ipfire-2.x.git
4 years agoliboping: Don't build with -Werror
Michael Tremer [Fri, 4 Dec 2015 21:17:27 +0000 (21:17 +0000)] 
liboping: Don't build with -Werror

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agocore96: Ship updated mdadm
Michael Tremer [Fri, 4 Dec 2015 22:17:51 +0000 (22:17 +0000)] 
core96: Ship updated mdadm

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agomdadm: Update to 3.3.4
Michael Tremer [Fri, 4 Dec 2015 21:15:18 +0000 (21:15 +0000)] 
mdadm: Update to 3.3.4

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agoebtables: Honour CFLAGS
Michael Tremer [Fri, 4 Dec 2015 21:14:47 +0000 (21:14 +0000)] 
ebtables: Honour CFLAGS

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agoopenssl: Update to 1.0.2e
Michael Tremer [Thu, 3 Dec 2015 16:59:48 +0000 (16:59 +0000)] 
openssl: Update to 1.0.2e

OpenSSL Security Advisory [3 Dec 2015]
=======================================

NOTE: WE ANTICIPATE THAT 1.0.0t AND 0.9.8zh WILL BE THE LAST RELEASES FOR THE
0.9.8 AND 1.0.0 VERSIONS AND THAT NO MORE SECURITY FIXES WILL BE PROVIDED (AS
PER PREVIOUS ANNOUNCEMENTS). USERS ARE ADVISED TO UPGRADE TO LATER VERSIONS.

BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193)
==================================================================

Severity: Moderate

There is a carry propagating bug in the x86_64 Montgomery squaring procedure. No
EC algorithms are affected. Analysis suggests that attacks against RSA and DSA
as a result of this defect would be very difficult to perform and are not
believed likely. Attacks against DH are considered just feasible (although very
difficult) because most of the work necessary to deduce information
about a private key may be performed offline. The amount of resources
required for such an attack would be very significant and likely only
accessible to a limited number of attackers. An attacker would
additionally need online access to an unpatched system using the target
private key in a scenario with persistent DH parameters and a private
key that is shared between multiple clients. For example this can occur by
default in OpenSSL DHE based SSL/TLS ciphersuites.

This issue affects OpenSSL version 1.0.2.

OpenSSL 1.0.2 users should upgrade to 1.0.2e

This issue was reported to OpenSSL on August 13 2015 by Hanno
Böck. The fix was developed by Andy Polyakov of the OpenSSL
development team.

Certificate verify crash with missing PSS parameter (CVE-2015-3194)
===================================================================

Severity: Moderate

The signature verification routines will crash with a NULL pointer dereference
if presented with an ASN.1 signature using the RSA PSS algorithm and absent
mask generation function parameter. Since these routines are used to verify
certificate signature algorithms this can be used to crash any certificate
verification operation and exploited in a DoS attack. Any application which
performs certificate verification is vulnerable including OpenSSL clients and
servers which enable client authentication.

This issue affects OpenSSL versions 1.0.2 and 1.0.1.

OpenSSL 1.0.2 users should upgrade to 1.0.2e
OpenSSL 1.0.1 users should upgrade to 1.0.1q

This issue was reported to OpenSSL on August 27 2015 by Loïc Jonas Etienne
(Qnective AG). The fix was developed by Dr. Stephen Henson of the OpenSSL
development team.

X509_ATTRIBUTE memory leak (CVE-2015-3195)
==========================================

Severity: Moderate

When presented with a malformed X509_ATTRIBUTE structure OpenSSL will leak
memory. This structure is used by the PKCS#7 and CMS routines so any
application which reads PKCS#7 or CMS data from untrusted sources is affected.
SSL/TLS is not affected.

This issue affects OpenSSL versions 1.0.2 and 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.2 users should upgrade to 1.0.2e
OpenSSL 1.0.1 users should upgrade to 1.0.1q
OpenSSL 1.0.0 users should upgrade to 1.0.0t
OpenSSL 0.9.8 users should upgrade to 0.9.8zh

This issue was reported to OpenSSL on November 9 2015 by Adam Langley
(Google/BoringSSL) using libFuzzer. The fix was developed by Dr. Stephen
Henson of the OpenSSL development team.

Race condition handling PSK identify hint (CVE-2015-3196)
=========================================================

Severity: Low

If PSK identity hints are received by a multi-threaded client then
the values are wrongly updated in the parent SSL_CTX structure. This can
result in a race condition potentially leading to a double free of the
identify hint data.

