webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-16 14:03:00 +02:00
Code Issues Packages Projects Releases Wiki Activity
14,016 Commits 2 Branches 1 Tag
d1ca2d1fd5f52bc31c7b4e8c663aa936363eac07
Commit Graph

14016 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Stefan Schantl
d1ca2d1fd5 GeoIP: Drop package 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-12-09 14:50:51 +01:00
Stefan Schantl
9433a59690 geoip-generator: Drop package 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-12-09 14:47:18 +01:00
Stefan Schantl
e4df56f999 Rootfile update. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-12-09 14:37:14 +01:00
Stefan Schantl
03c8f290d9 xtables-addons: Remove xt_geoip_build script 
This script is not longer required.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-12-09 14:35:15 +01:00
Stefan Schantl
eaba273a5f crontab: Adjust crontab to hourly launch the update-location-database 
script.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-12-09 14:26:26 +01:00
Stefan Schantl
8aea15899b Introduce update-location-database script. 
This script obsoletes the old xt_geoip_update script.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-12-09 14:25:51 +01:00
Stefan Schantl
ad47d2ae80 firewall/rules.pl: Add code to collect and export all required country 
codes.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-12-09 11:08:23 +01:00
Stefan Schantl
e758c76384 geoip-functions.pl: Add functions to export locations and to flush them. 
The export_locations() function requires an array of country codes which
should be exported by the location-exporter script.

The flush_exported_locations() function is used to flush (delete) all
exported location files.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-12-09 11:05:31 +01:00
Stefan Schantl
f5ad4246de firewall/rules.pl: Make geoipsettings hash and locations array 
script-wide available.

This allows to re-use them.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-12-09 11:04:30 +01:00
Stefan Schantl
9b2594d8e6 geoip-functions.pl: Export variables. 
This easily allows to use them in other perl script.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-12-08 18:10:12 +01:00
Stefan Schantl
6fd1d4fa23 libloc: Fix rootfile 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-12-06 15:31:56 +01:00
Stefan Schantl
95bb1a5c95 logs.cgi/showrequrestfromcountry.dat: Use new location lookup method. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-12-06 14:42:09 +01:00
Stefan Schantl
9288b11011 remote.cgi: Use new location lookup method. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-12-06 14:39:54 +01:00
Stefan Schantl
83ccdf7fea openvpnmain.cgi: Use new location lookup method. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-12-06 14:36:48 +01:00
Stefan Schantl
bb7ba3b404 netexternal.cgi: Use new location lookup method. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-12-06 14:33:54 +01:00
Stefan Schantl
50494dfd6e logs.cgi/*: Use new location lookup method. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-12-06 14:30:39 +01:00
Stefan Schantl
87bc6401bc connections.cgi: Use new location lookup method. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-12-06 14:22:01 +01:00
Stefan Schantl
13c0fb7910 ipinfo.cgi: Use new location lookup method. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-12-06 14:21:08 +01:00
Stefan Schantl
8a64d10f24 geoip-functions.pl: Use libloc instead of maxmind for address lookups. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-12-06 14:20:31 +01:00
Stefan Schantl
e34dbea747 geoip-locations.pl: Rework method to grab and handling GeoIP locations. 
Now directly get the locations which are part of ISO 3166 from the perl
Locale::Country module. In case it is not listed there grab the country
code and location name from a hash.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-12-06 13:58:20 +01:00
Stefan Schantl
45b32f4dcf Locale-Country: Update to 3.62 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-12-06 13:56:46 +01:00
Stefan Schantl
d938509ed9 libloc: New package 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-12-06 13:54:59 +01:00
Arne Fitzenreiter
898dc600e6 pcengines-firmware: fix rootfile 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-06 03:18:09 +01:00
Peter Müller
f7c8d15089 Core Update 139: ship updated OpenSSH 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-05 18:00:26 +00:00
Peter Müller
81502fe6f3 OpenSSH: update to 8.1p1 
Please refer to https://www.openssh.com/txt/release-8.1 for release notes.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-05 18:00:11 +00:00
Arne Fitzenreiter
43fa700e11 pcengines-firmware: update to 4.10.0.3 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-05 18:53:16 +01:00
Arne Fitzenreiter
6fb7936c16 intel-microcode: update to 20191115 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-05 12:48:13 +01:00
Arne Fitzenreiter
0894092e2c linux-firmware: update to 20191022 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-05 12:44:45 +01:00
Arne Fitzenreiter
7ff42686ec core139: add cpio to updater 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-02 17:11:30 +00:00
Matthias Fischer
01493f7a44 cpio: Update to 2.13 
For details see:
https://www.gnu.org/software/cpio/

Fix CVE-2015-1197
Fix CVE-2016-2037
Fix CVE-2019-14866

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-02 17:10:15 +00:00
Matthias Fischer
9d6e22e3fc nano: Update to 4.6 
For details see:
https://www.nano-editor.org/news.php

... and a long list of other changes in https://www.nano-editor.org/dist/latest/ChangeLog ...

