Toggle navigation
Patchwork
IPFire
Patches
Bundles
About this project
Login
Register
Mail settings
Show patches with
: Submitter =
Peter Müller
| 697 patches
Series
Submitter
State
any
Action Required
New
Under Review
Accepted
Rejected
RFC
Not Applicable
Changes Requested
Awaiting Upstream
Superseded
Deferred
Dropped
Staged
Search
Archived
No
Yes
Both
Delegate
------
Nobody
amarx
jonatan
git
git
git
git
git
git
pmueller
pmueller
pmueller
pmueller
pmueller
pmueller
bonnietwin
stevee
stevee
ms
ms
ms
ms
ms
ms
Apply
«
1
2
3
4
…
6
7
»
Patch
Series
A/R/T
S/W/F
Date
Submitter
Delegate
State
[00/11] Drop unmaintained or orphaned add-ons and packages, first batch
- - -
-
-
-
2021-05-17
Peter Müller
None
[00/20] Prevent "nobody" from escalating privileges by using writeable binaries as a vehicle
- - -
-
-
-
2021-05-17
Peter Müller
None
[01/10] Drop orphaned dependency add-on libmicrohttpd
[01/10] Drop orphaned dependency add-on libmicrohttpd
- - -
-
-
-
2021-05-17
Peter Müller
Superseded
[01/11] Drop motion add-on
Drop unmaintained or orphaned add-ons and packages, first batch
- - -
-
-
-
2021-05-17
Peter Müller
Superseded
[01/11] firewall: Log packets dropped due to conntrack INVALID state
firewall: Introduce DROP_HOSTILE and improve spoofing logging/protection
- - -
-
-
-
2021-12-18
Peter Müller
Accepted
[01/11] Kernel: Set CONFIG_ARCH_MMAP_RND_BITS to 32 bits
Kernel: Improve hardening
- 1 -
-
-
-
2022-03-19
Peter Müller
Accepted
[01/20] GnuPG does not need to have a SUID bit set
Prevent "nobody" from escalating privileges by using writeable binaries as a vehicle
- - -
-
-
-
2021-05-17
Peter Müller
Accepted
[01/21] linux: Update to 5.15.85
linux: Update to 5.15.85 and backport many IPFire 3.x changes
- - -
-
-
-
2022-12-26
Peter Müller
Accepted
[0/1] hostapd: clean up shell script
- - -
-
-
-
2020-05-02
Peter Müller
None
[02/10] Drop Asterisk add-on
[01/10] Drop orphaned dependency add-on libmicrohttpd
- - -
-
-
-
2021-05-17
Peter Müller
Superseded
[02/11] firewall: Accept inbound Tor traffic before applying the location filter
firewall: Introduce DROP_HOSTILE and improve spoofing logging/protection
- - -
-
-
-
2021-12-18
Peter Müller
Accepted
[02/11] Kernel: Disable support for tracing block I/O actions
Kernel: Improve hardening
- 1 -
-
-
-
2022-03-19
Peter Müller
Accepted
[02/20] Core Update 157: remove SUID bit from /usr/bin/gpg
Prevent "nobody" from escalating privileges by using writeable binaries as a vehicle
- - -
-
-
-
2021-05-17
Peter Müller
Accepted
[02/21] linux: Disable the entire PCMCIA/CardBus subsystem
linux: Update to 5.15.85 and backport many IPFire 3.x changes
1 - -
-
-
-
2022-12-26
Peter Müller
Accepted
[03/11] firewall: Log and drop spoofed loopback packets
firewall: Introduce DROP_HOSTILE and improve spoofing logging/protection
- - -
-
-
-
2021-12-18
Peter Müller
Accepted
[03/11] Kernel: Pin loading kernel files to one filesystem
Kernel: Improve hardening
- - -
-
-
-
2022-03-19
Peter Müller
Rejected
[03/20] /usr/bin/ping does not need a SUID bit if appropriate capabilities are set
Prevent "nobody" from escalating privileges by using writeable binaries as a vehicle
- - -
-
-
-
2021-05-17
Peter Müller
Accepted
[03/21] linux: Enable parallel crypto by default