This issue was fixed in OpenSSL 1.0.2d and 1.0.1p but has not been previously
listed in an OpenSSL security advisory. This issue also affects OpenSSL 1.0.0
and has not been previously fixed in an OpenSSL 1.0.0 release.

OpenSSL 1.0.2 users should upgrade to 1.0.2d
OpenSSL 1.0.1 users should upgrade to 1.0.1p
OpenSSL 1.0.0 users should upgrade to 1.0.0t

The fix for this issue can be identified in the OpenSSL git repository by commit
ids 3c66a669dfc7 (1.0.2), d6be3124f228 (1.0.1) and 1392c238657e (1.0.0).

The fix was developed by Dr. Stephen Henson of the OpenSSL development team.

Note
====

As per our previous announcements and our Release Strategy
(https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions
1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these
versions will be provided after that date. In the absence of significant
security issues being identified prior to that date, the 1.0.0t and 0.9.8zh
releases will be the last for those versions. Users of these versions are
advised to upgrade.

References
==========

URL for this Security Advisory:
https://www.openssl.org/news/secadv/20151203.txt

Note: the online version of the advisory may be updated with additional
details over time.

For details of OpenSSL severity classifications please see:
https://www.openssl.org/about/secpolicy.html

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agoramdisk: Migrate everything during the update
Michael Tremer [Thu, 3 Dec 2015 16:34:59 +0000 (16:34 +0000)] 
ramdisk: Migrate everything during the update

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agoramdisk: Avoid copying data if no ramdisk is used
Michael Tremer [Thu, 3 Dec 2015 16:03:29 +0000 (16:03 +0000)] 
ramdisk: Avoid copying data if no ramdisk is used

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agoramdisk: Move crontab back to disk
Michael Tremer [Thu, 3 Dec 2015 14:57:30 +0000 (14:57 +0000)] 
ramdisk: Move crontab back to disk

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agoramdisk: Make usage of ramdisk configurable
Michael Tremer [Thu, 3 Dec 2015 14:41:49 +0000 (14:41 +0000)] 
ramdisk: Make usage of ramdisk configurable

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agoinitscripts: functions: Fix indentation
Michael Tremer [Thu, 3 Dec 2015 14:27:33 +0000 (14:27 +0000)] 
initscripts: functions: Fix indentation

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agoRemove ramdisks for RRD databases
Alexander Marx [Thu, 3 Dec 2015 13:14:23 +0000 (13:14 +0000)] 
Remove ramdisks for RRD databases

Ramdisks are very limited in space and as new graphs
are generated for OpenVPN N2N connections, etc. more
space is necessary.

This patch will enable ramdisks for all systems with more
than 490M of memory and allows the user to force using
a ramdisk on systems with less memory.

Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Acked-by: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agoMerge branch 'master' into next
Arne Fitzenreiter [Wed, 2 Dec 2015 20:39:20 +0000 (21:39 +0100)] 
Merge branch 'master' into next

4 years agocore95: don't update snort.conf. core95 v2.17-core95
Arne Fitzenreiter [Wed, 2 Dec 2015 13:48:01 +0000 (14:48 +0100)] 
core95: don't update snort.conf.

because this will erase selected rules.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 years agodhcpcd: revert dhclient config before core91.
Arne Fitzenreiter [Wed, 2 Dec 2015 13:39:19 +0000 (14:39 +0100)] 
dhcpcd: revert dhclient config before core91.

the new config has some ipv6 defaults that conflict with
t-com entertain.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 years agokernel: bump pak version for pae kernel.
Arne Fitzenreiter [Wed, 2 Dec 2015 13:36:07 +0000 (14:36 +0100)] 
kernel: bump pak version for pae kernel.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 years agocpufreq: change initscript for intel pstate driver.
Arne Fitzenreiter [Wed, 2 Dec 2015 13:17:34 +0000 (14:17 +0100)] 
cpufreq: change initscript for intel pstate driver.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 years agokernel: enable intel_pstate driver.
Arne Fitzenreiter [Wed, 2 Dec 2015 13:13:04 +0000 (14:13 +0100)] 
kernel: enable intel_pstate driver.

this is needed to use turbo boost of newer intel processors.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 years agocore96: Don't restart services that have not been updated
Michael Tremer [Tue, 1 Dec 2015 22:37:07 +0000 (22:37 +0000)] 
core96: Don't restart services that have not been updated

