ipfire-2.x.git
22 hours agofinish core131 core131 master next
Arne Fitzenreiter [Sat, 20 Apr 2019 16:12:21 +0000 (18:12 +0200)]
finish core131

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
22 hours agoMerge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next v2.23-core131
Arne Fitzenreiter [Sat, 20 Apr 2019 15:35:54 +0000 (17:35 +0200)]
Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next

22 hours agokernel: update 4.14.113
Arne Fitzenreiter [Sat, 20 Apr 2019 15:21:03 +0000 (17:21 +0200)]
kernel: update 4.14.113

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 days agokernel: update to 4.14.112
Arne Fitzenreiter [Wed, 17 Apr 2019 20:30:19 +0000 (22:30 +0200)]
kernel: update to 4.14.112

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 days agosuricata: Do not let oinkmaster be too verbose
Michael Tremer [Wed, 17 Apr 2019 20:24:25 +0000 (21:24 +0100)]
suricata: Do not let oinkmaster be too verbose

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 days agosuricata: Redirect oinkmaster output to perl function
Michael Tremer [Wed, 17 Apr 2019 19:59:55 +0000 (20:59 +0100)]
suricata: Redirect oinkmaster output to perl function

The output was written to stderr before and landed in apache's
error log where we do not want it.

Fixes: #12004
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 days agoRevert "hostapd: Always enable 80 MHz channel width for 802.11ac"
Michael Tremer [Wed, 17 Apr 2019 18:15:44 +0000 (19:15 +0100)]
Revert "hostapd: Always enable 80 MHz channel width for 802.11ac"

This reverts commit c31c8078cffcf3f933f567cb02a366ceedd6d5da.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 days agounbound: Drop unused function
Michael Tremer [Wed, 17 Apr 2019 06:38:27 +0000 (07:38 +0100)]
unbound: Drop unused function

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 days agosuricata: Change runmode to workers
Michael Tremer [Wed, 17 Apr 2019 04:16:05 +0000 (05:16 +0100)]
suricata: Change runmode to workers

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 days agowireless-regdb: update to 2019.03.01
Arne Fitzenreiter [Tue, 16 Apr 2019 16:05:18 +0000 (18:05 +0200)]
wireless-regdb: update to 2019.03.01

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
5 days agohaproxy: Backup certificates, too
Michael Tremer [Tue, 16 Apr 2019 12:23:17 +0000 (13:23 +0100)]
haproxy: Backup certificates, too

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
5 days agobackup: Allow passing name of tarball for creation/restore
Michael Tremer [Tue, 16 Apr 2019 12:22:10 +0000 (13:22 +0100)]
backup: Allow passing name of tarball for creation/restore

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
9 days agoMove IPS to a higher position in the Firewall menu
Michael Tremer [Thu, 11 Apr 2019 22:32:57 +0000 (23:32 +0100)]
Move IPS to a higher position in the Firewall menu

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
9 days agoremote.cgi: Move SSH Agent Forwarding to the top
Michael Tremer [Thu, 11 Apr 2019 22:24:28 +0000 (23:24 +0100)]
remote.cgi: Move SSH Agent Forwarding to the top

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
9 days agosshctrl: Fix syntax of generated sed command
Michael Tremer [Thu, 11 Apr 2019 22:22:14 +0000 (23:22 +0100)]
sshctrl: Fix syntax of generated sed command

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
9 days agocore131: Ship PTR changes in hosts.cgi
Michael Tremer [Thu, 11 Apr 2019 22:02:57 +0000 (23:02 +0100)]
core131: Ship PTR changes in hosts.cgi

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
9 days agoUpdate list of contributors
Michael Tremer [Thu, 11 Apr 2019 22:00:25 +0000 (23:00 +0100)]
Update list of contributors

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
9 days agoUnbound: do not generate PTR if the user requested not to, do so
Peter Müller [Mon, 8 Apr 2019 18:04:00 +0000 (18:04 +0000)]
Unbound: do not generate PTR if the user requested not to, do so

Partially fixes #12030

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
9 days agoUpdate translations
Michael Tremer [Thu, 11 Apr 2019 21:58:35 +0000 (22:58 +0100)]
Update translations

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
9 days agoadd option for selective PTR generation on hosts.cgi
Peter Müller [Mon, 8 Apr 2019 18:04:00 +0000 (18:04 +0000)]
add option for selective PTR generation on hosts.cgi

In some cases, it might be useful to create an additional
host (i.e. for round robin loadbalancing) without assigning
another PTR to the IP address specified.

