ipfire-2.x.git
5 years agoMerge remote-tracking branch 'stevee/next-cgi-geoip' into next
Stefan Schantl [Mon, 4 May 2015 18:16:24 +0000 (20:16 +0200)] 
Merge remote-tracking branch 'stevee/next-cgi-geoip' into next

5 years agoMerge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next
Stefan Schantl [Mon, 4 May 2015 18:15:24 +0000 (20:15 +0200)] 
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next

5 years agogeoip-functions: Adjust for new flag-icons and usage of "unknown" icon.
Stefan Schantl [Mon, 4 May 2015 18:13:52 +0000 (20:13 +0200)] 
geoip-functions: Adjust for new flag-icons and usage of "unknown" icon.

5 years agoCore90: Drop old and add new flag-icons.
Stefan Schantl [Mon, 4 May 2015 18:10:46 +0000 (20:10 +0200)] 
Core90: Drop old and add new flag-icons.

5 years agocore90: Ship updated fireinfo
Michael Tremer [Mon, 4 May 2015 14:18:24 +0000 (16:18 +0200)] 
core90: Ship updated fireinfo

5 years agofireinfo: Fix SEGV on QEMU without KVM
Michael Tremer [Mon, 4 May 2015 14:02:39 +0000 (16:02 +0200)] 
fireinfo: Fix SEGV on QEMU without KVM

5 years agosquid: rootfile update.
Arne Fitzenreiter [Mon, 4 May 2015 05:40:30 +0000 (07:40 +0200)] 
squid: rootfile update.

5 years agoDrop old flag icons.
Stefan Schantl [Sun, 3 May 2015 19:53:03 +0000 (21:53 +0200)] 
Drop old flag icons.

5 years agoUpdate flag icon-set.
Stefan Schantl [Sun, 3 May 2015 19:51:04 +0000 (21:51 +0200)] 
Update flag icon-set.

Move the flag icon-set into an own lfs file and replace the current
used one by a more recent version.

5 years agoMerge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next
Arne Fitzenreiter [Sun, 3 May 2015 11:03:25 +0000 (13:03 +0200)] 
Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next

5 years agotoolchain: set version to 9.
Arne Fitzenreiter [Sun, 3 May 2015 11:02:30 +0000 (13:02 +0200)] 
toolchain: set version to 9.

5 years agosquid-accounting: fix monthly dbmove funktion to put values in history table
Alexander Marx [Sun, 3 May 2015 03:24:39 +0000 (05:24 +0200)] 
squid-accounting: fix monthly dbmove funktion to put values in history table

5 years agocore90: Add updated netovpnsrv.cgi to update
Michael Tremer [Sun, 3 May 2015 10:53:28 +0000 (12:53 +0200)] 
core90: Add updated netovpnsrv.cgi to update

5 years agoMerge remote-tracking branch 'amarx/core90' into next
Michael Tremer [Sun, 3 May 2015 10:52:50 +0000 (12:52 +0200)] 
Merge remote-tracking branch 'amarx/core90' into next

5 years agoCore90: make N2N Graphs higher to them correctly
Alexander Marx [Sun, 3 May 2015 03:12:13 +0000 (05:12 +0200)] 
Core90: make N2N Graphs higher to them correctly

Graphs in core 89 where not heigh enough so that they where zoomed which
looked bad

5 years agocore90: Also regenerate IPsec configuration during the update
Michael Tremer [Sat, 2 May 2015 12:29:46 +0000 (14:29 +0200)] 
core90: Also regenerate IPsec configuration during the update

5 years agoMultiple CGI's: Use &GeoIP::get_flag_icon for getting country flags.
Stefan Schantl [Sat, 2 May 2015 11:45:50 +0000 (13:45 +0200)] 
Multiple CGI's: Use &GeoIP::get_flag_icon for getting country flags.

5 years agosquid: Disable SSL support
Michael Tremer [Sat, 2 May 2015 10:56:09 +0000 (12:56 +0200)] 
squid: Disable SSL support

The SSL support parts of squid are a great security
risk. The majority of all security issues has been
in this area. As we are not using any of that in
production we can as well disable SSL support.

