Show patches with: Submitter = Peter Müller       |    Archived = No       |   690 patches
« 1 2 3 46 7 »
Patch Series A/R/T S/W/F Date Submitter Delegate State
[00/11] Drop unmaintained or orphaned add-ons and packages, first batch - - - --- 2021-05-17 Peter Müller None
[00/20] Prevent "nobody" from escalating privileges by using writeable binaries as a vehicle - - - --- 2021-05-17 Peter Müller None
[01/10] Drop orphaned dependency add-on libmicrohttpd [01/10] Drop orphaned dependency add-on libmicrohttpd - - - --- 2021-05-17 Peter Müller Superseded
[01/11] Drop motion add-on Drop unmaintained or orphaned add-ons and packages, first batch - - - --- 2021-05-17 Peter Müller Superseded
[01/11] firewall: Log packets dropped due to conntrack INVALID state firewall: Introduce DROP_HOSTILE and improve spoofing logging/protection - - - --- 2021-12-18 Peter Müller Accepted
[01/11] Kernel: Set CONFIG_ARCH_MMAP_RND_BITS to 32 bits Kernel: Improve hardening - 1 - --- 2022-03-19 Peter Müller Accepted
[01/20] GnuPG does not need to have a SUID bit set Prevent "nobody" from escalating privileges by using writeable binaries as a vehicle - - - --- 2021-05-17 Peter Müller Accepted
[01/21] linux: Update to 5.15.85 linux: Update to 5.15.85 and backport many IPFire 3.x changes - - - --- 2022-12-26 Peter Müller Accepted
[0/1] hostapd: clean up shell script - - - --- 2020-05-02 Peter Müller None
[02/10] Drop Asterisk add-on [01/10] Drop orphaned dependency add-on libmicrohttpd - - - --- 2021-05-17 Peter Müller Superseded
[02/11] firewall: Accept inbound Tor traffic before applying the location filter firewall: Introduce DROP_HOSTILE and improve spoofing logging/protection - - - --- 2021-12-18 Peter Müller Accepted
[02/11] Kernel: Disable support for tracing block I/O actions Kernel: Improve hardening - 1 - --- 2022-03-19 Peter Müller Accepted
[02/20] Core Update 157: remove SUID bit from /usr/bin/gpg Prevent "nobody" from escalating privileges by using writeable binaries as a vehicle - - - --- 2021-05-17 Peter Müller Accepted
[02/21] linux: Disable the entire PCMCIA/CardBus subsystem linux: Update to 5.15.85 and backport many IPFire 3.x changes 1 - - --- 2022-12-26 Peter Müller Accepted
[03/11] firewall: Log and drop spoofed loopback packets firewall: Introduce DROP_HOSTILE and improve spoofing logging/protection - - - --- 2021-12-18 Peter Müller Accepted
[03/11] Kernel: Pin loading kernel files to one filesystem Kernel: Improve hardening - - - --- 2022-03-19 Peter Müller Rejected
[03/20] /usr/bin/ping does not need a SUID bit if appropriate capabilities are set Prevent "nobody" from escalating privileges by using writeable binaries as a vehicle - - - --- 2021-05-17 Peter Müller Accepted
[03/21] linux: Enable parallel crypto by default linux: Update to 5.15.85 and backport many IPFire 3.x changes - - - --- 2022-12-26 Peter Müller Accepted
[04/11] firewall: Prevent spoofing our own RED IP address firewall: Introduce DROP_HOSTILE and improve spoofing logging/protection - - - --- 2021-12-18 Peter Müller Accepted
[04/11] Kernel: Enable undefined behaviour sanity checker Kernel: Improve hardening - - - --- 2022-03-19 Peter Müller Rejected
[04/20] Core Update 157: Delete ssh-keysign binary Prevent "nobody" from escalating privileges by using writeable binaries as a vehicle - - - --- 2021-05-17 Peter Müller Accepted
[04/21] linux: Disable syscalls that allows processes to r/w other processes' memory linux: Update to 5.15.85 and backport many IPFire 3.x changes 1 - - --- 2022-12-26 Peter Müller Accepted
[05/11] firewall: Introduce DROP_HOSTILE firewall: Introduce DROP_HOSTILE and improve spoofing logging/protection - - - --- 2021-12-18 Peter Müller Accepted
[05/11] Kernel: Gate SETID transitions to limit CAP_SET(G|U)ID capabilities Kernel: Improve hardening - - - --- 2022-03-19 Peter Müller Rejected
