webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-23 09:22:59 +02:00
Code Issues Packages Projects Releases Wiki Activity
12,605 Commits 2 Branches 1 Tag
a6c298b540787fa0feffbe5191855a54f6c8a178
Commit Graph

5642 Commits

Author SHA1 Message Date
Michael Tremer
f0092a6e3e keepalived: Move change of conntrack sysctl option into package 
The setting cannot be set on the default system because the ip_vs
module is not loaded by default and there is no reason to load it
just because we would be able to set the setting.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-13 12:50:26 +01:00
Arne Fitzenreiter
f622fd8ed0 linux-initrd: fix build of uInit on aarch64 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-01-12 20:01:00 +01:00
Stefan Schantl
f107bb39c5 Revert "GeoIP: Drop legacy GeoIP perl module." 
This reverts commit 9d1708e081.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-11 00:08:54 +00:00
Matthias Fischer
035f6c75ae xtables-addons: Fix typo in lfs 
Just some typos...

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-11 00:08:46 +00:00
Michael Tremer
01db691a1e Bump kernel version to ship a new PAE kernel 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-10 22:48:25 +00:00
Matthias Fischer
e3429b4aad clamav: Update to 0.101.1 
For details see:
https://blog.clamav.net/2019/01/clamav-01011-patch-has-been-released.html

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-07 01:33:05 +00:00
Matthias Fischer
042a5fe60a tar: Update to 1.31, including fix for bug #11958 
For details see:

http://savannah.gnu.org/forum/forum.php?forum_id=9344

"- Fix heap-buffer-overrun with --one-top-level.
- Support for zstd compression.
- The -K option interacts properly with member names given in the command line.
- Fix CVE-2018-20482"

This patch was reverted because 'tar 1.31' crashed when installing PakFire packages
with the option '--no-overwrite-dir'.
See: https://bugzilla.ipfire.org/show_bug.cgi?id=11958

Included is now a patch from https://savannah.gnu.org/bugs/?55413, which seems to fix this issue.
The test cases given in https://savannah.gnu.org/bugs/?55413#comment1 ran without problems.

As always, please check and confirm.

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-07 01:31:43 +00:00
Stefan Schantl
9d1708e081 GeoIP: Drop legacy GeoIP perl module. 
The legacy GeoIP perl module cannot handle the new GeoLite2 databases
provided from maxmind and therefore needs to be dropped.

Reference #11960

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-07 01:21:27 +00:00
Stefan Schantl
a77870146f xtables-addons: Use shipped xt_geoip_build 
Use the shipped xt_geoip_build directly instead of holding a copy in our GIT.

Reference #11959

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-07 01:20:22 +00:00
Stefan Schantl
9f6849b3ad xtables-addons: Update to 3.2 
Reference #11959

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-07 00:35:16 +00:00
Michael Tremer
045d54c324 perl-Net-CIDR-Lite: Fix whitespace 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-07 00:31:46 +00:00
Stefan Schantl
985741db61 perl-Net-CIDR-Lite: New package. 
This is a runtime dependency of the xt_geoip_build perl script
shipped by xtables-addons in version 3.2.

Reference #11960.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-07 00:30:49 +00:00
Michael Tremer
7d5caee6bd Add initscript for conntrackd 
The daemon will be started by default when a configuration
file exists.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-06 08:59:25 +00:00
Michael Tremer
d68e150e86 proxy: Drop web browser check 
This is neither reliable nor up to date and is therefore removed

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-08 15:54:56 +01:00
Michael Tremer
d09cb651b5 Revert "tar: Update to 1.31" 
This reverts commit bb473fd1d6.

tar crashes when used with --no-overwrite-dir. See #11958.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-05 21:11:44 +00:00
Matthias Fischer
d01b31914a snort: Update to 2.9.12 
For details see:

Release notes:
https://snort.org/downloads/snort/release_notes_2.9.12.txt

Changelog:
https://snort.org/downloads/snort/changelog_2.9.12.txt

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-05 15:42:34 +00:00
Arne Fitzenreiter
5e6f343b7d python: update to 2.7.15 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-01-06 15:51:53 +01:00
Arne Fitzenreiter
b15309e9d1 transmission: update to 2.94 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-01-05 13:47:31 +01:00
Matthias Fischer
bb473fd1d6 tar: Update to 1.31 
For details see:
http://savannah.gnu.org/forum/forum.php?forum_id=9344

"- Fix heap-buffer-overrun with --one-top-level.
- Support for zstd compression.
- The -K option interacts properly with member names given in the command line.
- Fix CVE-2018-20482"

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-04 02:42:40 +00:00
Michael Tremer
2aff684f37 libvirt: The package no longer depends on jansson 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-03 15:12:39 +00:00
Erik Kapfer
e6f7f8e7ba database_attribute: Deliver/create index.txt.attr 
Fixes #11904

Since OpenSSL-1.1.0x the database attribute file for IPSec and OpenVPN wasn´t created while initial PKI generation.
OpenVPN delivered an error message but IPSec did crashed within the first attempt.
This problem persists also after X509 deletion and new generation.

index.txt.attr will now be delivered by the system but also deleted and recreated while setting up a new x509.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-03 14:52:53 +00:00
Matthias Fischer
4c83d9fbdc mc: Update to 4.8.22 
For details see:
http://midnight-commander.org/wiki/NEWS-4.8.22

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-02 17:20:21 +00:00
Michael Tremer
cdaad0cdd3 libvirt: Bump package version 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-02 16:24:39 +00:00
Matthias Fischer
c86d893830 squid: Update to 4.5 
For details see:
http://www.squid-cache.org/Versions/v4/changesets/

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-12-31 00:37:51 +00:00
Matthias Fischer
49deea707b wget: Update to 1.20.1 
This is a bugfix release:

"due to some privacy issues in default settings of Wget, we introduce
this bugfix release.

