ipfire-2.x.git
45 hours agoCore Update 139: fix syntax of generated Suricata DNS server file core139 master
Peter Müller [Fri, 13 Dec 2019 17:28:00 +0000 (17:28 +0000)] 
Core Update 139: fix syntax of generated Suricata DNS server file

The YAML syntax of /var/ipfire/suricata/suricata-dns-servers.yaml was
invalid and caused Suricata to crash after upgrading to Core Update 139.

Due to strange NFQUEUE behaviour, this caused IPsec traffic to be
emitted to the internet directly. While this patch represents a quick
solution for Core Update 139, another one is needed for changing the
IPtables chain order to avoid similar information leaks in future.

Thanks to Michael for his debugging effort.

Fixes #12260
Partially fixes #12257

Cc: Michael Tremer <michael.tremer@ipfire.org>
Cc: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
45 hours agoCore Update 139 needs a reboot
Peter Müller [Fri, 13 Dec 2019 16:31:00 +0000 (16:31 +0000)] 
Core Update 139 needs a reboot

Fixes #12258

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
45 hours agoCore Update 139: apply SSH configuration and restart SSH daemon
Peter Müller [Fri, 13 Dec 2019 16:30:00 +0000 (16:30 +0000)] 
Core Update 139: apply SSH configuration and restart SSH daemon

Fixes #12259

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
6 days agoMerge branch 'next'
Arne Fitzenreiter [Mon, 9 Dec 2019 18:03:14 +0000 (18:03 +0000)] 
Merge branch 'next'

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
6 days agocore139: finish
Arne Fitzenreiter [Mon, 9 Dec 2019 17:48:07 +0000 (18:48 +0100)] 
core139: finish

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
6 days agoleds: use new APUx ACPI Bios leds if exist.
Arne Fitzenreiter [Sun, 8 Dec 2019 21:55:26 +0000 (22:55 +0100)] 
leds: use new APUx ACPI Bios leds if exist.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
9 days agoovpn: Fix LZO checkbox restore
Erik Kapfer [Fri, 6 Dec 2019 06:08:33 +0000 (07:08 +0100)] 
ovpn: Fix LZO checkbox restore

Triggered by --> https://community.ipfire.org/t/openvpn-is-lzo-compression-now-effectively-disabled/503 .

Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
10 days agopcengines-firmware: fix rootfile
Arne Fitzenreiter [Fri, 6 Dec 2019 02:18:09 +0000 (03:18 +0100)] 
pcengines-firmware: fix rootfile

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
10 days agoCore Update 139: ship updated OpenSSH
Peter Müller [Wed, 4 Dec 2019 16:32:00 +0000 (16:32 +0000)] 
Core Update 139: ship updated OpenSSH

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
10 days agoOpenSSH: update to 8.1p1
Peter Müller [Wed, 4 Dec 2019 16:30:00 +0000 (16:30 +0000)] 
OpenSSH: update to 8.1p1

Please refer to https://www.openssh.com/txt/release-8.1 for release notes.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
10 days agopcengines-firmware: update to 4.10.0.3
Arne Fitzenreiter [Thu, 5 Dec 2019 17:53:16 +0000 (18:53 +0100)] 
pcengines-firmware: update to 4.10.0.3

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
10 days agointel-microcode: update to 20191115
Arne Fitzenreiter [Thu, 5 Dec 2019 11:48:13 +0000 (12:48 +0100)] 
intel-microcode: update to 20191115

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
10 days agolinux-firmware: update to 20191022
Arne Fitzenreiter [Thu, 5 Dec 2019 11:44:45 +0000 (12:44 +0100)] 
linux-firmware: update to 20191022

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
13 days agocore139: add cpio to updater
Arne Fitzenreiter [Mon, 2 Dec 2019 17:11:30 +0000 (17:11 +0000)] 
core139: add cpio to updater

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
13 days agocpio: Update to 2.13
Matthias Fischer [Sat, 30 Nov 2019 16:03:47 +0000 (17:03 +0100)] 
cpio: Update to 2.13

For details see:
https://www.gnu.org/software/cpio/

Fix CVE-2015-1197
Fix CVE-2016-2037
Fix CVE-2019-14866

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
13 days agonano: Update to 4.6
Matthias Fischer [Sat, 30 Nov 2019 15:57:46 +0000 (16:57 +0100)] 
nano: Update to 4.6

For details see:
https://www.nano-editor.org/news.php

... and a long list of other changes in https://www.nano-editor.org/dist/latest/ChangeLog ...