linux: Update to 5.15.85 and backport many IPFire 3.x changes
- - -
-
-
-
2022-12-26
Peter Müller
Accepted
[04/11] firewall: Prevent spoofing our own RED IP address
firewall: Introduce DROP_HOSTILE and improve spoofing logging/protection
- - -
-
-
-
2021-12-18
Peter Müller
Accepted
[04/11] Kernel: Enable undefined behaviour sanity checker
Kernel: Improve hardening
- - -
-
-
-
2022-03-19
Peter Müller
Rejected
[04/20] Core Update 157: Delete ssh-keysign binary
Prevent "nobody" from escalating privileges by using writeable binaries as a vehicle
- - -
-
-
-
2021-05-17
Peter Müller
Accepted
[04/21] linux: Disable syscalls that allows processes to r/w other processes' memory
linux: Update to 5.15.85 and backport many IPFire 3.x changes
1 - -
-
-
-
2022-12-26
Peter Müller
Accepted
[05/11] firewall: Introduce DROP_HOSTILE
firewall: Introduce DROP_HOSTILE and improve spoofing logging/protection
- - -
-
-
-
2021-12-18
Peter Müller
Accepted
[05/11] Kernel: Gate SETID transitions to limit CAP_SET(G|U)ID capabilities
Kernel: Improve hardening
- - -
-
-
-
2022-03-19
Peter Müller
Rejected
[05/20] DMA: do not ship a binary for creating mail boxes
Prevent "nobody" from escalating privileges by using writeable binaries as a vehicle
- - -
-
-
-
2021-05-17
Peter Müller
Accepted
[05/21] linux: Disable the latent entropy plugin
linux: Update to 5.15.85 and backport many IPFire 3.x changes
1 - -
-
-
-
2022-12-26
Peter Müller
Accepted
[06/11] Kernel: Enable LSM support and set security level to "integrity"
Kernel: Improve hardening
- 1 -
-
-
-
2022-03-19
Peter Müller
Accepted
[06/11] optionsfw.cgi: Make logging of spoofed/martians packets and the DROP_HOSTILE filter configu…
firewall: Introduce DROP_HOSTILE and improve spoofing logging/protection
- - -
-
-
-
2021-12-18
Peter Müller
Accepted
[06/20] Core Update 157: Delete orphaned DMA mail box creation binary as well
Prevent "nobody" from escalating privileges by using writeable binaries as a vehicle
- - -
-
-
-
2021-05-17
Peter Müller
Accepted
[06/21] linux: Build all library routines as modules and disable self-tests
linux: Update to 5.15.85 and backport many IPFire 3.x changes
1 - -
-
-
-
2022-12-26
Peter Müller
Accepted
[0/6] Patchset for fixing errors surfaced in Core Update 157 (testing)
- - -
-
-
-
2021-05-21
Peter Müller
None
[07/11] Kernel: Trigger BUG if data corruption is detected
Kernel: Improve hardening
- - -
-
-
-
2022-03-19
Peter Müller
Rejected
[07/11] Update German and English translation files
firewall: Introduce DROP_HOSTILE and improve spoofing logging/protection
- - -
-
-
-
2021-12-18
Peter Müller
Accepted
[07/20] Core Update 157: /var/ipfire/fwhosts/icmp-types does not have to be executable
Prevent "nobody" from escalating privileges by using writeable binaries as a vehicle
- - -
-
-
-
2021-05-17
Peter Müller
Accepted
[07/21] linux: Build all HWRNGs as modules
linux: Update to 5.15.85 and backport many IPFire 3.x changes
1 - -
-
-
-
2022-12-26
Peter Müller
Accepted
[08/11] collectd.conf: Keep track of DROP_{HOSTILE,SPOOFED_MARTIAN}
firewall: Introduce DROP_HOSTILE and improve spoofing logging/protection
- - -
-
-
-
2021-12-18
Peter Müller
Accepted
[08/11] Kernel: Do not automatically load TTY line disciplines, only if necessary
