Project: OPNsense - FreshBSD - The latest *BSD Commits

Projects	Commits
☒ OPNsense	18,107
ZFS on Linux	0
SmartOS	0
RetroBSD	0
pkgsrc	0
pkgng	0
pkgin	0
pfSense	0
PC-BSD	0
OpenZFS on OS X	0
OpenBSD Xenocara	0
OpenBSD Ports	0
OpenBSD	0
NetBSD	0
NAS4Free	0
MirOS BSD	0
m0n0wall	0
LLVM	0
Illumos	0
HardenedBSD	0
GhostBSD	0
FreeNAS	0
FreeBSD Ports	0
FreeBSD	0
ELF Tool Chain	0
EdgeBSD	0
DragonFlyBSD	0
Bitrig Ports	0
Bitrig	0
ÆrieBSD	0

Branch	Commits
master	18,107

Committer	Commits
Franco Fichtner	11,528
Ad Schellevis	5,148
Fabian Franz	247
Jos Schellevis	179
Isaac (.ike) Levy	166
Frank Wall	140
Shawn Webb	101
delphij	84
Chie Taguchi	56
Manuel Faux	41
glebius	35
Frédéric LIETART (TheLinuxFr)	18
Per von Zweigbergk	17
Manus Freedom	14
cbasolutions	13
chrisch1974	12
More…	308

OPNsense — src/opnsense/mvc/app/library/OPNsense/Firewall FilterRule.php

Ad Schellevis @ master - 4d92687a - 2017-06-22 19:11:23

    filter, rule generation. don't wrap aliases in curly brackets, it seems to crash when 
a to port is written like {$portalias}

Delta		File
+21	-4	src/opnsense/mvc/app/library/OPNsense/Firewall/FilterRule.php
+21	-4	1 file

OPNsense — src/opnsense/scripts/ipsec list_status.py, src/www diag_ipsec.php

Ad Schellevis @ master - efd25658 - 2017-06-22 18:10:24

    ipsec, add routed when SA is installed and routed, for 
https://github.com/opnsense/core/issues/1688

Delta		File
+2	-0	src/opnsense/scripts/ipsec/list_status.py
+1	-0	src/www/diag_ipsec.php
+3	-0	2 files

OPNsense — src/opnsense/scripts/ipsec list_status.py

Ad Schellevis @ master - d5c6ce35 - 2017-06-22 17:54:12

    ipsec/diag, list non routed connections, for 
https://github.com/opnsense/core/issues/1688

Delta		File
+24	-14	src/opnsense/scripts/ipsec/list_status.py
+24	-14	1 file

OPNsense — sys/vm vm_map.c

Shawn Webb @ master - ee1912f9 - 2017-06-20 00:29:49

HBSD: Enable the stack guard by default

HardenedBSD has enabled the stack guard by default. The article Stack
Clash discusses FreeBSD having the stack guard disabled by default. ASLR
will help here, but is not a full mitigation against this kind of attack.

A follow-up commit from HardenedBSD will harden the stack guard page
even more so. Once that commit is tested and considered stable, it will
be merged over into OPNsense.

Signed-off-by:        Shawn Webb <shawn at opnsense.org>

Delta		File
+4	-0	sys/vm/vm_map.c
+4	-0	1 file

OPNsense — security/sudo Makefile pkg-plist

Franco Fichtner @ master - 4076ccc3 - 2017-06-15 17:37:38

security/sudo: sync with upstream

Taken from: HardenedBSD

Delta		File
+2	-1	security/sudo/Makefile
+1	-2	security/sudo/pkg-plist
+3	-3	2 files

OPNsense — devel/awscli distinfo Makefile, devel/py-botocore distinfo Makefile

Franco Fichtner @ master - a9bc6aad - 2017-06-15 17:32:49

*/*: sync with upstream

Taken from: HardenedBSD

Delta		File
+12	-4	games/battalion/Makefile
+7	-7	dns/bind9-devel/files/extrapatch-bind-min-override-ttl
+4	-5	graphics/libgxps/Makefile
+3	-3	devel/awscli/distinfo
+3	-3	devel/py-botocore/distinfo
+3	-3	dns/bind9-devel/distinfo
+12	-10	6 files not shown
+44	-35	12 files