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
13 days agospectre-meltdown-checker: update to 0.42
Peter Müller [Thu, 28 Nov 2019 21:43:00 +0000 (21:43 +0000)] 
spectre-meltdown-checker: update to 0.42

See https://github.com/speed47/spectre-meltdown-checker/releases/tag/v0.42
for release announcements.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
13 days agoPostfix: update to 3.4.8
Peter Müller [Thu, 28 Nov 2019 21:14:00 +0000 (21:14 +0000)] 
Postfix: update to 3.4.8

See http://www.postfix.org/announcements/postfix-3.4.8.html for release
announcements.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
13 days agoupdate ca-certificates CA bundle
Peter Müller [Thu, 28 Nov 2019 17:19:00 +0000 (17:19 +0000)] 
update ca-certificates CA bundle

Update the CA certificates list to what Mozilla NSS ships currently.

The original file can be retrieved from:
https://hg.mozilla.org/mozilla-central/raw-file/tip/security/nss/lib/ckfw/builtins/certdata.txt

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
13 days agocore139: add hwdata to updater
Arne Fitzenreiter [Mon, 2 Dec 2019 17:05:15 +0000 (17:05 +0000)] 
core139: add hwdata to updater

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
13 days agohwdata: update PCI/USB databases
Peter Müller [Thu, 28 Nov 2019 17:08:00 +0000 (17:08 +0000)] 
hwdata: update PCI/USB databases

PCI IDs: 2019-11-26 03:15:03
USB IDs: 2019-11-05 20:34:06

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2 weeks agodhcpcd.exe: remove red.down run on "NOCARRIER"
Arne Fitzenreiter [Sun, 1 Dec 2019 17:33:19 +0000 (18:33 +0100)] 
dhcpcd.exe: remove red.down run on "NOCARRIER"

after "NOCARRIER" the dhcp client always run "EXPIRE" event.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2 weeks agoMerge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next
Arne Fitzenreiter [Sun, 1 Dec 2019 15:36:43 +0000 (16:36 +0100)] 
Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next

2 weeks agoup/down beep: move from ppp ip-up/down to general red.up/down
Arne Fitzenreiter [Sun, 1 Dec 2019 14:29:59 +0000 (15:29 +0100)] 
up/down beep: move from ppp ip-up/down to general red.up/down

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2 weeks ago70-dhcpdd.exe: don't run red.down scripts at "PREINIT"
Arne Fitzenreiter [Sun, 1 Dec 2019 13:03:46 +0000 (14:03 +0100)] 
70-dhcpdd.exe: don't run red.down scripts at "PREINIT"

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2 weeks agocore139: add dhcp and network changes to updater
Arne Fitzenreiter [Sat, 30 Nov 2019 23:45:02 +0000 (00:45 +0100)] 
core139: add dhcp and network changes to updater

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2 weeks agonetworking red: add delay to wait for carrier
Arne Fitzenreiter [Sat, 30 Nov 2019 21:26:00 +0000 (22:26 +0100)] 
networking red: add delay to wait for carrier

some nic's need some time after link up to get a carrier

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2 weeks agodhcpcd: 10-mtu break if carrier was lost
Arne Fitzenreiter [Sat, 30 Nov 2019 21:21:42 +0000 (22:21 +0100)] 
dhcpcd: 10-mtu break if carrier was lost

some nic's like Intel e1000e needs a reinit to change the
mtu. In this case the dhcp hook reinit the nic and terminate now
to let the dhcpcd reinit the card in backgrounnd without running the
rest of the hooks.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2 weeks agoclamav: Allow downloads to take up to 10 minutes
Michael Tremer [Mon, 25 Nov 2019 11:09:58 +0000 (11:09 +0000)] 
clamav: Allow downloads to take up to 10 minutes

freshclam did not have a receive timeout set and a default of
60s was used. That causes that the large main database cannot
be downloaded over a line with a 16 MBit/s downlink.

