webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-27 03:07:43 +02:00
Code Issues Packages Projects Releases Wiki Activity
14,404 Commits 2 Branches 1 Tag
804deb1b23f24daa35d0cf052d8d0eac82c3319f
Commit Graph

7247 Commits

Author SHA1 Message Date
Matthias Fischer
726037c6ee unbound: Update to 1.9.6 
For details see:
https://nlnetlabs.nl/pipermail/unbound-users/2019-December/011941.html

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-29 17:58:21 +00:00
Erik Kapfer
fb7226d0a6 tshark: Update to version 3.0.7 
Several bugfixes are included in this version, some protocol support has been added.
For a complete overview of the changelog, take a look in here -->
https://www.wireshark.org/docs/relnotes/wireshark-3.0.6.html
https://www.wireshark.org/docs/relnotes/wireshark-3.0.7.html .

Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-29 13:46:32 +00:00
Arne Fitzenreiter
424442d27d core140: add unbound/saveserch changes to updater 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-29 13:44:20 +00:00
Michael Tremer
d7190078ce unbound: Configure Safe Search dynamically 
The safe search code relied on working DNS resolution, but
was executed before unbound was even started and no network
was brought up.

That resulted in no records being created and nothing being
filtered.

This will now set/reset safe search when the system connects
to the Internet.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-29 08:51:21 +00:00
Stéphane Pautrel
1ec1e499d0 Update of French translations 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-29 08:50:52 +00:00
Stefan Schantl
5bc042df2f rust: Update to 1.39 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-29 08:50:31 +00:00
Stefan Schantl
1cb8ffe84d Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next 2019-12-16 09:04:29 +01:00
Peter Müller
fd2dccaabb Core Update 139: fix syntax of generated Suricata DNS server file 
The YAML syntax of /var/ipfire/suricata/suricata-dns-servers.yaml was
invalid and caused Suricata to crash after upgrading to Core Update 139.

Due to strange NFQUEUE behaviour, this caused IPsec traffic to be
emitted to the internet directly. While this patch represents a quick
solution for Core Update 139, another one is needed for changing the
IPtables chain order to avoid similar information leaks in future.

Thanks to Michael for his debugging effort.

Fixes #12260
Partially fixes #12257

Cc: Michael Tremer <michael.tremer@ipfire.org>
Cc: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-14 07:26:05 +00:00
Peter Müller
a59cf47b9e Core Update 139 needs a reboot 
Fixes #12258

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-14 07:25:48 +00:00
Peter Müller
19ad0ddb2f Core Update 139: apply SSH configuration and restart SSH daemon 
Fixes #12259

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-14 07:25:35 +00:00
Arne Fitzenreiter
6a3acff934 core140: start 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-09 19:50:03 +01:00
Arne Fitzenreiter
a15dbe4497 Merge branch 'next' 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-09 18:37:16 +00:00
Arne Fitzenreiter
dd12d8c54c leds: use new APUx ACPI Bios leds if exist. 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-09 14:50:44 +01:00
Stefan Schantl
f8e7c1c9d0 crontab: Adjust crontab to hourly launch the update-location-database 
script.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-12-09 14:19:53 +01:00
Arne Fitzenreiter
898dc600e6 pcengines-firmware: fix rootfile 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-06 03:18:09 +01:00
Peter Müller
f7c8d15089 Core Update 139: ship updated OpenSSH 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-05 18:00:26 +00:00
Arne Fitzenreiter
6fb7936c16 intel-microcode: update to 20191115 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-05 12:48:13 +01:00
Arne Fitzenreiter
0894092e2c linux-firmware: update to 20191022 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-05 12:44:45 +01:00
Arne Fitzenreiter
7ff42686ec core139: add cpio to updater 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-02 17:11:30 +00:00
Matthias Fischer
01493f7a44 cpio: Update to 2.13 
For details see:
https://www.gnu.org/software/cpio/

Fix CVE-2015-1197
Fix CVE-2016-2037
Fix CVE-2019-14866

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-02 17:10:15 +00:00
Peter Müller
c701ddcba5 update ca-certificates CA bundle 
Update the CA certificates list to what Mozilla NSS ships currently.