[05/20] DMA: do not ship a binary for creating mail boxes Prevent "nobody" from escalating privileges by using writeable binaries as a vehicle - - - --- 2021-05-17 Peter Müller Accepted
[05/21] linux: Disable the latent entropy plugin linux: Update to 5.15.85 and backport many IPFire 3.x changes 1 - - --- 2022-12-26 Peter Müller Accepted
[06/11] Kernel: Enable LSM support and set security level to "integrity" Kernel: Improve hardening - 1 - --- 2022-03-19 Peter Müller Accepted
[06/11] optionsfw.cgi: Make logging of spoofed/martians packets and the DROP_HOSTILE filter configu… firewall: Introduce DROP_HOSTILE and improve spoofing logging/protection - - - --- 2021-12-18 Peter Müller Accepted
[06/20] Core Update 157: Delete orphaned DMA mail box creation binary as well Prevent "nobody" from escalating privileges by using writeable binaries as a vehicle - - - --- 2021-05-17 Peter Müller Accepted
[06/21] linux: Build all library routines as modules and disable self-tests linux: Update to 5.15.85 and backport many IPFire 3.x changes 1 - - --- 2022-12-26 Peter Müller Accepted
[0/6] Patchset for fixing errors surfaced in Core Update 157 (testing) - - - --- 2021-05-21 Peter Müller None
[07/11] Kernel: Trigger BUG if data corruption is detected Kernel: Improve hardening - - - --- 2022-03-19 Peter Müller Rejected
[07/11] Update German and English translation files firewall: Introduce DROP_HOSTILE and improve spoofing logging/protection - - - --- 2021-12-18 Peter Müller Accepted
[07/20] Core Update 157: /var/ipfire/fwhosts/icmp-types does not have to be executable Prevent "nobody" from escalating privileges by using writeable binaries as a vehicle - - - --- 2021-05-17 Peter Müller Accepted
[07/21] linux: Build all HWRNGs as modules linux: Update to 5.15.85 and backport many IPFire 3.x changes 1 - - --- 2022-12-26 Peter Müller Accepted
[08/11] collectd.conf: Keep track of DROP_{HOSTILE,SPOOFED_MARTIAN} firewall: Introduce DROP_HOSTILE and improve spoofing logging/protection - - - --- 2021-12-18 Peter Müller Accepted
[08/11] Kernel: Do not automatically load TTY line disciplines, only if necessary Kernel: Improve hardening - - - --- 2022-03-19 Peter Müller Accepted
[08/20] Core Update 157: Ship changed iputils due to /usr/bin/ping changes Prevent "nobody" from escalating privileges by using writeable binaries as a vehicle - - - --- 2021-05-17 Peter Müller Accepted
[08/21] linux: Compile binfmt_misc as a module linux: Update to 5.15.85 and backport many IPFire 3.x changes 1 - - --- 2022-12-26 Peter Müller Accepted
[09/11] graphs.pl: Display spoofed and hostile traffic in firewall hits diagram as well firewall: Introduce DROP_HOSTILE and improve spoofing logging/protection - - - --- 2021-12-18 Peter Müller Accepted
[09/11] Kernel: Enable SVA support for both Intel and AMD CPUs Kernel: Improve hardening 1 - - --- 2022-03-19 Peter Müller Accepted
[09/20] backup: prevent /var/ipfire/backup/bin/backup.pl from being owned by nobody Prevent "nobody" from escalating privileges by using writeable binaries as a vehicle - - - --- 2021-05-17 Peter Müller Accepted
[09/21] linux: Wipe all memory when rebooting on EFI linux: Update to 5.15.85 and backport many IPFire 3.x changes 1 - - --- 2022-12-26 Peter Müller Accepted
[10/11] configroot: Enable logging of spoofed packets/martians by default firewall: Introduce DROP_HOSTILE and improve spoofing logging/protection - - - --- 2021-12-18 Peter Müller Accepted
[10/11] Kernel: Disable function and stack tracers Kernel: Improve hardening - - - --- 2022-03-19 Peter Müller Rejected
[10/20] SquidGuard: Prevent binaries within /var/ipfire/urlfilter/bin/ from being owned by nobody Prevent "nobody" from escalating privileges by using writeable binaries as a vehicle - - - --- 2021-05-17 Peter Müller Accepted