This patch increases that timeout and should allow a successful
download on slower connections, too.

Suggested-by: Tim Fitzgeorge <ipfb@tfitzgeorge.me.uk>
Fixes: #12246
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2 weeks agobind: Update to 9.11.13
Matthias Fischer [Fri, 22 Nov 2019 18:26:59 +0000 (19:26 +0100)] 
bind: Update to 9.11.13

For details see:

https://downloads.isc.org/isc/bind9/9.11.13/RELEASE-NOTES-bind-9.11.13.html

"Security Fixes

    Set a limit on the number of concurrently served pipelined TCP queries.
    This flaw is disclosed in CVE-2019-6477. [GL #1264]"

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2 weeks agoclamav: Update to 0.102.1
Matthias Fischer [Thu, 21 Nov 2019 16:57:48 +0000 (17:57 +0100)] 
clamav: Update to 0.102.1

For details see:
https://blog.clamav.net/2019/11/clamav-01021-and-01015-patches-have.html

"Fix for the following vulnerability affecting 0.102.0 and 0.101.4 and prior:

CVE-2019-15961:
A Denial-of-Service (DoS) vulnerability may occur when scanning
a specially crafted email file as a result of excessively long scan
times. The issue is resolved by implementing several maximums in parsing
MIME messages and by optimizing use of memory allocation.

Build system fixes to build clamav-milter, to correctly link with
libxml2 when detected, and to correctly detect fanotify for on-access
scanning feature support.

Signature load time is significantly reduced by changing to a more
efficient algorithm for loading signature patterns and allocating the AC
trie. Patch courtesy of Alberto Wu.

Introduced a new configure option to statically link libjson-c with
libclamav. Static linking with libjson is highly recommended to prevent
crashes in applications that use libclamav alongside another JSON
parsing library.

Null-dereference fix in email parser when using the --gen-json metadata
option.

Fixes for Authenticode parsing and certificate signature (.crb database)
bugs."

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2 weeks agocore139: add unbound to updater
Arne Fitzenreiter [Sat, 30 Nov 2019 09:56:29 +0000 (09:56 +0000)] 
core139: add unbound to updater

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2 weeks agounbound: Update to 1.9.5
Matthias Fischer [Wed, 20 Nov 2019 16:24:01 +0000 (17:24 +0100)] 
unbound: Update to 1.9.5

For details see:
https://nlnetlabs.nl/pipermail/unbound-users/2019-November/011897.html

"This release is a fix for vulnerability CVE-2019-18934, that can cause
shell execution in ipsecmod.

Bug Fixes:
- Fix for the reported vulnerability.

The CVE number for this vulnerability is CVE-2019-18934"

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2 weeks agocore139: add captive.cgi to updater
Arne Fitzenreiter [Sat, 30 Nov 2019 09:54:14 +0000 (09:54 +0000)] 
core139: add captive.cgi to updater

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2 weeks agoBUG12245: captive portal - clients are not automatically removed
Alexander Marx [Wed, 20 Nov 2019 10:45:18 +0000 (11:45 +0100)] 
BUG12245: captive portal - clients are not automatically removed

With this patch the clients are updated and those who are expired get deleted from the hash.
In addition the table of active clients is now sorted.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2 weeks agobird: Fix path of configuration file in backup
Michael Tremer [Tue, 19 Nov 2019 15:28:22 +0000 (15:28 +0000)] 
bird: Fix path of configuration file in backup

The backup did not pack the configuration file
due to an incorrect path.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2 weeks agocore139: add pcregrep to updater
Arne Fitzenreiter [Sat, 30 Nov 2019 09:49:58 +0000 (09:49 +0000)] 
core139: add pcregrep to updater

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2 weeks agopcre: Add pcregrep to core system
Erik Kapfer [Tue, 19 Nov 2019 07:09:42 +0000 (08:09 +0100)] 
pcre: Add pcregrep to core system

Triggered by --> https://community.ipfire.org/t/pcregrep-on-ipfire/259 .