OPNsense — Mk bsd.hardening.exceptions.mk, opnsense/apinger Makefile

Franco Fichtner @ master - b56bec38 - 2017-06-15 17:23:32

opnsense: add USE_HARDENING for our own ports

Delta		File
+0	-11	Mk/bsd.hardening.exceptions.mk
+2	-0	opnsense/apinger/Makefile
+2	-0	opnsense/beep/Makefile
+2	-0	opnsense/clog/Makefile
+2	-0	opnsense/cpustats/Makefile
+2	-0	opnsense/dhcpleases/Makefile
+16	-0	9 files not shown
+26	-11	15 files

OPNsense — net/tayga Makefile, net/tayga/files patch-Makefile.in

Franco Fichtner @ master - 3291b342 - 2017-06-15 17:04:51

net/tayga: better fix with sed in case this is updated

Delta		File
+0	-11	net/tayga/files/patch-Makefile.in
+3	-0	net/tayga/Makefile
+3	-11	2 files

OPNsense — Mk bsd.hardening.mk

Franco Fichtner @ master - 8e67458c - 2017-06-15 16:56:50

Hardening: fix config menu glitch in previous

Delta		File
+8	-0	Mk/bsd.hardening.mk
+8	-0	1 file

OPNsense — Mk bsd.hardening.mk

Franco Fichtner @ master - 915264d3 - 2017-06-15 14:08:00

Hardening: a hybrid approach to options

Having the non-default options in the config stage can help users,
so we model the visibility around the BATCH and PACKAGE_BUILDING
flags, which indicate that poudriere or some other automated tool
are used so the user will have to set his options through make.conf
or trust the defaults.

Discussed with: @lattera

Delta		File
+20	-0	Mk/bsd.hardening.mk
+20	-0	1 file

OPNsense — Mk bsd.hardening.mk

Franco Fichtner @ master - 8b834107 - 2017-06-15 13:10:56

Hardening: at least for OPNsense, make disabled options invisible

Delta		File
+4	-4	Mk/bsd.hardening.mk
+4	-4	1 file

OPNsense — Mk bsd.hardening.exceptions.mk, net/tayga Makefile

Franco Fichtner @ master - b27f2147 - 2017-06-15 06:25:10

net/tayga: use USE_HARDENING instead of implicit/exception glue

Delta		File
+2	-0	net/tayga/Makefile
+0	-1	Mk/bsd.hardening.exceptions.mk
+2	-1	2 files

OPNsense — Mk bsd.hardening.mk

Franco Fichtner @ master - abf1d5bd - 2017-06-15 06:13:10

Hardeining: bring this closer to latest HardenedBSD code

Advertise options as requested by @lattera, though we may have to
make "static" a hard off as compiler and linker flags are not
applicable to things that do not build at all.

Delta		File
+26	-18	Mk/bsd.hardening.mk
+26	-18	1 file

OPNsense — Mk bsd.gecko.mk bsd.port.mk, Mk/Uses gecko.mk meson.mk

Franco Fichtner @ master - edf557a9 - 2017-06-15 06:07:21

Framework: partially sync with upstream

Taken from: HardenedBSD

Delta		File
+5	-1	Mk/bsd.gecko.mk
+2	-2	Mk/Uses/gecko.mk
+2	-0	Mk/Uses/meson.mk
+1	-1	Mk/bsd.port.mk
+10	-4	4 files

OPNsense — sysutils/tmux distinfo Makefile

Franco Fichtner @ master - 493858f1 - 2017-06-15 06:02:46

sysutils/tmux: sync with upstream

Taken from: HardenedBSD

Delta		File
+3	-3	sysutils/tmux/distinfo
+1	-1	sysutils/tmux/Makefile
+4	-4	2 files

OPNsense — sysutils/nut Makefile, sysutils/nut/files nut.in nut_upslog.in

Franco Fichtner @ master - acd4b7c1 - 2017-06-15 06:02:37

sysutils/nut: sync with upstream

Taken from: HardenedBSD

Delta		File
+8	-3	sysutils/nut/files/nut.in
+5	-5	sysutils/nut/files/nut_upslog.in
+2	-2	sysutils/nut/files/nut_upsmon.in
+1	-1	sysutils/nut/Makefile
+16	-11	4 files

OPNsense — security/tor distinfo Makefile

Franco Fichtner @ master - c2bf6da6 - 2017-06-15 06:02:30

security/tor: sync with upstream

Taken from: HardenedBSD

Delta		File
+3	-3	security/tor/distinfo
+1	-1	security/tor/Makefile
+4	-4	2 files

