webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-10 19:15:54 +02:00
Code Issues Packages Projects Releases Wiki Activity
17,924 Commits 2 Branches 1 Tag
ead01caeb87f4eb56abb2fc63cea38ea74b16274
Commit Graph

9345 Commits

Author SHA1 Message Date
Michael Tremer
b69659af02 core164: Ship backup exclude file 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-03-07 18:53:09 +00:00
Michael Tremer
c7e0d73e7c backup: Make include/exclude files relative 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-03-07 18:51:23 +00:00
Michael Tremer
3f8e70f6b3 backup: Don't restore excluded files 
Sometimes, we restore a backup that has been created earlier before
exclude files have been changed. To avoid overwriting those files, we
will consider the exlude list upon restore.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-03-07 18:51:20 +00:00
Michael Tremer
ca1fdb6954 backup: Exclude oinkmaster.conf 
This file is a system configuration file and does not contain any
configruation from the user.

Since it can be overwritten in a backup and restored to an older state,
this can cause problems such as #12788.

Fixes: #12788
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-03-07 18:51:17 +00:00
Michael Tremer
fc717041c4 backup: Abort when the backup could not be extracted 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-03-07 18:51:14 +00:00
Stefan Schantl
dcacf03e80 ids-functions.pl: Do not create an empty ignored settings file. 
The file will be created by the WUI, when adding the first host.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-03-07 18:50:34 +00:00
Stefan Schantl
da3611b276 ids-functions.pl: Do not try to chown files while extracting them. 
We are almost running as an unprivileged user and therfore have not
the permissions to do this.

This will save us a lot of confusion error messages.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-03-07 18:49:37 +00:00
Stefan Schantl
9106bfca42 ids-functions.pl: Merge same named rulefiles during extract. 
In case a rulestarball contains several same-named rulefiles
they have been overwritten each time and so only contained the content
from the last extracted one.

Now the content of those files will be merged by appending the content
to the first extracted one for each time.

Fixes #12792.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-03-07 17:04:15 +00:00
Arne Fitzenreiter
6e2c8f4818 suricata: drop unsupported JA3 rule provider 
our current suricata version not support JA3 based rules so
this drop the providers from the list.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2022-02-26 14:19:45 +00:00
Arne Fitzenreiter
ad9d6bf585 core164: exclude boot/uEnv.txt 
uEnv.txt was destroyed on aarch64 because here a new u-boot was shipped.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2022-02-22 11:38:15 +00:00
Arne Fitzenreiter
3b45d9561b core164: add unbound initskript 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2022-02-19 15:53:54 +00:00
Peter Müller
926d840fae firewall: Make logging of conntrack INVALIDs configureable 
In theory, logging of dropped packets classified by conntrack as being
INVALID should never be disabled, since one wants to have a paper trail
of what his/her firewall is doing.

However, conntrack seems to drop a lot of (at the first glance
legitimate) packets, hence bloating the logs, making spotting the
important firewall hits more difficult.

This patch therefore adds the option to disable logging of packets being
dropped by conntrack due to INVALID state.

Please note:
- This patch does not add this category to the firewall hits graph.
- The variables in this patch ("LOGDROPCTINVALID") should make it clear
  that it is about toggling _logging_, not the actual _dropping_. Other
  variables are still in need of being renamed to clarify this, which
  will be done in a dedicated patch.
- Also, the changes made to update.sh need to take place in
  config/rootfiles/core/164/update.sh for "master", since this patch has
  been developed against "next". Kindly cherry-pick the necessary
  changes.

