we have removed the -multi after the kernel name but
in the update script delete *-multi-* which leftover
the arm specific dtb folder and uImages.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
- Add ms-classless-static-routes and rfc3442-classless-static-routes as options for dhcp
These are apparently required for deployiong classless IP routes
- Original static-routes option is not intended for classless IP routing but is being
left in place for backward compatibility
- The option "rfc3442-classless-static-routes" is for normal clients
- The option "ms-classless-static-routes" is for Microsoft clients
Fixes: bug 12291
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
For details see:
https://dlcdn.apache.org//httpd/CHANGES_2.4.52
Excerpt from changelog:
""Changes with Apache 2.4.52
*) SECURITY: CVE-2021-44790: Possible buffer overflow when parsing
multipart content in mod_lua of Apache HTTP Server 2.4.51 and
earlier (cve.mitre.org)
A carefully crafted request body can cause a buffer overflow in
the mod_lua multipart parser (r:parsebody() called from Lua
scripts).
The Apache httpd team is not aware of an exploit for the
vulnerabilty though it might be possible to craft one.
This issue affects Apache HTTP Server 2.4.51 and earlier.
Credits: Chamal
*) SECURITY: CVE-2021-44224: Possible NULL dereference or SSRF in
forward proxy configurations in Apache HTTP Server 2.4.51 and
earlier (cve.mitre.org)
A crafted URI sent to httpd configured as a forward proxy
(ProxyRequests on) can cause a crash (NULL pointer dereference)
or, for configurations mixing forward and reverse proxy
declarations, can allow for requests to be directed to a
declared Unix Domain Socket endpoint (Server Side Request
Forgery).
This issue affects Apache HTTP Server 2.4.7 up to 2.4.51
(included).
Credits: 漂亮é¼
TengMA(@Te3t123)
..."
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update en.pl, it.pl and ru.pl to replace "an core-update" with "a core-update"
Fixes: Bug#12747
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Some paths might not exist on some systems which caused the installer to
abort the installation. This patch makes the installer ignore this
condition.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Suricata will print a warning on startup if the collection of stats
is enabled but no stats logger, which will print them out is enabled.
Acctually we do not use any stats so this safely can be disabled.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
This will prevent suricata from displaying a warning on startup and
anyway would be the log level which suricata switches in such a case.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
All of them are disabled by default, but may be needed in some
environments and so easily can be enabled there.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
When adding a host to the whitelist set the bypass flag to
immediate take the load from the IDS.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
The "/var/ipfire/suricata/suricata-default-rules.yaml" file, now
dynamicall will be generated, based on the enabled application layer
protocols.
Only existing rulefiles for enabled app layer protocols will be loaded.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
This function call suricata to obtain a list of enabled application
layer protocols (application/protocol parsers).
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
directory.
If there are one, they safly can be removed because the *.config files
now live in a different folder.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
exists before returning the filename.
This will prevent from using and processing non existing files.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
This prevents from running the script while the WUI is performing
operations at the same time or to launch multiple instances of the
script.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
determined.
If no timestamp could be grabbed for rulestarball of a given provider,
return N/A.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
* Check if the system is online.
* Check if enough free disk space is available.
* Abort whith an error message if the ruleset could not be
downloaded.
In error case the provider now will be removed again from the file which
keeps the configured providers. Sadly it needs to be added first because
otherwise the downloader could not read the required values from it.....
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
The test condition was wrong here and therefore oinkmaster never has
been executed when this setting has been changed.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
This converter does all the magic to convert any suricata
based IPFire version to work with the new multiple providers
IDS.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