This patch introduces the ability to check or uncheck
PTR generation for each host individually.

Partially fixes #12030

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
9 days agoudev: Rename interfaces when MACs are uppercase
Michael Tremer [Thu, 11 Apr 2019 20:59:41 +0000 (21:59 +0100)]
udev: Rename interfaces when MACs are uppercase

The script relied on the configuration being in lowercase.

If people manually editied their configuration file they might
not have paid attention to this and therefore this script now
also accepts uppercase MAC addresses.

Fixes: #12047
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
8 days agosuricata: Take as much off of the CPU as possible
Michael Tremer [Fri, 12 Apr 2019 16:59:21 +0000 (17:59 +0100)]
suricata: Take as much off of the CPU as possible

https://suricata.readthedocs.io/en/suricata-4.1.3/performance/high-performance-config.html

This will compile the ruleset as efficient as possible and
allows the IPS to run faster on smaller systems.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
10 days agocore131: Ship updated setup
Michael Tremer [Thu, 11 Apr 2019 09:29:56 +0000 (10:29 +0100)]
core131: Ship updated setup

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
10 days agoids.cgi: Display oinkcode section after page load when neccessary.
Stefan Schantl [Fri, 12 Apr 2019 16:21:01 +0000 (18:21 +0200)]
ids.cgi: Display oinkcode section after page load when neccessary.

Fixes #12048.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
8 days agoIPS logging: Fix date comparison for last entry
Michael Tremer [Fri, 12 Apr 2019 16:36:54 +0000 (17:36 +0100)]
IPS logging: Fix date comparison for last entry

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
8 days agoIPS logging: There is no distinguation between suricata & snort required
Michael Tremer [Fri, 12 Apr 2019 16:33:39 +0000 (17:33 +0100)]
IPS logging: There is no distinguation between suricata & snort required

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
8 days agoIPS logging: Fix reading date
Michael Tremer [Fri, 12 Apr 2019 16:32:02 +0000 (17:32 +0100)]
IPS logging: Fix reading date

The CGI script only compares mm/dd and does not care about the year.

Suricata, however, logs the year as well which has to be ignored here.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
10 days agozabbix_agentd: Bump package version
Michael Tremer [Thu, 11 Apr 2019 06:55:36 +0000 (07:55 +0100)]
zabbix_agentd: Bump package version

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
10 days agozabbix_agentd: Bugfix for /etc/sudoers.d/zabbix.user
Alexander Koch [Wed, 10 Apr 2019 18:33:31 +0000 (20:33 +0200)]
zabbix_agentd: Bugfix for /etc/sudoers.d/zabbix.user

Files containing an '~' or '.' are ignored by sudo when placed in the includedir /etc/sudoers.d This makes the file useless. The file is renamed to "zabbix" instead of "zabbix.user" to fix this.

See: https://www.sudo.ws/man/1.8.13/sudoers.man.html#Including_other_files_from_within_sudoers

Signed-off-by: Alexander Koch <ipfire@starkstromkonsument.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
10 days agozabbix_agentd: update to 4.2.0
Alexander Koch [Wed, 10 Apr 2019 18:33:30 +0000 (20:33 +0200)]
zabbix_agentd: update to 4.2.0

Relase Notes: https://www.zabbix.com/rn/rn4.2.0

Signed-off-by: Alexander Koch <ipfire@starkstromkonsument.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
10 days agoinstaller+setup: Update French translation
Stéphane Pautrel [Thu, 11 Apr 2019 02:47:44 +0000 (03:47 +0100)]
installer+setup: Update French translation

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
10 days agomake.sh: fix syntax error
Arne Fitzenreiter [Thu, 11 Apr 2019 05:34:14 +0000 (07:34 +0200)]
make.sh: fix syntax error

i have merged master>next and not deleted this line.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
10 days agoMerge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next
Arne Fitzenreiter [Thu, 11 Apr 2019 05:31:11 +0000 (07:31 +0200)]
Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next

10 days agoMerge remote-tracking branch 'origin/master' into next
Arne Fitzenreiter [Thu, 11 Apr 2019 05:30:26 +0000 (07:30 +0200)]
Merge remote-tracking branch 'origin/master' into next

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
12 days agowget: Update to 1.20.3 core130
Matthias Fischer [Fri, 5 Apr 2019 19:55:12 +0000 (21:55 +0200)]
wget: Update to 1.20.3

