webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-27 11:13:24 +02:00
Code Issues Packages Projects Releases Wiki Activity
13,253 Commits 2 Branches 1 Tag
e7a52c52d109e044bcce0ca52eb0b5a94c2ec03a
Commit Graph

13253 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Tremer
26796f3a4b Unpack intel microcode before initramfs images are being built 
Previously, the microcode updates were not packaged in the shipped
initramfs images which causes that Intel processors are still running
on outdated microcode.

This patch moves intel-microcode before we build the initramfs images.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-02 14:55:04 +00:00
Michael Tremer
a079f7aaee core129: Ship updated proxy.cgi 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-02 14:14:14 +00:00
Matthias Fischer
d50a78220d Bug 12008 - Typo in 'proxy.cgi' leads to wrong path for 'basic_ldap_auth' 
Hi,

This should fix https://bugzilla.ipfire.org/show_bug.cgi?id=12008

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-02 14:13:17 +00:00
Michael Tremer
3d01a8f1a6 core129: Ship updated ipset 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-02 14:12:18 +00:00
Erik Kapfer
46a073f1b5 ipset: Update to version 7.1 
Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-02 14:11:19 +00:00
Michael Tremer
7c57cbe24b core129: Ship updated tar 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-02 14:11:02 +00:00
Matthias Fischer
6ca3265c41 tar: Update to 1.32 
For details see:
http://git.savannah.gnu.org/cgit/tar.git/log/

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-02 14:10:39 +00:00
Michael Tremer
15c71234ca core129: Ship updated bind 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-02 14:10:21 +00:00
Matthias Fischer
ae45fb5193 bind: Update to 9.11.6 
For details see:
http://ftp.isc.org/isc/bind9/9.11.6/RELEASE-NOTES-bind-9.11.6.html

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-02 14:10:03 +00:00
Michael Tremer
ae4ca7ef13 core129: Ship updated squid 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-02 14:09:00 +00:00
Matthias Fischer
aa88b2ef59 squid: Update to 4.6 
For details see:
http://www.squid-cache.org/Versions/v4/changesets/

The 'configure'-option "--disable-ipv6" was removed, it is no longer necessary.

See:
https://lists.ipfire.org/pipermail/development/2016-April/002046.html

"The --disable-ipv6 build option is now deprecated.
...
Squid-3.5.7 and later will perform IPv6 availability tests on startup in
all builds.

- Where IPv6 is unavailable Squid will continue exactly as it would
have had the build option not been used.

These Squid can have the build option removed now."

The warning message concerning a "BCP 177 violation" while
starting 'squid' can be ignored.

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-02 14:07:38 +00:00
Michael Tremer
e1982c695c spectre-meltdown-checker: New package 
This makes it easy to install the script and check the vulnerability status
of a system IPFire is running on.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-02 13:24:44 +00:00
Michael Tremer
771c9b78ee binutils: Ship strings & readelf 
This is needed by the spectre meltdown checker script

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-02 13:01:42 +00:00
Michael Tremer
d6af912c83 Update German translation 
Mainly adds translation for new IPsec features

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-02 12:01:06 +00:00
Stéphane Pautrel
fb47c465e8 Update of French translation 
- Several syntax / vocabulary improvements
- A 2 text missing in the French version
- Improvement of text offering a donation for the users

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-03-02 11:48:05 +00:00
Michael Tremer
5d04cfe7d5 suricata: Use highest bit to mark packets 
We are using the netfilter MARK in IPsec & QoS and this
is causing conflicts.

Therefore, we use the highest bit in the IPS chain now
and clear it afterwards because we do not really care about
this after the packets have been passed through suricata.

Then, no other application has to worry about suricata.