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agocore96: Ship updated dnsmasq
Michael Tremer [Tue, 1 Dec 2015 22:36:21 +0000 (22:36 +0000)] 
core96: Ship updated dnsmasq

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agodnsmasq 2.75: latest upstream patches
Matthias Fischer [Fri, 27 Nov 2015 21:11:41 +0000 (22:11 +0100)] 
dnsmasq 2.75: latest upstream patches

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agorouting.cgi: Fix syntax error that caused an Internal Server Error
Michael Tremer [Wed, 25 Nov 2015 12:47:29 +0000 (12:47 +0000)] 
routing.cgi: Fix syntax error that caused an Internal Server Error

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agoUpdate Turkish translation
Ersan Yildirim [Mon, 23 Nov 2015 13:42:45 +0000 (13:42 +0000)] 
Update Turkish translation

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agoUpdate translations
Michael Tremer [Mon, 23 Nov 2015 13:42:08 +0000 (13:42 +0000)] 
Update translations

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agoinstaller+setup: Update translations
Michael Tremer [Sat, 21 Nov 2015 14:27:04 +0000 (14:27 +0000)] 
installer+setup: Update translations

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agocore96: Ship changed files
Michael Tremer [Thu, 19 Nov 2015 12:54:41 +0000 (12:54 +0000)] 
core96: Ship changed files

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agoBUG10984: Fix portforwardconverter for upgrades before core 77
Alexander Marx [Mon, 16 Nov 2015 11:01:07 +0000 (12:01 +0100)] 
BUG10984: Fix portforwardconverter for upgrades before core 77

When upgrading from a post core-77 installation, the portforwarding
rules seem to get broken. With this patch the sourceports and the
subnetmasks from the rules are converted correctly.

Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agoBUG10963: implement a better email verification
Alexander Marx [Thu, 19 Nov 2015 10:09:49 +0000 (11:09 +0100)] 
BUG10963: implement a better email verification

We now check all allowed chars in the address before the @ sign.
The domainpart after the '@' sign is just checked for valid chars, so that user@ipfire is valid, too

Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agostrongswan: Update to 5.3.4
Michael Tremer [Thu, 19 Nov 2015 12:52:31 +0000 (12:52 +0000)] 
strongswan: Update to 5.3.4

Fixes a security vulnerability in the EAP-MSCHAPv2 plugin
that is filed under CVE-2015-8023.

https://www.strongswan.org/blog/2015/11/16/strongswan-vulnerability-%28cve-2015-8023%29.html

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agocore96: Ship updated core initscript
Michael Tremer [Wed, 18 Nov 2015 17:31:32 +0000 (17:31 +0000)] 
core96: Ship updated core initscript

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agosnort: Also monitor assigned alias addresses on red.
Stefan Schantl [Fri, 16 Oct 2015 16:49:15 +0000 (18:49 +0200)] 
snort: Also monitor assigned alias addresses on red.

These changes will allow snort to also inspect the traffic for
one or more configured alias addresses, which has not been done in the past.

The current situation is, that snort if enabled on red, only inspects
the traffic which is desired to the statically configured red address.

If some alias addresses have been assigned to the red interface the
traffic to these addresses will not be checked by snort and
completely bypasses the IDS.

There is no user interaction required, nor visible-effects or any
backward-compatiblity required, only a restart of snort after the
update process to protect all red addresses.

To do this we will now check if, the RED interface has been set to STATIC (which
is required to use the aliases function) and any aliases have been configured. In
case of this, the modified code will add all enabled alias addresses to the HOMENET
variable in which snort is storing all the monitored addresses.

Fixes #10619.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agoboost: build also on x86 with -j2
Arne Fitzenreiter [Wed, 11 Nov 2015 21:05:15 +0000 (22:05 +0100)] 
boost: build also on x86 with -j2

boost need to much memory if it was build with more
than 2 parallel processes.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 years agocore96: add pakfire changes to updater
Arne Fitzenreiter [Wed, 11 Nov 2015 14:01:13 +0000 (15:01 +0100)] 
core96: add pakfire changes to updater

4 years agopakfire: remove wrong version of installed addons
Arne Fitzenreiter [Wed, 11 Nov 2015 13:54:21 +0000 (14:54 +0100)] 
pakfire: remove wrong version of installed addons

in the installed addon list pakfire has showed
the latest version of the addon not the installed.

