webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-20 07:53:01 +02:00
Code Issues Packages Projects Releases Wiki Activity
14,028 Commits 2 Branches 1 Tag
7d9b0ab69750c19d51833537652c6b11fc1bc2ab
Commit Graph

14028 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Matthias Fischer
7d9b0ab697 bind: Update to 9.11.14 
For details see:
https://downloads.isc.org/isc/bind9/9.11.14/RELEASE-NOTES-bind-9.11.14.html

"Bug Fixes

Fixed a bug that caused named to leak memory on reconfiguration when any
GeoIP2 database was in use. [GL #1445]

Fixed several possible race conditions discovered by Thread Sanitizer."

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-29 19:17:45 +00:00
Arne Fitzenreiter
72c24beae2 core140: add file to updater 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-29 19:16:55 +00:00
Michael Tremer
1eb657a66c file: Update to 5.38 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-29 19:15:57 +00:00
Michael Tremer
edf221cbfc dehydrated: Update to 0.6.5 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-29 19:15:09 +00:00
Stefan Schantl
0db643ce38 rfkill: New package. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Acked-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-29 19:14:30 +00:00
Arne Fitzenreiter
0ef5f4a091 core140: add ids.cgi and suricata initskript to updater 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-29 19:13:28 +00:00
Stefan Schantl
51b63b4186 IDS: Allow to inspect traffic from or to OpenVPN 
This commit allows to configure suricata to monitor traffic from or to
OpenVPN tunnels. This includes the RW server and all established N2N
connections.

Because the RW server and/or each N2N connection uses it's own tun?
device, it is only possible to enable monitoring all of them or to disable
monitoring entirely.

Fixes #12111.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-29 19:12:06 +00:00
Arne Fitzenreiter
a1cf33ca8f core140: add suricata and libhtp to updater 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-29 19:10:55 +00:00
Matthias Fischer
907874c4be libhtp: Update to 0.5.32 
For details see:
https://github.com/OISF/libhtp/releases

Bundled with 'suricata 4.1.6'

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-29 19:09:27 +00:00
Matthias Fischer
ad6d02ccc0 suricata: Update to 4.1.6 
Excerpt from 'ChangeLog':

"4.1.6 -- 2019-12-13

Bug #3276: address parsing: memory leak in error path (4.1.x)
Bug #3278: segfault when test a nfs pcap file (4.1.x)
Bug #3279: ikev2 enabled in config even if Rust is disabled
Bug #3325: lua issues on arm (fedora:29) (4.1.x)
Bug #3326: Static build with pcap fails (4.1.x)
Bug #3327: tcp: empty SACK option leads to decoder event (4.1.x)
Bug #3347: BPF filter on command line not honored for pcap file (4.1.x)
Bug #3355: DNS: DNS over TCP transactions logged with wrong direction. (4.1.x)
Bug #3356: DHCP: Slow down over time due to lack of detect flags (4.1.x)
Bug #3369: byte_extract does not work in some situations (4.1.x)
Bug #3385: fast-log: icmp type prints wrong value (4.1.x)
Bug #3387: suricata is logging tls log repeatedly if custom mode is enabled (4.1.x)
Bug #3388: TLS Lua output does not work without TLS log (4.1.x)
Bug #3391: Suricata is unable to get MTU from NIC after 4.1.0 (4.1.x)
Bug #3393: http: pipelining tx id handling broken (4.1.x)
Bug #3394: TCP evasion technique by overlapping a TCP segment with a fake packet (4.1.x)
Bug #3395: TCP evasion technique by faking a closed TCP session (4.1.x)
Bug #3402: smb: post-GAP some transactions never close (4.1.x)
Bug #3403: smb1: 'event only' transactions for bad requests never close (4.1.x)
Bug #3404: smtp: file tracking issues when more than one attachment in a tx (4.1.x)
Bug #3405: Filehash rule does not fire without filestore keyword
Bug #3410: intermittent abort()s at shutdown and in unix-socket (4.1.x)
Bug #3412: detect/asn1: crashes on packets smaller than offset setting (4.1.x)
Task #3367: configure: Rust 1.37+ has cargo-vendor support bundled into cargo (4.1.x)"

