]>
git.ipfire.org Git - people/pmueller/ipfire-2.x.git/log
Michael Tremer [Mon, 13 Jan 2020 20:25:10 +0000 (21:25 +0100)]
unbound: Do not reset safe search again
This is now done in the reload stage and we do not need to
take care about it again.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 13 Jan 2020 20:20:32 +0000 (21:20 +0100)]
unbound: Drop some unused variables
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 13 Jan 2020 20:19:22 +0000 (21:19 +0100)]
unbound: Drop function to reload forwarders on the fly
This is now being done by updating and re-reading forward.conf.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 13 Jan 2020 20:13:03 +0000 (21:13 +0100)]
dnsforward.cgi: Reloading unbound is enough to apply changes
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 13 Jan 2020 20:12:02 +0000 (21:12 +0100)]
hosts.cgi: Hosts can now be imported when reloading unbound
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 13 Jan 2020 20:10:18 +0000 (21:10 +0100)]
unbound: Write hosts to unbound configuration file
This will allow us to read more hosts in a shorter time.
Fixes: #11743
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 13 Jan 2020 19:55:59 +0000 (20:55 +0100)]
unbound: There is no need to rewrite tuning.conf
The number of CPU cores and memory normally does not change
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 13 Jan 2020 19:55:32 +0000 (20:55 +0100)]
unbound: Reload own hostname, too
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 13 Jan 2020 19:44:55 +0000 (20:44 +0100)]
dns.cgi: Fix check for undefined variable
This was positive when zero was returned.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Stefan Schantl [Mon, 13 Jan 2020 16:40:29 +0000 (17:40 +0100)]
dns.cgi: Show error when trying to use ISP nameservers and TLS at the same time.
Because the ISP-assigned nameservers do not have any TLS-hostname
information they cannot be used, when TLS is activated.
They only can be used if they will be added as "regular" DNS servers
with a TLS-hostname.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Michael Tremer [Mon, 13 Jan 2020 16:05:27 +0000 (16:05 +0000)]
setup: Remove DNS settings
This is no longer required since we have a new CGI script
that takes care of all DNS settings and stores things in
another format.
Fixes: #12235
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Stefan Schantl [Mon, 13 Jan 2020 09:42:56 +0000 (10:42 +0100)]
dns.cgi: Fix id compare when adding a new nameserver.
I do not know why perl when using "le" which means "less-or-equal"
defines a "10" as "1".
This commit fixes the issue that it was not possible to add more than 8
nameservers.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Stefan Schantl [Sat, 11 Jan 2020 18:37:50 +0000 (19:37 +0100)]
ids.cgi: Do reload instead of restarting unbound
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Stefan Schantl [Sat, 11 Jan 2020 18:36:29 +0000 (19:36 +0100)]
initscripts/unbound: Add support for reload the service
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Stefan Schantl [Sat, 11 Jan 2020 18:35:24 +0000 (19:35 +0100)]
unboundctrl: Add support for calling reload.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Stefan Schantl [Sat, 11 Jan 2020 18:34:12 +0000 (19:34 +0100)]
dns.cgi: Only perform reverse lookup if DNS is working.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Stefan Schantl [Fri, 10 Jan 2020 08:29:47 +0000 (09:29 +0100)]
convert-dns-settings: Set correct ownership after convert is done.
Otherwise it may happen, that the created config files have wrong
permissions and the WUI will break.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Stefan Schantl [Thu, 9 Jan 2020 15:36:39 +0000 (16:36 +0100)]
dns.cgi: Restart suricata if neccessary.
When the DNS configuration of the system is changed,
we need to re-generate the file which contains the DNS Server
details for suricata and to restart the service.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Stefan Schantl [Thu, 9 Jan 2020 15:30:10 +0000 (16:30 +0100)]
index.cgi: Do not longer display the DNS servers.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Stefan Schantl [Thu, 9 Jan 2020 15:25:01 +0000 (16:25 +0100)]
ids-functions.pl: Update generate_dns_servers_file() function.
The function now uses the newly introduced get_nameservers() function
while generating the DNS servers file.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Stefan Schantl [Thu, 9 Jan 2020 15:08:13 +0000 (16:08 +0100)]
general-functions.pl: Add get_nameservers().