Fixes: #10875

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 years agostart core96
Arne Fitzenreiter [Wed, 11 Nov 2015 13:49:02 +0000 (14:49 +0100)] 
start core96

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 years agofinish core95
Arne Fitzenreiter [Tue, 10 Nov 2015 20:15:21 +0000 (21:15 +0100)] 
finish core95

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 years agokernel: update to 3.14.57
Arne Fitzenreiter [Tue, 10 Nov 2015 20:13:51 +0000 (21:13 +0100)] 
kernel: update to 3.14.57

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 years agoBUG10964: When entering wrong data in dma setup, the fields are blanked
Alexander Marx [Tue, 10 Nov 2015 09:59:12 +0000 (10:59 +0100)] 
BUG10964: When entering wrong data in dma setup, the fields are blanked

When entring wrong values in the fields and saving the site, there comes
an errormessage and all fields except mailserver and port are blanked.
Now the fileds are preserved and all data is displayed even after an
errormessage

Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agoBUG10902: Add statusfile line when editing an ovpn n2n connection
Alexander Marx [Fri, 24 Jul 2015 08:36:12 +0000 (10:36 +0200)] 
BUG10902: Add statusfile line when editing an ovpn n2n connection

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agocore95: Add changed network-functions.pl to updater
Michael Tremer [Mon, 9 Nov 2015 17:33:50 +0000 (17:33 +0000)] 
core95: Add changed network-functions.pl to updater

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agoBUG10940: remove leading zeros in ip address
Alexander Marx [Mon, 9 Nov 2015 11:42:47 +0000 (12:42 +0100)] 
BUG10940: remove leading zeros in ip address

in firewallgroups (hosts) an error was created when using ip adresses
like 192.168.000.008. Now all leading zeros are deleted in
firewallgroups and in the firewall itself when using single ip addresses
as source or target.

Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agocore95: ship settime and timecheck scripts.
Arne Fitzenreiter [Sun, 8 Nov 2015 17:03:53 +0000 (18:03 +0100)] 
core95: ship settime and timecheck scripts.

on some installations this scripts are outdated.
Fixes: #10976

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 years agocore95: exclude ntp config files.
Arne Fitzenreiter [Sun, 8 Nov 2015 14:44:18 +0000 (15:44 +0100)] 
core95: exclude ntp config files.

Fixes: #10974

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 years agocore95: exclude dma config files.
Arne Fitzenreiter [Sun, 8 Nov 2015 14:42:53 +0000 (15:42 +0100)] 
core95: exclude dma config files.

Fixes: #10975

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 years agocore95: add ipset to updater.
Arne Fitzenreiter [Sun, 8 Nov 2015 09:04:13 +0000 (10:04 +0100)] 
core95: add ipset to updater.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 years agoipset: fix build om arm.
Arne Fitzenreiter [Sat, 7 Nov 2015 08:11:27 +0000 (09:11 +0100)] 
ipset: fix build om arm.

Never hardcode KVER-ipfire in any patches because on arm there is no KVER-ipfire kernel.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 years agoMerge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next
Arne Fitzenreiter [Thu, 5 Nov 2015 20:39:39 +0000 (21:39 +0100)] 
Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next

4 years agocore95: Ship changed mail.cgi
Michael Tremer [Thu, 5 Nov 2015 15:35:46 +0000 (15:35 +0000)] 
core95: Ship changed mail.cgi

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agoBUG10965: only write auth.conf if username/password are set
Alexander Marx [Sat, 31 Oct 2015 06:34:56 +0000 (07:34 +0100)] 
BUG10965: only write auth.conf if username/password are set

auth.conf was always written, even if no username/password provided.
In this case only the ip or Hostname of the mailserver was written into
auth.conf. Now the file is only filled if username/password are filled.

Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Tested-by: Timo Eissler <timo.eissler@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agoipset: New package
Erik Kapfer [Thu, 5 Nov 2015 05:29:01 +0000 (06:29 +0100)] 
ipset: New package

Signed-off-by: Erik Kapfer <erik.kapfer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agoopenvpn: The --up option only takes one single argument
Michael Tremer [Thu, 5 Nov 2015 11:44:57 +0000 (11:44 +0000)] 
openvpn: The --up option only takes one single argument

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agoopenvpn: Apply static routes on client site as well
Michael Tremer [Thu, 5 Nov 2015 11:44:04 +0000 (11:44 +0000)] 
openvpn: Apply static routes on client site as well

Fixes: #10968

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agoopenvmtools: enable build on x86_64
Arne Fitzenreiter [Thu, 5 Nov 2015 10:40:06 +0000 (11:40 +0100)] 
openvmtools: enable build on x86_64

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 years agocore95: Ship updated packages
Michael Tremer [Wed, 4 Nov 2015 21:18:13 +0000 (21:18 +0000)] 
core95: Ship updated packages

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agosnort: Update to 2.9.7.6
Matthias Fischer [Sun, 1 Nov 2015 14:30:01 +0000 (15:30 +0100)] 
snort: Update to 2.9.7.6

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agolzo: Update to version 2.09
Erik Kapfer [Tue, 7 Jul 2015 11:13:36 +0000 (13:13 +0200)] 
lzo: Update to version 2.09

Signed-off-by: Erik Kapfer <erik.kapfer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agoopenvpn: Embed the certificate and key file into configuration
Michael Tremer [Fri, 30 Oct 2015 15:47:22 +0000 (15:47 +0000)] 
openvpn: Embed the certificate and key file into configuration

This will allow to import just the configuration file
into iOS and establish the VPN connection. Also works
with many other OpenVPN clients.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agoopenvpn: Add option to download a client package with PEM files
Michael Tremer [Fri, 30 Oct 2015 15:47:21 +0000 (15:47 +0000)] 
openvpn: Add option to download a client package with PEM files

This patch adds the option to download a client package
that comes with a regular PEM and key file instead of a
PKCS12 file which is easier to use with clients that
don't support PKCS12 (like iOS) opposed to converting
the file manually.

This requires that the connection is created without
using a password for the certificate. Then the certificate
is already stored in an insecure way.

This patch also adds this to the Core Update 95 updater.

Fixes: #10966

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
CC: Alexander Marx <alexander.marx@ipfire.org>
4 years agoopenvpn: Apply static routes when N2N connection comes up
Michael Tremer [Fri, 30 Oct 2015 16:00:28 +0000 (16:00 +0000)] 
openvpn: Apply static routes when N2N connection comes up

Fixes: #10968

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agodma: Update to 0.10
Matthias Fischer [Tue, 3 Nov 2015 17:51:32 +0000 (18:51 +0100)] 
dma: Update to 0.10

Sorry, I borked the PATCH from yesterday...second try:

dma: Update to 0.10
Changes: dns.c, do not treat unreachable DNS server as permanent error
See: https://github.com/corecode/dma/commit/1a1306df018bd62cf1c5feb2e6e664f656bc9554#diff-8e1267319329e5ee7e6a92fb2aa01c6b

Deleted unnecessary blank lines in 'mail.cgi'

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agocore95: add upadated backup exclude list.
Arne Fitzenreiter [Sun, 1 Nov 2015 20:49:22 +0000 (21:49 +0100)] 
core95: add upadated backup exclude list.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 years agofirewall: fix disable MASQERADE in green only mode.
Arne Fitzenreiter [Sun, 1 Nov 2015 10:20:56 +0000 (11:20 +0100)] 
firewall: fix disable MASQERADE in green only mode.

using MASQERADE_GREEN="off" will not work because "NETWORK_GREEN" is
not correctly defined in green only mode.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 years agoMerge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next
Michael Tremer [Sat, 31 Oct 2015 21:44:51 +0000 (21:44 +0000)] 
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next

4 years agocredits.cgi: Update credits
Michael Tremer [Sat, 31 Oct 2015 21:40:47 +0000 (21:40 +0000)] 
credits.cgi: Update credits

Promotes Alexander Marx to the group of Core Developers.

Also lots of reformatting of old HTML code.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agoFix unnecessary space character in "E-Mail Absender"
Lars Schuhmacher [Fri, 30 Oct 2015 22:59:08 +0000 (23:59 +0100)] 
Fix unnecessary space character in "E-Mail Absender"

Fix unnecessary space character in "E-Mail Absender".

Replaces the space character with a dash as is correct and already used in the other words in that part.

