6828 Commits

Author	SHA1	Message	Date
Matthias Fischer	9177b69830	bind: Update to 9.11.6-P1 ... For details see: http://ftp.isc.org/isc/bind9/9.11.6-P1/RELEASE-NOTES-bind-9.11.6-P1.html "Security Fixes The TCP client quota set using the tcp-clients option could be exceeded in some cases. This could lead to exhaustion of file descriptors. This flaw is disclosed in CVE-2018-5743. [GL #615]" Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-05-07 23:48:24 +01:00
Michael Tremer	bc78976cc6	core132: Ship updated dhcpcd ... Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-05-07 23:46:36 +01:00
Michael Tremer	b38710a1cd	firewall: Allow SNAT rules with RED interface ... Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-05-07 23:45:17 +01:00
Michael Tremer	5a4617a871	core132: Ship updated firewall rules generator ... This patch also requires a reboot after installing this update so that the changed ruleset is being applied. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-04-30 10:58:31 +01:00
Michael Tremer	249839b0ca	firewall: Fix source/destination interface settings ... When a forwarding rule is being created, we sometimes create INPUT/OUTPUT rules, too. Those were slightly invalid because the source and destination interfaces where passed, too. This could render some rules in certain circumstances useless. This patch fixes this and only adds -i for INPUT and -o for OUTPUT rules. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-04-30 10:56:05 +01:00
Michael Tremer	ae93dd3deb	firewall: Add more rules to input/output when adding rules to forward ... The special_input/output_targets array assumed that firewall access will always be denied. However, rules also need to be created when access is granted. Therefore the ACCEPT target needs to be included in this list and rules must be created in INPUTFW/OUTGOINGFW too when ACCEPT rules are created in FORWARDFW. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-04-30 10:45:34 +01:00
Michael Tremer	68e0cf6714	grub: Update rootfile on i586 ... Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-04-30 10:45:02 +01:00
Michael Tremer	5085356151	glibc: Update rootfile for i586 ... Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-04-29 13:44:28 +01:00
Michael Tremer	864a5befd9	glibc: Update to 2.29 ... Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-04-28 09:44:38 +01:00
Michael Tremer	e81233173f	gcc: Update rootfile for aarch64 ... Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-04-28 09:44:38 +01:00
Michael Tremer	ecc9e5efb4	binutils: Update rootfile for aarch64 ... Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-04-28 09:44:37 +01:00
Michael Tremer	525f5d2959	gcc: Update to 8.3.0 ... This patch carries the rootfile for x86_64 only. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-04-28 09:44:37 +01:00
Michael Tremer	3596937440	binutils: Update to 2.32 ... This patch carries the rootfile for x86_64 only. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-04-28 09:44:37 +01:00
Michael Tremer	a7e185c590	grub: Fix rootfile ... Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-04-28 09:43:48 +01:00
Arne Fitzenreiter	20c7552e0d	Merge branch 'master' into next ... Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-04-26 19:39:55 +02:00
Michael Tremer	452d2b6eaa	grub: Disable efiemu on PC builds ... This won't compile with GCC 8 and we do not need it Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-04-26 16:19:42 +01:00
Michael Tremer	95028c1ce2	elfutils: Update to 0.176 ... Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-04-26 16:18:46 +01:00
Stefan Schantl	d4f3156777	convert-snort: Fix ownership of the generated homenet file. ... Fixes #12059. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-04-23 22:05:43 +02:00
Michael Tremer	a86bc6dfc6	suricata: EXTERNAL_NET should equal any ... This enables that we scan servers in ORANGE for clients in GREEN which absolutely makes sense. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-04-23 22:04:30 +02:00
Michael Tremer	56f6d107ff	suricata: Do not always convert rules to be bi-directional ... This creates some overhead that we do not need and rules need to be adjusted to match any direction they are supposed to match. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-04-23 22:03:33 +02:00
Michael Tremer	fabe150953	core132: Ship updated suricata initscript ... Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-04-23 20:56:07 +01:00
Michael Tremer	a1cd844f71	core132: Ship updated convert-snort script ... Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-04-23 20:55:22 +01:00
Stefan Schantl	25d424387e	convert-snort: Fix ownership of the generated homenet file. ... Fixes #12059. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-04-23 20:54:54 +01:00
Alexander Koch	6088176639	core132: Bugfix for typo in filelist ... Signed-off-by: Alexander Koch <ipfire@starkstromkonsument.de> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-04-23 20:53:36 +01:00
Michael Tremer	5061292091	suricata: EXTERNAL_NET should equal any ... This enables that we scan servers in ORANGE for clients in GREEN which absolutely makes sense. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-04-23 20:45:42 +01:00