For details see:
https://fossies.org/linux/wget/ChangeLog

Excerpt from "NEWS":

"2019-04-05  Tim Ruehsen  <tim.ruehsen@gmx.de>

Fix a buffer overflow vulnerability
* src/iri.c(do_conversion): Reallocate the output buffer to a larger
  size if it is already full"

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
12 days agocore130: Ship updated apache
Michael Tremer [Thu, 4 Apr 2019 01:04:28 +0000 (02:04 +0100)]
core130: Ship updated apache

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
12 days agoapache: Update to 2.4.39
Matthias Fischer [Thu, 4 Apr 2019 07:15:00 +0000 (09:15 +0200)]
apache: Update to 2.4.39

For details see:
http://mirror.checkdomain.de/apache//httpd/CHANGES_2.4.39

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
12 days agocore130: insert a core update for urgent fixes.
Arne Fitzenreiter [Tue, 9 Apr 2019 05:31:23 +0000 (07:31 +0200)]
core130: insert a core update for urgent fixes.

the bigger changes for suricata and kernel need longer time for test
so we insert a core with smaller but important fixes.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
12 days agocore130: ship strongswan
Arne Fitzenreiter [Tue, 9 Apr 2019 05:30:26 +0000 (07:30 +0200)]
core130: ship strongswan

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
12 days agocore130: Ship perl-Net-SSLeay
Michael Tremer [Mon, 8 Apr 2019 10:56:58 +0000 (11:56 +0100)]
core130: Ship perl-Net-SSLeay

This was still using the old version of OpenSSL.

Instead of linking the module (which we should have found earlier)
the module uses dlopen :(

Fixes: #12044
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
12 days agostrongswan: Manually install all routes for non-routed VPNs
Michael Tremer [Mon, 8 Apr 2019 15:41:24 +0000 (16:41 +0100)]
strongswan: Manually install all routes for non-routed VPNs

This is a regression from disabling charon.install_routes.

VPNs are routing fine as long as traffic is passing through
the firewall. Traps are not propertly used as long as these
routes are not present and therefore we won't trigger any
tunnels when traffic originates from the firewall.

Fixes: #12045
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
12 days agocore130: Ship updated wget
Michael Tremer [Thu, 4 Apr 2019 01:07:16 +0000 (02:07 +0100)]
core130: Ship updated wget

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
12 days agowget: Update to 1.20.2
Matthias Fischer [Thu, 4 Apr 2019 07:43:50 +0000 (09:43 +0200)]
wget: Update to 1.20.2

For details see:
https://fossies.org/linux/wget/ChangeLog

Excerpt from "NEWS":

* Changes in Wget 1.20.2
** NTLM authentication will retry under certain cases
** Fixed a buffer overflow vulnerability"

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
12 days agoclamav: Update to 0.101.2
Matthias Fischer [Wed, 27 Mar 2019 19:54:10 +0000 (20:54 +0100)]
clamav: Update to 0.101.2

For details see:
https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html

"ClamAV 0.101.2 is a patch release to address a handful of security related bugs."

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
12 days agoipsec-interfaces: Apply static routes (again) after creating IPsec interfaces
Michael Tremer [Mon, 18 Mar 2019 15:24:56 +0000 (15:24 +0000)]
ipsec-interfaces: Apply static routes (again) after creating IPsec interfaces

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
12 days agoconvert-snort: Re-order steps at end of script
Stefan Schantl [Mon, 8 Apr 2019 18:20:18 +0000 (20:20 +0200)]
convert-snort: Re-order steps at end of script

This will ensure that the whole IDS is configured property, if
no or an empty snort config file is present.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
12 days agoconvert-snort: Fix logic for detecting enough free disk space.
Stefan Schantl [Mon, 8 Apr 2019 18:02:53 +0000 (20:02 +0200)]
convert-snort: Fix logic for detecting enough free disk space.

