bpfire

mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-10 02:55:55 +02:00

Author	SHA1	Message	Date
peter.mueller@ipfire.org	fe9fb38682	fix link to public DNS server list in dns.cgi Fixes: #11851 Reported-by: Dani W <assgex@gmail.com> Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 17:41:49 +00:00
peter.mueller@ipfire.org	41fe437400	fix typo in hostapd initscript Fixes: #11237 Reported-by: Tom Rymes <tomvend@rymes.com> Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 17:40:25 +00:00
peter.mueller@ipfire.org	04a42c81f5	rust: fix year in LFS file Tempus fugit, I know... :-) Cc: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 17:37:33 +00:00
Arne Fitzenreiter	6f828b103e	core137: add updated ruleset-sources Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 17:36:36 +00:00
Stefan Schantl	6a56ee2a3e	ruleset-sources: Update snort dl urls. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 17:34:03 +00:00
Arne Fitzenreiter	ff42e56224	core137: add updated backup.pl Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 17:30:37 +00:00
Tim FitzGeorge	28797d488e	Restart logging after restoring backup Send SIGHUP to syslogd and suricata after restoring backup. This ensures that if the restored backup includes log files that any new log messages get appended to the restored log files. Otherwise they will be written to the old log files which are pending deletion. httpd is told to restart using apachectl, which is the equivalent of sending a signal. 'graceful' (USR1) is used rather than 'restart' (HUP) because the latter immediately kills the process restoring the backup, preventing converters from running. Fixes: 12196 Signed-off-by: Tim FitzGeorge <ipfr@tfitzgeorge.me.uk> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 17:27:54 +00:00
Arne Fitzenreiter	57ff953341	core137: add ipset to update Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 17:22:44 +00:00
Erik Kapfer	f3acac7f11	ipset: Update to version 7.3 Some kernel part fixes are included. For a overview of the changelog, take a look in here --> http://ipset.netfilter.org/changelog.html . Signed-off-by: Erik Kapfer <ummeegge@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 17:15:16 +00:00
peter.mueller@ipfire.org	5c0345f5c1	ship updated bash and readline Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 17:12:53 +00:00
peter.mueller@ipfire.org	95f1c332d8	bash/readline: drop orphaned patches Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 17:12:46 +00:00
peter.mueller@ipfire.org	c5f0c44451	readline: add patch 001 for version 8.0 Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 17:12:38 +00:00
peter.mueller@ipfire.org	2c0ee2b962	bash: add patches 001 - 011 for 5.0 version Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 17:12:09 +00:00
peter.mueller@ipfire.org	f41d936026	update rootfiles for bash and readline Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 17:12:06 +00:00
peter.mueller@ipfire.org	6e8e8ee41c	readline: update to 8.0 Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 17:12:03 +00:00
peter.mueller@ipfire.org	700f11b305	bash: update to 5.0 Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 17:11:59 +00:00
Matthias Fischer	4863f2096c	dhcpcd: Update to 8.1.0 For details see: https://roy.marples.name/blog/dhcpcd-8-1-0-released "DragonFlyBSD: Improved rc.d handling Fix carrier status after a route socket overflow Allow domain spaced options DHCP: Allow not sending Force Renew Nonce or Reconf Accept IPv4LL: Now passes Apple Bonjour test versions 1.4 and 1.5 ARP: Fix a typo and remove pragma (thus working with old gcc) DHCP6: Fix a cosmetic issue with infinite leases DHCP6: SLA 0 and Prefix Len 0 will now add a delegated /64 address Ignore some virtual interfaces such as Tap and Bridge by default BPF: Move validation logic out of BPF and back into dhcpcd" Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-13 06:08:05 +00:00
Arne Fitzenreiter	ff592e1e07	core137: close update Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-12 15:57:59 +00:00
