Peter Müller [Thu, 23 Jan 2020 21:28:00 +0000 (21:28 +0000)]
sysctl.conf: Turn on hard- and symlink protection
Cc: Michael Tremer <michael.tremer@ipfire.org> Cc: Arne Fitzenreiter <arne_f@ipfire.org> Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Acked-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Peter Müller [Mon, 3 Feb 2020 18:35:00 +0000 (18:35 +0000)]
update language files for mail.cgi changes
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Peter Müller [Mon, 3 Feb 2020 18:35:00 +0000 (18:35 +0000)]
mail.cgi: add support for implicit TLS usage
The second version of this patchset fixes reading empty configuration
files and superseds the first version (duh!).
Fixes #12161
Reported-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Tested-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Peter Müller [Sat, 1 Feb 2020 20:26:00 +0000 (20:26 +0000)]
dma: update to 0.12
All of the dma patches in src/patches/ were merged into its upstream
repository by now, thus becoming obsolete and deleted by this patch.
Cc: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Peter Müller [Sat, 21 Mar 2020 19:40:00 +0000 (19:40 +0000)]
spectre-meltdown-checker: update to 0.43
Please refer to https://github.com/speed47/spectre-meltdown-checker/releases/tag/v0.43
for release notes.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Erik Kapfer [Sat, 28 Mar 2020 08:32:24 +0000 (09:32 +0100)]
OpenVPN: Delete RRD dir if connection is deleted
Signed-off-by: Erik Kapfer <ummeegge@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Matthias Fischer [Wed, 25 Mar 2020 11:33:49 +0000 (12:33 +0100)]
bind: Update to 9.11.17
For details see:
https://downloads.isc.org/isc/bind9/9.11.17/RELEASE-NOTES-bind-9.11.17.html
"Notes for BIND 9.11.17
Feature Changes
The configure option --with-libxml2 now uses pkg-config to detect
libxml2 library availability. You will either have to install pkg-config
or specify the exact path where libxml2 has been installed on your
system. [GL #1635]
Bug Fixes
Fixed re-signing issues with inline zones which resulted in records
being re-signed late or not at all."
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Peter Müller [Mon, 27 Jan 2020 15:04:00 +0000 (15:04 +0000)]
avoid emitting VPN traffic to the internet if the IPS crashed
Due to strange NFQUEUE behaviour, traffic to remote VPN (IPsec or
OpenVPN) destinations was emitted to the internet (ppp0 or red0
interface) directly if the IPS was enabled but crashed during operation.
This patch places the IPSECBLOCK and OVPNBLOCK chains before the
ones responsible for forwarding traffic into the IPS.
Thanks to Michael for his debugging effort.
Partially fixes #12257
Cc: Michael Tremer <michael.tremer@ipfire.org> Cc: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Acked-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Peter Müller [Mon, 20 Jan 2020 20:05:00 +0000 (20:05 +0000)]
ssh_config: Do not set defaults explicitly
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Peter Müller [Mon, 20 Jan 2020 20:04:00 +0000 (20:04 +0000)]
sshd_config: Do not set defaults explicitly
In order to keep configurations as small as possible and to make them
easier to read/audit, this patch omits all default configuration in the
OpenSSH server configuration file.
Further, it mentions where to refer for the full documentation.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Peter Müller [Sat, 21 Mar 2020 20:08:00 +0000 (20:08 +0000)]
OpenSSH: update to 8.2p1
Please refer to https://www.openssh.com/txt/release-8.2 for release
announcements. Since glibc < 2.31 is used, no additional patching was
required in order to restore correct login functionality.
Cc: Marcel Lorenz <marcel.lorenz@ipfire.org> Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Wed, 5 Feb 2020 11:45:47 +0000 (11:45 +0000)]
resolv.conf: Add "trust-ad" option
Since we are running unbound locally which always runs DNSSEC
validation, we can simply trust it and pass the ad flag on to
applications which make use of it.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Peter Müller [Sat, 21 Mar 2020 16:03:00 +0000 (16:03 +0000)]
netother.cgi: show content of routing table 220
Since IPsec routing information do not show up in the normal routing
table, also displaying the contents of table 220 on netother.cgi might
be useful for debugging purposes.
