bpfire

mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-19 23:43:00 +02:00

Author	SHA1	Message	Date
Peter Müller	b5e1ccaee2	kernel: enable CONFIG_DEBUG_WX on aarch64 Since this is described as 'Generate a warning if any W+X mappings are found at boot.', it most likely does not break anything and can be safely enabled. Fixes: #12373 Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org> Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Acked-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2020-06-02 11:14:50 +00:00
Peter Müller	efd508e9f6	kernel: enable page poisoning on x86_64 This is already active on i586 and prevents information leaks from freed data. Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org> Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2020-06-02 11:14:15 +00:00
Peter Müller	442a7f5ea2	Kernel: drop Memstick support These are not needed anymore since Sony announced EOL in 2010 and there is no legitimate use case for such hardware on a firewall system. Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2020-06-02 11:13:14 +00:00
Peter Müller	90ecad4f66	Kernel: drop bluetooth support The bluetooth addon was recently removed by commit `592be1d206`, which is why we do not need to carry the corresponding kernel modules around anymore. The second version of this patch correctly updates kernel configuration files via "make oldconfig" as requested by Arne. Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org> Cc: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2020-06-02 11:12:58 +00:00
Arne Fitzenreiter	bea09ff261	core145: found more urlfilter db files to cleanup Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2020-05-30 18:04:33 +00:00
Arne Fitzenreiter	30830d62a0	core145: remove converted urlfilter database to force rebuilt with new db. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2020-05-30 17:33:40 +00:00
Matthias Fischer	ca33424de5	minidlna: Update to 1.2.1 For details see: https://sourceforge.net/projects/minidlna/files/minidlna/1.2.1/ Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2020-05-26 11:13:06 +00:00
Michael Tremer	6d78ec1a1c	core145: Enable OpenVPN metrics collection Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2020-05-26 11:12:39 +00:00
Michael Tremer	7479c99349	ids-functions.pl: Quote array of subnets Reported-by: Daniel Weismüller <daniel.weismueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2020-05-20 12:39:17 +00:00
Arne Fitzenreiter	76a1dedb4f	move perl-DBI and perl-DBD-SQLite to core system Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2020-05-20 09:47:25 +00:00
Arne Fitzenreiter	1d3698fc00	core145: add bind Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2020-05-19 19:45:29 +00:00
Matthias Fischer	c7e79ba602	bind: Update to 9.11.19 For details see: https://downloads.isc.org/isc/bind9/9.11.19/RELEASE-NOTES-bind-9.11.19.html "Security Fixes To prevent exhaustion of server resources by a maliciously configured domain, the number of recursive queries that can be triggered by a request before aborting recursion has been further limited. Root and top-level domain servers are no longer exempt from the max-recursion-queries limit. Fetches for missing name server address records are limited to 4 for any domain. This issue was disclosed in CVE-2020-8616. [GL #1388] Replaying a TSIG BADTIME response as a request could trigger an assertion failure. This was disclosed in CVE-2020-8617. [GL #1703] Feature Changes Message IDs in inbound AXFR transfers are now checked for consistency. Log messages are emitted for streams with inconsistent message IDs. [GL #1674] Bug Fixes When running on a system with support for Linux capabilities, named drops root privileges very soon after system startup. This was causing a spurious log message, "unable to set effective uid to 0: Operation not permitted", which has now been silenced. [GL #1042] [GL #1090] When named-checkconf -z was run, it would sometimes incorrectly set its exit code. It reflected the status of the last view found; if zone-loading errors were found in earlier configured views but not in the last one, the exit code indicated success. Thanks to Graham Clinch. [GL #1807] When built without LMDB support, named failed to restart after a zone with a double quote (") in its name was added with rndc addzone. Thanks to Alberto Fernández. [GL #1695]" Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2020-05-19 19:45:02 +00:00
Arne Fitzenreiter	35d361d72e	core145: stop/start suricata and squid Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2020-05-19 19:43:39 +00:00
Arne Fitzenreiter	1eba21f2a8	core145: restart squid Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2020-05-19 19:41:22 +00:00
Arne Fitzenreiter	996b64e513	core145: add unbound Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2020-05-19 19:39:30 +00:00
Matthias Fischer	82d0a71743	unbound: Update to 1.10.1 For details see: https://lists.nlnetlabs.nl/pipermail/unbound-users/2020-May/006833.html Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2020-05-19 19:36:13 +00:00
Arne Fitzenreiter	714ef1cf95	core145: add knot Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2020-05-18 20:21:21 +00:00
Arne Fitzenreiter	177f79b692	core145: add ids-functions.pl Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2020-05-18 20:19:16 +00:00
Stefan Schantl	adb320bc4a	ids-functions.pl: Fix generating of HOME_NET declaration Fixes #12407. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2020-05-18 20:09:07 +00:00
Arne Fitzenreiter	dde7e22c44	core145: add pci id database Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2020-05-17 07:57:45 +00:00
Erik Kapfer	3f6b25de59	tshark: Update to version 3.2.3 This update includes several bugfixes but also updated protocols. For a full overview, in here --> https://www.wireshark.org/docs/relnotes/wireshark-3.2.3.html the changelog can be found. Signed-off-by: Erik Kapfer <ummeegge@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2020-05-17 07:54:30 +00:00
