webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-05-11 01:38:25 +02:00
Code Issues Packages Projects Releases Wiki Activity
14,997 Commits 2 Branches 1 Tag
3caa418097b4c1bacea267f79e3d6bd6b48a2a2f
Commit Graph

7572 Commits

Author SHA1 Message Date
Arne Fitzenreiter
0ef5f4a091 core140: add ids.cgi and suricata initskript to updater 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-29 19:13:28 +00:00
Arne Fitzenreiter
a1cf33ca8f core140: add suricata and libhtp to updater 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-29 19:10:55 +00:00
Matthias Fischer
907874c4be libhtp: Update to 0.5.32 
For details see:
https://github.com/OISF/libhtp/releases

Bundled with 'suricata 4.1.6'

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-29 19:09:27 +00:00
Arne Fitzenreiter
8867f9c5e8 core140: add knot to updater 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-29 18:03:34 +00:00
Matthias Fischer
68e83070e2 knot: Update to 2.9.2 
For details see:
https://www.knot-dns.cz/2019-12-12-version-292.html

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-29 18:01:05 +00:00
Arne Fitzenreiter
063a3a8bca core140: add unbound to updater 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-29 17:59:50 +00:00
Matthias Fischer
726037c6ee unbound: Update to 1.9.6 
For details see:
https://nlnetlabs.nl/pipermail/unbound-users/2019-December/011941.html

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-29 17:58:21 +00:00
Erik Kapfer
fb7226d0a6 tshark: Update to version 3.0.7 
Several bugfixes are included in this version, some protocol support has been added.
For a complete overview of the changelog, take a look in here -->
https://www.wireshark.org/docs/relnotes/wireshark-3.0.6.html
https://www.wireshark.org/docs/relnotes/wireshark-3.0.7.html .

Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-29 13:46:32 +00:00
Arne Fitzenreiter
424442d27d core140: add unbound/saveserch changes to updater 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-29 13:44:20 +00:00
Michael Tremer
d7190078ce unbound: Configure Safe Search dynamically 
The safe search code relied on working DNS resolution, but
was executed before unbound was even started and no network
was brought up.

That resulted in no records being created and nothing being
filtered.

This will now set/reset safe search when the system connects
to the Internet.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-29 08:51:21 +00:00
Stéphane Pautrel
1ec1e499d0 Update of French translations 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-29 08:50:52 +00:00
Stefan Schantl
5bc042df2f rust: Update to 1.39 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-29 08:50:31 +00:00
Stefan Schantl
1cb8ffe84d Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next 2019-12-16 09:04:29 +01:00
Peter Müller
fd2dccaabb Core Update 139: fix syntax of generated Suricata DNS server file 
The YAML syntax of /var/ipfire/suricata/suricata-dns-servers.yaml was
invalid and caused Suricata to crash after upgrading to Core Update 139.

Due to strange NFQUEUE behaviour, this caused IPsec traffic to be
emitted to the internet directly. While this patch represents a quick
solution for Core Update 139, another one is needed for changing the
IPtables chain order to avoid similar information leaks in future.

Thanks to Michael for his debugging effort.

Fixes #12260
Partially fixes #12257

Cc: Michael Tremer <michael.tremer@ipfire.org>
Cc: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-14 07:26:05 +00:00
Peter Müller
a59cf47b9e Core Update 139 needs a reboot 
Fixes #12258

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-14 07:25:48 +00:00
Peter Müller
19ad0ddb2f Core Update 139: apply SSH configuration and restart SSH daemon 
Fixes #12259

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-14 07:25:35 +00:00
Stefan Schantl
ec1c52633e geoip-functions.pl: Add get_continent_code() 
This function allows to recieve the continent code of a given
country (code).

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-12-12 12:07:34 +01:00
Stefan Schantl
a3afe9058f geoip-functions.pl: Adjust location_dir 
The data directory upstream has been moved to "/var/lib/location".