Arne Fitzenreiter	fcb0e92dec	core137: restart updated services Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-12 15:56:40 +00:00
Arne Fitzenreiter	778dd44789	kernel: update to 4.14.149 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-12 13:12:03 +02:00
Arne Fitzenreiter	2fabddb44d	rust: update armv5tel rootfile Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-09 20:23:05 +02:00
Arne Fitzenreiter	194c7b16e4	rust: add i586 and aarch64 rootfile todo: armv5tel is still missing... Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-09 18:11:32 +02:00
Arne Fitzenreiter	f947ce9af1	sane: add special aarch64 rootfile libsane-qcam is not available for aarch64 so we need an extra rootfile Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-09 18:10:23 +02:00
Arne Fitzenreiter	c67519ac7c	sane: rootfile update Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-09 18:06:54 +02:00
Arne Fitzenreiter	3791a79239	tshark: rootfile update Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-09 18:05:50 +02:00
Arne Fitzenreiter	e29eb3a6c1	speedtest-cli: add rootfile Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-09 18:04:30 +02:00
Arne Fitzenreiter	7739cbf456	sane/stage2: remove sanedloop Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-09 08:37:23 +02:00
Arne Fitzenreiter	f2e7d2bf50	rust: fix typo Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-08 19:49:01 +00:00
Arne Fitzenreiter	2228871e3e	rust: fix md5 sums for i586 and arm Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-08 19:44:54 +00:00
Stefan Schantl	5b87687cb1	suricata: Enable rust support Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-08 19:08:37 +00:00
Stefan Schantl	59fe973584	rust: New package. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-08 19:08:23 +00:00
Erik Kapfer	5848f7288b	ncat: Update to version 7.80 Several improvements has been added. This update is part of the nmap-7.80 update. For the complete changelog take a look in here --> https://seclists.org/nmap-announce/2019/0 . Signed-off-by: Erik Kapfer <ummeegge@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-08 19:07:01 +00:00
Erik Kapfer	692d6e012b	nmap: Update to version 7.80 Several improvements, NSE scripts and libraries has been added. The complete changelog can be found in here --> https://seclists.org/nmap-announce/2019/0 . Signed-off-by: Erik Kapfer <ummeegge@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-08 19:06:34 +00:00
Arne Fitzenreiter	2513c3bba9	core137: ship libpcap Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-08 19:05:50 +00:00
Matthias Fischer	64243e995b	libpcap: Update to 1.9.1 For details see: https://www.tcpdump.org/libpcap-changes.txt Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-08 19:04:36 +00:00
Arne Fitzenreiter	a647499b10	core137: ship unbound Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-08 19:03:50 +00:00
Matthias Fischer	146c8a58ab	unbound: Update to 1.9.4 For details see: https://nlnetlabs.nl/pipermail/unbound-users/2019-October/011832.html "This release is a fix for vulnerability CVE-2019-16866 that causes a failure when a specially crafted query is received." Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-08 19:01:41 +00:00
Matthias Fischer	6c20eff135	tcpdump: Update to 4.9.3 For details see: https://www.tcpdump.org/tcpdump-changes.txt "Fix buffer overflow/overread vulnerabilities: CVE-2017-16808 (AoE) CVE-2018-14468 (FrameRelay) CVE-2018-14469 (IKEv1) CVE-2018-14470 (BABEL) CVE-2018-14466 (AFS/RX) CVE-2018-14461 (LDP) CVE-2018-14462 (ICMP) CVE-2018-14465 (RSVP) CVE-2018-14881 (BGP) CVE-2018-14464 (LMP) CVE-2018-14463 (VRRP) CVE-2018-14467 (BGP) CVE-2018-10103 (SMB - partially fixed, but SMB printing disabled) CVE-2018-10105 (SMB - too unreliably reproduced, SMB printing disabled) CVE-2018-14880 (OSPF6) CVE-2018-16451 (SMB) CVE-2018-14882 (RPL) CVE-2018-16227 (802.11) CVE-2018-16229 (DCCP) CVE-2018-16301 (was fixed in libpcap) CVE-2018-16230 (BGP) CVE-2018-16452 (SMB) CVE-2018-16300 (BGP) CVE-2018-16228 (HNCP) CVE-2019-15166 (LMP) CVE-2019-15167 (VRRP) Fix for cmdline argument/local issues: CVE-2018-14879 (tcpdump -V)" Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-08 19:01:28 +00:00