The original file can be retrieved from:
https://hg.mozilla.org/mozilla-central/raw-file/tip/security/nss/lib/ckfw/builtins/certdata.txt

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-02 17:07:00 +00:00
Arne Fitzenreiter
4622af5f15 core139: add hwdata to updater 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-02 17:05:15 +00:00
Arne Fitzenreiter
941520c69c Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next 2019-12-01 16:36:43 +01:00
Arne Fitzenreiter
d346d47467 up/down beep: move from ppp ip-up/down to general red.up/down 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-01 15:29:59 +01:00
Arne Fitzenreiter
455291f90e 70-dhcpdd.exe: don't run red.down scripts at "PREINIT" 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-01 14:43:49 +01:00
Arne Fitzenreiter
86409ab100 core139: add dhcp and network changes to updater 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-01 00:45:02 +01:00
Arne Fitzenreiter
f938083fb5 dhcpcd: 10-mtu break if carrier was lost 
some nic's like Intel e1000e needs a reinit to change the
mtu. In this case the dhcp hook reinit the nic and terminate now
to let the dhcpcd reinit the card in backgrounnd without running the
rest of the hooks.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-11-30 22:21:42 +01:00
Michael Tremer
4775d54ba6 clamav: Allow downloads to take up to 10 minutes 
freshclam did not have a receive timeout set and a default of
60s was used. That causes that the large main database cannot
be downloaded over a line with a 16 MBit/s downlink.

This patch increases that timeout and should allow a successful
download on slower connections, too.

Suggested-by: Tim Fitzgeorge <ipfb@tfitzgeorge.me.uk>
Fixes: #12246
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-11-30 10:53:59 +00:00
Matthias Fischer
78756496c9 bind: Update to 9.11.13 
For details see:

https://downloads.isc.org/isc/bind9/9.11.13/RELEASE-NOTES-bind-9.11.13.html

"Security Fixes

    Set a limit on the number of concurrently served pipelined TCP queries.
    This flaw is disclosed in CVE-2019-6477. [GL #1264]"

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-11-30 09:57:49 +00:00
Arne Fitzenreiter
df1aca40eb core139: add unbound to updater 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-11-30 09:56:29 +00:00
Matthias Fischer
0786c686ea unbound: Update to 1.9.5 
For details see:
https://nlnetlabs.nl/pipermail/unbound-users/2019-November/011897.html

"This release is a fix for vulnerability CVE-2019-18934, that can cause
shell execution in ipsecmod.

Bug Fixes:
- Fix for the reported vulnerability.

The CVE number for this vulnerability is CVE-2019-18934"

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-11-30 09:55:22 +00:00
Arne Fitzenreiter
b0e2dffde9 core139: add captive.cgi to updater 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-11-30 09:54:14 +00:00
Michael Tremer
1a23cf7324 bird: Fix path of configuration file in backup 
The backup did not pack the configuration file
due to an incorrect path.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-11-30 09:51:23 +00:00
Arne Fitzenreiter
007b99e540 core139: add pcregrep to updater 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-11-30 09:49:58 +00:00
Erik Kapfer
eb0adc17d6 pcre: Add pcregrep to core system 
Triggered by --> https://community.ipfire.org/t/pcregrep-on-ipfire/259 .

This patch adds pcregrep only from the actual package not from pcre-compat.

Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-11-30 09:49:15 +00:00
Arne Fitzenreiter
7942ff9875 core139: add updated calamaris mkreport 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-11-30 09:48:00 +00:00
Arne Fitzenreiter
e557cecbdd python: update to 2.7.17 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-11-28 18:41:18 +01:00
Arne Fitzenreiter
4baee8fa4c kernel: fix x86_64 rootfile 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-11-15 16:29:42 +01:00
Arne Fitzenreiter
699381b699 core138: insert emergency core update for new intel vulnarabilities. 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-11-15 06:10:37 +00:00
Arne Fitzenreiter
bf671bb2ae kernel: update to 4.14.154 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-11-14 21:23:08 +00:00
Arne Fitzenreiter
aee6dd0ba4 Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next 2019-11-14 22:13:23 +01:00
Arne Fitzenreiter
44b227b102 kernel: update to 4.14.154 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-11-14 22:12:12 +01:00
Arne Fitzenreiter
b1dc936cc6 rename core138 -> core139 to insert a emergency core update 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-11-14 17:34:03 +00:00
Arne Fitzenreiter
b0f2208425 intel-microcode: fix rootfile 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-11-14 17:31:18 +00:00
Arne Fitzenreiter
9e5434d4bf rename core138 -> core139 to insert a emergency core update 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-11-14 17:28:38 +00:00
Arne Fitzenreiter
60490558f6 core138: fix rootfile 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-11-14 02:42:54 +00:00
Arne Fitzenreiter
6eac34e431 intel-microcode: fix rootfile 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-11-14 01:55:46 +00:00
Arne Fitzenreiter
1d91ea28f9 bash: fix rootfile 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-11-14 01:55:38 +00:00
Arne Fitzenreiter
02ad01eb9f core138: fix intel-microcode rootfile link 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-11-13 20:08:41 +00:00
Peter Müller
1ec32691e9 intel-microcode: update to 20191112 
For release notes, refer to:
- https://blogs.intel.com/technology/2019/11/ipas-november-2019-intel-platform-update-ipu/
- https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20191112

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-11-13 19:58:08 +00:00