OPNsense — dns/unbound distinfo Makefile

Franco Fichtner @ master - d60e5699 - 2017-06-15 06:00:08

dns/unbound: sync with upstream

Taken from: HardenedBSD

Delta		File
+3	-3	dns/unbound/distinfo
+1	-1	dns/unbound/Makefile
+1	-1	dns/unbound/pkg-plist
+5	-5	3 files

OPNsense — dns/bind911 distinfo Makefile, dns/bind911/files named.conf.in pkg-message.in

Franco Fichtner @ master - 0f9be5f7 - 2017-06-15 05:59:25

dns/bind911: sync with upstream

Taken from: HardenedBSD

Delta		File
+2	-10	dns/bind911/files/named.conf.in
+8	-0	dns/bind911/files/pkg-message.in
+3	-3	dns/bind911/distinfo
+1	-1	dns/bind911/Makefile
+14	-14	4 files

OPNsense — devel/pear-PHP_CodeSniffer distinfo Makefile

Franco Fichtner @ master - df58f436 - 2017-06-15 05:58:59

devel/pear-PHP_CodeSniffer: sync with upstream

Taken from: HardenedBSD

Delta		File
+3	-3	devel/pear-PHP_CodeSniffer/distinfo
+1	-1	devel/pear-PHP_CodeSniffer/Makefile
+4	-4	2 files

OPNsense — devel/py-pytest Makefile

Franco Fichtner @ master - ed3eefbd - 2017-06-15 05:58:12

devel/py-pytest: sync with upstream

Taken from: HardenedBSD

Delta		File
+1	-1	devel/py-pytest/Makefile
+1	-1	1 file

OPNsense — devel/libatomic_ops Makefile

Franco Fichtner @ master - 604fb388 - 2017-06-15 05:57:58

devel/libatomic_ops: sync with upstream

Taken from: HardenedBSD

Delta		File
+2	-3	devel/libatomic_ops/Makefile
+2	-3	1 file

OPNsense — security/vuxml vuln.xml

Franco Fichtner @ master - 1921d9ca - 2017-06-15 05:54:40

security/vuxml: sync with upstream

Taken from: HardenedBSD

Delta		File
+90	-0	security/vuxml/vuln.xml
+90	-0	1 file

OPNsense — astro/p5-Astro-satpass distinfo Makefile, audio/kexis Makefile

Franco Fichtner @ master - 31eac196 - 2017-06-15 05:47:27

*/*: sync with upstream

Taken from: HardenedBSD

Delta		File
+179	-179	www/firefox-i18n/distinfo
+179	-179	www/firefox-esr-i18n/distinfo
+345	-0	www/firefox/files/patch-rust-option
+117	-117	mail/thunderbird-i18n/distinfo
+170	-0	www/firefox/files/patch-bug1356709
+81	-61	www/gohugo/distinfo
+1,290	-1,070	220 files not shown
+2,361	-1,606	226 files

OPNsense — src/opnsense/mvc/app/views/layout_partials base_dialog.volt

Ad Schellevis @ master - fdd1e158 - 2017-06-14 16:35:34

    rework "item in" for our Volt templates, closes 
https://github.com/opnsense/core/issues/1682
    
    (cherry picked from commit 203ba240470418aaf4e36c2a06fd00ff79e2c758)

Delta		File
+1	-1	src/opnsense/mvc/app/views/layout_partials/base_dialog.volt
+1	-1	1 file

OPNsense — src/opnsense/mvc/app/views/layout_partials base_dialog.volt

Ad Schellevis @ master - 203ba240 - 2017-06-14 16:35:34

    rework "item in" for our Volt templates, closes 
https://github.com/opnsense/core/issues/1682

Delta		File
+1	-1	src/opnsense/mvc/app/views/layout_partials/base_dialog.volt
+1	-1	1 file

OPNsense — sysutils/monit Makefile, sysutils/monit/src/opnsense/mvc/app/controllers/OPNsense/Monit/forms general.xml

Frank Brendel @ master - 3437539f - 2017-06-14 12:44:03

sysutils/monit: set mailserver type to CSVListField, fix validation

Delta		File
+4	-3	sysutils/monit/src/opnsense/mvc/app/models/OPNsense/Monit/Monit.xml
+3	-1	sysutils/monit/src/opnsense/mvc/app/controllers/OPNsense/Monit/forms/general.xml
+1	-1	sysutils/monit/Makefile
+8	-5	3 files

OPNsense — Mk bsd.hardening.mk, Mk/Uses relro.mk pie.mk

Franco Fichtner @ master - f1434dcd - 2017-06-14 06:01:14

Hardening: softcode pie and relro to rebuild EXPLICIT_* feature

Also fixes application of -fPIC to libraries when needed, but hardening
being completely disabled.

