webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-05-11 01:38:25 +02:00
Code Issues Packages Projects Releases Wiki Activity
18,987 Commits 2 Branches 1 Tag
609f41867d11619d9996509f6be05d004b2ccb1c
Commit Graph

18987 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Peter Müller
1091a629ea Core Update 167: Add new Pakfire key after extracting the files 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2022-03-31 09:20:50 +00:00
Peter Müller
65c6336aa3 Tor: Pick up upstream patch for fixing sandbox with glibc >= 2.34 
Fixes: #12807

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2022-03-31 07:58:55 +00:00
Michael Tremer
8f696f60e2 core166: Move filelists to the correct location 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-03-30 16:23:31 +00:00
Michael Tremer
260d9e7dd8 Merge branch 'master' into next 2022-03-30 15:53:27 +00:00
Michael Tremer
d5d3748b02 backup: Move empty check to the correct place 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-03-30 15:50:55 +00:00
Michael Tremer
13eaaa5657 core167: Ship util-linux 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-03-30 14:01:16 +00:00
Michael Tremer
beffabaca3 linux-firmware: Hardlink any identical firmware files 
Some files are identical which is why we don't need to ship them mutiple
times. This will save about 13 MiB of disk space and presumably the same
on the compressed distro image.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-03-30 13:58:53 +00:00
Michael Tremer
f5ffdb75ce util-linux: Update to 2.38 
This patch also enables building hardlink(8)

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-03-30 13:58:53 +00:00
Michael Tremer
f43db7d6fa linux-firmware: Don't ship some Qualcomm AI/5G firmware 
This is not needed on IPFire and saves about 13 MiB of compressed
firmware.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-03-30 13:58:53 +00:00
Michael Tremer
19b535b9b6 linux-firmware: Don't ship Mellanox Spectrum Switch Firmware 
This is probably not usable on IPFire and saves us about 47 MiB.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-03-30 13:58:53 +00:00
Michael Tremer
5df7c89924 linux-firmware: Don't ship Marvell Prestera Firmware 
This firmware is required for a switch ASIC which we build the kernel
module for, but which is probably not usable with IPFire.

This saves about 40 MiB of compressed firmware space.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-03-30 13:58:53 +00:00
Michael Tremer
90c988a6ee networking: Correctly set MTU on all bridges 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-03-30 13:58:02 +00:00
Matthias Fischer
80a477466c monit: Update to 5.32.0 
For details see:
https://mmonit.com/monit/changes/

    "Fixed: Issue #1028: If the Monit statefile was removed, the monit
    start <service> action for services with onreboot nostart option
    started the service, but did not enable monitoring of said service.
    The same problem occurred if a new onreboot nostart service was
    added, even if the statefile did exist.

    Fixed: Issue #1029: The generic protocol test truncated received
    data if the response contained zeros.

    Fixed: PAM authentication: Users with a valid password for
    a disabled account could still login to Monit. Thanks to Youssef
    Rebahi-Gilbert.

    Fixed: The Monit HTTP interface could be blocked by sending
    a request with an infinite stream of HTTP headers. Thanks to Youssef
    Rebahi-Gilbert for report."

For more details see:
https://bitbucket.org/tildeslash/monit/commits/tag/release-5-32-0

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-03-30 13:57:35 +00:00
Michael Tremer
7ce3223dd8 dvb-firmwares: Don't ship firmware that comes from linux-firmware 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-03-30 13:57:07 +00:00
Michael Tremer
f0dc569d79 alsa: Do not ship compressed firmware again 
This package installs some firmware files. Since linux-firmware is now
compressed, files will no longer be overwritten, but this package will
put the uncompressed files next to the compressed ones.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-03-30 13:57:07 +00:00
Michael Tremer
31102a28b3 core167: Ship backup includes 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-03-30 13:55:36 +00:00
Peter Müller
73845df507 backup: Include proxy.pac 
Fixes: #12814

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-03-30 13:54:51 +00:00
Michael Tremer
12cb09eb5e core167: Increment release version in update.sh 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-03-30 13:53:23 +00:00
Michael Tremer
e546e1038a Merge branch 'master' into next 2022-03-30 13:51:38 +00:00
Michael Tremer
916ca6d476 Rename Core Update 166 into 167 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-03-30 13:48:09 +00:00
Michael Tremer
21de246ef7 core166: Ship zlib 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-03-30 13:46:01 +00:00
Peter Müller
b2f72ba085 zlib: Pick up upstream patch for memory corruption fix 
See: https://www.openwall.com/lists/oss-security/2022/03/24/1

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-03-30 13:44:51 +00:00
Michael Tremer
c68ecc0251 core166: Ship misc-progs 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-03-30 13:44:31 +00:00
Michael Tremer
713d681232 misc-progs: Set a reasonable default PATH variable 
We have some scripts in /usr/local/bin which cannot be found by any
misc-progs which is fixed by this patch.