Partially fixes: #12778

Reported-by: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
 2022-02-19 15:37:16 +00:00
Arne Fitzenreiter
10148970eb core164: fix adding additional optionfw settings 
the old code erase the settings and cannot reinstalled.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2022-02-17 17:07:28 +00:00
Arne Fitzenreiter
419aaf916c libvirt: ship arm cpu configfiles 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2022-02-13 08:55:24 +00:00
Arne Fitzenreiter
a17f1fbbe2 kernel: update to 5.15.23 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2022-02-12 07:03:49 +00:00
Arne Fitzenreiter
f978b433e6 kernel: aarch64: enable armv8 optimized crypto 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2022-02-11 17:36:01 +00:00
Arne Fitzenreiter
0c0784f4b5 core164: ship intel-microcode 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2022-02-10 06:58:28 +00:00
Adolf Belka
7f0449f253 intel-microcode: Update to version 20220207 
- Update from 20210608 to 20220207
- Update of rootfile
- Changelog
	# Release Notes 20220207
	    - Security updates for [INTEL-SA-00528](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00528.html)
	    - Security updates for [INTEL-SA-00532](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00532.html)
	    - Update for functional issues. Refer to [Third Generation Intel® Xeon® Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/637780) for details.
	    - Update for functional issues. Refer to [Second Generation Intel® Xeon® Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338848) for details.
	    - Update for functional issues. Refer to [Intel® Xeon® Processor Scalable Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/scalable/xeon-scalable-spec-update.html?wapkw=processor+specification+update) for details.
	    - Update for functional issues. Refer to [11th Generation Intel® Core™ Processor Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/631123) for details.
	    - Update for functional issues. Refer to [11th Generation Intel® Core™ Processor Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/634808) for details.
	    - Update for functional issues. Refer to [10th Gen Intel® Core™ Processor Families Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/341079) for details.
	    - Update for functional issues. Refer to [10th Generation Intel® Core™ Processor Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/615213) for details.
	    - Update for functional issues. Refer to [8th Generation Intel® Core™ Processor Families Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338025) for details.
	    - Update for functional issues. Refer to [8th Gen Intel® Core™ Processor Family Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/8th-gen-core-family-spec-update.html?wapkw=processor+specification+update) for details.
	    - Update for functional issues. Refer to [7th and 8th Generation Intel® Core™ Processor Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/334663) for details.
	    - Update for functional issues. Refer to [6th Generation Intel® Processor Family Specification Update](https://www.intel.com/content/www/us/en/processors/core/desktop-6th-gen-core-family-spec-update.html) for details.
	    - Update for functional issues. Refer to [Intel® Pentium® Silver and Intel® Celeron® Processors](https://www.intel.com/content/www/us/en/products/docs/processors/pentium/silver-celeron-spec-update.html?wapkw=processor+specification+update) for details.
	### New Platforms
	    None
	### Updated Platforms
	    | Processor      | Stepping | F-M-S/PI    | Old Ver  | New Ver  | Products
	    |:---------------|:---------|:------------|:---------|:---------|:---------
	    | HSX-E/EP       | Cx/M1    | 06-3f-02/6f | 00000046 | 00000049 | Core Gen4 X series; Xeon E5 v3
	    | HSX-EX         | E0       | 06-3f-04/80 | 00000019 | 0000001a | Xeon E7 v3
	    | SKL-U/Y        | D0       | 06-4e-03/c0 | 000000ea | 000000ec | Core Gen6 Mobile
	    | BDX-ML         | B0/M0/R0 | 06-4f-01/ef | 0b00003e | 0b000040 | Xeon E5/E7 v4; Core i7-69xx/68xx
	    | SKX-SP         | B1       | 06-55-03/97 | 0100015b | 0100015c | Xeon Scalable
