webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-23 17:32:57 +02:00
Code Issues Packages Projects Releases Wiki Activity
22,776 Commits 2 Branches 1 Tag
955f8b14571d56cfd132710cdd29db30645aba67
Commit Graph

22776 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Stefan Schantl
955f8b1457 backup: Add /etc/ssh/sshd_config.d 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2024-12-13 14:36:51 +00:00
Stefan Schantl
1a4d5cfd92 openssh: Introduce include directory for additional sshd config files 
This patch adds the prosibility to place additional *.config files in /etc/ssh/sshd_config.d/
which will be included and loaded during the daemon startup process.

Because this files will not be overwritten by any update, they can be used to place custom
or other persistent settings.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2024-12-13 14:36:51 +00:00
Adolf Belka
38067c08c7 suricata: Update to version 7.0.8 
- Update from version 7.0.7 to 7.0.8
- Update of rootfile not required
- Changelog
    7.0.8
	Security #7412: tcp: generic detection bypass using TCP urgent support (7.0.x
	 backport)(HIGH - CVE 2024-55629)
	Security #7405: dns: quadratic complexity in logging and invalid json as output
	 (7.0.x backport)(HIGH - CVE 2024-55628)
	Security #7404: tcp: segfault on StreamingBufferSlideToOffsetWithRegions (7.0.x
	 backport)(CRITICAL - CVE 2024-55627)
	Security #7367: bpf: oversized bpf file can lead to buffer overflow (7.0.x
	 backport)(LOW - CVE 2024-55626)
	Security #7306: detect: write to read-only memory in transforms (7.0.x backport)
	 (CRITICAL - CVE 2024-55605)
	Bug #7445: dpdk: RSS key length missmatch on ice (E810) card with DPDK version
	 22.11.6  (7.0.x backport)
	Bug #7434: requires: rules with unmet requirements are still loaded (7.0.x
	 backport)
	Bug #7432: detect: decoder event rules fail to match on invalid packets (7.0.x
	 backport)
	Bug #7407: detect: missing app-layer metadata in alerts (7.0.x backport)
	Bug #7368: flow: flow timeout pseudo packet triggers unexpected alert (7.0.x
	 backport)
	Bug #7362: rules: unknown internal events not being detected as errors (7.0.x
	 backport)
	Bug #7339: rust: different int types turn garbage on FFI boundary (7.0.x backport)
	Bug #7335: asan/profiling: global-buffer-overflow error (7.0.x backport)
	Bug #7327: http: FN with prefilter if the first of multi buffer did not match
	 (7.0.x backport)
	Bug #7324: mqtt: wrong and missing direction for keywords (7.0.x backport)
	Bug #7310: http: incorrect file direction handling (7.0.x backport)
	Bug #7308: conf: memleak if yaml parser is initialized before checking if file
	 exists (7.0.x backport)
	Bug #7307: detect: memleak in case of errors during initialization (7.0.x
	 backport)
	Bug #7301: output: oversized records lead to invalid json (7.0.x backport)
	Bug #7295: detect: sip.stat_code keyword uses wrong buffer name
	Bug #7294: conf: nullptr dereference if mem alloc fails for a node in yaml
	 parser (7.0.x backport)
	Optimization #7316: template: remove usage of template-rust (7.0.x backport)
	Optimization #7275: tcp/reassemble: GetBlock takes O(nlgn) in worst case (7.0.x
	 backport)
	Feature #7439: eve/alert: enrich decoder event rules (7.0.x backport)
	Task #7427:  flowint: add isnotset support (7.0.x backport)
	Task #7288: schema: add missing tls fields certificate and chain (7.0.x backport)