Signed-off-by: Lars Schuhmacher <larsen007@web.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agocore95: add kernel to updater.
Arne Fitzenreiter [Sat, 31 Oct 2015 16:29:14 +0000 (17:29 +0100)] 
core95: add kernel to updater.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 years agocore95: add ntp, backup and geoip changes to updater.
Arne Fitzenreiter [Sat, 31 Oct 2015 16:07:01 +0000 (17:07 +0100)] 
core95: add ntp, backup and geoip changes to updater.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 years agobackup: exclude lm_sensors config.
Arne Fitzenreiter [Sat, 31 Oct 2015 16:04:47 +0000 (17:04 +0100)] 
backup: exclude lm_sensors config.

this config is hardware dependend and will autodetected at boot.
fixes #10865

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 years agogeo-ip: download initial database in background.
Arne Fitzenreiter [Sat, 31 Oct 2015 15:55:17 +0000 (16:55 +0100)] 
geo-ip: download initial database in background.

on slow internet connections like gprs the first start hung many minutes.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 years agoMerge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next
Michael Tremer [Thu, 29 Oct 2015 23:25:45 +0000 (23:25 +0000)] 
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next

4 years agoe1000e: update to 3.2.7.1
Arne Fitzenreiter [Wed, 28 Oct 2015 18:36:22 +0000 (19:36 +0100)] 
e1000e: update to 3.2.7.1

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 years agokernel: update to 3.14.56
Arne Fitzenreiter [Tue, 27 Oct 2015 16:31:51 +0000 (17:31 +0100)] 
kernel: update to 3.14.56

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 years agoMerge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next
Arne Fitzenreiter [Tue, 27 Oct 2015 16:31:19 +0000 (17:31 +0100)] 
Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next

4 years agokernel: genksyms fix empty symbol crc.
Arne Fitzenreiter [Tue, 27 Oct 2015 15:57:24 +0000 (16:57 +0100)] 
kernel: genksyms fix empty symbol crc.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 years agosnort 2.9.7.6: removed unrecognized configure options in lfs file
Matthias Fischer [Mon, 26 Oct 2015 15:25:24 +0000 (16:25 +0100)] 
snort 2.9.7.6: removed unrecognized configure options in lfs file

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agontp: Update to 4.2.8p4
Matthias Fischer [Mon, 26 Oct 2015 11:24:51 +0000 (12:24 +0100)] 
ntp: Update to 4.2.8p4

ntp-Update to 4.2.8p4, regarding "13 low- and medium-severity vulnerabilities".

For a complete list, see: http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agoMerge remote-tracking branch 'origin/master' into next
Arne Fitzenreiter [Sun, 25 Oct 2015 08:21:12 +0000 (09:21 +0100)] 
Merge remote-tracking branch 'origin/master' into next

4 years agossh: preferre ecdsa cipher again. core94
Arne Fitzenreiter [Sat, 24 Oct 2015 10:07:29 +0000 (12:07 +0200)] 
ssh: preferre ecdsa cipher again.

Previous we had not configured it so the ssh default order was used.
Now we define it to disable dsa so we had to give the correct order but
in the example cfg rsa is prefered.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 years agocore94: add system menu to update.
Arne Fitzenreiter [Fri, 23 Oct 2015 17:49:17 +0000 (19:49 +0200)] 
core94: add system menu to update.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 years agokernel: uppdate to 3.14.55
Arne Fitzenreiter [Fri, 23 Oct 2015 09:00:03 +0000 (11:00 +0200)] 
kernel: uppdate to 3.14.55

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 years agoMerge remote-tracking branch 'origin/master' into next
Arne Fitzenreiter [Thu, 22 Oct 2015 21:38:27 +0000 (23:38 +0200)] 
Merge remote-tracking branch 'origin/master' into next

4 years agoMove email settings from services to system menu
Michael Tremer [Thu, 22 Oct 2015 20:21:34 +0000 (21:21 +0100)] 
Move email settings from services to system menu

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agoMerge remote-tracking branch 'origin/master' into next
Arne Fitzenreiter [Thu, 22 Oct 2015 11:11:17 +0000 (13:11 +0200)] 
Merge remote-tracking branch 'origin/master' into next

4 years agoopenssh: disable dsa key usage.
Arne Fitzenreiter [Thu, 22 Oct 2015 11:08:27 +0000 (13:08 +0200)] 
openssh: disable dsa key usage.

fixes #10934

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 years agoMerge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next
Arne Fitzenreiter [Wed, 21 Oct 2015 19:02:19 +0000 (21:02 +0200)] 
Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next

4 years agokernel: update to 3.14.54
Arne Fitzenreiter [Wed, 21 Oct 2015 16:48:32 +0000 (18:48 +0200)] 
kernel: update to 3.14.54