	    | SKX-SP         | H0/M0/U0 | 06-55-04/b7 | 02006b06 | 02006c0a | Xeon Scalable
	    | SKX-D          | M1       | 06-55-04/b7 | 02006b06 | 02006c0a | Xeon D-21xx
	    | CLX-SP         | B0       | 06-55-06/bf | 04003102 | 0400320a | Xeon Scalable Gen2
	    | CLX-SP         | B1       | 06-55-07/bf | 05003102 | 0500320a | Xeon Scalable Gen2
	    | CPX-SP         | A1       | 06-55-0b/bf | 07002302 | 07002402 | Xeon Scalable Gen3
	    | BDX-DE         | V2/V3    | 06-56-03/10 | 0700001b | 0700001c | Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19
	    | BDX-DE         | Y0       | 06-56-04/10 | 0f000019 | 0f00001a | Xeon D-1557/59/67/71/77/81/87
	    | BDX-NS         | A1       | 06-56-05/10 | 0e000012 | 0e000014 | Xeon D-1513N/23/33/43/53
	    | APL            | D0       | 06-5c-09/03 | 00000044 | 00000046 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx
	    | APL            | E0       | 06-5c-0a/03 | 00000020 | 00000024 | Atom x5-E39xx
	    | SKL-H/S        | R0/N0    | 06-5e-03/36 | 000000ea | 000000ec | Core Gen6; Xeon E3 v5
	    | DNV            | B0       | 06-5f-01/01 | 00000034 | 00000036 | Atom C Series
	    | ICX-SP         | D0       | 06-6a-06/87 | 0d0002a0 | 0d000331 | Xeon Scalable Gen3
	    | GLK            | B0       | 06-7a-01/01 | 00000036 | 00000038 | Pentium Silver N/J5xxx, Celeron N/J4xxx
	    | GKL-R          | R0       | 06-7a-08/01 | 0000001a | 0000001c | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120
	    | ICL-U/Y        | D1       | 06-7e-05/80 | 000000a6 | 000000a8 | Core Gen10 Mobile
	    | LKF            | B2/B3    | 06-8a-01/10 | 0000002a | 0000002d | Core w/Hybrid Technology
	    | TGL            | B1       | 06-8c-01/80 | 00000088 | 0000009a | Core Gen11 Mobile
	    | TGL-R          | C0       | 06-8c-02/c2 | 00000016 | 00000022 | Core Gen11 Mobile
	    | TGL-H          | R0       | 06-8d-01/c2 | 0000002c | 0000003c | Core Gen11 Mobile
	    | AML-Y22        | H0       | 06-8e-09/10 | 000000ea | 000000ec | Core Gen8 Mobile
	    | KBL-U/Y        | H0       | 06-8e-09/c0 | 000000ea | 000000ec | Core Gen7 Mobile
	    | CFL-U43e       | D0       | 06-8e-0a/c0 | 000000ea | 000000ec | Core Gen8 Mobile
	    | WHL-U          | W0       | 06-8e-0b/d0 | 000000ea | 000000ec | Core Gen8 Mobile
	    | AML-Y42        | V0       | 06-8e-0c/94 | 000000ea | 000000ec | Core Gen10 Mobile
	    | CML-Y42        | V0       | 06-8e-0c/94 | 000000ea | 000000ec | Core Gen10 Mobile
	    | WHL-U          | V0       | 06-8e-0c/94 | 000000ea | 000000ec | Core Gen8 Mobile
	    | EHL            | B1       | 06-96-01/01 | 00000011 | 00000015 | Pentium J6426/N6415, Celeron J6412/J6413/N6210/N6211, Atom x6000E
	    | JSL            | A0/A1    | 06-9c-00/01 | 0000001d | 2400001f | Pentium N6000/N6005, Celeron N4500/N4505/N5100/N5105
	    | KBL-G/H/S/E3   | B0       | 06-9e-09/2a | 000000ea | 000000ec | Core Gen7; Xeon E3 v6
	    | CFL-H/S/E3     | U0       | 06-9e-0a/22 | 000000ea | 000000ec | Core Gen8 Desktop, Mobile, Xeon E
	    | CFL-S          | B0       | 06-9e-0b/02 | 000000ea | 000000ec | Core Gen8
	    | CFL-H/S        | P0       | 06-9e-0c/22 | 000000ea | 000000ec | Core Gen9
	    | CFL-H          | R0       | 06-9e-0d/22 | 000000ea | 000000ec | Core Gen9 Mobile
	    | CML-H          | R1       | 06-a5-02/20 | 000000ea | 000000ec | Core Gen10 Mobile
	    | CML-S62        | G1       | 06-a5-03/22 | 000000ea | 000000ec | Core Gen10
	    | CML-S102       | Q0       | 06-a5-05/22 | 000000ec | 000000ee | Core Gen10
	    | CML-U62 V1     | A0       | 06-a6-00/80 | 000000e8 | 000000ea | Core Gen10 Mobile
	    | CML-U62 V2     | K1       | 06-a6-01/80 | 000000ea | 000000ec | Core Gen10 Mobile
	    | RKL-S          | B0       | 06-a7-01/02 | 00000040 | 00000050 | Core Gen11
	### Removed Platforms
	    | Processor      | Stepping | F-M-S/PI    | Old Ver  | New Ver  | Products
	    |:---------------|:---------|:------------|:---------|:---------|:---------
	    | SNR            | B0       | 06-86-04/01 | 0b00000f |          | Atom P59xxB
	    | SNR            | B1       | 06-86-05/01 | 0b00000f |          | Atom P59xxB

