webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-12 20:16:49 +02:00
Code Issues Packages Projects Releases Wiki Activity
13,381 Commits 2 Branches 1 Tag
40407aee99546b4f25632bcaeb796d2a53cb1bcb
Commit Graph

13381 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Stefan Schantl
0d34a479c8 ids.cgi: Display oinkcode section after page load when neccessary. 
Fixes #12048.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-11 10:28:19 +01:00
Michael Tremer
d51d3c5b93 IPS logging: Fix date comparison for last entry 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-12 17:36:54 +01:00
Michael Tremer
2eb0c326da IPS logging: There is no distinguation between suricata & snort required 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-12 17:33:39 +01:00
Michael Tremer
19c066b602 IPS logging: Fix reading date 
The CGI script only compares mm/dd and does not care about the year.

Suricata, however, logs the year as well which has to be ignored here.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-12 17:32:02 +01:00
Michael Tremer
a32c219fa4 zabbix_agentd: Bump package version 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-11 07:55:36 +01:00
Alexander Koch
41b7369f80 zabbix_agentd: Bugfix for /etc/sudoers.d/zabbix.user 
Files containing an '~' or '.' are ignored by sudo when placed in the includedir /etc/sudoers.d This makes the file useless. The file is renamed to "zabbix" instead of "zabbix.user" to fix this.

See: https://www.sudo.ws/man/1.8.13/sudoers.man.html#Including_other_files_from_within_sudoers

Signed-off-by: Alexander Koch <ipfire@starkstromkonsument.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-11 07:55:10 +01:00
Alexander Koch
854b63c42a zabbix_agentd: update to 4.2.0 
Relase Notes: https://www.zabbix.com/rn/rn4.2.0

Signed-off-by: Alexander Koch <ipfire@starkstromkonsument.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-11 07:55:07 +01:00
Stéphane Pautrel
a45bfbf1c5 installer+setup: Update French translation 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-11 03:47:44 +01:00
Arne Fitzenreiter
3e11f8257d make.sh: fix syntax error 
i have merged master>next and not deleted this line.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-04-11 07:34:14 +02:00
Arne Fitzenreiter
d27675b081 Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next 2019-04-11 07:31:11 +02:00
Arne Fitzenreiter
a2907cdd9f Merge remote-tracking branch 'origin/master' into next 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-04-11 07:30:26 +02:00
Matthias Fischer
d01d68913f wget: Update to 1.20.3 
For details see:
https://fossies.org/linux/wget/ChangeLog

Excerpt from "NEWS":

"2019-04-05  Tim Ruehsen  <tim.ruehsen@gmx.de>

Fix a buffer overflow vulnerability
* src/iri.c(do_conversion): Reallocate the output buffer to a larger
  size if it is already full"

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-09 12:34:18 +02:00
Michael Tremer
af9aa1556e core130: Ship updated apache 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-04-09 12:33:50 +02:00
Matthias Fischer
0971726e13 apache: Update to 2.4.39 
For details see:
http://mirror.checkdomain.de/apache//httpd/CHANGES_2.4.39

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-09 12:29:41 +02:00
Arne Fitzenreiter
6fc3f2e685 core130: insert a core update for urgent fixes. 
the bigger changes for suricata and kernel need longer time for test
so we insert a core with smaller but important fixes.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-04-09 07:31:23 +02:00
Arne Fitzenreiter
e7dafc3e3e core130: ship strongswan 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-04-09 07:30:26 +02:00
Michael Tremer
f0ce8b2c88 core130: Ship perl-Net-SSLeay 
This was still using the old version of OpenSSL.

Instead of linking the module (which we should have found earlier)
the module uses dlopen :(

Fixes: #12044
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-09 07:24:17 +02:00
Michael Tremer
d66433fca6 strongswan: Manually install all routes for non-routed VPNs 
This is a regression from disabling charon.install_routes.

VPNs are routing fine as long as traffic is passing through
the firewall. Traps are not propertly used as long as these
routes are not present and therefore we won't trigger any
tunnels when traffic originates from the firewall.

Fixes: #12045
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-09 07:22:26 +02:00
Michael Tremer
49ce16f9be core130: Ship updated wget 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-09 07:21:15 +02:00
Matthias Fischer
8d76eb2085 wget: Update to 1.20.2 
For details see:
https://fossies.org/linux/wget/ChangeLog

Excerpt from "NEWS":

* Changes in Wget 1.20.2
** NTLM authentication will retry under certain cases
** Fixed a buffer overflow vulnerability"

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-09 07:20:48 +02:00
Matthias Fischer
bfd5cfa9c6 clamav: Update to 0.101.2 
For details see:
https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html

"ClamAV 0.101.2 is a patch release to address a handful of security related bugs."