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-29 19:09:25 +00:00
Arne Fitzenreiter
8867f9c5e8 core140: add knot to updater 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-29 18:03:34 +00:00
Matthias Fischer
68e83070e2 knot: Update to 2.9.2 
For details see:
https://www.knot-dns.cz/2019-12-12-version-292.html

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-29 18:01:05 +00:00
Arne Fitzenreiter
063a3a8bca core140: add unbound to updater 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-29 17:59:50 +00:00
Matthias Fischer
726037c6ee unbound: Update to 1.9.6 
For details see:
https://nlnetlabs.nl/pipermail/unbound-users/2019-December/011941.html

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-29 17:58:21 +00:00
Stéphane Pautrel
22680ad9be Update French translation 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-29 17:57:39 +00:00
Erik Kapfer
fb7226d0a6 tshark: Update to version 3.0.7 
Several bugfixes are included in this version, some protocol support has been added.
For a complete overview of the changelog, take a look in here -->
https://www.wireshark.org/docs/relnotes/wireshark-3.0.6.html
https://www.wireshark.org/docs/relnotes/wireshark-3.0.7.html .

Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-29 13:46:32 +00:00
Arne Fitzenreiter
424442d27d core140: add unbound/saveserch changes to updater 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-29 13:44:20 +00:00
Arne Fitzenreiter
30b3b2cde7 checkrootfiles: ignore arch folder and add x86_64,aarch64 
rust has arch depending rootfiles which make no sense to
replache the arch by machine.
Also added missing arches to check.
 2019-12-29 13:42:31 +00:00
Michael Tremer
d7190078ce unbound: Configure Safe Search dynamically 
The safe search code relied on working DNS resolution, but
was executed before unbound was even started and no network
was brought up.

That resulted in no records being created and nothing being
filtered.

This will now set/reset safe search when the system connects
to the Internet.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-29 08:51:21 +00:00
Stéphane Pautrel
1ec1e499d0 Update of French translations 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-29 08:50:52 +00:00
Stefan Schantl
5bc042df2f rust: Update to 1.39 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-29 08:50:31 +00:00
Stefan Schantl
8245498310 make.sh: Introduce RUSTFLAGS 
This allows to set arch-specific FLAGS when dealing with
software written in rust.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-29 08:49:25 +00:00
Arne Fitzenreiter
6a3acff934 core140: start 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-09 19:50:03 +01:00
Arne Fitzenreiter
a15dbe4497 Merge branch 'next' 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-09 18:37:16 +00:00
Arne Fitzenreiter
f23b944ecb core139: finish 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-09 18:48:07 +01:00
Arne Fitzenreiter
dd12d8c54c leds: use new APUx ACPI Bios leds if exist. 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-09 14:50:44 +01:00
Erik Kapfer
6a9d9ff4af ovpn: Fix LZO checkbox restore 
Triggered by --> https://community.ipfire.org/t/openvpn-is-lzo-compression-now-effectively-disabled/503 .

Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-06 16:39:55 +00:00
Arne Fitzenreiter
898dc600e6 pcengines-firmware: fix rootfile 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-06 03:18:09 +01:00
Peter Müller
f7c8d15089 Core Update 139: ship updated OpenSSH 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-05 18:00:26 +00:00
Peter Müller
81502fe6f3 OpenSSH: update to 8.1p1 
Please refer to https://www.openssh.com/txt/release-8.1 for release notes.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-05 18:00:11 +00:00
Arne Fitzenreiter
43fa700e11 pcengines-firmware: update to 4.10.0.3 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-05 18:53:16 +01:00
Arne Fitzenreiter
6fb7936c16 intel-microcode: update to 20191115 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-05 12:48:13 +01:00
Arne Fitzenreiter
0894092e2c linux-firmware: update to 20191022 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-05 12:44:45 +01:00
Arne Fitzenreiter
7ff42686ec core139: add cpio to updater 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-02 17:11:30 +00:00
Matthias Fischer
01493f7a44 cpio: Update to 2.13 
For details see:
https://www.gnu.org/software/cpio/

