webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-12 12:15:52 +02:00
Code Issues Packages Projects Releases Wiki Activity
13,808 Commits 2 Branches 1 Tag
fe9fb3868241f671c6914962cc8564ec82504ab2
Commit Graph

6893 Commits

Author SHA1 Message Date
Arne Fitzenreiter
6f828b103e core137: add updated ruleset-sources 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-14 17:36:36 +00:00
Stefan Schantl
6a56ee2a3e ruleset-sources: Update snort dl urls. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-14 17:34:03 +00:00
Arne Fitzenreiter
ff42e56224 core137: add updated backup.pl 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-14 17:30:37 +00:00
Tim FitzGeorge
28797d488e Restart logging after restoring backup 
Send SIGHUP to syslogd and suricata after restoring backup.  This ensures that
if the restored backup includes log files that any new log messages get
appended to the restored log files.  Otherwise they will be written to the
old log files which are pending deletion.

httpd is told to restart using apachectl, which is the equivalent of sending
a signal. 'graceful' (USR1) is used rather than 'restart' (HUP) because the
latter immediately kills the process restoring the backup, preventing
converters from running.

Fixes: 12196
Signed-off-by: Tim FitzGeorge <ipfr@tfitzgeorge.me.uk>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-14 17:27:54 +00:00
Arne Fitzenreiter
57ff953341 core137: add ipset to update 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-14 17:22:44 +00:00
peter.mueller@ipfire.org
5c0345f5c1 ship updated bash and readline 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-14 17:12:53 +00:00
peter.mueller@ipfire.org
f41d936026 update rootfiles for bash and readline 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-14 17:12:06 +00:00
Arne Fitzenreiter
fcb0e92dec core137: restart updated services 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-12 15:56:40 +00:00
Arne Fitzenreiter
2fabddb44d rust: update armv5tel rootfile 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-09 20:23:05 +02:00
Arne Fitzenreiter
194c7b16e4 rust: add i586 and aarch64 rootfile 
todo: armv5tel is still missing...

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-09 18:11:32 +02:00
Arne Fitzenreiter
f947ce9af1 sane: add special aarch64 rootfile 
libsane-qcam is not available for aarch64 so we need an extra rootfile

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-09 18:10:23 +02:00
Arne Fitzenreiter
c67519ac7c sane: rootfile update 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-09 18:06:54 +02:00
Arne Fitzenreiter
3791a79239 tshark: rootfile update 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-09 18:05:50 +02:00
Arne Fitzenreiter
e29eb3a6c1 speedtest-cli: add rootfile 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-09 18:04:30 +02:00
Stefan Schantl
5b87687cb1 suricata: Enable rust support 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-08 19:08:37 +00:00
Stefan Schantl
59fe973584 rust: New package. 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-08 19:08:23 +00:00
Erik Kapfer
692d6e012b nmap: Update to version 7.80 
Several improvements, NSE scripts and libraries has been added.
The complete changelog can be found in here --> https://seclists.org/nmap-announce/2019/0 .

Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-08 19:06:34 +00:00
Arne Fitzenreiter
2513c3bba9 core137: ship libpcap 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-08 19:05:50 +00:00
Matthias Fischer
64243e995b libpcap: Update to 1.9.1 
For details see:
https://www.tcpdump.org/libpcap-changes.txt

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-08 19:04:36 +00:00
Arne Fitzenreiter
a647499b10 core137: ship unbound 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-08 19:03:50 +00:00
Matthias Fischer
146c8a58ab unbound: Update to 1.9.4 
For details see:
https://nlnetlabs.nl/pipermail/unbound-users/2019-October/011832.html

"This release is a fix for vulnerability CVE-2019-16866 that causes a
failure when a specially crafted query is received."

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-08 19:01:41 +00:00
Matthias Fischer
a92ede2487 clamav: Update to 0.102.0 
For details see:
https://blog.clamav.net/2019/10/clamav-01020-has-been-released.html

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-08 19:01:02 +00:00
Erik Kapfer
1da6583980 tshark: Update to version 3.0.5 
The jump from 3.0.2 to 3.0.5 includes several bugfixes, updated protocols and new and updated capture support.
The complete release notes can be found in here --> https://www.wireshark.org/docs/relnotes/ .

Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-08 18:57:43 +00:00
Arne Fitzenreiter
5fe5334daa core137: ship strongwan and vpnmain.cgi 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-08 18:56:47 +00:00
Stephan Feddersen
b64b3c110e WIO: Add french translation file 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-08 18:52:05 +00:00
Arne Fitzenreiter
f1e1e9072d core137: ship updated unbound initskript 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-08 18:50:04 +00:00
peter.mueller@ipfire.org
70cd5c42f0 firewall: always allow outgoing DNS traffic to root servers 
Allowing outgoing DNS traffic (destination port 53, both TCP
and UDP) to the root servers is BCP for some reasons. First,
RFC 5011 assumes resolvers are able to fetch new trust ancors
from the root servers for a certain time period in order to
do key rollovers.

Second, Unbound shows some side effects if it cannot do trust
anchor signaling (see RFC 8145) or fetch the current trust anchor,
resulting in SERVFAILs for arbitrary requests a few minutes.