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2024-12-13 14:32:58 +00:00
Arne Fitzenreiter
1e2abd66fb linux-firmware: ship needed config txt files. 
these files are parsed by the kernel at firmware load and are needed!
don't remove it again.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2024-11-26 12:02:50 +01:00
Arne Fitzenreiter
58b611a6ab kernel: update to 6.6.63 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2024-11-25 18:32:27 +01:00
Arne Fitzenreiter
5380ebc7c3 kernel: rootfile update aarch64 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2024-11-20 15:51:39 +01:00
Arne Fitzenreiter
c3d1de3ee8 kernel: rebase aarch64 patchset and add nanopi r2s plus oc devicetree 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2024-11-20 09:47:59 +01:00
Arne Fitzenreiter
8f36e4c896 transmission: add minipnpc as dependency 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2024-11-19 20:32:47 +01:00
Arne Fitzenreiter
adb153f64f miniupnpc: change to addon pak 
transmission need the lib at runtime.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2024-11-19 20:32:30 +01:00
Arne Fitzenreiter
a6fac033ba kernel: update to 6.6.62 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2024-11-19 19:19:28 +01:00
Arne Fitzenreiter
28636c46cb collectd: fix errormessage on fresh installations 
the /etc/collectd.d/ folder must have at least one file in it
so this add an file with a comment that custom configs should placed
there.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2024-11-09 09:46:53 +01:00
Arne Fitzenreiter
ac7c2b8270 kernel: update to 6.6.60 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2024-11-09 09:46:24 +01:00
Arne Fitzenreiter
e8b7c0bc3f networking/red: remove leftover debugging messages. 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2024-11-08 18:49:52 +01:00
Arne Fitzenreiter
afd54bb41a hostapd: fix start/stop buttons 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2024-11-06 11:49:11 +01:00
Arne Fitzenreiter
3cf9dba6b4 network-functions: fix add newline in $wireless_status 
with the other syntax perl suggest this change.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2024-11-05 17:48:17 +01:00
Arne Fitzenreiter
6ccbd48aa9 core190: ship intel-microcode 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2024-11-05 14:34:35 +01:00
Adolf Belka
2be32bfb99 intel-microcode: Update to version 20241029 
- Update from version 20240910 to 20241029
- Update of rootfile not required
- Changelog
    20241029
	Update for functional issues. Refer to 14th/13th Generation Intel® Core™
	 Processor Specification Update for details at
	 https://cdrdv2.intel.com/v1/dl/getContent/740518
	Updated Platforms
	 Processor   Stepping  F-M-S/PI     Old Ver   New Ver   Products
	 RPL-E/HX/S  B0        06-b7-01/32  00000129  0000012b  Core Gen13/Gen14

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2024-11-05 14:32:43 +01:00
Michael Tremer
76b6bc3e9d suricata: Explicitly ignore IPsec traffic unless enabled 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2024-11-05 14:29:53 +01:00
Arne Fitzenreiter
57853da08b core190: ship bind 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2024-11-05 09:19:23 +01:00
Matthias Fischer
ce45a76778 bind: Update to 9.20.3 
For details see:
https://downloads.isc.org/isc/bind9/9.20.3/doc/arm/html/notes.html#notes-for-bind-9-20-3

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2024-11-05 09:17:29 +01:00
Matthias Fischer
07abe4e2f6 unbound: Update to 1.22.0 
For details see:
https://nlnetlabs.nl/projects/unbound/download/#unbound-1-22-0

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2024-11-05 09:15:06 +01:00
Arne Fitzenreiter
3a92419680 core190: ship unbound-dhcp-leases-bridge 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2024-11-05 09:13:56 +01:00
Michael Tremer
e595fa1176 unbound-dhcp-leases-bridge: Fix expiry check on leases 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2024-11-05 09:12:30 +01:00
Michael Tremer
131bcfa999 unbound-dhcp-leases-bridge: Don't overwrite static leases 
When we import all static leases, their remark will be used as hostname
(because WTF?) and might be overwritten if the device is not sending any
or even the same hostname.

This patch avoids that static leases will be modified.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2024-11-05 09:12:17 +01:00
Michael Tremer
a81eefa265 unbound-dhcp-leases-bridge: Fix typo 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2024-11-05 09:11:55 +01:00
Michael Tremer
17a9ad2f52 unbound-dhcp-leases-bridge: Don't export expired leases to Unbound 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2024-11-05 09:11:43 +01:00
Arne Fitzenreiter
74849f68c9 core190: ship dhcp client changes 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2024-11-05 09:10:01 +01:00
Michael Tremer
c6282b001b networking: Allow changing DHCP Option Rapid Commit 
This option needs to be configurable since some (braindead) ISPs have
started running broken DHCP servers to be bug-compatible with cheap
broken plastic routers.

