webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 18:45:54 +02:00
Code Issues Packages Projects Releases Wiki Activity
14,075 Commits 2 Branches 1 Tag
984f14bdc4e1663200d286f98935158884366fa4
Commit Graph

14075 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Tremer
984f14bdc4 dns.cgi: Fix handling of WARNINGs from kdig 
There might be multiple warnings which must all be shown
to the user.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-01-07 14:41:13 +00:00
Michael Tremer
71471d9bde dns.cgi: Remove smartmatch operator 
Perl likes to make things difficult

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-01-07 13:46:11 +00:00
Michael Tremer
dab1258a78 dns.cgi: Timeout after 2 seconds for DNS server checks 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-01-07 13:45:21 +00:00
Michael Tremer
1434fa0df5 DNS: Write name servers received from ISP to /var/run/dns{1,2} 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-01-07 13:35:45 +00:00
Michael Tremer
4e2d3325af unbound: Drop live checks 
Those checks have caused us a lot of trouble and are now being dropped.

Users must make sure to choose servers that support DNSSEC or enable
any of the tunneling mechanisms to be able to reach them.

Fixes: #12239
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-01-07 13:11:38 +00:00
Michael Tremer
ffc46751f2 unbound: Add path to TLS CA bundle 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-01-07 12:59:24 +00:00
Michael Tremer
ee90aa9858 unbound: No longer read old configuration file 
The old configuration file in /etc/sysconfig/unbound is no
longer being used and all settings should be in
/var/ipfire/dns/settings.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-01-07 12:58:28 +00:00
Michael Tremer
50005ad1d4 unbound: Write upstream name servers to forward.conf 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-01-07 12:55:35 +00:00
Michael Tremer
94a51c64bb unbound: Remove test-name-server command 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-01-07 11:18:41 +00:00
Michael Tremer
15cf79e3b8 unbound: Convert forward zones to stub zones 
It was incorrect to use forward zones here, because that
assumes that unbound is talking a recursive resolver here.

The feature is however designed to be talking to an authoritative
server.

Fixes: #12230
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-01-07 11:14:30 +00:00
Michael Tremer
dea5f34914 unbound: Allow forcing to speak TLS to upstream servers only 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-01-07 11:14:05 +00:00
Michael Tremer
372576e0ab unbound: Set EDNS buffer size to 1232 bytes 
Fixes: #12240
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-01-07 11:12:33 +00:00
Michael Tremer
3bf804e834 dns.cgi: Set EDNS buffer size to 1232 
References: #12240
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-01-07 11:06:10 +00:00
Michael Tremer
0fa6bde78a Update English translation 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-01-07 10:53:34 +00:00
Michael Tremer
cdfc93cb7a webif: Show menu entry for DNS all the time 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-01-07 10:48:01 +00:00
Michael Tremer
e8981e3c8f netexternal.cgi: Drop DNSSEC status 
This has now been moved to the new dns.cgi.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-01-07 10:45:08 +00:00
Michael Tremer
ecbf66761f DNS: Add converter to migrate settings 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-01-07 10:43:19 +00:00
Stefan Schantl
2946d562f1 langs/en.pl: Add new strings for modified dns.cgi. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2020-01-07 09:35:47 +00:00
Stefan Schantl
24d7c5ef6b dns.cgi: Rework to allow central DNS configuration. 
Fixes #12237.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2020-01-07 10:30:37 +01:00
Stefan Schantl
456f0b06f4 pppsetup.cgi: Remove support for configure DNS settings. 
Fixes #12234.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2020-01-05 12:37:57 +01:00
Stefan Schantl
0bb159bbfc Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next 2020-01-05 12:15:00 +01:00
Arne Fitzenreiter
916859f5fa core140: add gcc changes to updater 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-01-05 09:28:20 +00:00
Peter Müller
96ac98a568 Tor: update to 0.4.2.5 
Please refer to https://blog.torproject.org/new-release-0425-also-0417-0406-and-0359
for release notes.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-01-04 18:25:00 +00:00
Peter Müller
ae28d23d4d libseccomp: update to 2.4.2 
Please refer to https://github.com/seccomp/libseccomp/releases/tag/v2.4.2
for release notes.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-01-04 18:24:49 +00:00
Michael Tremer
ac7ada2a15 openvmtools: Update to 11.0.0 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-01-04 18:24:29 +00:00
Michael Tremer
321c211528 glib: Fix compiling with GCC 9 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-01-04 18:24:15 +00:00
Michael Tremer
d04fb4ee34 efivar: Update to 37 
This also fixes some build issues with GCC 9.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-01-04 18:23:54 +00:00
Michael Tremer
3e8dd2d3ed mdadm: Update to 4.1 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-01-04 18:23:52 +00:00
Michael Tremer
c63ba73e3a mpc: Update to 1.1.0 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-01-04 18:23:39 +00:00
Michael Tremer
d3e4320bed mpfr: Update to 4.0.2 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-01-04 18:23:28 +00:00
Michael Tremer
210b27e179 gcc: Update to 9.2.0 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-01-04 18:23:09 +00:00
Michael Tremer
2f4d1ecb9a lang: Fix typo in "Writen Bytes" and fix grammar 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-01-03 21:18:36 +00:00
Arne Fitzenreiter
3a3f4c37f2 core140: add convert-snort to updater 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-01-03 21:17:05 +00:00
Stefan Schantl
cde7cab264 convert-snort: Check and convert snort user and group. 
Fixes #12102.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-01-03 21:15:11 +00:00
Arne Fitzenreiter
592d3708fe Revert "bind: Update to 9.11.14" 
build fails on armv5tel: https://nightly.ipfire.org/next/2020-01-02%2016:17:54%20+0000-c846ed16/armv5tel/