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-12-12 09:39:34 +01:00
Stefan Schantl
c3b612bb6c libloc: Update to 0.9.0 (Git rev: cd022c) 
* Includes fix for database verification
* The public gpg signing key
* Datadir has been moved to /var/lib/location

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-12-12 09:14:30 +01:00
Arne Fitzenreiter
6a3acff934 core140: start 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-09 19:50:03 +01:00
Arne Fitzenreiter
a15dbe4497 Merge branch 'next' 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-09 18:37:16 +00:00
Stefan Schantl
693b8513df firewall/rules.pl: Only try to export locations if needed. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-12-09 18:36:54 +01:00
Stefan Schantl
c947959100 xtables-addons: Update to 3.7 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-12-09 18:36:26 +01:00
Stefan Schantl
c48a64d6f8 initscripts: Rootfile update. 2019-12-09 15:03:26 +01:00
Stefan Schantl
d1ca2d1fd5 GeoIP: Drop package 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-12-09 14:50:51 +01:00
Arne Fitzenreiter
dd12d8c54c leds: use new APUx ACPI Bios leds if exist. 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-09 14:50:44 +01:00
Stefan Schantl
9433a59690 geoip-generator: Drop package 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-12-09 14:47:18 +01:00
Stefan Schantl
e4df56f999 Rootfile update. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-12-09 14:37:14 +01:00
Stefan Schantl
eaba273a5f crontab: Adjust crontab to hourly launch the update-location-database 
script.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-12-09 14:26:26 +01:00
Stefan Schantl
f8e7c1c9d0 crontab: Adjust crontab to hourly launch the update-location-database 
script.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-12-09 14:19:53 +01:00
Stefan Schantl
ad47d2ae80 firewall/rules.pl: Add code to collect and export all required country 
codes.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-12-09 11:08:23 +01:00
Stefan Schantl
e758c76384 geoip-functions.pl: Add functions to export locations and to flush them. 
The export_locations() function requires an array of country codes which
should be exported by the location-exporter script.

The flush_exported_locations() function is used to flush (delete) all
exported location files.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-12-09 11:05:31 +01:00
Stefan Schantl
f5ad4246de firewall/rules.pl: Make geoipsettings hash and locations array 
script-wide available.

This allows to re-use them.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-12-09 11:04:30 +01:00
Stefan Schantl
9b2594d8e6 geoip-functions.pl: Export variables. 
This easily allows to use them in other perl script.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-12-08 18:10:12 +01:00
Stefan Schantl
6fd1d4fa23 libloc: Fix rootfile 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-12-06 15:31:56 +01:00
Stefan Schantl
8a64d10f24 geoip-functions.pl: Use libloc instead of maxmind for address lookups. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-12-06 14:20:31 +01:00
Stefan Schantl
e34dbea747 geoip-locations.pl: Rework method to grab and handling GeoIP locations. 
Now directly get the locations which are part of ISO 3166 from the perl
Locale::Country module. In case it is not listed there grab the country
code and location name from a hash.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-12-06 13:58:20 +01:00
Stefan Schantl
45b32f4dcf Locale-Country: Update to 3.62 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-12-06 13:56:46 +01:00
Stefan Schantl
d938509ed9 libloc: New package 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-12-06 13:54:59 +01:00
Arne Fitzenreiter
898dc600e6 pcengines-firmware: fix rootfile 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-06 03:18:09 +01:00
Peter Müller
f7c8d15089 Core Update 139: ship updated OpenSSH 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-05 18:00:26 +00:00
Arne Fitzenreiter
6fb7936c16 intel-microcode: update to 20191115 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-05 12:48:13 +01:00
Arne Fitzenreiter
0894092e2c linux-firmware: update to 20191022 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-05 12:44:45 +01:00
Arne Fitzenreiter
7ff42686ec core139: add cpio to updater 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-02 17:11:30 +00:00
Matthias Fischer
01493f7a44 cpio: Update to 2.13 
For details see:
https://www.gnu.org/software/cpio/

Fix CVE-2015-1197
Fix CVE-2016-2037
Fix CVE-2019-14866

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-02 17:10:15 +00:00
Peter Müller
c701ddcba5 update ca-certificates CA bundle 
Update the CA certificates list to what Mozilla NSS ships currently.

The original file can be retrieved from:
https://hg.mozilla.org/mozilla-central/raw-file/tip/security/nss/lib/ckfw/builtins/certdata.txt

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-02 17:07:00 +00:00
Arne Fitzenreiter
4622af5f15 core139: add hwdata to updater 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-02 17:05:15 +00:00
Arne Fitzenreiter
941520c69c Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next 2019-12-01 16:36:43 +01:00
Arne Fitzenreiter
d346d47467 up/down beep: move from ppp ip-up/down to general red.up/down 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-01 15:29:59 +01:00
Arne Fitzenreiter
455291f90e 70-dhcpdd.exe: don't run red.down scripts at "PREINIT" 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-01 14:43:49 +01:00