012 10:22:31 +0000 (12:22 +0200)]
flex: Update to 2.5.35.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jan Lentfer [Sat, 16 Jun 2012 10:21:12 +0000 (12:21 +0200)]
m4: Update to 1.4.16.
This is a prerequisite for updating bison and flex
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jan Lentfer [Sat, 16 Jun 2012 10:17:57 +0000 (12:17 +0200)]
bison: Update to 2.5.1.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 13 Jun 2012 13:43:27 +0000 (15:43 +0200)]
squid: Enable ICAP client.
Arne Fitzenreiter [Sat, 2 Jun 2012 08:21:44 +0000 (10:21 +0200)]
core61: add collectd initskript to updater.
Arne Fitzenreiter [Sat, 2 Jun 2012 08:17:34 +0000 (10:17 +0200)]
collectd: fix collectd on machines without rtc.
collectd hangs with 100% cpu usage if there is a very old entry
in the database. This was created at the first start without internet so
ntp cannot set the time.
Arne Fitzenreiter [Fri, 1 Jun 2012 15:30:54 +0000 (17:30 +0200)]
Merge remote-tracking branch 'origin/core60' into next
Conflicts:
config/rootfiles/core/59/update.sh
lfs/strongswan
make.sh
Arne Fitzenreiter [Fri, 1 Jun 2012 15:25:10 +0000 (17:25 +0200)]
Move core60 content to core61.
Arne Fitzenreiter [Fri, 1 Jun 2012 10:54:24 +0000 (12:54 +0200)]
core60: add strongswan security update.
Arne Fitzenreiter [Fri, 1 Jun 2012 10:47:07 +0000 (12:47 +0200)]
strongswan: security update to 4.6.4 (fix CVE-2012-2388).
RSA signature verification vulnerability
see http://http://www.strongswan.org/blog/2012/05/31/strongswan-4.6.4-released-%28cve-2012-2388%29.html for details.
Erik Kapfer [Sun, 27 May 2012 19:36:44 +0000 (21:36 +0200)]
mtr+tcpick: Two new binary addons.
Michael Tremer [Sun, 27 May 2012 16:19:35 +0000 (18:19 +0200)]
openvpn: Import translation patch from #10137.
See comment 5 for more detail.
Nico Prenzel [Thu, 24 May 2012 16:18:22 +0000 (18:18 +0200)]
openvpn: Fix deletion of static routes.
Michael Tremer [Thu, 24 May 2012 08:48:44 +0000 (10:48 +0200)]
Start core update 60.
Erik Kapfer [Thu, 24 May 2012 08:47:37 +0000 (10:47 +0200)]
openvpn: Change colour of N2N connections.
From https://bugzilla.ipfire.org/show_bug.cgi?id=10137:
The first patch i have made is to give the index.cgi the origin colour (the
same then for the roadwarrior) for OpenVPN N2N connections on IPFire. At this
time the colour is stated in IPSec colour, so i made a patch to change this.
Michael Tremer [Sat, 19 May 2012 09:22:18 +0000 (11:22 +0200)]
fireinfo: Update to 2.1.5.
Fixes issues on the Raspberry Pi Computer.
Arne Fitzenreiter [Sat, 12 May 2012 17:40:41 +0000 (19:40 +0200)]
core59: start/stop ipsec and ssh at update.
Arne Fitzenreiter [Sat, 12 May 2012 17:22:26 +0000 (19:22 +0200)]
finished core59.
Arne Fitzenreiter [Sat, 12 May 2012 17:15:38 +0000 (19:15 +0200)]
GeoIP: update database to
01052012 .
Arne Fitzenreiter [Sat, 12 May 2012 15:13:45 +0000 (17:13 +0200)]
dhcpcd: ignore MTU Smaller than 577.
Normally 576 is the smallest valid mtu but some cable provider set this
also if they support much higher mtu's. Fedora does not accept
this to prevent speed problems with such isp connections so we do the same.
If you really need mtu=576 you can still force at at the setup.
Arne Fitzenreiter [Sat, 12 May 2012 13:33:42 +0000 (15:33 +0200)]
php: security update to 5.3.13 (CVE-2012-2311).
Arne Fitzenreiter [Sat, 12 May 2012 13:32:47 +0000 (15:32 +0200)]
openssh: update to 6.0p1.
Arne Fitzenreiter [Sat, 12 May 2012 13:30:38 +0000 (15:30 +0200)]
openssl: security update to 0.9.8x (CVE-2012-2333).