This reverts commit 7d9b0ab697.
 2020-01-03 21:13:30 +00:00
Stefan Schantl
c5d20f9665 Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next 2020-01-03 11:06:47 +01:00
Arne Fitzenreiter
c846ed1616 pakfire: use HTTPS if no protocol is specified 
also use HTTPS on fallback to mainserver if no mirror was left

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2020-01-02 16:17:54 +00:00
Arne Fitzenreiter
f93238725f Merge branch 'master' into next 2020-01-02 15:59:53 +00:00
Michael Tremer
25d5058974 stripper: Strip all unneeded relocation information 
Libraries were treated differently and therfore it could
happen that they were not stripped from any unnecessary
relocation information at all.

This patch changes that and strips everything from
libraries that we do not need.

The ISO was 3MB smaller.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-29 19:20:44 +00:00
Matthias Fischer
61a4972bc6 nano: Update to 4.7 
For details see:
https://www.nano-editor.org/news.php

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-29 19:20:13 +00:00
Arne Fitzenreiter
4e04cc87e7 core140: add bind to updater 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-29 19:19:12 +00:00
Matthias Fischer
7d9b0ab697 bind: Update to 9.11.14 
For details see:
https://downloads.isc.org/isc/bind9/9.11.14/RELEASE-NOTES-bind-9.11.14.html

"Bug Fixes

Fixed a bug that caused named to leak memory on reconfiguration when any
GeoIP2 database was in use. [GL #1445]

Fixed several possible race conditions discovered by Thread Sanitizer."

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-29 19:17:45 +00:00
Arne Fitzenreiter
72c24beae2 core140: add file to updater 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-29 19:16:55 +00:00
Michael Tremer
1eb657a66c file: Update to 5.38 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-29 19:15:57 +00:00
Michael Tremer
edf221cbfc dehydrated: Update to 0.6.5 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-29 19:15:09 +00:00
Stefan Schantl
0db643ce38 rfkill: New package. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Acked-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-29 19:14:30 +00:00
Arne Fitzenreiter
0ef5f4a091 core140: add ids.cgi and suricata initskript to updater 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-29 19:13:28 +00:00
Stefan Schantl
51b63b4186 IDS: Allow to inspect traffic from or to OpenVPN 
This commit allows to configure suricata to monitor traffic from or to
OpenVPN tunnels. This includes the RW server and all established N2N
connections.

Because the RW server and/or each N2N connection uses it's own tun?
device, it is only possible to enable monitoring all of them or to disable
monitoring entirely.

Fixes #12111.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-29 19:12:06 +00:00
Arne Fitzenreiter
a1cf33ca8f core140: add suricata and libhtp to updater 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-29 19:10:55 +00:00
Matthias Fischer
907874c4be libhtp: Update to 0.5.32 
For details see:
https://github.com/OISF/libhtp/releases

Bundled with 'suricata 4.1.6'

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-29 19:09:27 +00:00