]>
git.ipfire.org Git - people/pmueller/ipfire-2.x.git/log
Michael Tremer [Thu, 9 May 2019 15:11:24 +0000 (17:11 +0200)]
zoneconf: Move "None" option to the top
This is a more natural order of the options to me
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 9 May 2019 14:43:04 +0000 (15:43 +0100)]
web-user-interface: Ship new zoneconf.cgi file
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 9 May 2019 12:17:16 +0000 (13:17 +0100)]
core132: Ship updated captive.cgi
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 7 May 2019 20:36:21 +0000 (21:36 +0100)]
captive: Fix potential authenticated XSS in title processing
An authenticated Stored XSS (Cross-site Scripting) exists in the
(https://localhost:444/cgi-bin/captive.cgi) Captive Portal via the
"Title of Login Page" text box or "TITLE" parameter. This is due to
a lack of user input validation in "Title of Login Page" text box
or "TITLE" parameter. It allows an authenticated WebGUI user with
privileges for the affected page to execute Stored Cross-site
Scripting in the Captive Portal page (/cgi-bin/captive.cgi), which
helps attacker to redirect the victim to a attacker's page.
The Stored XSS get prompted on the victims page whenever victim
tries to access the Captive Portal page.
An attacker get access to the victim's session by performing the
CSRF and gather the cookie and session id's or possibly can
change the victims configuration using this Stored XSS.
This attack can possibly spoof the victim's informations.
Fixes: #12071
Reported-by: Dharmesh Baskaran <dharmesh201093@gmail.com>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Stefan Schantl [Tue, 7 May 2019 17:17:16 +0000 (19:17 +0200)]
guardian: Remove snort related options.
IPFire has moved to suricata as IDS/IPS system, therefore all snort related
options has become obsolete.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Wed, 8 May 2019 11:14:46 +0000 (12:14 +0100)]
core132: Ship VLAN GUI
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Florian Bührle [Wed, 8 May 2019 10:56:18 +0000 (11:56 +0100)]
webif: Add a GUI for configuring VLAN interfaces
This patch adds a new CGI file which allows users to edit the
VLAN configuration as well as configuring zones as bridges.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Florian Bührle [Wed, 8 May 2019 10:43:11 +0000 (11:43 +0100)]
udev: Accept MAC addresses for PARENT_DEV
This allows us to create VLAN interfaces even when the
name of the parent interface might vary.
This patch also appends the VLAN tag to interfaces
when the zone is in bridge mode.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Stefan Schantl [Tue, 7 May 2019 17:17:16 +0000 (19:17 +0200)]
guardian: Remove snort related options.
IPFire has moved to suricata as IDS/IPS system, therefore all snort related
options has become obsolete.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Tue, 7 May 2019 21:54:11 +0000 (22:54 +0100)]
squid: Link against libatomic on ARM
This package failed to build on ARM because atomic functions
are being emulated on ARM32 and the required library was not
linked.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 7 May 2019 20:19:53 +0000 (21:19 +0100)]
xfsprogs: Disable LTO on armv5tel
LTO fails on ARM, but since we do not require it, we can
disable it here.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 7 May 2019 22:53:43 +0000 (23:53 +0100)]
core132: Ship updated pakfire files
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Alexander Koch [Sat, 27 Apr 2019 19:26:46 +0000 (21:26 +0200)]
zabbix_agentd: Add UserParameter for Pakfire Status
Ship the UserParameter for monitoring the status of pakfire for keeping track of available updates etc.
Signed-off-by: Alexander Koch <ipfire@starkstromkonsument.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Alexander Koch [Sat, 27 Apr 2019 19:26:45 +0000 (21:26 +0200)]
Pakfire: Add new command line argument "status"
This enables Pakfire to return a Status-Summary for the Current Core-Update-Level, time since last updates, the availability of a core-/packet-update and if a reboot is required to complete an update. This can be used by monitoring agents (e.g. zabbix_agentd) to monitor the update status of the IPFire device.