Kernel: Improve hardening
- - -
-
-
-
2022-03-19
Peter Müller
Accepted
[08/20] Core Update 157: Ship changed iputils due to /usr/bin/ping changes
Prevent "nobody" from escalating privileges by using writeable binaries as a vehicle
- - -
-
-
-
2021-05-17
Peter Müller
Accepted
[08/21] linux: Compile binfmt_misc as a module
linux: Update to 5.15.85 and backport many IPFire 3.x changes
1 - -
-
-
-
2022-12-26
Peter Müller
Accepted
[09/11] graphs.pl: Display spoofed and hostile traffic in firewall hits diagram as well
firewall: Introduce DROP_HOSTILE and improve spoofing logging/protection
- - -
-
-
-
2021-12-18
Peter Müller
Accepted
[09/11] Kernel: Enable SVA support for both Intel and AMD CPUs
Kernel: Improve hardening
1 - -
-
-
-
2022-03-19
Peter Müller
Accepted
[09/20] backup: prevent /var/ipfire/backup/bin/backup.pl from being owned by nobody
Prevent "nobody" from escalating privileges by using writeable binaries as a vehicle
- - -
-
-
-
2021-05-17
Peter Müller
Accepted
[09/21] linux: Wipe all memory when rebooting on EFI
linux: Update to 5.15.85 and backport many IPFire 3.x changes
1 - -
-
-
-
2022-12-26
Peter Müller
Accepted
[10/11] configroot: Enable logging of spoofed packets/martians by default
firewall: Introduce DROP_HOSTILE and improve spoofing logging/protection
- - -
-
-
-
2021-12-18
Peter Müller
Accepted
[10/11] Kernel: Disable function and stack tracers
Kernel: Improve hardening
- - -
-
-
-
2022-03-19
Peter Müller
Rejected
[10/20] SquidGuard: Prevent binaries within /var/ipfire/urlfilter/bin/ from being owned by nobody
Prevent "nobody" from escalating privileges by using writeable binaries as a vehicle
- - -
-
-
-
2021-05-17
Peter Müller
Accepted
[10/21] linux: Disable the Distributed Lock Manager
linux: Update to 5.15.85 and backport many IPFire 3.x changes
1 - -
-
-
-
2022-12-26
Peter Müller
Accepted
[11/11] configroot: Drop traffic from and to hostile networks by default
firewall: Introduce DROP_HOSTILE and improve spoofing logging/protection
- - -
-
-
-
2021-12-18
Peter Müller
Accepted
[11/11] Kernel: Update rootfile for x86_64
Kernel: Improve hardening
- - -
-
-
-
2022-03-19
Peter Müller
Dropped
[11/20] Core Update 157: Apply changed permissions to /var/ipfire/urlfilter/bin/
Prevent "nobody" from escalating privileges by using writeable binaries as a vehicle
- - -
-
-
-
2021-05-17
Peter Müller
Accepted
[11/21] linux: Disable some character devices that do not make sense
linux: Update to 5.15.85 and backport many IPFire 3.x changes
1 - -
-
-
-
2022-12-26
Peter Müller
Accepted
[12/20] Squid: Prevent binaries within /var/ipfire/updatexlrator/bin/ from being owned by nobody
Prevent "nobody" from escalating privileges by using writeable binaries as a vehicle
- - -
-
-
-
2021-05-17
Peter Müller
Accepted
[12/21] linux: Make graphics configruation sane
linux: Update to 5.15.85 and backport many IPFire 3.x changes
1 - -
-
-
-
2022-12-26
Peter Müller
Accepted
[1/2] add IPtables chain for outgoing Tor traffic
[1/2] add IPtables chain for outgoing Tor traffic
- - -
-
-
-
2019-03-12
Peter Müller
Accepted
[1/2] Apache: prevent Referrer leaks via WebUI
[1/2] Apache: prevent Referrer leaks via WebUI
1 - -
-
-
-
2019-11-04
Peter Müller