The second version of this patch omits the output if routing table 220
is empty and introduces a custom translation for IPsec routing table
entries instead of just adding the table number to the generic translation.
Cc: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Peter Müller [Sat, 21 Mar 2020 19:59:00 +0000 (19:59 +0000)]
smartmontools: update to 7.1
Summary: smartmontools release 7.1
-----------------------------------------------------------
- smartctl: Fixed bogus exception on unknown form factor value (regression).
- smartctl '--json=cg': Suppresses extra spaces also in 'g' format.
- smartctl '-i': ATA ACS-4 and ACS-5 enhancements.
- smartd: No longer truncates very long device names in warning emails.
- smartd: No longer skips scheduled tests if system clock has been adjusted
to the past.
- smartd '-A': Attribute logs now use local time instead of UTC.
- ATA: Device type '-d jmb39x,N' for drives behind JMicron JMB39x RAID port
multipliers.
- SCSI: Workaround for incomplete Log subpages response from some SAS SSDs.
- HDD, SSD and USB additions to drive database.
- Autodetection of '-d sntjmicron' type for JMicron USB to NVMe bridges.
- configure: Defines '_FORTIFY_SOURCE=2' if supported and not defined.
- Linux/FreeBSD: Fixed segfault on CCISS transfer sizes > 512 bytes.
- Linux: Fixed smartd.service 'Type' if libsystemd-dev is not available.
- Linux: Fixed '/dev/megaraid_sas_ioctl_node' fd leak.
- Linux: Fixed GPL licensing problem of 'linux_nvme_ioctl.h'.
- FreeBSD update-smart-drivedb: Now uses 'fetch' as default download tool.
- FreeBSD big endian: Fixed NVMe access.
- FreeBSD: Compile fix for FreeBSD 12.
- NetBSD: Fixed device scan crash on empty name list.
- NetBSD: Fixed memory leak in device scan.
- Windows: Fixed log page access via Windows 10 NVMe driver for NVMe 1.2.1+.
- Windows: Allow drive letters as device names for Windows 10 NVMe driver.
- Windows: Workround to allow CSMI access to devices behind AMD RAID drivers.
- Windows: Fixed MinGW options to add relocation info if ASLR is enabled.
- Windows wtssendmsg: No longer writes '\n' line endings to event log.
- Windows wtssendmsg: New options '-t' and '-w'.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Erik Kapfer [Tue, 24 Mar 2020 10:29:05 +0000 (11:29 +0100)]
OpenVPN: Stop N2N connection before remove.
Fix #12334
Signed-off-by: Erik Kapfer <ummeegge@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
on some machines the i2c sensor search take very long time
which cause hang at first boot.
Now the search is started in background and waited for max one
minute before continue load of collectd.
On such machines collectd will not get all sensors at first startup.
fixes #12329
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Peter Müller [Mon, 3 Feb 2020 17:39:00 +0000 (17:39 +0000)]
coreutils: update rootfiles
Cc: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Peter Müller [Mon, 3 Feb 2020 17:39:00 +0000 (17:39 +0000)]
coreutils: update to 8.31
Refer to https://lists.gnu.org/archive/html/coreutils-announce/2019-03/msg00000.html
for release announcements.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Peter Müller [Wed, 19 Feb 2020 19:58:00 +0000 (19:58 +0000)]
hwdata: update PCI/USB databases
PCI IDs: 2020-02-16 03:15:02
USB IDs: 2020-01-09 20:34:06
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Acked-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Peter Müller [Wed, 19 Feb 2020 21:48:00 +0000 (21:48 +0000)]
strongSwan: update to 5.8.2
Please refer to https://wiki.strongswan.org/versions/75 for release notes.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Acked-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Stefan Schantl [Thu, 20 Feb 2020 16:24:23 +0000 (17:24 +0100)]
rules.pl: Fix SNAT over VPN.