This won't affect squid's possibility to forward
SSL connections with the CONNECT method.

5 years agosquid: Update to 3.4.13
Michael Tremer [Sat, 2 May 2015 09:20:37 +0000 (11:20 +0200)] 
squid: Update to 3.4.13

5 years agovpnmain.cgi: Fix ECP regex again for Brainpool curves
Michael Tremer [Fri, 1 May 2015 14:57:13 +0000 (16:57 +0200)] 
vpnmain.cgi: Fix ECP regex again for Brainpool curves

The regular expression did not take into account that
there could be characters like "bp" in case of the Brainpool
curves (ecp512bp).

5 years agoclamav: update to 0.98.7
Arne Fitzenreiter [Thu, 30 Apr 2015 04:50:15 +0000 (06:50 +0200)] 
clamav: update to 0.98.7

5 years agoxz: update to 5.2.1
Arne Fitzenreiter [Wed, 29 Apr 2015 17:47:44 +0000 (19:47 +0200)] 
xz: update to 5.2.1

5 years agokernel: update to 3.14.40
Arne Fitzenreiter [Wed, 29 Apr 2015 17:42:06 +0000 (19:42 +0200)] 
kernel: update to 3.14.40

5 years agoMerge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next
Michael Tremer [Wed, 29 Apr 2015 09:26:35 +0000 (11:26 +0200)] 
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next

5 years agoMerge remote-tracking branch 'stevee/core-90-ddnsctrl' into next
Michael Tremer [Wed, 29 Apr 2015 09:26:20 +0000 (11:26 +0200)] 
Merge remote-tracking branch 'stevee/core-90-ddnsctrl' into next

5 years agodnsmasq: Import more upstream fixes
Michael Tremer [Wed, 29 Apr 2015 09:24:23 +0000 (11:24 +0200)] 
dnsmasq: Import more upstream fixes

Fixes: #10786

Fixes DNSSEC validation when falling back to TCP.

5 years agoCore90: Regenerate ddns config file.
Stefan Schantl [Tue, 28 Apr 2015 19:16:54 +0000 (21:16 +0200)] 
Core90: Regenerate ddns config file.

5 years agoddns: Add more upstream patches.
Stefan Schantl [Tue, 28 Apr 2015 19:06:19 +0000 (21:06 +0200)] 
ddns: Add more upstream patches.

5 years agoopenssl: disable ssse3 on amd cpu's
Arne Fitzenreiter [Tue, 28 Apr 2015 18:51:03 +0000 (20:51 +0200)] 
openssl: disable ssse3 on amd cpu's

amd with ssse3 (bulldozer and fusion) has serious performance problems
with the vpaes code. (-evp is 40% slower)

5 years agovpnmain.cgi: Fix prefix for elliptic curve algorithms
Michael Tremer [Tue, 28 Apr 2015 11:22:00 +0000 (13:22 +0200)] 
vpnmain.cgi: Fix prefix for elliptic curve algorithms

5 years agovpnmain.cgi: dpd_delay/dpd_timeout wrong entry in ipsec.conf
Jochen Kauz [Tue, 28 Apr 2015 09:30:05 +0000 (11:30 +0200)] 
vpnmain.cgi: dpd_delay/dpd_timeout wrong entry in ipsec.conf

Fixes #10636

5 years agoopenssl: Don't ship an SSE-optimised version of libssl
Michael Tremer [Tue, 28 Apr 2015 09:15:38 +0000 (11:15 +0200)] 
openssl: Don't ship an SSE-optimised version of libssl

This one does not benefit at all from any optimisations
of this kind. Only libcrypto.so.10 which holds the implementation
of ciphers and hashes gains better performance by using SSE2.

