Displaying 1 50 of 18,107 commits (0.008s)

OPNsense — src/opnsense/mvc/app/library/OPNsense/Firewall FilterRule.php

    filter, rule generation. don't wrap aliases in curly brackets, it seems to crash when 
a to port is written like {$portalias}

OPNsense — src/opnsense/scripts/ipsec list_status.py, src/www diag_ipsec.php

    ipsec, add routed when SA is installed and routed, for 
https://github.com/opnsense/core/issues/1688

OPNsense — src/opnsense/scripts/ipsec list_status.py

    ipsec/diag, list non routed connections, for 
https://github.com/opnsense/core/issues/1688

OPNsense — sys/vm vm_map.c

HBSD: Enable the stack guard by default

HardenedBSD has enabled the stack guard by default. The article Stack
Clash discusses FreeBSD having the stack guard disabled by default. ASLR
will help here, but is not a full mitigation against this kind of attack.

A follow-up commit from HardenedBSD will harden the stack guard page
even more so. Once that commit is tested and considered stable, it will
be merged over into OPNsense.

Signed-off-by:        Shawn Webb <shawn at opnsense.org>
Delta File
+4 -0 sys/vm/vm_map.c
+4 -0 1 file

OPNsense — security/sudo Makefile pkg-plist

security/sudo: sync with upstream

Taken from: HardenedBSD

OPNsense — devel/awscli distinfo Makefile, devel/py-botocore distinfo Makefile

*/*: sync with upstream

Taken from: HardenedBSD

OPNsense — Mk bsd.hardening.exceptions.mk, opnsense/apinger Makefile

opnsense: add USE_HARDENING for our own ports

OPNsense — net/tayga Makefile, net/tayga/files patch-Makefile.in

net/tayga: better fix with sed in case this is updated

OPNsense — Mk bsd.hardening.mk

Hardening: fix config menu glitch in previous
Delta File
+8 -0 Mk/bsd.hardening.mk
+8 -0 1 file

OPNsense — Mk bsd.hardening.mk

Hardening: a hybrid approach to options

Having the non-default options in the config stage can help users,
so we model the visibility around the BATCH and PACKAGE_BUILDING
flags, which indicate that poudriere or some other automated tool
are used so the user will have to set his options through make.conf
or trust the defaults.

Discussed with: @lattera
Delta File
+20 -0 Mk/bsd.hardening.mk
+20 -0 1 file

OPNsense — Mk bsd.hardening.mk

Hardening: at least for OPNsense, make disabled options invisible
Delta File
+4 -4 Mk/bsd.hardening.mk
+4 -4 1 file

OPNsense — Mk bsd.hardening.exceptions.mk, net/tayga Makefile

net/tayga: use USE_HARDENING instead of implicit/exception glue

OPNsense — Mk bsd.hardening.mk

Hardeining: bring this closer to latest HardenedBSD code

Advertise options as requested by @lattera, though we may have to
make "static" a hard off as compiler and linker flags are not
applicable to things that do not build at all.
Delta File
+26 -18 Mk/bsd.hardening.mk
+26 -18 1 file

OPNsense — Mk bsd.gecko.mk bsd.port.mk, Mk/Uses gecko.mk meson.mk

Framework: partially sync with upstream

Taken from: HardenedBSD
Delta File
+5 -1 Mk/bsd.gecko.mk
+2 -2 Mk/Uses/gecko.mk
+2 -0 Mk/Uses/meson.mk
+1 -1 Mk/bsd.port.mk
+10 -4 4 files

OPNsense — sysutils/tmux distinfo Makefile

sysutils/tmux: sync with upstream

Taken from: HardenedBSD

OPNsense — sysutils/nut Makefile, sysutils/nut/files nut.in nut_upslog.in

sysutils/nut: sync with upstream

Taken from: HardenedBSD

OPNsense — security/tor distinfo Makefile

security/tor: sync with upstream

Taken from: HardenedBSD
Delta File
+3 -3 security/tor/distinfo
+1 -1 security/tor/Makefile
+4 -4 2 files

OPNsense — dns/unbound distinfo Makefile

dns/unbound: sync with upstream

Taken from: HardenedBSD

OPNsense — dns/bind911 distinfo Makefile, dns/bind911/files named.conf.in pkg-message.in

dns/bind911: sync with upstream

Taken from: HardenedBSD

OPNsense — devel/pear-PHP_CodeSniffer distinfo Makefile

devel/pear-PHP_CodeSniffer: sync with upstream

Taken from: HardenedBSD

OPNsense — devel/py-pytest Makefile

devel/py-pytest: sync with upstream

Taken from: HardenedBSD
Delta File
+1 -1 devel/py-pytest/Makefile
+1 -1 1 file

OPNsense — devel/libatomic_ops Makefile

devel/libatomic_ops: sync with upstream

Taken from: HardenedBSD
Delta File
+2 -3 devel/libatomic_ops/Makefile
+2 -3 1 file

OPNsense — security/vuxml vuln.xml

security/vuxml: sync with upstream

Taken from: HardenedBSD
Delta File
+90 -0 security/vuxml/vuln.xml
+90 -0 1 file

OPNsense — astro/p5-Astro-satpass distinfo Makefile, audio/kexis Makefile

*/*: sync with upstream

Taken from: HardenedBSD
Delta File
+179 -179 www/firefox-i18n/distinfo
+179 -179 www/firefox-esr-i18n/distinfo
+345 -0 www/firefox/files/patch-rust-option
+117 -117 mail/thunderbird-i18n/distinfo
+170 -0 www/firefox/files/patch-bug1356709
+81 -61 www/gohugo/distinfo
+1,290 -1,070 220 files not shown
+2,361 -1,606 226 files

