webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-19 23:43:00 +02:00
Code Issues Packages Projects Releases Wiki Activity
13,457 Commits 2 Branches 1 Tag
fe9dbfa1245e90edfd3389c2c532bda49fe22d0c
Commit Graph

5858 Commits

Author SHA1 Message Date
Michael Tremer
21f2107697 tor: Ship updated CGI 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-27 15:47:02 +01:00
Stefan Schantl
52ebc66bba hyperscan: New package 
This package adds hyperscan support to suricata

Fixes #12053.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-27 14:40:14 +01:00
Stefan Schantl
2348cfffcf ragel: New package 
This is a build dependency of hyperscan

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-27 14:40:03 +01:00
Stefan Schantl
1a5f064916 colm: New package 
This is a build dependency of ragel, which is a build dependency of
hyperscan.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-27 14:39:32 +01:00
Stefan Schantl
0f75603f23 asterisk: Remove dependency to jansson. 
The package has become part of the main system.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-27 14:39:19 +01:00
Stefan Schantl
616395f37c jansson: Move to core system and update to 2.12 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-27 14:39:00 +01:00
Michael Tremer
333125abf8 Merge branch 'toolchain' into next 2019-05-24 06:55:03 +01:00
Michael Tremer
9f0295a512 Merge remote-tracking branch 'ms/faster-build' into next 2019-05-24 06:54:16 +01:00
Matthias Fischer
d2b5f03631 squid: Update to 4.7 
For details see:

http://www.squid-cache.org/Versions/v4/changesets/

Fixes among other things the old 'filedescriptors' problem, so this patch was deleted.

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-24 06:37:50 +01:00
Matthias Fischer
f225f3ee29 bind: Update to 9.11.7 
For details see:
http://ftp.isc.org/isc/bind9/9.11.7/RELEASE-NOTES-bind-9.11.7.html

"Security Fixes

  The TCP client quota set using the tcp-clients option could be exceeded in some cases.
  This could lead to exhaustion of file descriptors.
  This flaw is disclosed in CVE-2018-5743. [GL #615]"

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-24 06:36:55 +01:00
Michael Tremer
f8c23b43b7 tor: Depend on libseccomp 
Suggested-by: Erik Kapfer <erik.kapfer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-23 01:50:29 +01:00
Arne Fitzenreiter
716f00b116 kernel: update to 4.14.121 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-05-21 20:42:51 +02:00
Arne Fitzenreiter
b0d31edbd6 vnstat: fix errormessage at first boot 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-05-21 20:36:16 +02:00
Arne Fitzenreiter
6d37280f3e configroot: create main/security settings file 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-05-21 15:03:21 +02:00
Michael Tremer
6a83dbb451 SMT: Apply settings according to configuration 
SMT can be forced on.

By default, all systems that are vulnerable to RIDL/Fallout
will have SMT disabled by default.

Systems that are not vulnerable to that will keep SMT enabled.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-20 21:30:26 +01:00
Michael Tremer
b06288b74d spectre-meltdown-checker: Update to 0.41 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-20 18:04:49 +01:00
Erik Kapfer
ffcef39d40 tshark: New addon 
Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-20 10:44:04 +01:00
Michael Tremer
f8f4cd6660 tor: Bump release version 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-20 10:09:26 +01:00
Arne Fitzenreiter
16cb73d901 kernel: update to 4.14.120 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-05-17 07:10:52 +02:00
Arne Fitzenreiter
d099196501 kernel: update to 4.14.119 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-05-16 14:26:04 +02:00
Arne Fitzenreiter
29b907c677 intel-microcode: update to 20190514 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-05-15 13:17:26 +02:00
Michael Tremer
ad794614cd xtables-addons: Explicitely add path for alternative kernels 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-12 10:21:32 +01:00
Michael Tremer
3f60a1e10e linux: Fix touching incorrect version.h 
This file has moved and the touch command created an empty version
of the file which caused that builds depending on that did not
complete.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-12 10:20:57 +01:00
Michael Tremer
c1e8c954bd linux: objtool does not exist on all platforms 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-12 09:28:10 +01:00
Michael Tremer
9d959ac151 igmpproxy: Update to 0.2.1 
This updates the package to its latest upstream version and should
be able to support IGMPv3.

Fixes: #12074
Suggested-by: Marc Roland <marc.roland@outlook.com>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-11 02:20:15 +01:00
Michael Tremer
0aa8284905 xtables-addons: Automatically detect location of kernel source 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-10 10:25:46 +01:00
Michael Tremer
0ad5f6a1fc linux: Install kernel build system to /lib/modules 
This is necessary so that we can clean up /usr/src after
each build and do not waste any space on the massive kernel
source.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-10 10:12:50 +01:00
Michael Tremer
3966b1e58f iptables: Fix build without kernel source 
The layer7 filter header files were not installed into /usr/include
and therefore we needed to keep the whole kernel source tree.