Fix CVE-2015-1197
Fix CVE-2016-2037
Fix CVE-2019-14866

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-02 17:10:15 +00:00
Matthias Fischer
9d6e22e3fc nano: Update to 4.6 
For details see:
https://www.nano-editor.org/news.php

... and a long list of other changes in https://www.nano-editor.org/dist/latest/ChangeLog ...

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-02 17:09:55 +00:00
Peter Müller
18f1b46e1a spectre-meltdown-checker: update to 0.42 
See https://github.com/speed47/spectre-meltdown-checker/releases/tag/v0.42
for release announcements.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-02 17:09:41 +00:00
Peter Müller
6d0a2f8b1e Postfix: update to 3.4.8 
See http://www.postfix.org/announcements/postfix-3.4.8.html for release
announcements.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-02 17:09:09 +00:00
Peter Müller
c701ddcba5 update ca-certificates CA bundle 
Update the CA certificates list to what Mozilla NSS ships currently.

The original file can be retrieved from:
https://hg.mozilla.org/mozilla-central/raw-file/tip/security/nss/lib/ckfw/builtins/certdata.txt

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-02 17:07:00 +00:00
Arne Fitzenreiter
4622af5f15 core139: add hwdata to updater 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-02 17:05:15 +00:00
Peter Müller
bf9fa6d864 hwdata: update PCI/USB databases 
PCI IDs: 2019-11-26 03:15:03
USB IDs: 2019-11-05 20:34:06

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-02 17:02:20 +00:00
Arne Fitzenreiter
bedfda83c9 dhcpcd.exe: remove red.down run on "NOCARRIER" 
after "NOCARRIER" the dhcp client always run "EXPIRE" event.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-01 18:33:19 +01:00
Arne Fitzenreiter
941520c69c Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next 2019-12-01 16:36:43 +01:00
Arne Fitzenreiter
d346d47467 up/down beep: move from ppp ip-up/down to general red.up/down 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-01 15:29:59 +01:00
Arne Fitzenreiter
455291f90e 70-dhcpdd.exe: don't run red.down scripts at "PREINIT" 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-01 14:43:49 +01:00
Arne Fitzenreiter
86409ab100 core139: add dhcp and network changes to updater 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-01 00:45:02 +01:00
Arne Fitzenreiter
fff96e3945 networking red: add delay to wait for carrier 
some nic's need some time after link up to get a carrier

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-11-30 22:26:00 +01:00
Arne Fitzenreiter
f938083fb5 dhcpcd: 10-mtu break if carrier was lost 
some nic's like Intel e1000e needs a reinit to change the
mtu. In this case the dhcp hook reinit the nic and terminate now
to let the dhcpcd reinit the card in backgrounnd without running the
rest of the hooks.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-11-30 22:21:42 +01:00
Michael Tremer
4775d54ba6 clamav: Allow downloads to take up to 10 minutes 
freshclam did not have a receive timeout set and a default of
60s was used. That causes that the large main database cannot
be downloaded over a line with a 16 MBit/s downlink.

This patch increases that timeout and should allow a successful
download on slower connections, too.

Suggested-by: Tim Fitzgeorge <ipfb@tfitzgeorge.me.uk>
Fixes: #12246
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-11-30 10:53:59 +00:00
Matthias Fischer
78756496c9 bind: Update to 9.11.13 
For details see:

https://downloads.isc.org/isc/bind9/9.11.13/RELEASE-NOTES-bind-9.11.13.html

"Security Fixes

    Set a limit on the number of concurrently served pipelined TCP queries.
    This flaw is disclosed in CVE-2019-6477. [GL #1264]"

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-11-30 09:57:49 +00:00