The subfunction only will return something if the check fails - so the logic
of the if statement was wrong set and the downloader only was called if
this check failed and to less diskspace would be available.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
12 days agocore130: Ship SSH Agent Forwarding changes
Michael Tremer [Mon, 8 Apr 2019 19:53:47 +0000 (20:53 +0100)]
core130: Ship SSH Agent Forwarding changes

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
12 days agochange AllowAgentForwarding in SSHD configuration if, necessary
Peter Müller [Mon, 8 Apr 2019 16:35:00 +0000 (16:35 +0000)]
change AllowAgentForwarding in SSHD configuration if, necessary

Fixes #11931

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Cc: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
12 days agoallow SSH agent forwarding to be configured via WebUI
Peter Müller [Mon, 8 Apr 2019 16:35:00 +0000 (16:35 +0000)]
allow SSH agent forwarding to be configured via WebUI

Fixes #11931

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Cc: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
12 days agoadd language strings for SSH agent forwarding settings
Peter Müller [Mon, 8 Apr 2019 16:34:00 +0000 (16:34 +0000)]
add language strings for SSH agent forwarding settings

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
12 days agorename core130 -> core131
Arne Fitzenreiter [Mon, 8 Apr 2019 19:49:20 +0000 (21:49 +0200)]
rename core130 -> core131

we need to insert a core update to fix urgent bugs

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
12 days agokernel: update to 4.14.111
Arne Fitzenreiter [Mon, 8 Apr 2019 19:47:23 +0000 (21:47 +0200)]
kernel: update to 4.14.111

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
12 days agoMerge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next
Arne Fitzenreiter [Mon, 8 Apr 2019 19:47:12 +0000 (21:47 +0200)]
Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
12 days agostrongswan: Manually install all routes for non-routed VPNs
Michael Tremer [Mon, 8 Apr 2019 15:41:24 +0000 (16:41 +0100)]
strongswan: Manually install all routes for non-routed VPNs

This is a regression from disabling charon.install_routes.

VPNs are routing fine as long as traffic is passing through
the firewall. Traps are not propertly used as long as these
routes are not present and therefore we won't trigger any
tunnels when traffic originates from the firewall.

Fixes: #12045
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
12 days agocore130: update pakfire database after version change
Arne Fitzenreiter [Mon, 8 Apr 2019 14:18:00 +0000 (16:18 +0200)]
core130: update pakfire database after version change

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
13 days agocore130: Ship perl-Net-SSLeay
Michael Tremer [Mon, 8 Apr 2019 10:56:58 +0000 (11:56 +0100)]
core130: Ship perl-Net-SSLeay

This was still using the old version of OpenSSL.

Instead of linking the module (which we should have found earlier)
the module uses dlopen :(

Fixes: #12044
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
13 days agocore130: remove lm_sensors config
Arne Fitzenreiter [Sun, 7 Apr 2019 16:19:50 +0000 (18:19 +0200)]
core130: remove lm_sensors config

the sensor search has to redone after boot the new kernel.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
13 days agocore130: ship setup binary
Arne Fitzenreiter [Sun, 7 Apr 2019 15:24:46 +0000 (17:24 +0200)]
core130: ship setup binary

The setup contain a IPFire version string.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
13 days agocore130: ship pakfire version update
Arne Fitzenreiter [Sun, 7 Apr 2019 15:13:43 +0000 (17:13 +0200)]
core130: ship pakfire version update

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
13 days agocore130: add kernel to updater
Arne Fitzenreiter [Sun, 7 Apr 2019 15:01:08 +0000 (17:01 +0200)]
core130: add kernel to updater

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2 weeks agoPostfix: update to 3.4.5
Peter Müller [Sat, 6 Apr 2019 06:04:00 +0000 (06:04 +0000)]
Postfix: update to 3.4.5

See http://www.postfix.org/announcements/postfix-3.4.5.html for
release notes.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 weeks agowget: Update to 1.20.3
Matthias Fischer [Fri, 5 Apr 2019 19:55:12 +0000 (21:55 +0200)]
wget: Update to 1.20.3

For details see:
https://fossies.org/linux/wget/ChangeLog

Excerpt from "NEWS":

"2019-04-05  Tim Ruehsen  <tim.ruehsen@gmx.de>

Fix a buffer overflow vulnerability
* src/iri.c(do_conversion): Reallocate the output buffer to a larger
  size if it is already full"

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 weeks agosuricata: Disable CPU affinity
Michael Tremer [Thu, 4 Apr 2019 21:01:54 +0000 (22:01 +0100)]
suricata: Disable CPU affinity

Benchmarks have shown, that this is making the IPS slower
across various hardware

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 weeks agokernel: update to 4.14.110
Arne Fitzenreiter [Fri, 5 Apr 2019 05:46:34 +0000 (07:46 +0200)]
kernel: update to 4.14.110

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2 weeks agocore130: Do not search for sensors on AWS
Michael Tremer [Thu, 4 Apr 2019 08:05:25 +0000 (09:05 +0100)]
core130: Do not search for sensors on AWS