Signed-off-by: Alexander Koch <ipfire@starkstromkonsument.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Alexander Koch [Sat, 27 Apr 2019 19:26:44 +0000 (21:26 +0200)]
zabbix_agentd: update to 4.2.1
Release notes: https://www.zabbix.com/rn/rn4.2.1
Signed-off-by: Alexander Koch <ipfire@starkstromkonsument.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 7 May 2019 22:50:26 +0000 (23:50 +0100)]
core132: Ship updated libedit
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Wed, 1 May 2019 17:32:15 +0000 (19:32 +0200)]
libedit: Update to
20190324 -3.1
For details see:
https://thrysoee.dk/editline/
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 7 May 2019 22:49:47 +0000 (23:49 +0100)]
core132: Ship updated knot
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Wed, 1 May 2019 17:28:16 +0000 (19:28 +0200)]
knot: Update to 2.8.1
For details see:
https://www.knot-dns.cz/2019-04-09-version-281.html
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 7 May 2019 22:48:41 +0000 (23:48 +0100)]
core132: Ship updated bind
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Sat, 27 Apr 2019 00:19:34 +0000 (02:19 +0200)]
bind: Update to 9.11.6-P1
For details see:
http://ftp.isc.org/isc/bind9/9.11.6-P1/RELEASE-NOTES-bind-9.11.6-P1.html
"Security Fixes
The TCP client quota set using the tcp-clients option could be exceeded in some cases.
This could lead to exhaustion of file descriptors. This flaw is disclosed in CVE-2018-5743.
[GL #615]"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 7 May 2019 22:46:36 +0000 (23:46 +0100)]
core132: Ship updated dhcpcd
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Sat, 4 May 2019 19:59:15 +0000 (21:59 +0200)]
dhcpcd: Update to 7.2.2
For details see:
https://roy.marples.name/
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 7 May 2019 22:44:44 +0000 (23:44 +0100)]
firewall: Allow SNAT rules with RED interface
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Stefan Schantl [Wed, 1 May 2019 18:19:01 +0000 (20:19 +0200)]
suricata: Update to 4.1.4
This is a minor update to the latest available version from
the suricata 4.1 series.
Fixes #12068.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Stefan Schantl [Wed, 1 May 2019 18:19:01 +0000 (20:19 +0200)]
suricata: Update to 4.1.4
This is a minor update to the latest available version from
the suricata 4.1 series.
Fixes #12068.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Stefan Schantl [Wed, 1 May 2019 15:03:06 +0000 (17:03 +0200)]
suricata: Remove PID file on stop
Force the initscript to remove the PID file when calling "stop" section.
If suricata crashes during startup, the PID file still remains and the service
cannot be started anymore until the file has been deleted.
Now when calling "stop" or "restart" the PID file will be deleted and the service
can be used again.
Fixes #12067.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Stefan Schantl [Wed, 1 May 2019 14:49:25 +0000 (16:49 +0200)]
update-ids-ruleset: Set correct ownership for the rulestarball.
The script usualy will be executed by cron which will start it with
root permissions, so the downloaded tarball is owned by this user.
This has to be changed to the user which runs the WUI (nobody:nobody) to
allow, changing the ruleset to an other one and to display the ruleset area.
Fixes #12066
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Wed, 1 May 2019 16:04:36 +0000 (18:04 +0200)]
Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next
Stefan Schantl [Wed, 1 May 2019 15:03:06 +0000 (17:03 +0200)]
suricata: Remove PID file on stop
Force the initscript to remove the PID file when calling "stop" section.
If suricata crashes during startup, the PID file still remains and the service
cannot be started anymore until the file has been deleted.
Now when calling "stop" or "restart" the PID file will be deleted and the service
can be used again.
Fixes #12067.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Stefan Schantl [Wed, 1 May 2019 14:49:25 +0000 (16:49 +0200)]
update-ids-ruleset: Set correct ownership for the rulestarball.
The script usualy will be executed by cron which will start it with
root permissions, so the downloaded tarball is owned by this user.
This has to be changed to the user which runs the WUI (nobody:nobody) to
allow, changing the ruleset to an other one and to display the ruleset area.
Fixes #12066
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Tue, 30 Apr 2019 09:58:31 +0000 (10:58 +0100)]
core132: Ship updated firewall rules generator
This patch also requires a reboot after installing this update
so that the changed ruleset is being applied.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 30 Apr 2019 09:56:05 +0000 (10:56 +0100)]
firewall: Fix source/destination interface settings
When a forwarding rule is being created, we sometimes create
INPUT/OUTPUT rules, too. Those were slightly invalid because
the source and destination interfaces where passed, too.
This could render some rules in certain circumstances useless.