This patch adds pcregrep only from the actual package not from pcre-compat.

Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2 weeks agocore139: add updated calamaris mkreport
Arne Fitzenreiter [Sat, 30 Nov 2019 09:48:00 +0000 (09:48 +0000)] 
core139: add updated calamaris mkreport

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2 weeks agocalamaris: Bug fix for proxy reports staying empty after Core 136 upgrade
Matthias Fischer [Thu, 14 Nov 2019 18:03:46 +0000 (19:03 +0100)] 
calamaris: Bug fix for proxy reports staying empty after Core 136 upgrade

After upgrading to Core 136, 'calamaris' "Proxy reports" stayed empty.
GUI always show "No reports available".

Tested manually on console stops and throws an error:

...
root@ipfire: ~ # /usr/bin/perl /var/ipfire/proxy/calamaris/bin/mkreport
1 0 2019 8 10 2019 -d 10 -P 30 -t 10 -D 2 -u -r -1 -R 100 -s
Can't use 'defined(%hash)' (Maybe you should just omit the defined()?)
at /var/ipfire/proxy/calamaris/bin/calamaris line 2609.
...

Line 2609 was changed and reports are built again.

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2 weeks agopython: update to 2.7.17
Arne Fitzenreiter [Thu, 28 Nov 2019 17:41:18 +0000 (18:41 +0100)] 
python: update to 2.7.17

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 weeks agokernel: fix x86_64 rootfile
Arne Fitzenreiter [Fri, 15 Nov 2019 15:29:42 +0000 (16:29 +0100)] 
kernel: fix x86_64 rootfile

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 weeks agoset core to 139 and pakfire to 138
Arne Fitzenreiter [Fri, 15 Nov 2019 15:28:02 +0000 (16:28 +0100)] 
set core to 139 and pakfire to 138

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 weeks agocore138: insert emergency core update for new intel vulnarabilities. core138 v2.23-core138
Arne Fitzenreiter [Fri, 15 Nov 2019 06:10:37 +0000 (06:10 +0000)] 
core138: insert emergency core update for new intel vulnarabilities.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 weeks agointel-microcode: update to 20191112
Peter Müller [Wed, 13 Nov 2019 19:18:00 +0000 (19:18 +0000)] 
intel-microcode: update to 20191112

For release notes, refer to:
- https://blogs.intel.com/technology/2019/11/ipas-november-2019-intel-platform-update-ipu/
- https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20191112

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 weeks agokernel: update to 4.14.154
Arne Fitzenreiter [Thu, 14 Nov 2019 21:12:12 +0000 (22:12 +0100)] 
kernel: update to 4.14.154

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 weeks agovulnearabilities.cgi: add tsx async abort and itlb_multihit
Arne Fitzenreiter [Thu, 14 Nov 2019 21:10:04 +0000 (22:10 +0100)] 
vulnearabilities.cgi: add tsx async abort and itlb_multihit

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 weeks agoMerge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next
Arne Fitzenreiter [Thu, 14 Nov 2019 21:13:23 +0000 (22:13 +0100)] 
Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next

4 weeks agokernel: update to 4.14.154
Arne Fitzenreiter [Thu, 14 Nov 2019 21:12:12 +0000 (22:12 +0100)] 
kernel: update to 4.14.154