5 years agoMerge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next
Michael Tremer [Tue, 28 Apr 2015 09:14:45 +0000 (11:14 +0200)] 
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next

5 years agotzdata: Update to version 2015d
Michael Tremer [Tue, 28 Apr 2015 09:13:03 +0000 (11:13 +0200)] 
tzdata: Update to version 2015d

5 years agoopenssl: auto enable padlock engine.
Arne Fitzenreiter [Mon, 27 Apr 2015 20:15:20 +0000 (22:15 +0200)] 
openssl: auto enable padlock engine.

5 years agoglibc: Fix CVE-2013-7423 and CVE-2015-1781
Michael Tremer [Mon, 27 Apr 2015 19:17:17 +0000 (21:17 +0200)] 
glibc: Fix CVE-2013-7423 and CVE-2015-1781

CVE-2013-7423: Fix invalid file descriptor reuse while sending DNS query
CVE-2015-1781: Fix buffer overflow in gethostbyname_r with misaligned buffer

5 years agoopenssl: change sse2 optimization to i686.
Arne Fitzenreiter [Mon, 27 Apr 2015 19:19:46 +0000 (21:19 +0200)] 
openssl: change sse2 optimization to i686.

5 years agostrongswan: Increase stroke buffer size to 8k
Michael Tremer [Mon, 27 Apr 2015 18:58:45 +0000 (20:58 +0200)] 
strongswan: Increase stroke buffer size to 8k

5 years agodnsmasq: Import latest fixes from upstream
Michael Tremer [Mon, 27 Apr 2015 16:10:34 +0000 (18:10 +0200)] 
dnsmasq: Import latest fixes from upstream

5 years agoAdd patched ddns to core 90.
Stefan Schantl [Sun, 26 Apr 2015 15:17:36 +0000 (17:17 +0200)] 
Add patched ddns to core 90.

5 years agoDrop obsolete ddns patches.
Stefan Schantl [Sun, 26 Apr 2015 15:14:36 +0000 (17:14 +0200)] 
Drop obsolete ddns patches.

5 years agoddns: Add upstream patch for fixing bug 10815.
Stefan Schantl [Sun, 26 Apr 2015 15:12:55 +0000 (17:12 +0200)] 
ddns: Add upstream patch for fixing bug 10815.

5 years agoAdd ddns related files to core 90.
Stefan Schantl [Sun, 26 Apr 2015 14:56:24 +0000 (16:56 +0200)] 
Add ddns related files to core 90.

5 years agoddns.cgi: Use ddnsctrl for instant update.
Stefan Schantl [Sun, 26 Apr 2015 14:52:52 +0000 (16:52 +0200)] 
ddns.cgi: Use ddnsctrl for instant update.

5 years agoddnsctrl: New binary.
Stefan Schantl [Sun, 26 Apr 2015 14:48:45 +0000 (16:48 +0200)] 
ddnsctrl: New binary.

This helper binary is used to grand the ddns update client super user rights,
when launched out of the webinterface.

5 years agoAdd rootfile check for hardcoded machine type.
Arne Fitzenreiter [Sat, 25 Apr 2015 11:23:34 +0000 (13:23 +0200)] 
Add rootfile check for hardcoded machine type.

5 years agolibsrtp: update rootfile.
Arne Fitzenreiter [Sat, 25 Apr 2015 07:49:37 +0000 (09:49 +0200)] 
libsrtp: update rootfile.

5 years agocore90: remove missing file from openssl-0.9.8-files.
Arne Fitzenreiter [Fri, 24 Apr 2015 18:06:13 +0000 (20:06 +0200)] 
core90: remove missing file from openssl-0.9.8-files.

5 years agoopenssl: fix ssl2 rootfile handling.
Arne Fitzenreiter [Fri, 24 Apr 2015 18:03:45 +0000 (20:03 +0200)] 
openssl: fix ssl2 rootfile handling.

KCFG will added to the lfs filename at determine the filename in config/rootfiles folder.