By default we keep this option enabled, but it can now be turned off
whenever needed.

Suggested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2024-11-05 09:06:01 +01:00
Arne Fitzenreiter
7350feee58 core190: ship files with fixed chown syntax 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2024-11-05 08:57:59 +01:00
Michael Tremer
2e92bfc047 chown: Replace . with : on all shipped scripts 
I don't like this messy bootup screen that we have with all sorts of
warnings that actually don't cause any problems, but make the boot
messy and send the wrong message to users.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2024-11-05 08:51:45 +01:00
Arne Fitzenreiter
7c0241405e core190: ship network-hotplug-bridges 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2024-11-05 08:50:01 +01:00
Michael Tremer
cacfaa1c89 udev: network-hotplug-bridges: Silence a warning when interfaces have gone away 
It can happen that udev has an event for an interface in the queue that
has already gone away - or even just being renamed.

Then reading the MAC address fails. Because the shell expands the
"$(<...)" statement before running the whole line, the read check is
useless.

Because the code would get too complicated otherwise, I decided to use
cat. Not cool, but this does the job.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2024-11-05 08:46:38 +01:00
Michael Tremer
3638d37c0d wlanap.cgi: Use the correct array to fetch the current interface 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2024-11-05 08:45:58 +01:00
Michael Tremer
3c904d268b hostapd: Enable logging to syslog 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2024-11-05 08:45:33 +01:00
Arne Fitzenreiter
d6dc07a1a8 kernel: update to 6.6.59 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2024-11-04 18:00:11 +01:00
Arne Fitzenreiter
06452d0db6 gdb: rootfile update 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2024-10-29 13:03:16 +01:00
Arne Fitzenreiter
da8dc5e86a Config: add ROOTFILE_APPEND variable to select rootfile 
also gcc on riscv64 has to different rootfile at build so make
the selection of an additional rootfile univarsal.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2024-10-27 13:47:57 +01:00
Arne Fitzenreiter
61a8c7dcdb kernel: fix riscv64 rootfile 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2024-10-27 09:48:23 +01:00
Arne Fitzenreiter
461de40d1a kernel: update riscv64 config and rootfile 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2024-10-26 10:06:12 +02:00
Arne Fitzenreiter
187336d851 gdb: update rootfile 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2024-10-26 10:01:08 +02:00
Arne Fitzenreiter
30da3342c1 ruby: make rootfile arch independend 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2024-10-26 09:54:31 +02:00
Arne Fitzenreiter
2d4e78dd24 gdb: update aarch64 rootfile 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2024-10-24 08:22:54 +02:00
Arne Fitzenreiter
37eb2ddd07 kernel: update to 6.6.58 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2024-10-24 08:22:21 +02:00
Arne Fitzenreiter
0c0af35ebc cdrom: add serial console to uEFI menu 
this is only needed on systems that support both video out and serial
console to force serial.
 2024-10-24 08:20:17 +02:00
Arne Fitzenreiter
e91ae5e75a flash-images: move sleep 1 to a better place 
kpartx trigger the automount feature of some desktop environments
which result in a mounted filesystem if it was created to fast after
kpartx.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2024-10-24 08:18:07 +02:00
Arne Fitzenreiter
78f1bb1de5 flash-images: add sleep 1 after umount the images 
sometime zerofree will not able to write without this delay.
I have no idea why?

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2024-10-16 21:37:19 +02:00
Arne Fitzenreiter
4d448aa458 vdr: update to version 2.6.9 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2024-10-16 21:35:00 +02:00
Arne Fitzenreiter
16fd55e550 lfs/Config: fix used rootfile for linux headers 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2024-10-16 21:33:58 +02:00
Arne Fitzenreiter
bc1444c489 nmap: rootfile update 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2024-10-16 21:32:40 +02:00
Arne Fitzenreiter
135b61b564 freeradius: update rootfile and increment PAK_VER 
new package is needed because a lib was not shipped with v21

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2024-10-16 21:30:32 +02:00