Delta		File
+27	-16	Mk/bsd.hardening.mk
+2	-5	Mk/Uses/relro.mk
+1	-1	Mk/Uses/pie.mk
+30	-22	3 files

OPNsense — Mk bsd.hardening.mk bsd.hardening.exceptions.mk, Mk/Uses pie.mk safestack.mk

Franco Fichtner @ master - 32641480 - 2017-06-14 05:19:27

Hardening: proper arguments for pie and safestack "configure"

Delta		File
+7	-8	Mk/Uses/pie.mk
+4	-7	Mk/Uses/safestack.mk
+10	-0	Mk/bsd.hardening.mk
+6	-2	Mk/Uses/cfi.mk
+2	-2	Mk/Uses/relro.mk
+2	-0	security/suricata/Makefile
+2	-2	2 files not shown
+33	-21	8 files

OPNsense — opnsense/opnsense-update distinfo Makefile

Franco Fichtner @ master - d624ee26 - 2017-06-14 04:25:54

opnsense/opnsense-update: additions for opnsense-revert

Delta		File
+3	-3	opnsense/opnsense-update/distinfo
+2	-2	opnsense/opnsense-update/Makefile
+5	-5	2 files

OPNsense — Mk bsd.hardening.mk, Mk/Uses cfi.mk

Franco Fichtner @ master - 8e4aac10 - 2017-06-14 04:19:32

Hardening: update cfi code

Delta		File
+21	-0	Mk/bsd.hardening.mk
+0	-4	Mk/Uses/cfi.mk
+21	-4	2 files

OPNsense — config/17.1 make.conf

Franco Fichtner @ master - afe1724d - 2017-06-14 04:13:51

config: in HardenedBSD ports, CFIHARDEN option is new

Delta		File
+1	-1	config/17.1/make.conf
+1	-1	1 file

OPNsense — . UPDATING, Mk/Uses iconv.mk

Franco Fichtner @ master - 856eccfe - 2017-06-13 20:50:49

Framework: partially sync with upstream

Taken from: HardenedBSD

Delta		File
+10	-0	UPDATING
+3	-4	Mk/Uses/iconv.mk
+13	-4	2 files

OPNsense — databases Makefile, databases/evolution-data-server pkg-plist Makefile

Franco Fichtner @ master - 5fd63416 - 2017-06-13 20:47:12

*/*: sync with upstream

Taken from: HardenedBSD

Delta		File
+29	-409	mail/evolution/pkg-plist
+199	-118	net-im/ejabberd/pkg-plist
+0	-180	net/pacemaker/files/patch-lib-services-services_linux.c
+85	-27	net/pacemaker/pkg-plist
+44	-49	mail/evolution/Makefile
+60	-28	devel/grpc/files/patch-CMakeLists.txt
+483	-522	89 files not shown
+900	-1,333	95 files

OPNsense — Mk bsd.hardening.mk

Franco Fichtner @ master - b33e8e66 - 2017-06-13 16:25:32

Hardening: exclude linux category like HardenedBSD

Delta		File
+2	-2	Mk/bsd.hardening.mk
+2	-2	1 file

OPNsense — Mk bsd.hardening.mk

Franco Fichtner @ master - ab7231f4 - 2017-06-13 16:12:41

Hardening: use static helper and limit safestack version

Delta		File
+7	-3	Mk/bsd.hardening.mk
+7	-3	1 file

OPNsense — Mk bsd.hardening.mk

Franco Fichtner @ master - 54904911 - 2017-06-13 15:49:20

Hardening: add more USE_HARDENING helpers

Delta		File
+7	-0	Mk/bsd.hardening.mk
+7	-0	1 file

OPNsense — Mk bsd.hardening.mk

Franco Fichtner @ master - 187c4911 - 2017-06-13 15:31:25

Hardening: fix indent

Delta		File
+2	-2	Mk/bsd.hardening.mk
+2	-2	1 file

OPNsense — Mk/Uses pie.mk relro.mk

Franco Fichtner @ master - ec76874f - 2017-06-13 14:56:29

Hardening: update style

Delta		File
+4	-4	Mk/Uses/pie.mk
+1	-1	Mk/Uses/relro.mk
+1	-1	Mk/Uses/safestack.mk
+6	-6	3 files