5 years agoasterisk addon: upate to 11.17.1
Dirk Wagner [Wed, 15 Apr 2015 12:17:34 +0000 (14:17 +0200)] 
asterisk addon: upate to 11.17.1

5 years agolibsrtp: upgrade to 1.5.2
Dirk Wagner [Wed, 15 Apr 2015 12:16:36 +0000 (14:16 +0200)] 
libsrtp: upgrade to 1.5.2

5 years agoopenssl: fix typo on arm config.
Arne Fitzenreiter [Thu, 23 Apr 2015 21:31:58 +0000 (23:31 +0200)] 
openssl: fix typo on arm config.

5 years agocore90: ship backupiso withupdate.
Arne Fitzenreiter [Thu, 23 Apr 2015 19:18:42 +0000 (21:18 +0200)] 
core90: ship backupiso withupdate.

this file was missing in core87.

5 years agoDrop openssl-compat package
Michael Tremer [Thu, 23 Apr 2015 12:28:41 +0000 (14:28 +0200)] 
Drop openssl-compat package

5 years agoopenssl: Enable all assembly optimisations build SSE2 optimised version
Michael Tremer [Thu, 23 Apr 2015 11:33:35 +0000 (13:33 +0200)] 
openssl: Enable all assembly optimisations build SSE2 optimised version

Fixes #10814

5 years agoBUG10812: fix missing slash in path
Alexander Marx [Thu, 23 Apr 2015 07:20:00 +0000 (09:20 +0200)] 
BUG10812: fix missing slash in path

5 years agorootfiles: fix build on arm.
Arne Fitzenreiter [Wed, 22 Apr 2015 20:15:27 +0000 (22:15 +0200)] 
rootfiles: fix build on arm.

i586 -> MACHINE

5 years agoCore 90: Ship modified country.cgi.
Stefan Schantl [Wed, 22 Apr 2015 16:35:00 +0000 (18:35 +0200)] 
Core 90: Ship modified country.cgi.

5 years agotor: Increase PAK_VER for shipping modified CGI file.
Stefan Schantl [Wed, 22 Apr 2015 16:28:58 +0000 (18:28 +0200)] 
tor: Increase PAK_VER for shipping modified CGI file.

5 years agoMerge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next
Stefan Schantl [Wed, 22 Apr 2015 16:25:25 +0000 (18:25 +0200)] 
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next

5 years agoRename Locale::Country to Locale::Codes::Country in various scripts.
Stefan Schantl [Wed, 22 Apr 2015 16:18:38 +0000 (18:18 +0200)] 
Rename Locale::Country to Locale::Codes::Country in various scripts.

The new Locale-Country version needs to be loaded and used by specifing
Locale::Codes::Country since an upstream API change. Adjusting various perl
scripts to use the module in the proper way again.

5 years agoMerge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next
Michael Tremer [Wed, 22 Apr 2015 14:08:42 +0000 (16:08 +0200)] 
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next

5 years agoBUG10812: change ovpnserver config if needed
Alexander Marx [Wed, 22 Apr 2015 13:02:02 +0000 (15:02 +0200)] 
BUG10812: change ovpnserver config if needed

5 years agovpnmain.cgi: Order ciphers by strength
Michael Tremer [Wed, 22 Apr 2015 12:45:10 +0000 (14:45 +0200)] 
vpnmain.cgi: Order ciphers by strength

strongSwan uses them in the defined order. Hence it makes
much more sense to present them to the user as well in that
order.

5 years agovpnmain.cgi: Use integrity functions as PRF for AEAD
Michael Tremer [Wed, 22 Apr 2015 12:44:16 +0000 (14:44 +0200)] 
vpnmain.cgi: Use integrity functions as PRF for AEAD

5 years agovpnmain.cgi: Rewrite algorithm generation code
Michael Tremer [Wed, 22 Apr 2015 12:08:41 +0000 (14:08 +0200)] 
vpnmain.cgi: Rewrite algorithm generation code

5 years agosquid-accounting: fix mistakenly deleted lines from last commit
Alexander Marx [Wed, 22 Apr 2015 11:32:04 +0000 (13:32 +0200)] 
squid-accounting: fix mistakenly deleted lines from last commit

5 years agoMerge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next
Michael Tremer [Wed, 22 Apr 2015 11:07:30 +0000 (13:07 +0200)] 
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next

5 years agoindex.cgi: Hide blue and green if not enabled
Michael Tremer [Wed, 22 Apr 2015 11:06:52 +0000 (13:06 +0200)] 
index.cgi: Hide blue and green if not enabled

Those were shown when a blue or orange interface
was assigned which is not the same as enabled.