[10/21] linux: Disable the Distributed Lock Manager linux: Update to 5.15.85 and backport many IPFire 3.x changes 1 - - --- 2022-12-26 Peter Müller Accepted
[11/11] configroot: Drop traffic from and to hostile networks by default firewall: Introduce DROP_HOSTILE and improve spoofing logging/protection - - - --- 2021-12-18 Peter Müller Accepted
[11/11] Kernel: Update rootfile for x86_64 Kernel: Improve hardening - - - --- 2022-03-19 Peter Müller Dropped
[11/20] Core Update 157: Apply changed permissions to /var/ipfire/urlfilter/bin/ Prevent "nobody" from escalating privileges by using writeable binaries as a vehicle - - - --- 2021-05-17 Peter Müller Accepted
[11/21] linux: Disable some character devices that do not make sense linux: Update to 5.15.85 and backport many IPFire 3.x changes 1 - - --- 2022-12-26 Peter Müller Accepted
[12/20] Squid: Prevent binaries within /var/ipfire/updatexlrator/bin/ from being owned by nobody Prevent "nobody" from escalating privileges by using writeable binaries as a vehicle - - - --- 2021-05-17 Peter Müller Accepted
[12/21] linux: Make graphics configruation sane linux: Update to 5.15.85 and backport many IPFire 3.x changes 1 - - --- 2022-12-26 Peter Müller Accepted
[1/2] add IPtables chain for outgoing Tor traffic [1/2] add IPtables chain for outgoing Tor traffic - - - --- 2019-03-12 Peter Müller Accepted
[1/2] Apache: prevent Referrer leaks via WebUI [1/2] Apache: prevent Referrer leaks via WebUI 1 - - --- 2019-11-04 Peter Müller Accepted
[1/2] automake: update to 1.16.2 [1/2] automake: update to 1.16.2 - - - --- 2020-04-11 Peter Müller Accepted
[1/2] automake: Update to 1.16.5 [1/2] automake: Update to 1.16.5 - - - --- 2022-11-28 Peter Müller Accepted
[1/2] backup.pl: Include logwatch summary into backups as well [1/2] backup.pl: Include logwatch summary into backups as well - 1 - --- 2022-07-09 Peter Müller Accepted
[1/2] ca-certificates: Sync with Mozilla's current trust store [1/2] ca-certificates: Sync with Mozilla's current trust store - - - --- 2022-12-01 Peter Müller Accepted
[1/2] ca-certificates: Update root CA certificates bundle [1/2] ca-certificates: Update root CA certificates bundle - 1 - --- 2023-12-04 Peter Müller Staged
[1/2] ca-certificates: Update root CA certificates bundle [1/2] ca-certificates: Update root CA certificates bundle - - - --- 2023-03-05 Peter Müller Accepted
[1/2] Core Update 139: apply SSH configuration and restart SSH daemon [1/2] Core Update 139: apply SSH configuration and restart SSH daemon - - - --- 2019-12-13 Peter Müller Accepted
[1/2] Drop unmaintained add-on lcd4linux [1/2] Drop unmaintained add-on lcd4linux - 1 - --- 2021-06-02 Peter Müller Accepted
[1/2] fmt: Update to 9.0.0 [1/2] fmt: Update to 9.0.0 - - - --- 2022-08-02 Peter Müller Accepted
[1/2] iproute2: Do not ship /sbin/tipc [1/2] iproute2: Do not ship /sbin/tipc - 1 - --- 2022-03-19 Peter Müller Dropped
[1/2] Kernel: drop bluetooth support [1/2] Kernel: drop bluetooth support - - - --- 2020-03-31 Peter Müller Superseded
[1/2] kernel: enable CONFIG_SECURITY_LOADPIN [1/2] kernel: enable CONFIG_SECURITY_LOADPIN - - - --- 2020-06-09 Peter Müller Dropped
[1/2] libevent2: update to 2.1.11-stable [1/2] libevent2: update to 2.1.11-stable - - - --- 2020-04-18 Peter Müller Accepted
[1/2] libhtp: update to 0.5.33 [1/2] libhtp: update to 0.5.33 1 - - --- 2020-04-28 Peter Müller Accepted
[1/2] linux: Disable io_uring [1/2] linux: Disable io_uring - - - --- 2023-10-13 Peter Müller Staged
[1/2] linux-firmware: Update to 20211216 [1/2] linux-firmware: Update to 20211216 - - - --- 2022-01-04 Peter Müller Accepted
[1/2] linux: Update to 6.1.24 [1/2] linux: Update to 6.1.24 - 1 - --- 2023-04-18 Peter Müller Accepted
[1/2] mail.cgi: add support for implicit TLS usage [1/2] mail.cgi: add support for implicit TLS usage - - - --- 2020-01-31 Peter Müller Superseded