Michael Tremer	f27bac491a	core132: Ship updated list of mime types ... Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-04-23 20:20:14 +01:00
Alexander Koch	68d7ae338e	apache / WPAD: Add correct MIME type for wpad.dat and proxy.pac ... Some clients require the correct MIME type to be set for accepting/handling the Proxy-Settings properly. See: http://findproxyforurl.com/deploying-wpad/ Signed-off-by: Alexander Koch <ipfire@starkstromkonsument.de> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-04-23 20:19:43 +01:00
Michael Tremer	2dd5e64592	suricata: Do not always convert rules to be bi-directional ... This creates some overhead that we do not need and rules need to be adjusted to match any direction they are supposed to match. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-04-23 20:18:07 +01:00
Arne Fitzenreiter	7b0c8a80af	core131: add services.cgi to update ... Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-04-23 19:21:30 +02:00
Michael Tremer	e967871e8f	Update contributors ... Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-04-20 14:21:46 +01:00
Michael Tremer	08caa596fa	core132: Ship WPAD/proxy changes ... Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-04-20 14:20:06 +01:00
Jonatan Schlag	43c3a386d1	Add new package libseccomp ... Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-04-20 14:12:50 +01:00
Michael Tremer	75faf7ac4f	core132: Ship changed suricata configuration ... Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-04-20 14:10:47 +01:00
Stefan Schantl	6e7c8a3303	suricata: Disable stats.log ... This log is mainly needed for debugging the IPS. It writes some stats every couple of seconds and will create some load on SD cards and other cheap storage that we do not need. Fixes #12056. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-04-20 14:09:21 +01:00
Michael Tremer	7af7ced6fc	Start Core Update 132 ... Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-04-20 14:07:43 +01:00
Michael Tremer	64aed99df6	suricata: Change runmode to workers ... Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-04-17 19:15:29 +01:00
Arne Fitzenreiter	5fa063f859	kernel: update to 4.14.112 ... Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-04-17 22:30:19 +02:00
Michael Tremer	26dc79a6fe	suricata: Do not let oinkmaster be too verbose ... Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-04-17 21:24:25 +01:00
Michael Tremer	e96adc7797	suricata: Redirect oinkmaster output to perl function ... The output was written to stderr before and landed in apache's error log where we do not want it. Fixes: #12004 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-04-17 20:59:55 +01:00
Arne Fitzenreiter	e91c83490b	wireless-regdb: update to 2019.03.01 ... Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-04-16 18:05:18 +02:00
Michael Tremer	fea27a56f7	haproxy: Backup certificates, too ... Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-04-16 13:23:17 +01:00
Michael Tremer	175f5c060e	backup: Allow passing name of tarball for creation/restore ... Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-04-16 13:22:10 +01:00
Michael Tremer	820b290982	Move IPS to a higher position in the Firewall menu ... Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-04-11 23:32:57 +01:00
Michael Tremer	e8b389e0f0	core131: Ship PTR changes in hosts.cgi ... Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-04-11 23:02:57 +01:00
Michael Tremer	32e7b93c28	udev: Rename interfaces when MACs are uppercase ... The script relied on the configuration being in lowercase. If people manually editied their configuration file they might not have paid attention to this and therefore this script now also accepts uppercase MAC addresses. Fixes: #12047 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-04-11 21:59:41 +01:00
Michael Tremer	dccbdf5b97	suricata: Take as much off of the CPU as possible ... https://suricata.readthedocs.io/en/suricata-4.1.3/performance/high-performance-config.html This will compile the ruleset as efficient as possible and allows the IPS to run faster on smaller systems. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-04-12 17:59:21 +01:00
Michael Tremer	2c44da1382	core131: Ship updated setup ... Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-04-11 10:29:56 +01:00
Alexander Koch	41b7369f80	zabbix_agentd: Bugfix for /etc/sudoers.d/zabbix.user ... Files containing an '~' or '.' are ignored by sudo when placed in the includedir /etc/sudoers.d This makes the file useless. The file is renamed to "zabbix" instead of "zabbix.user" to fix this. See: https://www.sudo.ws/man/1.8.13/sudoers.man.html#Including_other_files_from_within_sudoers Signed-off-by: Alexander Koch <ipfire@starkstromkonsument.de> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-04-11 07:55:10 +01:00
Arne Fitzenreiter	d27675b081	Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next	2019-04-11 07:31:11 +02:00
Arne Fitzenreiter	a2907cdd9f	Merge remote-tracking branch 'origin/master' into next ... Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-04-11 07:30:26 +02:00