This function simply return an array of all used nameservers.
It also takes care if the usage of ISP assigned nameservers
is enabled or not and if user-added nameservers are enabled or not.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Stefan Schantl [Thu, 9 Jan 2020 08:15:05 +0000 (09:15 +0100)]
guardian: Remove code for DNS servers.
In the past this code was used to add the DNS servers
to the ignore list and prevent them from being blocked by
guardian.
Because of the switch to suricata as IPS, guardian now prevents
from password brute-forcing on SSH and/or the webserver, so this
code is not longer needed and safly can be removed.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Stefan Schantl [Wed, 8 Jan 2020 17:44:41 +0000 (18:44 +0100)]
dns.cgi: Move grab_address_from_file function to general-functions.pl
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Stefan Schantl [Wed, 8 Jan 2020 17:19:58 +0000 (18:19 +0100)]
dns.cgi: Also restart unbound if a server got enabled/disabled
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Stefan Schantl [Wed, 8 Jan 2020 17:15:33 +0000 (18:15 +0100)]
dns.cgi: Remove accidently commited debug code
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Stefan Schantl [Wed, 8 Jan 2020 17:10:23 +0000 (18:10 +0100)]
dns.cgi: Restart unbound
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Stefan Schantl [Wed, 8 Jan 2020 17:00:15 +0000 (18:00 +0100)]
dns.cgi: Display DNS system status.
For this, a test query to the local unbound instance will be
sent and if the DNS system work properly can be answerd.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Stefan Schantl [Wed, 8 Jan 2020 14:24:59 +0000 (15:24 +0100)]
dns.cgi: Perform server checks on user request
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Stefan Schantl [Wed, 8 Jan 2020 14:22:56 +0000 (15:22 +0100)]
dns.cgi: Remove hard-coded box title.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Stefan Schantl [Wed, 8 Jan 2020 11:58:50 +0000 (12:58 +0100)]
dns.cgi: Do not perform kdig tests when adding a server
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Stefan Schantl [Wed, 8 Jan 2020 11:12:29 +0000 (12:12 +0100)]
dns.cgi: Check for empty server address.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Stefan Schantl [Wed, 8 Jan 2020 10:13:05 +0000 (11:13 +0100)]
dns.cgi: Perform kdig tests only if the system is online.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Stefan Schantl [Wed, 8 Jan 2020 10:12:42 +0000 (11:12 +0100)]
dns.cgi: Introduce red_is_active()
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Stefan Schantl [Wed, 8 Jan 2020 09:35:52 +0000 (10:35 +0100)]
dns.cgi: Always display the input field for TLS_HOSTNAME
* Mark it as required if the protocol is set to TLS.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Stefan Schantl [Wed, 8 Jan 2020 09:35:24 +0000 (10:35 +0100)]
dns.cgi: Only perform reverse lookups if the system is online
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Michael Tremer [Tue, 7 Jan 2020 16:32:35 +0000 (16:32 +0000)]
unbound: Implement setting qname minimisation into strict mode
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 7 Jan 2020 16:24:35 +0000 (16:24 +0000)]
unbound: Try to set time when DNS is not working
Since DNSSEC relies on time to validate its signatures,
a common problem is that some systems (usually those without
a working RTC) are not being able to reach their time server.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 7 Jan 2020 16:02:14 +0000 (16:02 +0000)]
unbound: Do not update the forwarders when we are running in TLS mode
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 7 Jan 2020 15:28:21 +0000 (15:28 +0000)]
unbound: Read configuration globally
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 7 Jan 2020 15:21:59 +0000 (15:21 +0000)]
unbound: Update forwarders when system connects/disconnects
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 7 Jan 2020 14:57:12 +0000 (14:57 +0000)]
unbound: Update setting Safe Search redirects
When the system comes online, we must update entries
in the unbound cache to point to the "safe" IP addresses.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 7 Jan 2020 14:49:54 +0000 (14:49 +0000)]
dns.cgi: Show ISP name servers as disabled
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 7 Jan 2020 14:41:13 +0000 (14:41 +0000)]
dns.cgi: Fix handling of WARNINGs from kdig
There might be multiple warnings which must all be shown
to the user.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 7 Jan 2020 13:46:11 +0000 (13:46 +0000)]
dns.cgi: Remove smartmatch operator
Perl likes to make things difficult
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 7 Jan 2020 13:45:21 +0000 (13:45 +0000)]
dns.cgi: Timeout after 2 seconds for DNS server checks
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 7 Jan 2020 13:35:45 +0000 (13:35 +0000)]
DNS: Write name servers received from ISP to /var/run/dns{1,2}
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 7 Jan 2020 13:06:09 +0000 (13:06 +0000)]
unbound: Drop live checks
Those checks have caused us a lot of trouble and are now being dropped.