Invalid TLS/DTLS record attack (CVE-2012-2333)
===============================================
A flaw in the OpenSSL handling of CBC mode ciphersuites in TLS 1.1, 1.2 and
DTLS can be exploited in a denial of service attack on both clients and
servers.
DTLS applications are affected in all versions of OpenSSL. TLS is only
affected in OpenSSL 1.0.1 and later.
Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic fuzzing
as a service testing platform.
The fix was developed by Stephen Henson of the OpenSSL core team.
Affected users should upgrade to OpenSSL 1.0.1c, 1.0.0j or 0.9.8x
References
==========
URL for this Security Advisory:
http://www.openssl.org/news/secadv_20120510.txt
Arne Fitzenreiter [Sun, 6 May 2012 10:51:14 +0000 (12:51 +0200)]
traceroute: update to 2.0.18 and fix name resolution.
fixes #10097
Arne Fitzenreiter [Sat, 5 May 2012 21:25:07 +0000 (23:25 +0200)]
strongswan: update to 4.6.3.
Arne Fitzenreiter [Sat, 5 May 2012 21:23:53 +0000 (23:23 +0200)]
python: update to 2.7.3.
Arne Fitzenreiter [Sat, 5 May 2012 21:21:18 +0000 (23:21 +0200)]
fix core58 merge problem.
Conflicts:
config/rootfiles/core/58/filelists/files
Arne Fitzenreiter [Sat, 5 May 2012 21:19:36 +0000 (23:19 +0200)]
core59: add openssl to core update.
Arne Fitzenreiter [Wed, 2 May 2012 17:42:02 +0000 (19:42 +0200)]
openssl: security update to 0.9.8w. (CVE-2012-2131).
SN1 BIO incomplete fix (CVE-2012-2131)
=======================================
It was discovered that the fix for CVE-2012-2110 released on 19 Apr
2012 was not sufficient to correct the issue for OpenSSL 0.9.8.
Please see http://www.openssl.org/news/secadv_20120419.txt for details
of that vulnerability.
This issue only affects OpenSSL 0.9.8v. OpenSSL 1.0.1a and 1.0.0i
already contain a patch sufficient to correct CVE-2012-2110.
Thanks to Red Hat for discovering and fixing this issue.
Affected users should upgrade to 0.9.8w.
References
==========
URL for this Security Advisory:
http://www.openssl.org/news/secadv_20120424.txt
Arne Fitzenreiter [Mon, 9 Apr 2012 10:19:06 +0000 (12:19 +0200)]
started core59.
Arne Fitzenreiter [Sat, 12 May 2012 17:22:26 +0000 (19:22 +0200)]
finished core59.
Arne Fitzenreiter [Sat, 12 May 2012 17:15:38 +0000 (19:15 +0200)]
GeoIP: update database to
01052012 .
Arne Fitzenreiter [Sat, 12 May 2012 15:13:45 +0000 (17:13 +0200)]
dhcpcd: ignore MTU Smaller than 577.
Normally 576 is the smallest valid mtu but some cable provider set this
also if they support much higher mtu's. Fedora does not accept
this to prevent speed problems with such isp connections so we do the same.
If you really need mtu=576 you can still force at at the setup.
Arne Fitzenreiter [Sat, 12 May 2012 13:33:42 +0000 (15:33 +0200)]
php: security update to 5.3.13 (CVE-2012-2311).
Arne Fitzenreiter [Sat, 12 May 2012 13:32:47 +0000 (15:32 +0200)]
openssh: update to 6.0p1.
Arne Fitzenreiter [Sat, 12 May 2012 13:30:38 +0000 (15:30 +0200)]
openssl: security update to 0.9.8x (CVE-2012-2333).
Invalid TLS/DTLS record attack (CVE-2012-2333)
===============================================
A flaw in the OpenSSL handling of CBC mode ciphersuites in TLS 1.1, 1.2 and
DTLS can be exploited in a denial of service attack on both clients and
servers.
DTLS applications are affected in all versions of OpenSSL. TLS is only
affected in OpenSSL 1.0.1 and later.
Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic fuzzing
as a service testing platform.
The fix was developed by Stephen Henson of the OpenSSL core team.
Affected users should upgrade to OpenSSL 1.0.1c, 1.0.0j or 0.9.8x
References
==========
URL for this Security Advisory:
http://www.openssl.org/news/secadv_20120510.txt
Arne Fitzenreiter [Sun, 6 May 2012 10:54:13 +0000 (12:54 +0200)]
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next
Arne Fitzenreiter [Sun, 6 May 2012 10:51:14 +0000 (12:51 +0200)]
traceroute: update to 2.0.18 and fix name resolution.
fixes #10097