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-09 07:19:34 +02:00
Michael Tremer
a485606c27 ipsec-interfaces: Apply static routes (again) after creating IPsec interfaces 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-04-09 07:18:42 +02:00
Stefan Schantl
ee82349a0e convert-snort: Re-order steps at end of script 
This will ensure that the whole IDS is configured property, if
no or an empty snort config file is present.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-08 21:15:35 +01:00
Stefan Schantl
e4bc9b8b6f convert-snort: Fix logic for detecting enough free disk space. 
The subfunction only will return something if the check fails - so the logic
of the if statement was wrong set and the downloader only was called if
this check failed and to less diskspace would be available.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-08 21:15:35 +01:00
Michael Tremer
ee53381ab1 core130: Ship SSH Agent Forwarding changes 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-08 21:15:35 +01:00
Peter Müller
f9de28e6f0 change AllowAgentForwarding in SSHD configuration if, necessary 
Fixes #11931

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Cc: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-08 21:15:35 +01:00
Peter Müller
e918b62ae2 allow SSH agent forwarding to be configured via WebUI 
Fixes #11931

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Cc: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-08 21:15:35 +01:00
Peter Müller
e1f6dfcbbc add language strings for SSH agent forwarding settings 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-08 21:15:35 +01:00
Arne Fitzenreiter
4f30ce49b3 rename core130 -> core131 
we need to insert a core update to fix urgent bugs

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-04-08 21:49:20 +02:00
Arne Fitzenreiter
f2afd5e70d kernel: update to 4.14.111 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-04-08 21:47:23 +02:00
Arne Fitzenreiter
47204d12f1 Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-04-08 21:47:12 +02:00
Michael Tremer
918ee4a4cf strongswan: Manually install all routes for non-routed VPNs 
This is a regression from disabling charon.install_routes.

VPNs are routing fine as long as traffic is passing through
the firewall. Traps are not propertly used as long as these
routes are not present and therefore we won't trigger any
tunnels when traffic originates from the firewall.

Fixes: #12045
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-08 16:44:57 +01:00
Arne Fitzenreiter
5f9bf17d76 core130: update pakfire database after version change 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-04-08 17:31:12 +02:00
Michael Tremer
c557356ea4 core130: Ship perl-Net-SSLeay 
This was still using the old version of OpenSSL.

Instead of linking the module (which we should have found earlier)
the module uses dlopen :(

Fixes: #12044
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-08 11:56:58 +01:00
Arne Fitzenreiter
0265f51e9f core130: remove lm_sensors config 
the sensor search has to redone after boot the new kernel.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-04-07 18:19:50 +02:00
Arne Fitzenreiter
ca7af38203 core130: ship setup binary 
The setup contain a IPFire version string.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-04-07 17:24:46 +02:00
Arne Fitzenreiter
44b0afe029 core130: ship pakfire version update 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-04-07 17:13:43 +02:00
Arne Fitzenreiter
83c956c3c8 core130: add kernel to updater 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-04-07 17:01:08 +02:00
Peter Müller
f40cd26de2 Postfix: update to 3.4.5 
See http://www.postfix.org/announcements/postfix-3.4.5.html for
release notes.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-06 16:09:02 +01:00
Matthias Fischer
ee44d509b6 wget: Update to 1.20.3 
For details see:
https://fossies.org/linux/wget/ChangeLog

Excerpt from "NEWS":

"2019-04-05  Tim Ruehsen  <tim.ruehsen@gmx.de>

Fix a buffer overflow vulnerability
* src/iri.c(do_conversion): Reallocate the output buffer to a larger
  size if it is already full"

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-06 16:08:53 +01:00
Michael Tremer
f903d3a6f0 suricata: Disable CPU affinity 
Benchmarks have shown, that this is making the IPS slower
across various hardware

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-04 22:02:53 +01:00
Arne Fitzenreiter
aa20f1b277 kernel: update to 4.14.110 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-04-05 07:46:34 +02:00
Michael Tremer
aab33d4845 core130: Do not search for sensors on AWS 
This causes some i2c drivers to load and tons of error messages
being created in syslog. So we skip searching for any sensors
that do not exist.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-04 09:05:25 +01:00
Michael Tremer
ab79dc43bf vpnmain.cgi: Set MTU to a default when editing an old connection 
This field is required and therefore we need to initialize it
for old connections. Right now, the CGI throws an error message
when editing an existing connection without the MTU being filled
in.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-04 11:53:11 +01:00
Michael Tremer
aeecc7ae10 core130: Ship updated wget 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-04 02:07:16 +01:00
Matthias Fischer
7dd8193684 wget: Update to 1.20.2 
For details see:
https://fossies.org/linux/wget/ChangeLog

Excerpt from "NEWS":

* Changes in Wget 1.20.2
** NTLM authentication will retry under certain cases
** Fixed a buffer overflow vulnerability"

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-04 02:07:01 +01:00
Michael Tremer
0ce95859da core130: Ship updated nettle 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-04 02:06:41 +01:00
Matthias Fischer
a4cc65bc48 nettle: Update to 3.4.1 
For details see:
https://fossies.org/linux/nettle/ChangeLog

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-04 02:06:19 +01:00
Michael Tremer
c95ba2bbcc core130: Ship updated GnuTLS 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-04 02:05:52 +01:00
Matthias Fischer
34bbcff61f gnutls: Update to 3.6.7.1 
For details see:
https://lists.gnupg.org/pipermail/gnutls-help/2019-March/004497.html

Please note:
A few days after the "3.6.7" release, "3.6.7.1" came out.

See:
https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/

But the compressed directory version is still versioned 3.6.7.

Because of this, the fourth (sub)-version number required some lfs adjustments.

And:
This version requires "nettle 3.4.1", which is sent in another commit.

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-04 02:05:18 +01:00