The --xattr option (saving original URL and Referer into extended file
attributes) was introduced and enabled by default since Wget 1.19.
It possibly saved - possibly unrecognized by the user - credentials,
access tokes etc that were included in the requested URL.

We changed three details as a countermeasure, see below in the NEWS section.

With Best Regards, Tim

...

NEWS

* Changes in Wget 1.20.1

** --xattr is no longer default since it introduces privacy issues.

** --xattr saves the Referer as scheme/host/port,
user/pw/path/query/fragment
   are no longer saved to prevent privacy issues.

   ** --xattr saves the Original URL without user/password to prevent
      privacy issues."

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-12-31 00:35:50 +00:00
Arne Fitzenreiter
4c76d08b2a kernel: fix generation of framebuffer blacklist 
modules are now xz compressed.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-01-02 15:33:16 +01:00
Arne Fitzenreiter
67c9261257 mpd: add soxr dependency 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-12-28 16:05:38 +01:00
Michael Tremer
e978f0429f keepalived: Fix incorrect path in initscript 
This path to keepalived was just incorrect and therefore
the daemon could not easily be reloaded.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-12-19 23:38:48 +00:00
Michael Tremer
086bb132ec ipvsadm: Update to 1.29 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-12-19 18:55:23 +00:00
Michael Tremer
4af8d6964b pcre: Enable JIT 
This is now possible because we no longer run grsecurity-enabled
kernels. The performance of PCRE increases dramatically and applications
like the IDS benefit hugely:

  https://blog.inliniac.net/2011/10/12/suricata-and-pcre-performance/

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-12-19 15:44:32 +00:00
Jonatan Schlag
909549b1d6 Update libvirt to version 4.10 
This partially fixes #11941 as libvirt now states clearly that seccomp
needs to be disabled

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-12-18 22:33:07 +00:00
Matthias Fischer
a2bcb4135b squid: Update to 4.4 (stable) 
For details see:
http://www.squid-cache.org/Versions/v4/changesets/

In July 2018, 'squid 4' was "released for production use", see:
https://wiki.squid-cache.org/Squid-4

"The features have been set and large code changes are reserved for later versions."

I've tested almost all 4.x-versions and patch series before with good results.
Right now, 4.4 is running here with no seen problems together with
'squidclamav', 'squidguard' and 'privoxy'.

I too would declare this version stable.

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-12-18 22:30:51 +00:00
erik.kapfer
27801da089 unbound: Add TFO support for unbound 
For further informations, see https://tools.ietf.org/html/rfc7413

Signed-off-by: erik.kapfer <ummeegge@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-12-18 22:30:39 +00:00
Matthias Fischer
cab2314ac4 bind: Update to 9.11.5-P1 
For details see:
http://ftp.isc.org/isc/bind9/9.11.5-P1/RELEASE-NOTES-bind-9.11.5-P1.html

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-12-18 22:29:39 +00:00
Michael Tremer
a38eb040bf sqlite: Update to 3.26.0 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-12-18 22:28:59 +00:00
Matthias Fischer
53ac9dd222 unbound: Update to 1.8.3 
For details see:
https://nlnetlabs.nl/svn/unbound/tags/release-1.8.3/doc/Changelog

"Fix dns64 allocation in wrong region for returned internal queries."

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-12-13 13:14:35 +00:00
Stefan Schantl
848ac69009 grub: xfs: Accept filesystem with sparse inodes 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Tested-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-12-13 13:07:53 +00:00
Michael Tremer
de4f303186 core127: Ship updated unbound 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-12-11 19:46:10 +00:00
Matthias Fischer
707846392e unbound: Update to 1.8.2 
For details see:
https://nlnetlabs.nl/projects/unbound/download/

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-12-11 19:45:28 +00:00
Matthias Fischer
5df66de303 clamav: Update to 0.101.0 
For details see:
https://blog.clamav.net/

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-12-11 19:42:22 +00:00
Michael Tremer
7e17de5f86 fireinfo: Add authentication for upstream proxies 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-12-11 19:38:21 +00:00
Arne Fitzenreiter
adde1ca8ce Merge branch 'master' into next 2018-12-11 08:01:59 +01:00
Arne Fitzenreiter
ed4bbe44d1 kernel: fix dwc2 (usb) dma crashes on RPi1-3 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-12-10 20:45:54 +01:00
Michael Tremer
c519be4226 haproxy: Create/restore backup when package is installed/uninstalled 
Fixes: #11946
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-12-10 00:36:04 +00:00
Arne Fitzenreiter
d05fe8e3e5 Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next 2018-12-07 21:06:45 +01:00
Arne Fitzenreiter
23a3aec100 cpufrequtils: update initskript for xz compressed modules 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-12-07 21:05:50 +01:00
Michael Tremer
f354601bbe initscripts: Import pakfire keys before importing AWS configuration 
This is useful when the user-data script is installing
packages. For that it will need valid keys for course.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-12-07 11:38:55 +00:00
Arne Fitzenreiter
827dd0faa4 kernel: update to 4.14.86 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-12-06 11:18:37 +01:00
Arne Fitzenreiter
91e08f20ff kernel: update to 4.14.85 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2018-12-02 00:01:37 +01:00
Michael Tremer
a4e3a76af9 bird: Add initscript 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-12-01 16:13:25 +00:00