Matthias Fischer	a92ede2487	clamav: Update to 0.102.0 For details see: https://blog.clamav.net/2019/10/clamav-01020-has-been-released.html Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-08 19:01:02 +00:00
Matthias Fischer	d46c0db060	nano: Update to 4.5 For details see: https://www.nano-editor.org/news.php Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-08 19:00:26 +00:00
Erik Kapfer	1da6583980	tshark: Update to version 3.0.5 The jump from 3.0.2 to 3.0.5 includes several bugfixes, updated protocols and new and updated capture support. The complete release notes can be found in here --> https://www.wireshark.org/docs/relnotes/ . Signed-off-by: Erik Kapfer <ummeegge@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-08 18:57:43 +00:00
Arne Fitzenreiter	5fe5334daa	core137: ship strongwan and vpnmain.cgi Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-08 18:56:47 +00:00
Michael Tremer	d47b2cc28b	IPsec: Add support for Curve448 This is supported since strongswan 5.7.2 and is a good alternative to Curve25519 because Curve448 is almost equally secure but performs faster. https://en.wikipedia.org/wiki/Curve448 This is enabled by default although we do not expect many other implementations to be able to support this. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-08 18:53:23 +00:00
Michael Tremer	4dde3dd50f	strongswan: Update 5.8.1 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-08 18:53:13 +00:00
Michael Tremer	9875e9f2ae	speedtest-cli: New package This is a CLI implementation to test the speed of an internet connection. I find this quite useful when there is no access to a client computer on the network and this will give you a rough idea about the connection speed. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-08 18:52:47 +00:00
Stephan Feddersen	ff599b6767	WIO:Add fr language Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-08 18:52:17 +00:00
Stephan Feddersen	b64b3c110e	WIO: Add french translation file Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-08 18:52:05 +00:00
Arne Fitzenreiter	f1e1e9072d	core137: ship updated unbound initskript Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-08 18:50:04 +00:00
peter.mueller@ipfire.org	70cd5c42f0	firewall: always allow outgoing DNS traffic to root servers Allowing outgoing DNS traffic (destination port 53, both TCP and UDP) to the root servers is BCP for some reasons. First, RFC 5011 assumes resolvers are able to fetch new trust ancors from the root servers for a certain time period in order to do key rollovers. Second, Unbound shows some side effects if it cannot do trust anchor signaling (see RFC 8145) or fetch the current trust anchor, resulting in SERVFAILs for arbitrary requests a few minutes. There is little security implication of allowing DNS traffic to the root servers: An attacker might abuse this for exfiltrating data via DNS queries, but is unable to infiltrate data unless he gains control over at least one root server instance. If there is no firewall ruleset in place which prohibits any other DNS traffic than to chosen DNS servers, this patch will not have security implications at all. The second version of this patch does not use unnecessary xargs- call nor changes anything else not related to this issue. Fixes #12183 Cc: Michael Tremer <michael.tremer@ipfire.org> Suggested-by: Horace Michael <horace.michael@gmx.com> Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Acked-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-08 18:48:40 +00:00
Michael Tremer	974d86532f	unbound: Add option to force using TCP for upstream servers Some users have problems to reach DNS servers. This change adds an option which allows to force using TCP for upstream name servers. This is a good workaround for users behind a broken Fritz!Box in modem mode which does not allow resolving any records of the root zone. The name server tests in the script will also only use TCP. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-08 18:42:18 +00:00

1 2 3 4 5 ...

13808 Commits