This causes some i2c drivers to load and tons of error messages
being created in syslog. So we skip searching for any sensors
that do not exist.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 weeks agovpnmain.cgi: Set MTU to a default when editing an old connection
Michael Tremer [Thu, 4 Apr 2019 10:52:30 +0000 (11:52 +0100)]
vpnmain.cgi: Set MTU to a default when editing an old connection

This field is required and therefore we need to initialize it
for old connections. Right now, the CGI throws an error message
when editing an existing connection without the MTU being filled
in.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 weeks agocore130: Ship updated wget
Michael Tremer [Thu, 4 Apr 2019 01:07:16 +0000 (02:07 +0100)]
core130: Ship updated wget

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 weeks agowget: Update to 1.20.2
Matthias Fischer [Thu, 4 Apr 2019 07:43:50 +0000 (09:43 +0200)]
wget: Update to 1.20.2

For details see:
https://fossies.org/linux/wget/ChangeLog

Excerpt from "NEWS":

* Changes in Wget 1.20.2
** NTLM authentication will retry under certain cases
** Fixed a buffer overflow vulnerability"

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 weeks agocore130: Ship updated nettle
Michael Tremer [Thu, 4 Apr 2019 01:06:41 +0000 (02:06 +0100)]
core130: Ship updated nettle

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 weeks agonettle: Update to 3.4.1
Matthias Fischer [Thu, 4 Apr 2019 07:37:25 +0000 (09:37 +0200)]
nettle: Update to 3.4.1

For details see:
https://fossies.org/linux/nettle/ChangeLog

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 weeks agocore130: Ship updated GnuTLS
Michael Tremer [Thu, 4 Apr 2019 01:05:52 +0000 (02:05 +0100)]
core130: Ship updated GnuTLS

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 weeks agognutls: Update to 3.6.7.1
Matthias Fischer [Thu, 4 Apr 2019 07:31:00 +0000 (09:31 +0200)]
gnutls: Update to 3.6.7.1

For details see:
https://lists.gnupg.org/pipermail/gnutls-help/2019-March/004497.html

Please note:
A few days after the "3.6.7" release, "3.6.7.1" came out.

See:
https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/

But the compressed directory version is still versioned 3.6.7.

Because of this, the fourth (sub)-version number required some lfs adjustments.

And:
This version requires "nettle 3.4.1", which is sent in another commit.

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 weeks agocore130: Ship updated apache
Michael Tremer [Thu, 4 Apr 2019 01:04:28 +0000 (02:04 +0100)]
core130: Ship updated apache

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 weeks agoapache: Update to 2.4.39
Matthias Fischer [Thu, 4 Apr 2019 07:15:00 +0000 (09:15 +0200)]
apache: Update to 2.4.39

For details see:
http://mirror.checkdomain.de/apache//httpd/CHANGES_2.4.39

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 weeks agofreeradius: Fix extra whitespace
Michael Tremer [Thu, 4 Apr 2019 01:00:29 +0000 (02:00 +0100)]
freeradius: Fix extra whitespace

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 weeks agoMerge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next
Arne Fitzenreiter [Wed, 3 Apr 2019 21:53:22 +0000 (21:53 +0000)]
Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next

2 weeks agofreeradius: handle special LDFLAGS to configure
Michael Tremer [Wed, 3 Apr 2019 21:52:04 +0000 (21:52 +0000)]
freeradius: handle special LDFLAGS to configure

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2 weeks agopcengines-apu-firmware: New package
Michael Tremer [Tue, 2 Apr 2019 23:42:19 +0000 (00:42 +0100)]
pcengines-apu-firmware: New package

This package ships the latest BIOS for PC Engines APU boards.

With help of the firmware-update package, this can be very easily
updated when running IPFire.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 weeks agofirmware-update: New package
Michael Tremer [Tue, 2 Apr 2019 23:33:44 +0000 (00:33 +0100)]
firmware-update: New package

This is a script that can update firmware on PC Engines APU systems

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 weeks agoflashrom: New package
Michael Tremer [Tue, 2 Apr 2019 23:26:13 +0000 (00:26 +0100)]
flashrom: New package

This is required to flash firmware

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 weeks agokernel: Disable some debugging in expactation to increase performance
Michael Tremer [Mon, 1 Apr 2019 20:58:23 +0000 (21:58 +0100)]
kernel: Disable some debugging in expactation to increase performance