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 weeks agovulnearabilities.cgi: add tsx async abort and itlb_multihit
Arne Fitzenreiter [Thu, 14 Nov 2019 21:10:04 +0000 (22:10 +0100)] 
vulnearabilities.cgi: add tsx async abort and itlb_multihit

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 weeks agorename core138 -> core139 to insert a emergency core update
Arne Fitzenreiter [Thu, 14 Nov 2019 17:28:38 +0000 (17:28 +0000)] 
rename core138 -> core139 to insert a emergency core update

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 weeks agointel-microcode: fix rootfile
Arne Fitzenreiter [Thu, 14 Nov 2019 01:55:46 +0000 (01:55 +0000)] 
intel-microcode: fix rootfile

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 weeks agorename core138 -> core139 to insert a emergency core update
Arne Fitzenreiter [Thu, 14 Nov 2019 17:28:38 +0000 (17:28 +0000)] 
rename core138 -> core139 to insert a emergency core update

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 weeks agocore138: fix rootfile
Arne Fitzenreiter [Thu, 14 Nov 2019 02:42:54 +0000 (02:42 +0000)] 
core138: fix rootfile

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 weeks agointel-microcode: fix rootfile
Arne Fitzenreiter [Thu, 14 Nov 2019 01:55:46 +0000 (01:55 +0000)] 
intel-microcode: fix rootfile

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 weeks agobash: fix rootfile
Arne Fitzenreiter [Thu, 14 Nov 2019 01:55:09 +0000 (01:55 +0000)] 
bash: fix rootfile

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 weeks agocore138: fix intel-microcode rootfile link
Arne Fitzenreiter [Wed, 13 Nov 2019 20:08:41 +0000 (20:08 +0000)] 
core138: fix intel-microcode rootfile link

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 weeks agointel-microcode: update to 20191112
Peter Müller [Wed, 13 Nov 2019 19:18:00 +0000 (19:18 +0000)] 
intel-microcode: update to 20191112

For release notes, refer to:
- https://blogs.intel.com/technology/2019/11/ipas-november-2019-intel-platform-update-ipu/
- https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20191112

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 weeks agoqemu: remove sdl from dependency list
Arne Fitzenreiter [Wed, 13 Nov 2019 19:56:11 +0000 (19:56 +0000)] 
qemu: remove sdl from dependency list

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 weeks agoqemu: switch to xz compressed source
Arne Fitzenreiter [Wed, 13 Nov 2019 19:55:17 +0000 (19:55 +0000)] 
qemu: switch to xz compressed source

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 weeks agocore138: add bash, readline and readline-compat
Arne Fitzenreiter [Wed, 13 Nov 2019 19:45:14 +0000 (19:45 +0000)] 
core138: add bash, readline and readline-compat

4 weeks agobash: update to 5.0 (patchlevel 11)
Peter Müller [Tue, 12 Nov 2019 17:15:00 +0000 (17:15 +0000)] 
bash: update to 5.0 (patchlevel 11)

The third version of this patch also includes patches 1-11
for version 5.0, drops orphaned 4.3 patches, and fixes rootfile
mistakes reported by Arne.

Please refer to https://tiswww.case.edu/php/chet/bash/bashtop.html
for release notes.

Cc: Michael Tremer <michael.tremer@ipfire.org>
Cc: Arne Fitzenreiter <arne_f@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 weeks agoreadline: update to 8.0 (patchlevel 1)
Peter Müller [Tue, 12 Nov 2019 17:14:00 +0000 (17:14 +0000)] 
readline: update to 8.0 (patchlevel 1)

The third version of this patch fixes missing rootfile changes, drops
orphaned readline 5.2 patches (as they became obsolete due to
readline-compat changes), includes readline 8.0 upstream patch, and
keeps the for-loop in LFS file (as commented by Michael).

Cc: Michael Tremer <michael.tremer@ipfire.org>
Cc: Arne Fitzenreiter <arne_f@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 weeks agoreadline-compat: update to 6.3
peter.mueller@ipfire.org [Tue, 12 Nov 2019 15:59:00 +0000 (15:59 +0000)] 
readline-compat: update to 6.3

This is necessary as many add-ons still need readline-compat as they
cannot link against readline 8.0, yet.