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 years agodhcp rfc2136: dhcpd does not seem to support SHA-1
Michael Tremer [Wed, 21 Oct 2015 16:34:41 +0000 (17:34 +0100)] 
dhcp rfc2136: dhcpd does not seem to support SHA-1

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agocore95: Ship DHCP RFC2136 changes
Michael Tremer [Wed, 21 Oct 2015 12:52:22 +0000 (13:52 +0100)] 
core95: Ship DHCP RFC2136 changes

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agoMerge remote-tracking branch 'ms/dhcp-rfc2136-broken-down' into next
Michael Tremer [Wed, 21 Oct 2015 12:50:07 +0000 (13:50 +0100)] 
Merge remote-tracking branch 'ms/dhcp-rfc2136-broken-down' into next

4 years agocore95: Ship changed routing.cgi file
Michael Tremer [Sun, 18 Oct 2015 18:20:18 +0000 (19:20 +0100)] 
core95: Ship changed routing.cgi file

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agoBUG10941: fix single ip-addresses when no subnet given
Alexander Marx [Sat, 17 Oct 2015 17:27:03 +0000 (19:27 +0200)] 
BUG10941: fix single ip-addresses when no subnet given

Some functions when adding a new route where senseless.
Now the ip address is checked and in case of a missing / wrong
subnetmask an errormessage is raised. The ip address is preserved.
ELSE
we convert the subnetmask to cidr notation and calculate the network ip
correctly.

Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agocore95: Ship changed firewall.cgi file
Michael Tremer [Sun, 18 Oct 2015 18:19:31 +0000 (19:19 +0100)] 
core95: Ship changed firewall.cgi file

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agoBUG10806: fix wrong customhostgroupcheck
Alexander Marx [Sat, 17 Oct 2015 16:32:10 +0000 (18:32 +0200)] 
BUG10806: fix wrong customhostgroupcheck

The function to check for valid hostgroup entries not only
checked the target hostgroup but also the source hostgroup if any.
This lead to the error.
Now the check only affects target hostgroups because it does not matter if a sourcegroup contains mac addresses.

Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agocore95: Ship changed firewalllogcountry.dat
Michael Tremer [Sun, 18 Oct 2015 17:54:25 +0000 (18:54 +0100)] 
core95: Ship changed firewalllogcountry.dat

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agofirewalllogcountry.dat: Do not show 'Details' button for unkonw location.
Stefan Schantl [Sun, 18 Oct 2015 11:23:32 +0000 (13:23 +0200)] 
firewalllogcountry.dat: Do not show 'Details' button for unkonw location.

The CGI offers the posibility to get more details for a certain locations
by clicking on a button.

This feature cannot be used for the category "unknown". To prevent users
from beeing confused about non show-able details, I added some code to hide
this button for this category.

Fixes #10726.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agocore95: Ship changed pppsetup.cgi
Michael Tremer [Sun, 18 Oct 2015 17:52:07 +0000 (18:52 +0100)] 
core95: Ship changed pppsetup.cgi

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agopppsetup.cgi: Fix site layout when no TYPE is specified
Stefan Schantl [Sun, 18 Oct 2015 12:25:50 +0000 (14:25 +0200)] 
pppsetup.cgi: Fix site layout when no TYPE is specified

There was an issue with false generated HTML code, in case
of an empty or unset $pppsettings{'TYPE'} variable which results
in a missplaced website footer.

This patch moves the code for closeing the table and the call of the
closebox() function to the correct place to prevent this display issue.

Fixes #10565.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agomonit addon: Upgrade to 5.14
Dirk Wagner [Sat, 17 Oct 2015 18:55:17 +0000 (20:55 +0200)] 
monit addon: Upgrade to 5.14

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agoasterisk addon: Update to 11.20.0
Dirk Wagner [Sat, 17 Oct 2015 18:52:13 +0000 (20:52 +0200)] 
asterisk addon: Update to 11.20.0

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agocore95: Ship ddns update
Michael Tremer [Sat, 17 Oct 2015 00:27:07 +0000 (01:27 +0100)] 
core95: Ship ddns update

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agoddns: Update to 009
Stefan Schantl [Fri, 16 Oct 2015 23:27:04 +0000 (01:27 +0200)] 
ddns: Update to 009

This update contains the latest upstream changes which are
a better SSL error handling and support for desec.io.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>