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-02 17:09:55 +00:00
Peter Müller
18f1b46e1a spectre-meltdown-checker: update to 0.42 
See https://github.com/speed47/spectre-meltdown-checker/releases/tag/v0.42
for release announcements.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-02 17:09:41 +00:00
Peter Müller
6d0a2f8b1e Postfix: update to 3.4.8 
See http://www.postfix.org/announcements/postfix-3.4.8.html for release
announcements.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-02 17:09:09 +00:00
Peter Müller
c701ddcba5 update ca-certificates CA bundle 
Update the CA certificates list to what Mozilla NSS ships currently.

The original file can be retrieved from:
https://hg.mozilla.org/mozilla-central/raw-file/tip/security/nss/lib/ckfw/builtins/certdata.txt

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-02 17:07:00 +00:00
Arne Fitzenreiter
4622af5f15 core139: add hwdata to updater 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-02 17:05:15 +00:00
Peter Müller
bf9fa6d864 hwdata: update PCI/USB databases 
PCI IDs: 2019-11-26 03:15:03
USB IDs: 2019-11-05 20:34:06

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-02 17:02:20 +00:00
Arne Fitzenreiter
bedfda83c9 dhcpcd.exe: remove red.down run on "NOCARRIER" 
after "NOCARRIER" the dhcp client always run "EXPIRE" event.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-01 18:33:19 +01:00
Arne Fitzenreiter
941520c69c Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next 2019-12-01 16:36:43 +01:00
Arne Fitzenreiter
d346d47467 up/down beep: move from ppp ip-up/down to general red.up/down 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-01 15:29:59 +01:00
Arne Fitzenreiter
455291f90e 70-dhcpdd.exe: don't run red.down scripts at "PREINIT" 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-01 14:43:49 +01:00
Arne Fitzenreiter
86409ab100 core139: add dhcp and network changes to updater 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-12-01 00:45:02 +01:00
Arne Fitzenreiter
fff96e3945 networking red: add delay to wait for carrier 
some nic's need some time after link up to get a carrier

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-11-30 22:26:00 +01:00
Arne Fitzenreiter
f938083fb5 dhcpcd: 10-mtu break if carrier was lost 
some nic's like Intel e1000e needs a reinit to change the
mtu. In this case the dhcp hook reinit the nic and terminate now
to let the dhcpcd reinit the card in backgrounnd without running the
rest of the hooks.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-11-30 22:21:42 +01:00
Michael Tremer
4775d54ba6 clamav: Allow downloads to take up to 10 minutes 
freshclam did not have a receive timeout set and a default of
60s was used. That causes that the large main database cannot
be downloaded over a line with a 16 MBit/s downlink.

This patch increases that timeout and should allow a successful
download on slower connections, too.

Suggested-by: Tim Fitzgeorge <ipfb@tfitzgeorge.me.uk>
Fixes: #12246
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-11-30 10:53:59 +00:00
Matthias Fischer
78756496c9 bind: Update to 9.11.13 
For details see:

https://downloads.isc.org/isc/bind9/9.11.13/RELEASE-NOTES-bind-9.11.13.html

"Security Fixes

    Set a limit on the number of concurrently served pipelined TCP queries.
    This flaw is disclosed in CVE-2019-6477. [GL #1264]"

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-11-30 09:57:49 +00:00
Matthias Fischer
1f1c2f4364 clamav: Update to 0.102.1 
For details see:
https://blog.clamav.net/2019/11/clamav-01021-and-01015-patches-have.html

"Fix for the following vulnerability affecting 0.102.0 and 0.101.4 and prior:

CVE-2019-15961:
A Denial-of-Service (DoS) vulnerability may occur when scanning
a specially crafted email file as a result of excessively long scan
times. The issue is resolved by implementing several maximums in parsing
MIME messages and by optimizing use of memory allocation.

Build system fixes to build clamav-milter, to correctly link with
libxml2 when detected, and to correctly detect fanotify for on-access
scanning feature support.

Signature load time is significantly reduced by changing to a more
efficient algorithm for loading signature patterns and allocating the AC
trie. Patch courtesy of Alberto Wu.

Introduced a new configure option to statically link libjson-c with
libclamav. Static linking with libjson is highly recommended to prevent
crashes in applications that use libclamav alongside another JSON
parsing library.

Null-dereference fix in email parser when using the --gen-json metadata
option.

Fixes for Authenticode parsing and certificate signature (.crb database)
bugs."

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-11-30 09:57:25 +00:00
Arne Fitzenreiter
df1aca40eb core139: add unbound to updater 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-11-30 09:56:29 +00:00
Matthias Fischer
0786c686ea unbound: Update to 1.9.5 
For details see:
https://nlnetlabs.nl/pipermail/unbound-users/2019-November/011897.html

"This release is a fix for vulnerability CVE-2019-18934, that can cause
shell execution in ipsecmod.

Bug Fixes:
- Fix for the reported vulnerability.

The CVE number for this vulnerability is CVE-2019-18934"

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-11-30 09:55:22 +00:00
Arne Fitzenreiter
b0e2dffde9 core139: add captive.cgi to updater 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-11-30 09:54:14 +00:00
Alexander Marx
650aac182e BUG12245: captive portal - clients are not automatically removed 
With this patch the clients are updated and those who are expired get deleted from the hash.
In addition the table of active clients is now sorted.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-11-30 09:53:04 +00:00