5 years agoSquid-accounting: new Version 1.0.3 (graph updates, movedb update)
Alexander Marx [Tue, 21 Apr 2015 09:25:29 +0000 (11:25 +0200)] 
Squid-accounting: new Version 1.0.3 (graph updates, movedb update)

New Version. Now the data is correctly moved to hist table when month
has changed.
Also the graphs for old month starts by zero. In old version graphdata
was started by total amount of bytes.

5 years agoipsec: Always enable support for IKE fragmentation
Michael Tremer [Tue, 21 Apr 2015 17:36:40 +0000 (19:36 +0200)] 
ipsec: Always enable support for IKE fragmentation

5 years agoMerge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next
Stefan Schantl [Tue, 21 Apr 2015 17:20:26 +0000 (19:20 +0200)] 
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next

5 years agoRevert "Revert "perl-Locale-Country: Update country codes to version 3.33.""
Stefan Schantl [Tue, 21 Apr 2015 17:16:26 +0000 (19:16 +0200)] 
Revert "Revert "perl-Locale-Country: Update country codes to version 3.33.""

This reverts commit cbc5a4374fd19c8657792f14813da52b801fd681.

5 years agoRevert "Revert roofile update for Locale-Country."
Stefan Schantl [Tue, 21 Apr 2015 17:16:03 +0000 (19:16 +0200)] 
Revert "Revert roofile update for Locale-Country."

This reverts commit 91d6b6ef07fc9915dcb2ca8ed0147118615b690d.

5 years agokernel: update to 3.14.39
Arne Fitzenreiter [Tue, 21 Apr 2015 12:02:47 +0000 (14:02 +0200)] 
kernel: update to 3.14.39

5 years agorules.pl: fix geoip initialisation.
Arne Fitzenreiter [Mon, 20 Apr 2015 21:14:11 +0000 (23:14 +0200)] 
rules.pl: fix geoip initialisation.

5 years agoremove ipp2p patches.
Arne Fitzenreiter [Mon, 20 Apr 2015 20:57:24 +0000 (22:57 +0200)] 
remove ipp2p patches.

ipp2p is build by xtables addons now.

5 years agofunctions.network: update dhcp client commandline.
Arne Fitzenreiter [Mon, 20 Apr 2015 20:48:46 +0000 (22:48 +0200)] 
functions.network: update dhcp client commandline.

this fix trailing space before hostname.

5 years agoMerge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next
Stefan Schantl [Mon, 20 Apr 2015 17:03:52 +0000 (19:03 +0200)] 
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next

5 years agoovpnmain.cgi: Update the certificate revocation list when a connection has been deleted.
Stefan Schantl [Sun, 19 Apr 2015 10:51:44 +0000 (12:51 +0200)] 
ovpnmain.cgi: Update the certificate revocation list when a connection has been deleted.

Reference #10554.

5 years agoopenssl: Fix build by updating the patches
Michael Tremer [Sun, 19 Apr 2015 09:58:50 +0000 (11:58 +0200)] 
openssl: Fix build by updating the patches

5 years agoopenssl: Update to 1.0.2a
Matthias Fischer [Sat, 18 Apr 2015 22:49:26 +0000 (00:49 +0200)] 
openssl: Update to 1.0.2a

5 years agoCore 90: Add changed css files.
Stefan Schantl [Sat, 18 Apr 2015 23:23:18 +0000 (01:23 +0200)] 
Core 90: Add changed css files.