Accepted
[1/2] automake: update to 1.16.2
[1/2] automake: update to 1.16.2
- - -
-
-
-
2020-04-11
Peter Müller
Accepted
[1/2] automake: Update to 1.16.5
[1/2] automake: Update to 1.16.5
- - -
-
-
-
2022-11-28
Peter Müller
Accepted
[1/2] backup.pl: Include logwatch summary into backups as well
[1/2] backup.pl: Include logwatch summary into backups as well
- 1 -
-
-
-
2022-07-09
Peter Müller
Accepted
[1/2] ca-certificates: Sync with Mozilla's current trust store
[1/2] ca-certificates: Sync with Mozilla's current trust store
- - -
-
-
-
2022-12-01
Peter Müller
Accepted
[1/2] ca-certificates: Update root CA certificates bundle
[1/2] ca-certificates: Update root CA certificates bundle
- 1 -
-
-
-
2023-12-04
Peter Müller
Staged
[1/2] ca-certificates: Update root CA certificates bundle
[1/2] ca-certificates: Update root CA certificates bundle
- - -
-
-
-
2023-03-05
Peter Müller
Accepted
[1/2] Core Update 139: apply SSH configuration and restart SSH daemon
[1/2] Core Update 139: apply SSH configuration and restart SSH daemon
- - -
-
-
-
2019-12-13
Peter Müller
Accepted
[1/2] Drop unmaintained add-on lcd4linux
[1/2] Drop unmaintained add-on lcd4linux
- 1 -
-
-
-
2021-06-02
Peter Müller
Accepted
[1/2] fmt: Update to 9.0.0
[1/2] fmt: Update to 9.0.0
- - -
-
-
-
2022-08-02
Peter Müller
Accepted
[1/2] iproute2: Do not ship /sbin/tipc
[1/2] iproute2: Do not ship /sbin/tipc
- 1 -
-
-
-
2022-03-19
Peter Müller
Dropped
[1/2] Kernel: drop bluetooth support
[1/2] Kernel: drop bluetooth support
- - -
-
-
-
2020-03-31
Peter Müller
Superseded
[1/2] kernel: enable CONFIG_SECURITY_LOADPIN
[1/2] kernel: enable CONFIG_SECURITY_LOADPIN
- - -
-
-
-
2020-06-09
Peter Müller
Dropped
[1/2] libevent2: update to 2.1.11-stable
[1/2] libevent2: update to 2.1.11-stable
- - -
-
-
-
2020-04-18
Peter Müller
Accepted
[1/2] libhtp: update to 0.5.33
[1/2] libhtp: update to 0.5.33
1 - -
-
-
-
2020-04-28
Peter Müller
Accepted
[1/2] linux: Disable io_uring
[1/2] linux: Disable io_uring
- - -
-
-
-
2023-10-13
Peter Müller
Staged
[1/2] linux-firmware: Update to 20211216
[1/2] linux-firmware: Update to 20211216
- - -
-
-
-
2022-01-04
Peter Müller
Accepted
[1/2] linux: Update to 6.1.24
[1/2] linux: Update to 6.1.24
- 1 -
-
-
-
2023-04-18
Peter Müller
Accepted
[1/2] mail.cgi: add support for implicit TLS usage
[1/2] mail.cgi: add support for implicit TLS usage
- - -
-
-
-
2020-01-31
Peter Müller
Superseded
[1/2] network-functions.pl: fix network membership test
[1/2] network-functions.pl: fix network membership test
- - -
-
-
-
2020-07-25
Peter Müller
Accepted
[1/2] OpenSSH: update to 8.1p1
[1/2] OpenSSH: update to 8.1p1
- 1 -
-
-
-
2019-12-04
Peter Müller
Accepted
[1/2] Pakfire: fix upstream proxy usage
[1/2] Pakfire: fix upstream proxy usage
- - -
-
-
-
2020-04-11
Peter Müller
Accepted
[1/2] Perl: update to 5.30.2
[1/2] Perl: update to 5.30.2
- - -
-
-
-
2020-05-03
Peter Müller
Superseded
[1/2] proxy.cgi: remove old CVS licence clutter
[1/2] proxy.cgi: remove old CVS licence clutter
- - -
-
-
-
2020-06-21
Peter Müller
Accepted
[1/2] qemu: Update to 7.0.0
[1/2] qemu: Update to 7.0.0
- - -
-
-
-
2022-08-01
Peter Müller
Accepted
[1/2] Revert "Revert "ppp: update to 2.4.9""
[1/2] Revert "Revert "ppp: update to 2.4.9""