Users must make sure to choose servers that support DNSSEC or enable
any of the tunneling mechanisms to be able to reach them.
Fixes: #12239
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 7 Jan 2020 12:59:24 +0000 (12:59 +0000)]
unbound: Add path to TLS CA bundle
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 7 Jan 2020 12:58:28 +0000 (12:58 +0000)]
unbound: No longer read old configuration file
The old configuration file in /etc/sysconfig/unbound is no
longer being used and all settings should be in
/var/ipfire/dns/settings.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 7 Jan 2020 12:55:35 +0000 (12:55 +0000)]
unbound: Write upstream name servers to forward.conf
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 7 Jan 2020 11:18:41 +0000 (11:18 +0000)]
unbound: Remove test-name-server command
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 12 Nov 2019 12:43:28 +0000 (12:43 +0000)]
unbound: Convert forward zones to stub zones
It was incorrect to use forward zones here, because that
assumes that unbound is talking a recursive resolver here.
The feature is however designed to be talking to an authoritative
server.
Fixes: #12230
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 4 Nov 2019 12:04:48 +0000 (12:04 +0000)]
unbound: Allow forcing to speak TLS to upstream servers only
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 7 Jan 2020 11:12:33 +0000 (11:12 +0000)]
unbound: Set EDNS buffer size to 1232 bytes
Fixes: #12240
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 7 Jan 2020 11:06:10 +0000 (11:06 +0000)]
dns.cgi: Set EDNS buffer size to 1232
References: #12240
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 7 Jan 2020 10:53:34 +0000 (10:53 +0000)]
Update English translation
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 7 Jan 2020 10:48:01 +0000 (10:48 +0000)]
webif: Show menu entry for DNS all the time
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 7 Jan 2020 10:45:08 +0000 (10:45 +0000)]
netexternal.cgi: Drop DNSSEC status
This has now been moved to the new dns.cgi.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 7 Jan 2020 10:43:19 +0000 (10:43 +0000)]
DNS: Add converter to migrate settings
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Stefan Schantl [Tue, 7 Jan 2020 09:32:43 +0000 (10:32 +0100)]
langs/en.pl: Add new strings for modified dns.cgi.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Stefan Schantl [Tue, 7 Jan 2020 09:30:37 +0000 (10:30 +0100)]
dns.cgi: Rework to allow central DNS configuration.
Fixes #12237.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Stefan Schantl [Sun, 5 Jan 2020 11:37:57 +0000 (12:37 +0100)]
pppsetup.cgi: Remove support for configure DNS settings.
