bpfire

mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-23 17:32:57 +02:00

Author	SHA1	Message	Date
Michael Tremer	28093c8376	Rootfile update Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-06-08 11:34:37 +01:00
Michael Tremer	09b9910696	Rootfile update Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-06-07 11:14:11 +01:00
Michael Tremer	c0fc25861f	core133: Ship updated knot package Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-06-07 11:13:01 +01:00
Stefan Schantl	3c91ee8092	convert-ids-modifysids-file: Adjust code to use changed write_modify_sids_file function Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-06-05 12:43:09 +01:00
Michael Tremer	e1f8f870ea	core133: Ship snort configuration converter Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-06-05 12:42:53 +01:00
Stefan Schantl	f1add9a8dd	convert-snort: Adjust code to use changed modify_sids_file function. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-06-05 12:42:00 +01:00
Stefan Schantl	81bae51f61	ids-functions.pl: Rework function write_modify_sids_file(). Directly implement the logic to determine the used ruleset and if IDS or IPS mode should be used into the function instead of pass those details as arguments. This helps to prevent from doing this stuff at several places again and again. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-06-05 12:41:49 +01:00
Michael Tremer	a40bcbb02c	core133: Ship IPS changes Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-06-05 12:41:37 +01:00
Tim FitzGeorge	a5ba473c15	suricata: correct rule actions in IPS mode In IPS mode rule actions need to be have the action 'drop' for the protection to work, however this is not appropriate for all rules. Modify the generator for oinkmaster-modify-sids.conf to leave rules with the action 'alert' here this is appropriate. Also add a script to be run on update to correct existing downloaded rules. Fixes #12086 Signed-off-by: Tim FitzGeorge <ipfr@tfitzgeorge.me.uk> Tested-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-06-05 12:39:57 +01:00
Michael Tremer	9734a58faf	core133: Ship IDS ruleset updater Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-06-05 12:34:44 +01:00
Michael Tremer	dc9ac30c8d	core133: Ship updated vpnmain.cgi file and regenerate configuration Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-06-05 05:08:31 +01:00
Matthias Fischer	01320a141d	monit: Some fixes for 'monitrc' Just cosmetics: Removed all trailing spaces - there were a few... Activated 'monit' start delay: I activated this option to avoid running into a race condition while started through '/etc/init.d/monit start'. As mentioned in 'monit' manual: "...if a service is slow to start, Monit can assume that the service is not running and possibly try to start it [again] and raise an alert, while, in fact the service is already about to start or already in its startup sequence." This happened here during testing with (e.g.) Clamav. Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-06-05 05:04:17 +01:00
Michael Tremer	c899be2fd0	core133: Ship updated dhcp.cgi Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-06-05 00:33:36 +01:00
Michael Tremer	0bb25a4f61	SMT: Disable when system is vulnerable to L1TF (Foreshadow) Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-06-04 23:55:17 +01:00
Michael Tremer	cfbb61a74d	Rootfile update for ARM kernels Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-06-04 23:44:49 +01:00
Michael Tremer	236831c0f9	Rootfile update for gcc on i586 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-06-04 23:41:59 +01:00
Michael Tremer	d62925de4f	core133: Ship updated PAM Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-06-04 23:32:35 +01:00
Michael Tremer	ba329dce8f	core133: Ship updated rrdtool Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-06-04 23:31:51 +01:00
Matthias Fischer	83d4264eba	rrdtool: Update to 1.7.2 For details see: https://oss.oetiker.ch/rrdtool/pub/CHANGES Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-06-04 23:31:11 +01:00
Michael Tremer	c7def60649	Rootfile update Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-06-03 09:20:05 +01:00
Michael Tremer	f748c79450	core133: Ship updated ovpnmain.cgi Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-06-02 22:49:42 +01:00
Michael Tremer	b0ec4158f3	miau: Drop package This is not maintained since 2010 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-05-29 15:24:29 +01:00
Michael Tremer	f62f432a27	openssl: Update to 1.1.1c Fixes CVE-2019-1543 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-05-29 13:51:48 +01:00