This is just a waste of space and this patch fixes this.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-10 04:55:49 +01:00
Peter Müller
b8b1f9eabe Tor: update to 0.4.0.5 
See https://blog.torproject.org/new-release-tor-0405 for release
announcements.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-10 04:21:19 +01:00
Peter Müller
968ce70af1 update ca-certificates CA bundle 
Update the CA certificates list to what Mozilla NSS ships currently.

The original file can be retrieved from:
https://hg.mozilla.org/mozilla-central/raw-file/tip/security/nss/lib/ckfw/builtins/certdata.txt

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-10 04:18:35 +01:00
Michael Tremer
0bc5b1de6d Config: Disable XZ parallelism by default 
Exporting XZ_OPT caused that every time xz was called, it automatically
enabled parallelism. The make systemm also launches multiple processes
at the same time to use more processor cores at the same time.

The combination of this causes memory exhaustion even on large systems
and has no performance gain. Therefore this is disabled by default
and only enabled where we need it which is already the case.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-10 04:16:08 +01:00
Stefan Schantl
d2b54a312f guardian: Remove snort related options. 
IPFire has moved to suricata as IDS/IPS system, therefore all snort related
options has become obsolete.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-05-08 19:20:08 +02:00
Michael Tremer
bf62652ecf squid: Link against libatomic on ARM 
This package failed to build on ARM because atomic functions
are being emulated on ARM32 and the required library was not
linked.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-07 23:54:32 +01:00
Michael Tremer
e9dd6da552 xfsprogs: Disable LTO on armv5tel 
LTO fails on ARM, but since we do not require it, we can
disable it here.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-07 23:54:25 +01:00
Alexander Koch
5737a22cf2 zabbix_agentd: Add UserParameter for Pakfire Status 
Ship the UserParameter for monitoring the status of pakfire for keeping track of available updates etc.

Signed-off-by: Alexander Koch <ipfire@starkstromkonsument.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-07 23:51:41 +01:00
Alexander Koch
c818134f44 zabbix_agentd: update to 4.2.1 
Release notes: https://www.zabbix.com/rn/rn4.2.1

Signed-off-by: Alexander Koch <ipfire@starkstromkonsument.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-07 23:51:08 +01:00
Matthias Fischer
f302e31ae2 libedit: Update to 20190324-3.1 
For details see:
https://thrysoee.dk/editline/

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-07 23:50:03 +01:00
Matthias Fischer
45e4d6af99 knot: Update to 2.8.1 
For details see:
https://www.knot-dns.cz/2019-04-09-version-281.html

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-07 23:49:29 +01:00
Matthias Fischer
9177b69830 bind: Update to 9.11.6-P1 
For details see:
http://ftp.isc.org/isc/bind9/9.11.6-P1/RELEASE-NOTES-bind-9.11.6-P1.html

"Security Fixes

 The TCP client quota set using the tcp-clients option could be exceeded in some cases.
 This could lead to exhaustion of file descriptors. This flaw is disclosed in CVE-2018-5743.
 [GL #615]"

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-07 23:48:24 +01:00
Matthias Fischer
60bc3a4b7a dhcpcd: Update to 7.2.2 
For details see:
https://roy.marples.name/

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-07 23:45:52 +01:00
Stefan Schantl
a59052cec6 suricata: Update to 4.1.4 
This is a minor update to the latest available version from
the suricata 4.1 series.

Fixes #12068.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-05-02 19:33:38 +02:00
Michael Tremer
864a5befd9 glibc: Update to 2.29 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-28 09:44:38 +01:00
Michael Tremer
46bbc13b91 python3: Build package in toolchain 
This will be required to build glibc 2.29

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-28 09:44:38 +01:00
Michael Tremer
525f5d2959 gcc: Update to 8.3.0 
This patch carries the rootfile for x86_64 only.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-28 09:44:37 +01:00
Michael Tremer
3596937440 binutils: Update to 2.32 
This patch carries the rootfile for x86_64 only.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-28 09:44:37 +01:00
Michael Tremer
4987d0ed19 grub: Fix relocation type issue 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-28 09:43:37 +01:00
Michael Tremer
bab38dad60 ipfire-netboot: Fix compiling and linking with new GCC & binutils 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-28 09:43:24 +01:00
Michael Tremer
7f156022b5 sarg: Fix build with newer GCCs 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-28 09:43:08 +01:00
Arne Fitzenreiter
20c7552e0d Merge branch 'master' into next 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-04-26 19:39:55 +02:00
Michael Tremer
2cecfd0fdb grub: Fix build error with GCC 8 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-26 16:19:51 +01:00