This patch fixes this and only adds -i for INPUT and -o for
OUTPUT rules.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 30 Apr 2019 09:45:34 +0000 (10:45 +0100)]
firewall: Add more rules to input/output when adding rules to forward
The special_input/output_targets array assumed that firewall access
will always be denied. However, rules also need to be created when
access is granted. Therefore the ACCEPT target needs to be included
in this list and rules must be created in INPUTFW/OUTGOINGFW too
when ACCEPT rules are created in FORWARDFW.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 30 Apr 2019 09:45:02 +0000 (10:45 +0100)]
grub: Update rootfile on i586
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 29 Apr 2019 12:44:28 +0000 (13:44 +0100)]
glibc: Update rootfile for i586
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 28 Apr 2019 08:38:45 +0000 (09:38 +0100)]
glibc: Update to 2.29
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 27 Apr 2019 16:43:41 +0000 (17:43 +0100)]
python3: Build package in toolchain
This will be required to build glibc 2.29
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 27 Apr 2019 12:28:34 +0000 (13:28 +0100)]
gcc: Update rootfile for aarch64
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 27 Apr 2019 12:28:24 +0000 (13:28 +0100)]
binutils: Update rootfile for aarch64
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 26 Apr 2019 15:16:10 +0000 (16:16 +0100)]
make.sh: Bump toolchain version
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 26 Apr 2019 15:15:46 +0000 (16:15 +0100)]
gcc: Update to 8.3.0
This patch carries the rootfile for x86_64 only.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 26 Apr 2019 15:15:12 +0000 (16:15 +0100)]
binutils: Update to 2.32
This patch carries the rootfile for x86_64 only.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 28 Apr 2019 08:41:50 +0000 (09:41 +0100)]
grub: Fix rootfile
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 27 Apr 2019 02:58:44 +0000 (03:58 +0100)]
grub: Fix relocation type issue
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 27 Apr 2019 00:40:43 +0000 (01:40 +0100)]
ipfire-netboot: Fix compiling and linking with new GCC & binutils
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 26 Apr 2019 23:21:39 +0000 (00:21 +0100)]
sarg: Fix build with newer GCCs
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Arne Fitzenreiter [Fri, 26 Apr 2019 17:39:55 +0000 (19:39 +0200)]
Merge branch 'master' into next
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Fri, 26 Apr 2019 15:11:17 +0000 (16:11 +0100)]
grub: Fix build error with GCC 8
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 26 Apr 2019 15:10:25 +0000 (16:10 +0100)]
grub: Disable efiemu on PC builds
This won't compile with GCC 8 and we do not need it
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 26 Apr 2019 15:05:20 +0000 (16:05 +0100)]
nasm: Update to 2.14.02
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 26 Apr 2019 15:06:10 +0000 (16:06 +0100)]
ltrace: Bump package version
This package needs to be rebuilt because it uses elfutils
which has had an soname bump.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 26 Apr 2019 15:04:48 +0000 (16:04 +0100)]
elfutils: Update to 0.176
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Erik Kapfer [Fri, 26 Apr 2019 15:08:35 +0000 (17:08 +0200)]
OpenVPN: Fixed certificate generation in French
Fixes #12060
Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Stefan Schantl [Thu, 25 Apr 2019 17:31:48 +0000 (19:31 +0200)]
initscripts/suricata: Rework creation of firewall rules.
The script now will use the previously introduced seperate firewall chains called
IPS_INPUT, IPS_FORWARD and IPS_OUTPUT.
The commit also creates an AND connection between the choosen network zones in the UI and
the final firwall rules.
Fixes #12062.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Stefan Schantl [Thu, 25 Apr 2019 17:31:47 +0000 (19:31 +0200)]
initscripts/suricata: Move functions order and always use flush_fw_chain function
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Stefan Schantl [Thu, 25 Apr 2019 17:31:46 +0000 (19:31 +0200)]
firewall: Use seperate firewall chains for passing traffic to the IPS
Create and use seperate iptables chain called IPS_INPUT, IPS_FORWARD and IPS_OUTPUT
to be more flexible which kind of traffic should be passed to suricata.