Erik Kapfer	8e1149afd4	libseccomp: Update to version 2.4.3 - Add list of authorized release signatures to README.md - Fix multiplexing issue with s390/s390x shm* syscalls - Remove the static flag from libseccomp tools compilation - Add define for __SNR_ppoll - Update our Travis CI configuration to use Ubuntu 18.04 - Disable live python tests in Travis CI - Use default python, rather than nightly python, in TravisCI - Fix potential memory leak identified by clang in the scmp_bpf_sim too The changelog can be found in here https://github.com/seccomp/libseccomp/blob/master/CHANGELOG . Signed-off-by: Erik Kapfer <ummeegge@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2020-05-17 07:53:48 +00:00
Michael Tremer	b61a9a2716	shairport-sync: Update to 3.3.6 This patch also fixes the backup. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2020-05-17 07:53:25 +00:00
Erik Kapfer	4728e44c51	update.sh: Stop\|Start OpenVPN for update Signed-off-by: Erik Kapfer <ummeegge@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2020-05-17 07:53:04 +00:00
Arne Fitzenreiter	e3226328ea	core145: update rng init Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2020-05-17 07:51:32 +00:00
Michael Tremer	97b1857ba4	random: Initialise the kernel's PRNG earlier Since more processes depend on good randomness, we need to make sure that the kernel's PRNG is initialized as early as possible. For systems without a HWRNG, we will need to fall back to our noisy loop and wait until we have enough randomness. This patch also removes saving and restoring the seed. This is no longer useful because the kernel's PRNG only takes any input after it has successfully been seeded from other sources. Hence adding this seed does not increase its randomness. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2020-05-17 07:46:32 +00:00
Michael Tremer	65cb935200	random: Launch rngd earlier in the boot process We should initialise the kernel's PRNG as early as we can. Starting rngd very early will seed the random number generator when RDRAND or other hardware random number generators are available. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2020-05-17 07:45:30 +00:00
Arne Fitzenreiter	80a2765de5	core145: add files linked against new libpng, libdb also bump cups-filters, ghostscript, minidlna and qemu Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2020-05-13 20:44:43 +00:00
Arne Fitzenreiter	bd61ace39b	core145: add gnupg, squid and bump cups they are linked against updated openldap Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2020-05-13 18:46:04 +00:00
Arne Fitzenreiter	289a86a320	rootfiles: change MACHINE to xxxMACHINExxx berkeley has a file that nane contain MACHINE wich should not replaced by the build architecture. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2020-05-10 17:27:28 +00:00
Arne Fitzenreiter	c6744d67f0	mtools: update rootfile Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2020-05-10 07:36:12 +00:00
Arne Fitzenreiter	d1e20e8ca7	core145: fix firewall rules.pl path Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2020-05-09 19:27:02 +00:00
Arne Fitzenreiter	098f5bbc07	pcengines-apu-firmware: update to 4.11.0.6 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2020-05-09 12:29:04 +00:00
Arne Fitzenreiter	2e00633faf	core145: add suricata and libhtp Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2020-05-09 12:27:50 +00:00
Arne Fitzenreiter	7ca588c8ba	core145: add firewall rules.pl Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2020-05-09 12:23:49 +00:00
Michael Tremer	c22369a916	firewall: Log accepted connections even when NAT is active Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2020-05-09 12:21:16 +00:00
Arne Fitzenreiter	17482a3797	core145: add optionsfw.cgi Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2020-05-09 12:18:48 +00:00
Peter Müller	33954320f9	graph.pl: fix intendation of user CPU load Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2020-05-09 12:17:35 +00:00
Peter Müller	a0774e3cc8	system.cgi: properly translate load average graph Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2020-05-09 12:17:23 +00:00
Arne Fitzenreiter	6b574add3d	core145: add graphs.pl Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2020-05-09 12:15:51 +00:00
Peter Müller	e01c49b466	graphs.pl: use brackets instead of hypens This simply makes more sense in most languages, as INPUT, OUTPUT and FORWARD are special cases of firewall hits in general. Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2020-05-09 12:14:01 +00:00
Peter Müller	992f944b3b	graphs.pl: fix spelling of "SYN" This merely is a cosmetic change, but since we are dealing with network packets here, the SYN flag must be capitalised. Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2020-05-09 12:12:35 +00:00
Arne Fitzenreiter	1cf08de150	core145: add BerkeleyDB, berkeley, berkeley-compat and openldap Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2020-05-09 12:09:35 +00:00
Michael Tremer	18d000c486	netatalk: New package This package adds a daemon for Apple's File Protocol Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2020-05-09 12:03:59 +00:00
Michael Tremer	77ed195189	berkeley: Re-add 4.4 as compat package We have loads of packages linked against the older version which is difficult to update. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2020-05-09 12:03:42 +00:00
Michael Tremer	a3f1e8ee50	berkeley: Update to 5.3.28 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2020-05-09 12:03:23 +00:00
Michael Tremer	3ca0c6783a	openldap: Update to 2.4.49 This patch removes slapd which is unused in IPFire. Everything linked against the old version needs to be shipped with this update. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2020-05-09 12:03:02 +00:00
Michael Tremer	918292b668	BerkeleyDB: Update to 0.63 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2020-05-09 12:02:37 +00:00
Arne Fitzenreiter	baf066d6cd	core145: add hyperscan Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2020-05-09 12:01:03 +00:00
Erik Kapfer	b877372d92	hyperscan: Update to version 5.2.1 Several bugfixes, improvements and extra detection has been added. For the full changelog, take a look into here --> https://github.com/intel/hyperscan/blob/master/CHANGELOG.md . Signed-off-by: Erik Kapfer <ummeegge@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2020-05-09 11:54:34 +00:00

1 2 3 4 5 ...

7414 Commits