Michael Tremer	7b6d2972e3	strongswan: Update to 5.8.0 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-05-28 13:05:50 +01:00
Erik Kapfer	3c8aa8d75b	tshark: Update to 3.0.2 Incl. one vulnerability and several bug fixes. For full overview --> https://www.wireshark.org/docs/relnotes/wireshark-3.0.2.html . - Disabled geoip support since libmaxminddb is not presant. - Added dictionary in ROOTFILE to prevent "radius: Could not open file: '/usr/share/wireshark/radius/dictionary' " . - Added CMAKE build type - Removed profile examples and htmls completly from ROOTFILE. Signed-off-by: Erik Kapfer <ummeegge@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-05-28 12:29:36 +01:00
Michael Tremer	992fdd3d07	core133: Ship toolchain changes Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-05-28 11:44:32 +01:00
Michael Tremer	71ff23c765	Rootfile update Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-05-28 11:41:46 +01:00
Michael Tremer	fe9dbfa124	core133: Ship updated IPS ruleset sources Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-05-27 15:48:44 +01:00
Stefan Schantl	79af9f6938	ruleset-sources: Update snort dl urls. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-05-27 15:48:15 +01:00
Michael Tremer	f6104aa1e0	core133: Drop metadata for jansson package Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-05-27 15:42:50 +01:00
Michael Tremer	86efc510f9	core133: Ship hyperscan Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-05-27 15:40:31 +01:00
Michael Tremer	81544f8884	hyperscan: Move rootfiles to arch directories This package is only compiled on x86_64 and i586 and cannot be packaged in any of the other architectures. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-05-27 15:38:42 +01:00
Stefan Schantl	52ebc66bba	hyperscan: New package This package adds hyperscan support to suricata Fixes #12053. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-05-27 14:40:14 +01:00
Stefan Schantl	2348cfffcf	ragel: New package This is a build dependency of hyperscan Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-05-27 14:40:03 +01:00
Stefan Schantl	1a5f064916	colm: New package This is a build dependency of ragel, which is a build dependency of hyperscan. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-05-27 14:39:32 +01:00
Stefan Schantl	616395f37c	jansson: Move to core system and update to 2.12 Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-05-27 14:39:00 +01:00
Michael Tremer	f6e18df542	Rootfile update Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-05-27 14:37:23 +01:00
Arne Fitzenreiter	8a104d7f02	core133: readd late core132 changes to core133 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-05-26 17:27:16 +02:00
Arne Fitzenreiter	83809af1fb	Merge branch 'master' into next	2019-05-26 17:23:54 +02:00
Arne Fitzenreiter	637885839b	core132: security conf should not executable Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-05-26 16:17:04 +02:00
Stefan Schantl	fefb5173cf	ids-functions.pl: Do not delete the whitelist file on rulesdir cleanup. Fixes #12087. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-05-26 16:09:21 +02:00
Arne Fitzenreiter	d0db7550ed	core132: set correct permissions of security settings file. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-05-26 16:05:41 +02:00
Michael Tremer	333125abf8	Merge branch 'toolchain' into next	2019-05-24 06:55:03 +01:00
Michael Tremer	9f0295a512	Merge remote-tracking branch 'ms/faster-build' into next	2019-05-24 06:54:16 +01:00
Michael Tremer	8feb0db430	core133: Ship updated squid Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-05-24 06:39:37 +01:00
Michael Tremer	53ef2a0ffe	core133: Ship updated bind Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-05-24 06:37:21 +01:00
Matthias Fischer	f225f3ee29	bind: Update to 9.11.7 For details see: http://ftp.isc.org/isc/bind9/9.11.7/RELEASE-NOTES-bind-9.11.7.html "Security Fixes The TCP client quota set using the tcp-clients option could be exceeded in some cases. This could lead to exhaustion of file descriptors. This flaw is disclosed in CVE-2018-5743. [GL #615]" Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-05-24 06:36:55 +01:00
Michael Tremer	79967ee9c4	Start Core Update 133 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-05-24 06:35:46 +01:00
Arne Fitzenreiter	716f00b116	kernel: update to 4.14.121 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-05-21 20:42:51 +02:00
Arne Fitzenreiter	b0d31edbd6	vnstat: fix errormessage at first boot Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-05-21 20:36:16 +02:00

1 2 3 4 5 ...

6716 Commits