webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-27 11:13:24 +02:00
Code Issues Packages Projects Releases Wiki Activity
13,124 Commits 2 Branches 1 Tag
710afa00c6e1441ba45f3fdda2feaf613ffd0033
Commit Graph

13124 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Tremer
9ff5b381eb boost: Build with -O2 only 
This should increase build speed

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-04 17:20:52 +00:00
Michael Tremer
d53537ced9 Config: Builds don't seem to like the space 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-04 11:57:22 +00:00
Michael Tremer
a843073c8e perl: Limit build to 23 parallel processes 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-04 11:52:34 +00:00
Michael Tremer
7691a1bfe7 make.sh: Introduce MAX_PARALLELISM 
This will now adjust MAKETUNING to not launch more processes
than MAX_PARALLELISM. Handy to limit builds that use a lot of memory.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-04 11:51:08 +00:00
Michael Tremer
eeee108f18 make.sh: Drop MAKETUNING 
This is now set in lfs/Config

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-04 11:45:30 +00:00
Michael Tremer
77c863a2f1 make.sh: Introduce DEFAULT_PARALLELISM 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-04 11:43:47 +00:00
Michael Tremer
e4ee36fa17 make.sh: Use variable instead of calling system_processors function again 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-04 11:38:38 +00:00
Michael Tremer
deffc27598 make.sh: Rename HOST_MEM to SYSTEM_MEMORY 
We had two variables holding the same data

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-04 11:35:15 +00:00
Michael Tremer
8556093359 make.sh: Pass number of processors and total memory so that we can adjust MAKETUNING 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-04 11:33:50 +00:00
Wolfgang Apolinarski
23164efba5 Parallelized build for several packages 
Added $(MAKETUNING) to several packages.
Marked packages that do not support parallel build.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-04 11:02:03 +00:00
Michael Tremer
ea9cb48ae7 core129: Ship wpa_supplicant 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-04 09:26:58 +00:00
Matthias Fischer
b2ee5e8aa4 wpa_supplicant: Update to 2.7 
For details see:
https://w1.fi/cgit/hostap/plain/wpa_supplicant/ChangeLog

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-04 09:26:58 +00:00
Matthias Fischer
d6d5999af1 hostapd: Update to 2.7 
For details see:
https://w1.fi/cgit/hostap/plain/hostapd/ChangeLog

This patch sticks to 'wpa_supplicant: Update to 2.7'.

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-04 09:26:58 +00:00
Michael Tremer
146c837e78 netsnmp: Fix rootfile to build on other architectures 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-04 09:26:58 +00:00
Erik Kapfer
5a3c9ef298 netsnmpd: OpenSSL patch is incl. in new version 
Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-04 09:26:58 +00:00
Erik Kapfer
758a1893a1 netsnmpd: Update to version 5.8 
Overview of the changes can be found in here https://sourceforge.net/p/net-snmp/mailman/message/36386084/ .

Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-04 09:26:58 +00:00
Erik Kapfer
3f2341da8d iptables: Update to 1.8.2 
netfilter-layer7 has also been updated to v2.23 .

Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-04 09:26:58 +00:00
Stefan Schantl
b051eb68b6 libcap-ng: New package 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-03-03 15:10:02 +01:00
Michael Tremer
26c758cf48 suricata: Drop parsers I have never heard of 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-03-03 10:55:31 +01:00
Michael Tremer
8efbd71caa suricata: Configure HTTP decoder 
This will now scan all request and response bodies where possible
and use up to 256MB of RAM

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-03-03 10:55:31 +01:00
Michael Tremer
96495c9aa2 Revert "Suricata: detect DNS events on port 853, too" 
This reverts commit ad99f959e2.

It does not make any sense to try to decode the TLS connection
with the DNS decoder.

Therefore should 853 (TCP only) be added to the TLS decoder.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-03-03 10:55:30 +01:00
Michael Tremer
26796f3a4b Unpack intel microcode before initramfs images are being built 
Previously, the microcode updates were not packaged in the shipped
initramfs images which causes that Intel processors are still running
on outdated microcode.