- - -
-
-
-
2021-07-07
Peter Müller
Accepted
[1/2] sshd_config: Do not set defaults explicitly
[1/2] sshd_config: Do not set defaults explicitly
- 1 -
-
-
-
2020-01-20
Peter Müller
Accepted
[1/2] Tor: Update to 0.4.8.5
[1/2] Tor: Update to 0.4.8.5
- - -
-
-
-
2023-09-14
Peter Müller
Staged
[1/2] update ca-certificates CA bundle
[1/2] update ca-certificates CA bundle
1 - -
-
-
-
2019-10-29
Peter Müller
Accepted
[1/2] update metrics links in Tor WebUI
[1/2] update metrics links in Tor WebUI
- - -
-
-
-
2019-02-24
Peter Müller
Accepted
[1/2] vulnerabilities.cgi: Add English and German translations for new flaws
[1/2] vulnerabilities.cgi: Add English and German translations for new flaws
- - -
-
-
-
2023-08-15
Peter Müller
Accepted
[13/20] Core Update 157: Apply changed permissions to /var/ipfire/updatexlrator/bin/
Prevent "nobody" from escalating privileges by using writeable binaries as a vehicle
- - -
-
-
-
2021-05-17
Peter Müller
Accepted
[13/21] linux: Disable all sorts of useless Device Mapper targets
linux: Update to 5.15.85 and backport many IPFire 3.x changes
1 - -
-
-
-
2022-12-26
Peter Müller
Accepted
[1/3] add language strings for SSH agent forwarding settings
[1/3] add language strings for SSH agent forwarding settings
- - -
-
-
-
2019-04-09
Peter Müller
Accepted
[1/3] add option for selective PTR generation on hosts.cgi
[1/3] add option for selective PTR generation on hosts.cgi
- - -
-
-
-
2019-04-09
Peter Müller
Accepted
[1/3] downloadsource.sh: Change checksum algorithm to BLAKE2
[1/3] downloadsource.sh: Change checksum algorithm to BLAKE2
- - -
-
-
-
2022-04-08
Peter Müller
Accepted
[1/3] kernel: enable CONFIG_SECURITY_LOCKDOWN_LSM
[1/3] kernel: enable CONFIG_SECURITY_LOCKDOWN_LSM
- - -
-
-
-
2020-06-09
Peter Müller
Dropped
[1/3] linux: Enable Indirect Branch Tracking by default
[1/3] linux: Enable Indirect Branch Tracking by default
- 1 -
-
-
-
2023-07-09
Peter Müller
Staged
[1/3] linux: Properly load Landlock module
[1/3] linux: Properly load Landlock module
- - 1
-
-
-
2024-04-22
Peter Müller
Staged
[1/3] OpenSSH: Update to 9.0p1
[1/3] OpenSSH: Update to 9.0p1
- - -
-
-
-
2022-04-18
Peter Müller
Accepted
[1/3] OpenVPN: Replace existing Diffie-Hellman parameter with ffdhe4096
[1/3] OpenVPN: Replace existing Diffie-Hellman parameter with ffdhe4096
- - -
-
-
-
2022-11-11
Peter Müller
Accepted
[1/3] squid-asnbl: New package
Add ASN-based anomaly detections to IPFire's web proxy: Proactive Fast Flux detection and detection…
- - -
-
-
-
2021-06-18
Peter Müller
Superseded
[1/3] Suricata: detect TLS traffic on IMAPS/POP3S/SSMTP portsas, well
[1/3] Suricata: detect TLS traffic on IMAPS/POP3S/SSMTP portsas, well
- - -
-
-
-
2019-02-08
Peter Müller
Accepted
[14/20] OpenVPN: ovpn-leases.db for sure does not have to be executable
Prevent "nobody" from escalating privileges by using writeable binaries as a vehicle
- - -
-
-
-
2021-05-17
Peter Müller
Accepted
[14/21] linux: Enable various modern ciphers/hashes/etc. and acceleration
linux: Update to 5.15.85 and backport many IPFire 3.x changes
1 - -
-
-
-
2022-12-26
Peter Müller
Accepted
[1/4] drop Amavis add-on
[1/4] drop Amavis add-on
- - -
-
-
-
2020-10-23
Peter Müller
Accepted
«
1
2
3
4
…
6
7
»