Reference #12062
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Fri, 26 Apr 2019 05:43:21 +0000 (07:43 +0200)]
hostapd: bump package version
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Wed, 24 Apr 2019 10:24:33 +0000 (11:24 +0100)]
hostap: Fix wiring of checkboxes for client isolation
The checkboxes were swapped which lead to client isolation
being enabled when the UI said disabled and vice-versa.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 24 Apr 2019 10:31:28 +0000 (11:31 +0100)]
hostap: Translate configuration settings
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 24 Apr 2019 10:24:33 +0000 (11:24 +0100)]
hostap: Fix wiring of checkboxes for client isolation
The checkboxes were swapped which lead to client isolation
being enabled when the UI said disabled and vice-versa.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 24 Apr 2019 10:08:36 +0000 (11:08 +0100)]
hostap: Remove deprecated directive
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 24 Apr 2019 09:43:50 +0000 (10:43 +0100)]
hostap: Enable 80MHz bandwidth by default (when using ACS)
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 24 Apr 2019 09:39:25 +0000 (10:39 +0100)]
hostap: Enable option to force clients to use 802.11w
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 24 Apr 2019 09:12:29 +0000 (10:12 +0100)]
hostap: Allow to use Automatic Channel Selection (ACS)
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Stefan Schantl [Tue, 23 Apr 2019 18:33:02 +0000 (20:33 +0200)]
convert-snort: Fix ownership of the generated homenet file.
Fixes #12059.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Stefan Schantl [Tue, 23 Apr 2019 19:27:53 +0000 (21:27 +0200)]
suricata: Use device ppp0 if PPPoE dialin is used.
Fixes #12058.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 23 Apr 2019 19:45:42 +0000 (20:45 +0100)]
suricata: EXTERNAL_NET should equal any
This enables that we scan servers in ORANGE for clients in
GREEN which absolutely makes sense.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 21 Apr 2019 00:32:07 +0000 (01:32 +0100)]
suricata: Do not always convert rules to be bi-directional
This creates some overhead that we do not need and rules need to
be adjusted to match any direction they are supposed to match.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 23 Apr 2019 19:56:07 +0000 (20:56 +0100)]
core132: Ship updated suricata initscript
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 23 Apr 2019 19:55:22 +0000 (20:55 +0100)]
core132: Ship updated convert-snort script
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Stefan Schantl [Tue, 23 Apr 2019 18:33:02 +0000 (20:33 +0200)]
convert-snort: Fix ownership of the generated homenet file.
Fixes #12059.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Alexander Koch [Tue, 23 Apr 2019 18:46:11 +0000 (20:46 +0200)]
core132: Bugfix for typo in filelist
Signed-off-by: Alexander Koch <ipfire@starkstromkonsument.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Stefan Schantl [Tue, 23 Apr 2019 19:27:53 +0000 (21:27 +0200)]
suricata: Use device ppp0 if PPPoE dialin is used.
Fixes #12058.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 23 Apr 2019 19:45:42 +0000 (20:45 +0100)]
suricata: EXTERNAL_NET should equal any
This enables that we scan servers in ORANGE for clients in
GREEN which absolutely makes sense.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 23 Apr 2019 19:20:14 +0000 (20:20 +0100)]
core132: Ship updated list of mime types
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Alexander Koch [Wed, 17 Apr 2019 23:54:18 +0000 (01:54 +0200)]
apache / WPAD: Add correct MIME type for wpad.dat and proxy.pac
Some clients require the correct MIME type to be set for accepting/handling the Proxy-Settings properly.
See: http://findproxyforurl.com/deploying-wpad/
Signed-off-by: Alexander Koch <ipfire@starkstromkonsument.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 21 Apr 2019 00:32:07 +0000 (01:32 +0100)]
suricata: Do not always convert rules to be bi-directional
This creates some overhead that we do not need and rules need to
be adjusted to match any direction they are supposed to match.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Arne Fitzenreiter [Tue, 23 Apr 2019 17:21:30 +0000 (19:21 +0200)]
core131: add services.cgi to update
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Sat, 20 Apr 2019 16:12:21 +0000 (18:12 +0200)]
finish core131
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Sat, 20 Apr 2019 15:35:54 +0000 (17:35 +0200)]
Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next
Arne Fitzenreiter [Sat, 20 Apr 2019 15:21:03 +0000 (17:21 +0200)]
kernel: update 4.14.113
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Sat, 20 Apr 2019 13:21:46 +0000 (14:21 +0100)]
Update contributors
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 20 Apr 2019 13:20:06 +0000 (14:20 +0100)]
core132: Ship WPAD/proxy changes
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 20 Apr 2019 13:18:17 +0000 (14:18 +0100)]
Update translation
Fix some apostrophe and spelling errors
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Alexander Koch [Sun, 21 Apr 2019 21:56:59 +0000 (23:56 +0200)]
squid / WPAD: Add Wiki-Link for required further adjustments to GUI
This patch adds a notice with a link to the Wiki-page https://wiki.ipfire.org/configuration/network/proxy/extend/wpad to the new WebGUI-Setion to make the user aware of the fact, that WPAD will only work correctly if he makes further adjustments:
- Add DHCP-Options for WPAD via DHCP
- Add HOST-Entries to DNS and Apache-vhost or haproxy-frontend/backend or firewall-redirect for WPAD via DNS
These additional options depend on the users environment and can not be shipped by default as they might break the users setups.