Fixes: #12010
Signed-off-by: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-03-01 17:56:48 +01:00
Michael Tremer
c9ee3592f0 suricata: Fix syntax error 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-03-01 17:56:47 +01:00
Michael Tremer
99d75ac72e suricata: Start capture first and then load rules 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-03-01 17:56:47 +01:00
Michael Tremer
890f1bf295 suricata: Disable decoding for Teredo 
This decoder is not very accurate and Teredo has been
disabled in Windows by default. Nobody will use this.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-03-01 17:56:47 +01:00
Michael Tremer
0b340f0938 suricata: Increase memory size for the stream engine 
This change also ensures that suricata has a decent number
of streams preallocated to be able to handle any bursts in traffic.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-03-01 17:56:47 +01:00
Michael Tremer
ab1444b4f4 suricata: Log to syslog like a normal process 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-03-01 17:56:47 +01:00
Michael Tremer
47cb057145 suricata: Use up to 256MB of RAM for the flow cache 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-03-01 17:56:47 +01:00
Michael Tremer
7eed864c93 suricata: Use 64MB of RAM for defragmentation 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-03-01 17:56:46 +01:00
Michael Tremer
83b576c892 suricata: Use the correct path for the magic database 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-03-01 17:56:46 +01:00
Michael Tremer
0e28ea9f3e suricata: Log to syslog 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-03-01 17:56:46 +01:00
Michael Tremer
682f1fdaca suricata: We do not use any IP reputation lists 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-03-01 17:56:46 +01:00
Michael Tremer
cf976e93c4 suricata: Allow 32MB of RAM for DNS decoding 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-03-01 17:56:29 +01:00
Michael Tremer
fe5bd1862f suricata: Drop sections that require Rust 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-03-01 17:55:26 +01:00
Michael Tremer
bc2cb52953 suricata: Drop some commented stuff from configuration 
The file is really large and we should not carry anything we will
never use.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-03-01 17:55:26 +01:00
Michael Tremer
75fba6cd24 suricata: Drop profiling section from configuration 
This is not compiled in as it slows down detection and is
only really useful for debugging

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-03-01 17:55:26 +01:00
Michael Tremer
5196d8ddbb suricata: Set detection profile to high 
This will merge rules more aggressively so that the engine
is only processing those that can actually match.

Memory is cheap. People with little memory should not run
suricata anyways.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-03-01 17:55:25 +01:00
Michael Tremer
9f726f8f53 suricata: Set default packet size to 1514 
We usually use a MTU of 1500 + Ethernet header

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-03-01 17:55:25 +01:00
Michael Tremer
16446608cb suricata: Set max-pending-packets to 1024 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-03-01 17:55:25 +01:00
Peter Müller
1f3c61b66c Suricata: detect TLS traffic on port 444, too 
This is the default port for IPFire's administrative web interface
and should be monitored by Suricata, too.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
c: Stefan Schantl <stefan.schantl@ipfire.org>
Acked-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
 2019-03-01 17:53:04 +01:00
Michael Tremer
e37e796206 sysctl.conf: Revert enabling busy loop waiting on sockets 
This causes the firmware in my ath10k module to crash.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-28 18:53:22 +00:00
Michael Tremer
ebda3cb93b Update openssl rootfile 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-27 03:52:26 +00:00
Michael Tremer
f907865389 core129: Ship updated OpenSSL 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-26 17:25:11 +00:00
Michael Tremer
7c85ff1362 openssl: Update to 1.1.1b 
This is a bug fix only release

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-26 17:24:08 +00:00
Michael Tremer
31672dc8bd DHCP: Fix error when editing a newly added fixed lease 
They key was remembered but then the array was sorted which resulted
the key showing a wrong line.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-26 16:33:46 +00:00
Michael Tremer
4eb23a9198 DHCP: Restart server in background 
This allows for the CGI to return quicker.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-26 10:18:33 +00:00
Michael Tremer
820ab96c69 DHCP: Escape slashes in filename 
Fixes: #12006
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-26 10:16:21 +00:00
Michael Tremer
2f7e8b59a6 core129: Ship updated credits.cgi 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-25 02:31:23 +00:00
Michael Tremer
f6a1d9e929 Update list of contributors 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-25 02:30:56 +00:00
Michael Tremer
97499aa8a3 core129: Ship updated OpenVPN 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-25 02:29:29 +00:00
Erik Kapfer
ab83c4876a OpenVPN: Update to version 2.4.7 
Changelog can be found in here https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24 .

Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-25 02:24:28 +00:00
Peter Müller
82b405615f update Tor to 0.3.5.8 
See https://blog.torproject.org/new-releases-tor-0402-alpha-0358-03411-and-03312
for release notes.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-25 01:03:01 +00:00
Peter Müller
0675a66d83 update metrics links in Tor WebUI 
https://atlas.torproject.org/ is deprecated in favour of
https://metrics.torproject.org/ by now.

Fixes #11781.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-25 01:02:59 +00:00
Michael Tremer
cc0104dce3 core129: Ship updated libgcrypt 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-25 00:58:04 +00:00
Peter Müller
b66c2faac2 libgcrypt: update to 1.8.4 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-25 00:57:18 +00:00
Michael Tremer
07b73b195c core129: Ship updated unbound 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-02-25 00:56:49 +00:00