OPNsense — src/opnsense/mvc/app/views/layout_partials base_dialog.volt

    rework "item in" for our Volt templates, closes 
https://github.com/opnsense/core/issues/1682
    
    (cherry picked from commit 203ba240470418aaf4e36c2a06fd00ff79e2c758)

OPNsense — src/opnsense/mvc/app/views/layout_partials base_dialog.volt

    rework "item in" for our Volt templates, closes 
https://github.com/opnsense/core/issues/1682

OPNsense — sysutils/monit Makefile, sysutils/monit/src/opnsense/mvc/app/controllers/OPNsense/Monit/forms general.xml

sysutils/monit: set mailserver type to CSVListField, fix validation

OPNsense — Mk bsd.hardening.mk, Mk/Uses relro.mk pie.mk

Hardening: softcode pie and relro to rebuild EXPLICIT_* feature

Also fixes application of -fPIC to libraries when needed, but hardening
being completely disabled.
Delta File
+27 -16 Mk/bsd.hardening.mk
+2 -5 Mk/Uses/relro.mk
+1 -1 Mk/Uses/pie.mk
+30 -22 3 files

OPNsense — Mk bsd.hardening.mk bsd.hardening.exceptions.mk, Mk/Uses pie.mk safestack.mk

Hardening: proper arguments for pie and safestack "configure"
Delta File
+7 -8 Mk/Uses/pie.mk
+4 -7 Mk/Uses/safestack.mk
+10 -0 Mk/bsd.hardening.mk
+6 -2 Mk/Uses/cfi.mk
+2 -2 Mk/Uses/relro.mk
+2 -0 security/suricata/Makefile
+2 -2 2 files not shown
+33 -21 8 files

OPNsense — opnsense/opnsense-update distinfo Makefile

opnsense/opnsense-update: additions for opnsense-revert

OPNsense — Mk bsd.hardening.mk, Mk/Uses cfi.mk

Hardening: update cfi code
Delta File
+21 -0 Mk/bsd.hardening.mk
+0 -4 Mk/Uses/cfi.mk
+21 -4 2 files

OPNsense — config/17.1 make.conf

config: in HardenedBSD ports, CFIHARDEN option is new
Delta File
+1 -1 config/17.1/make.conf
+1 -1 1 file

OPNsense — . UPDATING, Mk/Uses iconv.mk

Framework: partially sync with upstream

Taken from: HardenedBSD
Delta File
+10 -0 UPDATING
+3 -4 Mk/Uses/iconv.mk
+13 -4 2 files

OPNsense — databases Makefile, databases/evolution-data-server pkg-plist Makefile

*/*: sync with upstream

Taken from: HardenedBSD

OPNsense — Mk bsd.hardening.mk

Hardening: exclude linux category like HardenedBSD
Delta File
+2 -2 Mk/bsd.hardening.mk
+2 -2 1 file

OPNsense — Mk bsd.hardening.mk

Hardening: use static helper and limit safestack version
Delta File
+7 -3 Mk/bsd.hardening.mk
+7 -3 1 file

OPNsense — Mk bsd.hardening.mk

Hardening: add more USE_HARDENING helpers
Delta File
+7 -0 Mk/bsd.hardening.mk
+7 -0 1 file

OPNsense — Mk bsd.hardening.mk

Hardening: fix indent
Delta File
+2 -2 Mk/bsd.hardening.mk
+2 -2 1 file

OPNsense — Mk/Uses pie.mk relro.mk

Hardening: update style
Delta File
+4 -4 Mk/Uses/pie.mk
+1 -1 Mk/Uses/relro.mk
+1 -1 Mk/Uses/safestack.mk
+6 -6 3 files

OPNsense — security/suricata Makefile

security/suricata: revert REDIS option for now
Delta File
+1 -7 security/suricata/Makefile
+1 -7 1 file

OPNsense — src/www system_hasync.php

system: remove duplicated hint

We added the former, but it basically says the same thing.  ;)
Delta File
+0 -1 src/www/system_hasync.php
+0 -1 1 file

OPNsense — src/opnsense/scripts/filter list_counters.py, src/opnsense/scripts/system list_interrupts.py

services: add background glue for interface handling speed-up

OPNsense — Tools/scripts mfh

Framework: partially sync with upstream

Taken from: HardenedBSD
Delta File
+8 -1 Tools/scripts/mfh
+8 -1 1 file

OPNsense — sysutils/nut Makefile, sysutils/nut/files nut_upsmon.in

sysutils/nut: sync with upstream

Taken from: HardenedBSD

OPNsense — security/openvpn Makefile

security/openvpn: partially sync with upstream

Taken from: HardenedBSD
Delta File
+3 -0 security/openvpn/Makefile
+3 -0 1 file

OPNsense — net-mgmt/net-snmp Makefile

net-mgmt/net-snmp: sync with upstream

Taken from: HardenedBSD
Delta File
+3 -1 net-mgmt/net-snmp/Makefile
+3 -1 1 file

OPNsense — lang/ruby24 Makefile

lang/ruby24: sync with upstream

Taken from: HardenedBSD
Delta File
+1 -2 lang/ruby24/Makefile
+1 -2 1 file

OPNsense — lang/php70 distinfo

lang/php70: sync with upstream

Taken from: HardenedBSD
Delta File
+1 -1 lang/php70/distinfo
+1 -1 1 file

OPNsense — devel/py-twisted Makefile

devel/py-twisted: sync with upstream

Taken from: HardenedBSD
Delta File
+2 -8 devel/py-twisted/Makefile
+2 -8 1 file

OPNsense — astro/xephem Makefile, audio/ardour5 Makefile

*/*: sync with upstream

Taken from: HardenedBSD