There is little security implication of allowing DNS traffic
to the root servers: An attacker might abuse this for exfiltrating
data via DNS queries, but is unable to infiltrate data unless
he gains control over at least one root server instance. If
there is no firewall ruleset in place which prohibits any other
DNS traffic than to chosen DNS servers, this patch will not
have security implications at all.

The second version of this patch does not use unnecessary xargs-
call nor changes anything else not related to this issue.

Fixes #12183

Cc: Michael Tremer <michael.tremer@ipfire.org>
Suggested-by: Horace Michael <horace.michael@gmx.com>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-08 18:48:40 +00:00
Michael Tremer
1ad45a5a09 sane: Update to 1.0.28 
This patch updates the package and removes the sanedloop script
which was needed to launch saned, but that program can now run
in standalone mode.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-08 18:39:47 +00:00
Arne Fitzenreiter
c132fed64d core137: ship suricata 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-08 18:38:52 +00:00
Matthias Fischer
80d5bb76dd iproute2: Update to 5.3.0 
For details see:
https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/log/?h=v5.3.0

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-08 18:37:03 +00:00
Arne Fitzenreiter
563ac9b13e core137: ship knot 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-08 18:36:24 +00:00
peter.mueller@ipfire.org
a85a7a60fc firewall: raise log rate limit for user generated rules, too 
Having raised the overall log rate limit to 10 packet per second
in Core Update 136, this did not affected rules generated by the
user. In order to stay consistent, this patch also raises log rate
limit for these.

In order to avoid side effects on firewalls with slow disks, it
was probably better touch these categories separately, so testing
users won't be DoSsed instantly. :-)

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-08 18:30:31 +00:00
Arne Fitzenreiter
e60dde5f53 core137: ship Net_SSLeay 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-08 18:26:22 +00:00
Erik Kapfer
24f9c830eb Net-SSLeay: Update to version 1.88 
Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-08 18:24:32 +00:00
Arne Fitzenreiter
0e081a25f7 core137: ship libssh 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-08 18:21:17 +00:00
Michael Tremer
1df47cc9ee libssh: New package 
This is required by Bird to support RPKI.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-08 18:19:33 +00:00
Arne Fitzenreiter
dcf1a61f5b core137: ship updated logrotate.conf 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-08 18:17:44 +00:00
Matthias Fischer
686ada3158 Added Mail log file to '/etc/logrotate.conf' 
Fixes Bug #12155: logrotate wasn't set up to rotate this file.

For details see:
https://bugzilla.ipfire.org/show_bug.cgi?id=12155

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Acked-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-08 18:17:06 +00:00
Arne Fitzenreiter
dbcb1c99d2 core137: ship tzdata 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-08 18:14:43 +00:00
Arne Fitzenreiter
c9ef22a019 core137: ship wpa_supplicant 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-08 18:10:23 +00:00
Arne Fitzenreiter
6499bd0d50 core137: ship bind 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-08 18:08:04 +00:00
Matthias Fischer
5121f35be3 bind: Update to 9.11.11 
For details see:
https://downloads.isc.org/isc/bind9/9.11.11/RELEASE-NOTES-bind-9.11.11.html

"Security Fixes

   A race condition could trigger an assertion failure when a large
   number of incoming packets were being rejected. This flaw is disclosed
   in CVE-2019-6471. [GL #942]

...

Bug Fixes

   Glue address records were not being returned in responses to root priming
   queries; this has been corrected. [GL #1092]

   Interaction between DNS64 and RPZ No Data rule (CNAME *.) could cause
   unexpected results; this has been fixed. [GL #1106]

   named-checkconf now checks DNS64 prefixes to ensure bits 64-71 are zero.
   [GL #1159]

   named-checkconf could crash during configuration if configured to use "geoip
   continent" ACLs with legacy GeoIP. [GL #1163]

   named-checkconf now correctly reports missing dnstap-output option when dnstap
   is set. [GL #1136]

   Handle ETIMEDOUT error on connect() with a non-blocking socket. [GL #1133]"

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-08 18:06:58 +00:00
Arne Fitzenreiter
2a0edc08bf core137: ship changed ovpnmain.cgi 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-08 18:06:13 +00:00
Arne Fitzenreiter
5907bc5d5e core137: add pcre 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-08 18:02:23 +00:00
Matthias Fischer
57354c8187 pcre: Update to 8.43 
For details see:
http://www.pcre.org/original/changelog.txt

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-08 18:01:13 +00:00
Arne Fitzenreiter
c0fe5525ce core137: add dhcpcd 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-08 17:59:39 +00:00
Arne Fitzenreiter
6c84c53803 core137: add iproute2 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-08 17:57:32 +00:00
Matthias Fischer
5551237b1a iproute2: Update to 5.2.0 
For details see:
https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/log/

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-08 17:56:02 +00:00
Arne Fitzenreiter
6bc008fc8f core137: add iptables and collectd 
collectd is linked to libip4tc so we need to ship this also

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-08 17:53:36 +00:00
Matthias Fischer
7a03d4b08a iptables: Update to 1.8.3 
For details see:
https://www.netfilter.org/projects/iptables/files/changes-iptables-1.8.3.txt

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-08 17:51:19 +00:00