[1/2] network-functions.pl: fix network membership test [1/2] network-functions.pl: fix network membership test - - - --- 2020-07-25 Peter Müller Accepted
[1/2] OpenSSH: update to 8.1p1 [1/2] OpenSSH: update to 8.1p1 - 1 - --- 2019-12-04 Peter Müller Accepted
[1/2] Pakfire: fix upstream proxy usage [1/2] Pakfire: fix upstream proxy usage - - - --- 2020-04-11 Peter Müller Accepted
[1/2] Perl: update to 5.30.2 [1/2] Perl: update to 5.30.2 - - - --- 2020-05-03 Peter Müller Superseded
[1/2] proxy.cgi: remove old CVS licence clutter [1/2] proxy.cgi: remove old CVS licence clutter - - - --- 2020-06-21 Peter Müller Accepted
[1/2] qemu: Update to 7.0.0 [1/2] qemu: Update to 7.0.0 - - - --- 2022-08-01 Peter Müller Accepted
[1/2] Revert "Revert "ppp: update to 2.4.9"" [1/2] Revert "Revert "ppp: update to 2.4.9"" - - - --- 2021-07-07 Peter Müller Accepted
[1/2] sshd_config: Do not set defaults explicitly [1/2] sshd_config: Do not set defaults explicitly - 1 - --- 2020-01-20 Peter Müller Accepted
[1/2] Tor: Update to 0.4.8.5 [1/2] Tor: Update to 0.4.8.5 - - - --- 2023-09-14 Peter Müller Staged
[1/2] update ca-certificates CA bundle [1/2] update ca-certificates CA bundle 1 - - --- 2019-10-29 Peter Müller Accepted
[1/2] update metrics links in Tor WebUI [1/2] update metrics links in Tor WebUI - - - --- 2019-02-24 Peter Müller Accepted
[1/2] vulnerabilities.cgi: Add English and German translations for new flaws [1/2] vulnerabilities.cgi: Add English and German translations for new flaws - - - --- 2023-08-15 Peter Müller Accepted
[13/20] Core Update 157: Apply changed permissions to /var/ipfire/updatexlrator/bin/ Prevent "nobody" from escalating privileges by using writeable binaries as a vehicle - - - --- 2021-05-17 Peter Müller Accepted
[13/21] linux: Disable all sorts of useless Device Mapper targets linux: Update to 5.15.85 and backport many IPFire 3.x changes 1 - - --- 2022-12-26 Peter Müller Accepted
[1/3] add language strings for SSH agent forwarding settings [1/3] add language strings for SSH agent forwarding settings - - - --- 2019-04-09 Peter Müller Accepted
[1/3] add option for selective PTR generation on hosts.cgi [1/3] add option for selective PTR generation on hosts.cgi - - - --- 2019-04-09 Peter Müller Accepted
[1/3] downloadsource.sh: Change checksum algorithm to BLAKE2 [1/3] downloadsource.sh: Change checksum algorithm to BLAKE2 - - - --- 2022-04-08 Peter Müller Accepted
[1/3] kernel: enable CONFIG_SECURITY_LOCKDOWN_LSM [1/3] kernel: enable CONFIG_SECURITY_LOCKDOWN_LSM - - - --- 2020-06-09 Peter Müller Dropped
[1/3] linux: Enable Indirect Branch Tracking by default [1/3] linux: Enable Indirect Branch Tracking by default - 1 - --- 2023-07-09 Peter Müller Staged
[1/3] OpenSSH: Update to 9.0p1 [1/3] OpenSSH: Update to 9.0p1 - - - --- 2022-04-18 Peter Müller Accepted
[1/3] OpenVPN: Replace existing Diffie-Hellman parameter with ffdhe4096 [1/3] OpenVPN: Replace existing Diffie-Hellman parameter with ffdhe4096 - - - --- 2022-11-11 Peter Müller Accepted
[1/3] squid-asnbl: New package Add ASN-based anomaly detections to IPFire's web proxy: Proactive Fast Flux detection and detection… - - - --- 2021-06-18 Peter Müller Superseded
[1/3] Suricata: detect TLS traffic on IMAPS/POP3S/SSMTP portsas, well [1/3] Suricata: detect TLS traffic on IMAPS/POP3S/SSMTP portsas, well - - - --- 2019-02-08 Peter Müller Accepted
[14/20] OpenVPN: ovpn-leases.db for sure does not have to be executable Prevent "nobody" from escalating privileges by using writeable binaries as a vehicle - - - --- 2021-05-17 Peter Müller Accepted
[14/21] linux: Enable various modern ciphers/hashes/etc. and acceleration linux: Update to 5.15.85 and backport many IPFire 3.x changes 1 - - --- 2022-12-26 Peter Müller Accepted
[1/4] drop Amavis add-on [1/4] drop Amavis add-on - - - --- 2020-10-23 Peter Müller Accepted
[1/4] Drop libupnp [1/4] Drop libupnp - - - --- 2021-05-18 Peter Müller Accepted
« 1 2 3 46 7 »