Fixes #12234.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Stefan Schantl [Sun, 5 Jan 2020 11:15:00 +0000 (12:15 +0100)]
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next
Arne Fitzenreiter [Sun, 5 Jan 2020 09:28:20 +0000 (09:28 +0000)]
core140: add gcc changes to updater
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Peter Müller [Sat, 4 Jan 2020 16:15:00 +0000 (16:15 +0000)]
Tor: update to 0.4.2.5
Please refer to https://blog.torproject.org/new-release-0425-also-0417-0406-and-0359
for release notes.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Peter Müller [Sat, 4 Jan 2020 15:31:00 +0000 (15:31 +0000)]
libseccomp: update to 2.4.2
Please refer to https://github.com/seccomp/libseccomp/releases/tag/v2.4.2
for release notes.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Sat, 4 Jan 2020 16:49:16 +0000 (16:49 +0000)]
openvmtools: Update to 11.0.0
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Sat, 4 Jan 2020 16:49:15 +0000 (16:49 +0000)]
glib: Fix compiling with GCC 9
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Sat, 4 Jan 2020 16:49:14 +0000 (16:49 +0000)]
efivar: Update to 37
This also fixes some build issues with GCC 9.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Sat, 4 Jan 2020 16:49:13 +0000 (16:49 +0000)]
mdadm: Update to 4.1
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Sat, 4 Jan 2020 16:49:12 +0000 (16:49 +0000)]
mpc: Update to 1.1.0
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Sat, 4 Jan 2020 16:49:11 +0000 (16:49 +0000)]
mpfr: Update to 4.0.2
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Sat, 4 Jan 2020 13:06:01 +0000 (13:06 +0000)]
gcc: Update to 9.2.0
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Fri, 3 Jan 2020 17:12:32 +0000 (17:12 +0000)]
lang: Fix typo in "Writen Bytes" and fix grammar
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Fri, 3 Jan 2020 21:17:05 +0000 (21:17 +0000)]
core140: add convert-snort to updater
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Stefan Schantl [Fri, 3 Jan 2020 10:16:53 +0000 (11:16 +0100)]
convert-snort: Check and convert snort user and group.
Fixes #12102.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Fri, 3 Jan 2020 21:13:30 +0000 (21:13 +0000)]
Revert "bind: Update to 9.11.14"
build fails on armv5tel: https://nightly.ipfire.org/next/2020-01-02%2016:17:54%20+0000-
c846ed16 /armv5tel/
This reverts commit
7d9b0ab69750c19d51833537652c6b11fc1bc2ab .
Stefan Schantl [Fri, 3 Jan 2020 10:06:47 +0000 (11:06 +0100)]
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next
Arne Fitzenreiter [Thu, 2 Jan 2020 16:12:35 +0000 (16:12 +0000)]
pakfire: use HTTPS if no protocol is specified
also use HTTPS on fallback to mainserver if no mirror was left
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Thu, 2 Jan 2020 15:59:53 +0000 (15:59 +0000)]
Merge branch 'master' into next
Michael Tremer [Tue, 24 Dec 2019 10:46:51 +0000 (10:46 +0000)]
stripper: Strip all unneeded relocation information
Libraries were treated differently and therfore it could
happen that they were not stripped from any unnecessary
relocation information at all.
This patch changes that and strips everything from
libraries that we do not need.
The ISO was 3MB smaller.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Matthias Fischer [Mon, 23 Dec 2019 18:19:44 +0000 (19:19 +0100)]
nano: Update to 4.7
For details see:
https://www.nano-editor.org/news.php
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Sun, 29 Dec 2019 19:19:12 +0000 (19:19 +0000)]
core140: add bind to updater
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Matthias Fischer [Mon, 23 Dec 2019 14:47:45 +0000 (15:47 +0100)]
bind: Update to 9.11.14
For details see:
https://downloads.isc.org/isc/bind9/9.11.14/RELEASE-NOTES-bind-9.11.14.html
"Bug Fixes
Fixed a bug that caused named to leak memory on reconfiguration when any
GeoIP2 database was in use. [GL #1445]
Fixed several possible race conditions discovered by Thread Sanitizer."
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Sun, 29 Dec 2019 19:16:55 +0000 (19:16 +0000)]
core140: add file to updater
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Sat, 21 Dec 2019 11:12:06 +0000 (11:12 +0000)]
file: Update to 5.38
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Thu, 19 Dec 2019 19:13:42 +0000 (19:13 +0000)]
dehydrated: Update to 0.6.5
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Stefan Schantl [Thu, 19 Dec 2019 17:09:42 +0000 (18:09 +0100)]
rfkill: New package.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Acked-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Sun, 29 Dec 2019 19:13:28 +0000 (19:13 +0000)]
core140: add ids.cgi and suricata initskript to updater
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Stefan Schantl [Tue, 17 Dec 2019 12:06:29 +0000 (13:06 +0100)]
IDS: Allow to inspect traffic from or to OpenVPN
This commit allows to configure suricata to monitor traffic from or to
OpenVPN tunnels. This includes the RW server and all established N2N
connections.