This patch moves intel-microcode before we build the initramfs images.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-02 14:55:04 +00:00
Michael Tremer
a079f7aaee core129: Ship updated proxy.cgi 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-02 14:14:14 +00:00
Matthias Fischer
d50a78220d Bug 12008 - Typo in 'proxy.cgi' leads to wrong path for 'basic_ldap_auth' 
Hi,

This should fix https://bugzilla.ipfire.org/show_bug.cgi?id=12008

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-02 14:13:17 +00:00
Michael Tremer
3d01a8f1a6 core129: Ship updated ipset 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-02 14:12:18 +00:00
Erik Kapfer
46a073f1b5 ipset: Update to version 7.1 
Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-02 14:11:19 +00:00
Michael Tremer
7c57cbe24b core129: Ship updated tar 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-02 14:11:02 +00:00
Matthias Fischer
6ca3265c41 tar: Update to 1.32 
For details see:
http://git.savannah.gnu.org/cgit/tar.git/log/

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-02 14:10:39 +00:00
Michael Tremer
15c71234ca core129: Ship updated bind 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-02 14:10:21 +00:00
Matthias Fischer
ae45fb5193 bind: Update to 9.11.6 
For details see:
http://ftp.isc.org/isc/bind9/9.11.6/RELEASE-NOTES-bind-9.11.6.html

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-02 14:10:03 +00:00
Michael Tremer
ae4ca7ef13 core129: Ship updated squid 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-02 14:09:00 +00:00
Matthias Fischer
aa88b2ef59 squid: Update to 4.6 
For details see:
http://www.squid-cache.org/Versions/v4/changesets/

The 'configure'-option "--disable-ipv6" was removed, it is no longer necessary.

See:
https://lists.ipfire.org/pipermail/development/2016-April/002046.html

"The --disable-ipv6 build option is now deprecated.
...
Squid-3.5.7 and later will perform IPv6 availability tests on startup in
all builds.

- Where IPv6 is unavailable Squid will continue exactly as it would
have had the build option not been used.

These Squid can have the build option removed now."

The warning message concerning a "BCP 177 violation" while
starting 'squid' can be ignored.

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-02 14:07:38 +00:00
Michael Tremer
e1982c695c spectre-meltdown-checker: New package 
This makes it easy to install the script and check the vulnerability status
of a system IPFire is running on.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-02 13:24:44 +00:00
Michael Tremer
771c9b78ee binutils: Ship strings & readelf 
This is needed by the spectre meltdown checker script

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-02 13:01:42 +00:00
Michael Tremer
d6af912c83 Update German translation 
Mainly adds translation for new IPsec features

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-02 12:01:06 +00:00
Stéphane Pautrel
fb47c465e8 Update of French translation 
- Several syntax / vocabulary improvements
- A 2 text missing in the French version
- Improvement of text offering a donation for the users

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-02 11:48:05 +00:00
Michael Tremer
5d04cfe7d5 suricata: Use highest bit to mark packets 
We are using the netfilter MARK in IPsec & QoS and this
is causing conflicts.

Therefore, we use the highest bit in the IPS chain now
and clear it afterwards because we do not really care about
this after the packets have been passed through suricata.

Then, no other application has to worry about suricata.

Fixes: #12010
Signed-off-by: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-03-01 17:56:48 +01:00
Michael Tremer
c9ee3592f0 suricata: Fix syntax error 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-03-01 17:56:47 +01:00
Michael Tremer
99d75ac72e suricata: Start capture first and then load rules 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-03-01 17:56:47 +01:00
Michael Tremer
890f1bf295 suricata: Disable decoding for Teredo 
This decoder is not very accurate and Teredo has been
disabled in Windows by default. Nobody will use this.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-03-01 17:56:47 +01:00
Michael Tremer
0b340f0938 suricata: Increase memory size for the stream engine 
This change also ensures that suricata has a decent number
of streams preallocated to be able to handle any bursts in traffic.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-03-01 17:56:47 +01:00
Michael Tremer
ab1444b4f4 suricata: Log to syslog like a normal process 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-03-01 17:56:47 +01:00
Michael Tremer
47cb057145 suricata: Use up to 256MB of RAM for the flow cache 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-03-01 17:56:47 +01:00
Michael Tremer
7eed864c93 suricata: Use 64MB of RAM for defragmentation 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-03-01 17:56:46 +01:00
Michael Tremer
83b576c892 suricata: Use the correct path for the magic database 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-03-01 17:56:46 +01:00
Michael Tremer
0e28ea9f3e suricata: Log to syslog 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-03-01 17:56:46 +01:00
Michael Tremer
682f1fdaca suricata: We do not use any IP reputation lists 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-03-01 17:56:46 +01:00
Michael Tremer
cf976e93c4 suricata: Allow 32MB of RAM for DNS decoding 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-03-01 17:56:29 +01:00
Michael Tremer
fe5bd1862f suricata: Drop sections that require Rust 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-03-01 17:55:26 +01:00
Michael Tremer
bc2cb52953 suricata: Drop some commented stuff from configuration 
The file is really large and we should not carry anything we will
never use.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-03-01 17:55:26 +01:00