5 years agofirewall.cgi: Dynamically show/hide DNAT and SNAT configure elements.
Stefan Schantl [Sat, 18 Apr 2015 23:04:14 +0000 (01:04 +0200)] 
firewall.cgi: Dynamically show/hide DNAT and SNAT configure elements.

Fixes #10732.

5 years agoCore 90: Add changed ovpnmain.cgi.
Stefan Schantl [Sat, 18 Apr 2015 23:15:02 +0000 (01:15 +0200)] 
Core 90: Add changed ovpnmain.cgi.

5 years agocore90: Add changed vpnmain.cgi
Michael Tremer [Sat, 18 Apr 2015 21:36:20 +0000 (23:36 +0200)] 
core90: Add changed vpnmain.cgi

5 years agoAdded clientAuth to EKU of client certificate. Fixed the comment.
Wolfgang Apolinarski [Sat, 18 Apr 2015 13:15:45 +0000 (15:15 +0200)] 
Added clientAuth to EKU of client certificate. Fixed the comment.

5 years agoxtables-addon: Build all matches and targets
Michael Tremer [Sat, 18 Apr 2015 14:42:22 +0000 (16:42 +0200)] 
xtables-addon: Build all matches and targets

5 years agoUpdate translations
Michael Tremer [Sat, 18 Apr 2015 14:16:01 +0000 (16:16 +0200)] 
Update translations

5 years agoMerge remote-tracking branch 'stevee/core-90-geoip' into next
Michael Tremer [Sat, 18 Apr 2015 14:15:17 +0000 (16:15 +0200)] 
Merge remote-tracking branch 'stevee/core-90-geoip' into next

5 years agodnsmasq: Import more patches from upstream
Michael Tremer [Sat, 18 Apr 2015 14:11:29 +0000 (16:11 +0200)] 
dnsmasq: Import more patches from upstream

5 years agoCore90: Update crontab.
Stefan Schantl [Thu, 16 Apr 2015 20:00:51 +0000 (22:00 +0200)] 
Core90: Update crontab.

5 years agokernel: update to 3.14.38
Arne Fitzenreiter [Thu, 16 Apr 2015 18:52:44 +0000 (20:52 +0200)] 
kernel: update to 3.14.38

5 years agoCore90: Add GeoIP to update.
Stefan Schantl [Thu, 16 Apr 2015 18:37:00 +0000 (20:37 +0200)] 
Core90: Add GeoIP to update.

5 years agoRoofile updates for GeoIP related files.
Stefan Schantl [Thu, 16 Apr 2015 17:40:53 +0000 (19:40 +0200)] 
Roofile updates for GeoIP related files.

5 years agoconfigroot: Add geoip related files.
Stefan Schantl [Thu, 16 Apr 2015 17:39:11 +0000 (19:39 +0200)] 
configroot: Add geoip related files.

Create required empty files and install geoip-functions.pl to
desired destination.

5 years agoRevert "perl-Locale-Country: Update country codes to version 3.33."
Stefan Schantl [Thu, 16 Apr 2015 08:51:44 +0000 (10:51 +0200)] 
Revert "perl-Locale-Country: Update country codes to version 3.33."

This reverts commit bf235e962cdd2d0d95d9a6ccfef0b449d181bb04.

5 years agoRevert roofile update for Locale-Country.
Stefan Schantl [Thu, 16 Apr 2015 08:51:03 +0000 (10:51 +0200)] 
Revert roofile update for Locale-Country.

This reverts commit f2d941436b9721cdbfc37f0c7769088d14621d13.

5 years agoMerge branch 'next-geoip' into core-90-geoip
Stefan Schantl [Wed, 15 Apr 2015 15:10:49 +0000 (17:10 +0200)] 
Merge branch 'next-geoip' into core-90-geoip

5 years agoMerge remote-tracking branch 'origin/master' into next
Arne Fitzenreiter [Tue, 14 Apr 2015 18:26:21 +0000 (20:26 +0200)] 
Merge remote-tracking branch 'origin/master' into next