Because the RW server and/or each N2N connection uses it's own tun?
device, it is only possible to enable monitoring all of them or to disable
monitoring entirely.
Fixes #12111.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Sun, 29 Dec 2019 19:10:55 +0000 (19:10 +0000)]
core140: add suricata and libhtp to updater
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Matthias Fischer [Sat, 14 Dec 2019 11:24:46 +0000 (12:24 +0100)]
libhtp: Update to 0.5.32
For details see:
https://github.com/OISF/libhtp/releases
Bundled with 'suricata 4.1.6'
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Matthias Fischer [Sat, 14 Dec 2019 11:24:45 +0000 (12:24 +0100)]
suricata: Update to 4.1.6
Excerpt from 'ChangeLog':
"4.1.6 -- 2019-12-13
Bug #3276: address parsing: memory leak in error path (4.1.x)
Bug #3278: segfault when test a nfs pcap file (4.1.x)
Bug #3279: ikev2 enabled in config even if Rust is disabled
Bug #3325: lua issues on arm (fedora:29) (4.1.x)
Bug #3326: Static build with pcap fails (4.1.x)
Bug #3327: tcp: empty SACK option leads to decoder event (4.1.x)
Bug #3347: BPF filter on command line not honored for pcap file (4.1.x)
Bug #3355: DNS: DNS over TCP transactions logged with wrong direction. (4.1.x)
Bug #3356: DHCP: Slow down over time due to lack of detect flags (4.1.x)
Bug #3369: byte_extract does not work in some situations (4.1.x)
Bug #3385: fast-log: icmp type prints wrong value (4.1.x)
Bug #3387: suricata is logging tls log repeatedly if custom mode is enabled (4.1.x)
Bug #3388: TLS Lua output does not work without TLS log (4.1.x)
Bug #3391: Suricata is unable to get MTU from NIC after 4.1.0 (4.1.x)
Bug #3393: http: pipelining tx id handling broken (4.1.x)
Bug #3394: TCP evasion technique by overlapping a TCP segment with a fake packet (4.1.x)
Bug #3395: TCP evasion technique by faking a closed TCP session (4.1.x)
Bug #3402: smb: post-GAP some transactions never close (4.1.x)
Bug #3403: smb1: 'event only' transactions for bad requests never close (4.1.x)
Bug #3404: smtp: file tracking issues when more than one attachment in a tx (4.1.x)
Bug #3405: Filehash rule does not fire without filestore keyword
Bug #3410: intermittent abort()s at shutdown and in unix-socket (4.1.x)
Bug #3412: detect/asn1: crashes on packets smaller than offset setting (4.1.x)
Task #3367: configure: Rust 1.37+ has cargo-vendor support bundled into cargo (4.1.x)"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Sun, 29 Dec 2019 18:03:34 +0000 (18:03 +0000)]
core140: add knot to updater
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Matthias Fischer [Sat, 14 Dec 2019 11:13:40 +0000 (12:13 +0100)]
knot: Update to 2.9.2
For details see:
https://www.knot-dns.cz/2019-12-12-version-292.html
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Sun, 29 Dec 2019 17:59:50 +0000 (17:59 +0000)]
core140: add unbound to updater
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Matthias Fischer [Sat, 14 Dec 2019 11:09:58 +0000 (12:09 +0100)]
unbound: Update to 1.9.6
For details see:
https://nlnetlabs.nl/pipermail/unbound-users/2019-December/011941.html
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Stéphane Pautrel [Tue, 10 Dec 2019 11:10:42 +0000 (11:10 +0000)]
Update French translation
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Erik Kapfer [Tue, 10 Dec 2019 10:40:04 +0000 (11:40 +0100)]
tshark: Update to version 3.0.7
Several bugfixes are included in this version, some protocol support has been added.
For a complete overview of the changelog, take a look in here -->
https://www.wireshark.org/docs/relnotes/wireshark-3.0.6.html
https://www.wireshark.org/docs/relnotes/wireshark-3.0.7.html .
Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Sun, 29 Dec 2019 13:44:20 +0000 (13:44 +0000)]
core140: add unbound/saveserch changes to updater
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>