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2022-02-10 06:57:00 +00:00
Arne Fitzenreiter
304cf04fe0 rust-rand: update rootfile 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2022-02-09 13:52:30 +00:00
Arne Fitzenreiter
234d68fc14 rust-libc: update rootfile 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2022-02-09 13:48:34 +00:00
Arne Fitzenreiter
4a1a09991d rust-cfg-if: update rootfile 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2022-02-09 13:48:03 +00:00
Arne Fitzenreiter
59ec91c171 kernel: update to 5.15.22 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2022-02-09 12:17:53 +00:00
Stefan Schantl
000673930a rust-pyo3: Add rootfile. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2022-02-08 17:20:00 +00:00
Arne Fitzenreiter
70c57ed33e kernel: update to 5.15.21 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2022-02-06 14:09:43 +00:00
Michael Tremer
7bf1468417 core164: Ship diffutils 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-02-03 08:30:01 +00:00
Michael Tremer
03ba4b2df2 gdb: Update to 11.2 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-02-03 08:29:35 +00:00
Michael Tremer
c053efdcd1 Merge remote-tracking branch 'pmueller/temp-c164-development' into next 2022-02-02 19:46:13 +00:00
Stefan Schantl
cd7cb2c36f rust-indoc: Rootfile update. 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-02-02 19:43:27 +00:00
Michael Tremer
84fda83948 rust-paste: Update to 1.0.3 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-02-02 19:43:27 +00:00
Stefan Schantl
b870fa68b1 rust-pyo3-macros: New package. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-02-02 19:43:27 +00:00
Stefan Schantl
d2bd411403 rust-pyo3-macros-backend: New package. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-02-02 19:43:27 +00:00
Stefan Schantl
68051dc5ff rust-pyo3-build-config: New package. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-02-02 19:43:27 +00:00
Stefan Schantl
3f0d5d3612 rust-inventory: New package. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-02-02 19:43:27 +00:00
Stefan Schantl
90490f8813 rust-inventory-impl: New package. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-02-02 19:43:27 +00:00
Stefan Schantl
b6c8f86e43 rust-ghost: New package. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-02-02 19:43:27 +00:00
Stefan Schantl
d6f294fb16 rust-ctor: New package. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-02-02 19:43:27 +00:00
Stefan Schantl
f72d049dc3 rust-paste: New package. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-02-02 19:43:27 +00:00
Stefan Schantl
92ef302000 rust-paste-impl: New package. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-02-02 19:43:27 +00:00
Stefan Schantl
d9c87622a6 rust-parking_lot: New package. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-02-02 19:43:27 +00:00
Stefan Schantl
eda914944f rust-parking_lot_core: New package. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-02-02 19:43:27 +00:00
Stefan Schantl
1bd5018994 rust-smallvec: New package. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-02-02 19:43:27 +00:00
Stefan Schantl
202602e0ad rust-lock_api: New package. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-02-02 19:43:27 +00:00
Stefan Schantl
a75c2b24a6 rust-instant: New package. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-02-02 19:43:27 +00:00
Stefan Schantl
474ee7402f rust-indoc: New package. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-02-02 19:43:27 +00:00
Stefan Schantl
4c313740a1 rust-indoc-impl: New package. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-02-02 19:43:27 +00:00
Stefan Schantl
f03b79b17b rust-proc-macro-hack: New package. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-02-02 19:43:27 +00:00
Stefan Schantl
216ac33738 rust-unindent: New package. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-02-02 19:43:27 +00:00
Stefan Schantl
1cdeadd59a rust-trybuild: New package. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-02-02 19:43:27 +00:00
Stefan Schantl
deb6672b54 rust-serde_derive: New package. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-02-02 19:43:27 +00:00
Stefan Schantl
e837da22af rust-toml: New package. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2022-02-02 19:43:26 +00:00