This commit adds flags which will are applied if SNAT should be used on
the red address or any configured alias.
They prevent doing the SNAT when tranismitting packet through a VPN over the red interface.
Fixes #12162.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Tested-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Update apache dependencies:
APR: update to version 1.7.0
PCRE: update to version 8.44 Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Peter Müller [Sat, 7 Mar 2020 18:58:00 +0000 (18:58 +0000)]
fireinfo.cgi: improve readability of command outputs
Especially when it comes to the output of "uname -a", <code> tags
greatly improve readability.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Peter Müller [Sat, 7 Mar 2020 19:01:00 +0000 (19:01 +0000)]
dhcp.cgi: avoid unnecessary line break
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Erik Kapfer [Tue, 10 Mar 2020 08:21:08 +0000 (09:21 +0100)]
tshark: Update to version 3.2.2 .
Update to 3.2.x includes, several bugfixes, updated protocols, new and updated features.
For the complete changelog, take a look into here --> https://www.wireshark.org/docs/relnotes/ .
Signed-off-by: Erik Kapfer <erik.kapfer@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Erik Kapfer [Tue, 10 Mar 2020 08:21:07 +0000 (09:21 +0100)]
libssh: Update to version 0.9.3 .
Fixes CVE-2019-14889 and several issues after an security audit.
The complete changelog can be found in here --> https://www.libssh.org/category/release/ .
This version is also needed for tshark-3.2.2 to prevent
'error while loading shared libraries: libssh.so.4' for sshdump and ciscodump.
Signed-off-by: Erik Kapfer <erik.kapfer@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Erik Kapfer [Tue, 10 Mar 2020 15:36:38 +0000 (16:36 +0100)]
xinetd: Delete symlinks with uninstallation .
Fixes #12303
Signed-off-by: Erik Kapfer <erik.kapfer@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Peter Müller [Sun, 15 Mar 2020 13:38:00 +0000 (13:38 +0000)]
de.pl: update German translations
This patch adds German translations for the new DNS CGI, some parts of
the hardware vulnerability mitigation CGI, improves some existing
translations and corrects some Deppenleerzeichen and Bildzeitungsbindestriche.
The third version of this patch is correctly based against upstream 'next',
honours Michaels opinion and contains updated language_issues.de and
language_missings files.
Since "./make lang" complains about missing translations marked as unused
in first place, no changes have been made to them in order to avoid
collateral damage.
Cc: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Acked-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Erik Kapfer [Mon, 16 Mar 2020 12:42:59 +0000 (13:42 +0100)]
keepalived: Update to version 2.0.20 .
Since this update is a mayor version update, it brings a lot of changes.
The changelog can be found in here --> http://www.keepalived.com/changelog.html .
Added /etc/sysconfig/keepalived in ROOTFILE and in backup/includes.
Signed-off-by: Erik Kapfer <erik.kapfer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Peter Müller [Wed, 18 Mar 2020 21:16:00 +0000 (21:16 +0000)]
Postfix: update to 3.5.0
Please refer to http://www.postfix.org/announcements/postfix-3.5.0.html
for release announcements.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Peter Müller [Thu, 19 Mar 2020 09:11:00 +0000 (09:11 +0000)]
Tor: update to 0.4.2.7
Please refer to https://blog.torproject.org/new-releases-03510-0419-0427
for release announcement.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Fri, 20 Mar 2020 13:37:50 +0000 (13:37 +0000)]
cairo: Update to 1.16.0
This updates the package and adds a patch so that it compiles
with binutils 2.34.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Peter Müller [Fri, 20 Mar 2020 13:37:51 +0000 (13:37 +0000)]
binutils: update to 2.34
Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org> Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>