OPNsense — security/suricata Makefile

Franco Fichtner @ master - b7fd3f15 - 2017-06-13 14:01:57

security/suricata: revert REDIS option for now

Delta		File
+1	-7	security/suricata/Makefile
+1	-7	1 file

OPNsense — src/www system_hasync.php

Franco Fichtner @ master - 85279119 - 2017-06-13 06:31:27

system: remove duplicated hint

We added the former, but it basically says the same thing.  ;)

Delta		File
+0	-1	src/www/system_hasync.php
+0	-1	1 file

OPNsense — src/opnsense/scripts/filter list_counters.py, src/opnsense/scripts/system list_interrupts.py

Franco Fichtner @ master - 422b5e2d - 2017-06-13 06:19:22

services: add background glue for interface handling speed-up

Delta		File
+81	-0	src/opnsense/scripts/filter/list_counters.py
+77	-0	src/opnsense/scripts/system/list_interrupts.py
+6	-0	src/opnsense/service/conf/actions.d/actions_filter.conf
+6	-0	src/opnsense/service/conf/actions.d/actions_system.conf
+170	-0	4 files

OPNsense — Tools/scripts mfh

Franco Fichtner @ master - 0f283583 - 2017-06-13 05:12:19

Framework: partially sync with upstream

Taken from: HardenedBSD

Delta		File
+8	-1	Tools/scripts/mfh
+8	-1	1 file

OPNsense — sysutils/nut Makefile, sysutils/nut/files nut_upsmon.in

Franco Fichtner @ master - d4ac47fb - 2017-06-13 05:10:18

sysutils/nut: sync with upstream

Taken from: HardenedBSD

Delta		File
+7	-0	sysutils/nut/files/nut_upsmon.in
+1	-1	sysutils/nut/Makefile
+8	-1	2 files

OPNsense — security/openvpn Makefile

Franco Fichtner @ master - 51ce669a - 2017-06-13 05:08:51

security/openvpn: partially sync with upstream

Taken from: HardenedBSD

Delta		File
+3	-0	security/openvpn/Makefile
+3	-0	1 file

OPNsense — net-mgmt/net-snmp Makefile

Franco Fichtner @ master - a0ec5cd1 - 2017-06-13 05:00:16

net-mgmt/net-snmp: sync with upstream

Taken from: HardenedBSD

Delta		File
+3	-1	net-mgmt/net-snmp/Makefile
+3	-1	1 file

OPNsense — lang/ruby24 Makefile

Franco Fichtner @ master - 1499dd97 - 2017-06-13 04:59:47

lang/ruby24: sync with upstream

Taken from: HardenedBSD

Delta		File
+1	-2	lang/ruby24/Makefile
+1	-2	1 file

OPNsense — lang/php70 distinfo

Franco Fichtner @ master - fe822beb - 2017-06-13 04:59:30

lang/php70: sync with upstream

Taken from: HardenedBSD

Delta		File
+1	-1	lang/php70/distinfo
+1	-1	1 file

OPNsense — devel/py-twisted Makefile

Franco Fichtner @ master - 19213b5d - 2017-06-13 04:58:41

devel/py-twisted: sync with upstream

Taken from: HardenedBSD

Delta		File
+2	-8	devel/py-twisted/Makefile
+2	-8	1 file

OPNsense — astro/xephem Makefile, audio/ardour5 Makefile

Franco Fichtner @ master - f80062b7 - 2017-06-13 04:48:29

*/*: sync with upstream

Taken from: HardenedBSD

Delta		File
+0	-43	mail/roundcube-carddav/files/patch-c651d93
+30	-8	sysutils/mcelog/files/patch-server.c
+20	-13	www/tt-rss/pkg-plist
+3	-26	mail/p5-Net-IMAP-Simple/Makefile
+15	-12	news/noffle/Makefile
+24	-0	www/rubygem-json-jwt/Makefile
+392	-278	121 files not shown
+484	-380	127 files