Note: The translations are only done for "en" and "de" yet!
Signed-off-by: Alexander Koch <ipfire@starkstromkonsument.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Alexander Koch [Sun, 21 Apr 2019 21:56:58 +0000 (23:56 +0200)]
squid / WPAD: Add GUI for exception-files for generation of proxy.pac
This patch adds the missing Web-GUI for the WPAD-Exceptions to proxy.cgi
Note: The translations are only done for "en" and "de" yet!
Signed-off-by: Alexander Koch <ipfire@starkstromkonsument.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Alexander Koch [Sun, 14 Apr 2019 10:08:43 +0000 (12:08 +0200)]
squid / WPAD: Add exception-files for generation of proxy.pac
This patch extends the script /srv/web/ipfire/cgi-bin/proxy.cgi by additional code for reading exceptions for URL's and IP's/Subnets from two new files:
- /var/ipfire/proxy/advanced/acls/dst_noproxy_url.acl
- /var/ipfire/proxy/advanced/acls/dst_noproxy_ip.acl
as described in: https://wiki.ipfire.org/configuration/network/proxy/extend/add_distri
These can be used to define additional URL's, IP's and Subnets that should be retrieved "DIRECT" and not via the proxy. The files have to be created by the user, as the WPAD-Feature is not enabled by default anyway. If the files are not present or their size is 0, nothing is done. I'll revise the wiki-page, after the patch is merged and the core update is released.
Signed-off-by: Alexander Koch <ipfire@starkstromkonsument.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jonatan Schlag [Sat, 13 Apr 2019 14:55:16 +0000 (15:55 +0100)]
Enable seccomp support for qemu
Fixes: #11941
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jonatan Schlag [Sat, 13 Apr 2019 14:55:15 +0000 (15:55 +0100)]
Add new package libseccomp
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 20 Apr 2019 13:10:12 +0000 (14:10 +0100)]
core132: Ship changed suricata configuration
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Stefan Schantl [Sun, 21 Apr 2019 07:26:45 +0000 (09:26 +0200)]
suricata: Disable stats.log
This log is mainly needed for debugging the IPS. It writes some stats
every couple of seconds and will create some load on SD cards and other
cheap storage that we do not need.
Fixes #12056.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 20 Apr 2019 13:07:43 +0000 (14:07 +0100)]
Start Core Update 132
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Arne Fitzenreiter [Wed, 17 Apr 2019 20:30:19 +0000 (22:30 +0200)]
kernel: update to 4.14.112
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Wed, 17 Apr 2019 20:24:25 +0000 (21:24 +0100)]
suricata: Do not let oinkmaster be too verbose
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 17 Apr 2019 19:59:55 +0000 (20:59 +0100)]
suricata: Redirect oinkmaster output to perl function
The output was written to stderr before and landed in apache's
error log where we do not want it.
Fixes: #12004
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 17 Apr 2019 18:15:44 +0000 (19:15 +0100)]
Revert "hostapd: Always enable 80 MHz channel width for 802.11ac"
This reverts commit
c31c8078cffcf3f933f567cb02a366ceedd6d5da .
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 17 Apr 2019 06:38:27 +0000 (07:38 +0100)]
unbound: Drop unused function
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 17 Apr 2019 04:16:05 +0000 (05:16 +0100)]
suricata: Change runmode to workers
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Arne Fitzenreiter [Tue, 16 Apr 2019 16:05:18 +0000 (18:05 +0200)]
wireless-regdb: update to 2019.03.01
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>