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 weeks agokernel: Enable strict checks for /dev/mem
Michael Tremer [Mon, 1 Apr 2019 20:55:03 +0000 (21:55 +0100)]
kernel: Enable strict checks for /dev/mem

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 weeks agofreeradius: Fix build on armv5tel
Michael Tremer [Mon, 1 Apr 2019 20:35:56 +0000 (21:35 +0100)]
freeradius: Fix build on armv5tel

Reported-by: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 weeks agoUpdate translations
Michael Tremer [Mon, 1 Apr 2019 15:53:50 +0000 (16:53 +0100)]
Update translations

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 weeks agoIDS: Rename sourcefire VRT rulesets to Talos VRT rulesets
Stefan Schantl [Mon, 1 Apr 2019 15:32:34 +0000 (17:32 +0200)]
IDS: Rename sourcefire VRT rulesets to Talos VRT rulesets

Fixes #12019

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 weeks agoMerge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next
Arne Fitzenreiter [Sun, 31 Mar 2019 16:36:44 +0000 (18:36 +0200)]
Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next

3 weeks agoUpdate borgbackup to version 1.1.9
Jonatan Schlag [Sun, 31 Mar 2019 12:29:45 +0000 (13:29 +0100)]
Update borgbackup to version 1.1.9

Fixes: #12016

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 weeks agokernel: update to 4.14.109
Arne Fitzenreiter [Sun, 31 Mar 2019 09:46:34 +0000 (11:46 +0200)]
kernel: update to 4.14.109

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 weeks agokernel: update user regd patch from openwrt
Arne Fitzenreiter [Sat, 30 Mar 2019 15:56:56 +0000 (16:56 +0100)]
kernel: update user regd patch from openwrt

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 weeks agoMerge remote-tracking branch 'ms/dfs' into next
Arne Fitzenreiter [Sat, 30 Mar 2019 15:55:35 +0000 (16:55 +0100)]
Merge remote-tracking branch 'ms/dfs' into next

3 weeks agofreeradius: Update to version 3.0.18
Erik Kapfer [Fri, 29 Mar 2019 09:44:43 +0000 (10:44 +0100)]
freeradius: Update to version 3.0.18

Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 weeks agoclamav: Update to 0.101.2
Matthias Fischer [Wed, 27 Mar 2019 19:54:10 +0000 (20:54 +0100)]
clamav: Update to 0.101.2

For details see:
https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html

"ClamAV 0.101.2 is a patch release to address a handful of security related bugs."

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 weeks agounbound-dhcp-leases-bridge: Replace leases file atomically
Michael Tremer [Thu, 28 Mar 2019 12:51:06 +0000 (12:51 +0000)]
unbound-dhcp-leases-bridge: Replace leases file atomically

When there is a large number of leases, writing the file may
take a long time. When unbound is re-reading its configuration
in that time, the file might syntactically incorrect.

This change writes the file first and then moves it
to the right place in one transaction.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 weeks agosuricata: Enable CPU affinity
Michael Tremer [Tue, 26 Mar 2019 21:58:01 +0000 (21:58 +0000)]
suricata: Enable CPU affinity

This will tie the detection threads to a certain CPU and
slightly increases throughput on my system.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 weeks agosuricata: Tie queues to a CPU core
Michael Tremer [Tue, 26 Mar 2019 21:18:45 +0000 (21:18 +0000)]
suricata: Tie queues to a CPU core

This should improve performance by a small margin

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 weeks agonginx: Update to 1.15.9
Erik Kapfer [Tue, 26 Mar 2019 06:15:16 +0000 (07:15 +0100)]
nginx: Update to 1.15.9

Fixes #12023 .
Added support for http2.

Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 weeks agofreeradius: Bump version because package is linked against old version of OpenSSL
Michael Tremer [Fri, 22 Mar 2019 07:28:23 +0000 (07:28 +0000)]
freeradius: Bump version because package is linked against old version of OpenSSL

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 weeks agoDHCP: Remove double colon
Michael Tremer [Fri, 22 Mar 2019 03:28:23 +0000 (03:28 +0000)]
DHCP: Remove double colon

In some languages, there were double colons in the DNS Update section

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 weeks agoGeoIP: Do not crash when locations database does not exist
Michael Tremer [Fri, 22 Mar 2019 02:58:57 +0000 (02:58 +0000)]
GeoIP: Do not crash when locations database does not exist

Fixes: #12021
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>