Fixes: #12811
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-03-30 13:43:41 +00:00
Michael Tremer
b7fc708ffc core166: Ship backup script 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-03-30 13:43:25 +00:00
Michael Tremer
b275771fdd backup: Only list files that exist 
This will prevent tar from throwing any errors later on

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-03-30 13:43:25 +00:00
Michael Tremer
4f0e7f24f2 backup: Ignore any empty lines in backup include list 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-03-30 13:43:25 +00:00
Michael Tremer
13f6473a4f backup: Fix broken globbing expansion 
This patch fixes globbing expansion in the backup include file list
which got broken in c7e0d73e7c.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Tested-by: Bernhard Bitsch <bernhard.bitsch@ipfire.org>
 2022-03-30 13:43:25 +00:00
Michael Tremer
b7771d5861 core166: Start a new Core Update 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-03-30 13:43:19 +00:00
Stefan Schantl
fa7663a1b5 ids.cgi: Remove newly added provider if the rules could not be 
downloaded.

When adding a new provider and in case the rules file or tarball can not
be downloaded, the provider remains as configured.

To avoid that, the provider needs to be removed again.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-03-26 12:26:35 +01:00
Stefan Schantl
8114440752 convert-ids-modification-files: New converter. 
This converter is responsible to convert the old oinkmaster modification
files into the new files and format.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-03-26 12:12:55 +01:00
Stefan Schantl
432b8ed21e ids.cgi: Drop last fragments from old modify sids backend. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-03-26 11:54:19 +01:00
Stefan Schantl
849fc8ea15 ids-functions.pl: Drop oinkmaster related functions and declarations. 
They are not longer needed and safely can be dropped.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-03-26 11:45:17 +01:00
Stefan Schantl
443ad51d1c ids.cgi: Allow to configure IDS/IPS mode individually for each provider. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-03-26 11:37:21 +01:00
Stefan Schantl
4c98be8bd2 ids.cgi: Use new provider modifications backend. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-03-26 11:37:02 +01:00
Stefan Schantl
9f353f8518 ids.cgi: Use new backend to store the ruleset modifications of a 
provider.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-03-26 11:36:44 +01:00
Stefan Schantl
2deba6bf4a ids-functions.pl: Use "enabled/disabled" to mark if a rule should be 
altered.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-03-26 11:36:24 +01:00
Stefan Schantl
794469483f ids-functions.pl: Replace call of external oinkmaster.pl to newly 
introduced process_ruleset function.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-03-26 11:35:48 +01:00
Stefan Schantl
5a6c7bbe85 ids-functions.pl: Add process_ruleset() function. 
This function is going to replace the part which currently the
oinkmaster.pl script does.

It will read in the extracted ruleset, remove duplicates and alter the
rules to alert or drop in case they match. Also rules will be enabled or
disabled if the used requested this.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-03-26 11:34:30 +01:00
Stefan Schantl
518cbdd389 ids-functions.pl: Add get_provider_ruleset_modifications_file(). 
This function will obosolete the old oinkmaster modifications files.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-03-26 11:34:11 +01:00
Stefan Schantl
e246285af4 ids-functions.pl: Add private function to obtain the sid and rev of a 
rule.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-03-26 11:33:47 +01:00
Stefan Schantl
e0eb5bc737 ids-functions.pl: Add get_providers_mode() function. 
This function is used to gather the modes of the configured providers
and return them as hash.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-03-26 11:33:28 +01:00
Stefan Schantl
ff780d8b3f update-ids-ruleset: Fix typo in return code. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-03-26 11:27:01 +01:00
Stefan Schantl
74019d3044 update-ids-ruleset: Skip providers which are not enabled. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-03-26 11:23:44 +01:00
Stefan Schantl
9a3f9c2b23 update-ids-ruleset: Log and abort if to less free disk space is 
available.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-03-26 11:22:50 +01:00
Stefan Schantl
c9c3eadbbf update-ids-ruleset: Add logging for various events. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-03-26 11:22:08 +01:00
Stefan Schantl
d1f7542659 update-ids-ruleset: Add function to iherit with the syslog daemon. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-03-26 11:19:31 +01:00
Stefan Schantl
65e3aef583 ids-functionsn.pl: Remove logging calls when checking free diskspace. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-03-26 11:17:06 +01:00
Stefan Schantl
52a557a848 ids-functions.pl: Remove logging calls from downloader. 
The download script should not directly do the logging stuff.

It simply should download the files for the requested provider and
return an error code on fail.

The logging should be done at another place.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-03-26 11:14:40 +01:00
Stefan Schantl
e26edcc1c7 ids-functions.pl: Provide better return codes, if the downloader fails. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2022-03-25 06:03:40 +01:00