Reported-by: Arne Fitzenreiter <arne_f@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 weeks agowio-1.3.2-7: fixed bug with arp client import
Stephan Feddersen [Tue, 12 Nov 2019 20:34:00 +0000 (21:34 +0100)] 
wio-1.3.2-7: fixed bug with arp client import

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 weeks agoddns: Import rename NoIP.com handle back to no-ip.com patch
Stefan Schantl [Tue, 12 Nov 2019 08:09:01 +0000 (09:09 +0100)] 
ddns: Import rename NoIP.com handle back to no-ip.com patch

This patch is required for compatiblity reasons for any existing
configurations.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 weeks agoUpdate qemu to version 4.1.0
Jonatan Schlag [Sun, 10 Nov 2019 13:03:02 +0000 (13:03 +0000)] 
Update qemu to version 4.1.0

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 weeks agoqemu: disable sdl and documentation
Jonatan Schlag [Sun, 10 Nov 2019 13:03:01 +0000 (13:03 +0000)] 
qemu: disable sdl and documentation

A newer version of qemu does not build anymore with our version of sdl. I
tried around a little bit and as I have not got a clue why we are using
sdl (spice and remote access still works)  I think we should disable it.

I disabled the generation of the documentation as well but this switch
does not seem to have any effect.

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 weeks agoLibvirt: enable lvm
Jonatan Schlag [Sun, 10 Nov 2019 13:03:00 +0000 (13:03 +0000)] 
Libvirt: enable lvm

This was requested in the forum:

https://forum.ipfire.org/viewtopic.php?f=17&t=21872&p=120243&hilit=lvm#p120243

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 weeks agoLibvirt: update to version 5.6.0
Jonatan Schlag [Sun, 10 Nov 2019 13:02:59 +0000 (13:02 +0000)] 
Libvirt: update to version 5.6.0

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 weeks agolibvirt: use a custom config file
Jonatan Schlag [Sun, 10 Nov 2019 13:02:58 +0000 (13:02 +0000)] 
libvirt: use a custom config file

The patch which adjusts the options for IPFire in the libvirtd.conf does
not apply in a newer version of libvirt. Creating this patch is harder
than to use a separate config file.

This separate config file also enables us to adjust options much faster.

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 weeks agoLibvirt: disable Wireshark
Jonatan Schlag [Sun, 10 Nov 2019 13:02:57 +0000 (13:02 +0000)] 
Libvirt: disable Wireshark

When I try to build libvirt a second-time without ./make.sh clean
between the two builds, libvirt tries to link against Wireshark and
fails.
This configure option solves the problem.

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 weeks agocore138: add squid
Arne Fitzenreiter [Wed, 13 Nov 2019 19:37:47 +0000 (19:37 +0000)] 
core138: add squid

4 weeks agosquid: Update to 4.9
Matthias Fischer [Fri, 8 Nov 2019 16:47:06 +0000 (17:47 +0100)] 
squid: Update to 4.9

For details see:
http://www.squid-cache.org/Versions/v4/changesets/

Fixes CVE-2019-12526, CVE-2019-12523, CVE-2019-18676, CVE-2019-18677, CVE-2019-18678 and
CVE-2019-18679

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 weeks agoddns: Import upstream patch for NoIP.com
Stefan Schantl [Tue, 5 Nov 2019 18:23:41 +0000 (19:23 +0100)] 
ddns: Import upstream patch for NoIP.com

Reference: #11561.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 weeks agocore138: add ddns
Arne Fitzenreiter [Wed, 13 Nov 2019 19:33:53 +0000 (19:33 +0000)] 
core138: add ddns

4 weeks agocore138: add logwatch
Arne Fitzenreiter [Wed, 13 Nov 2019 19:33:31 +0000 (19:33 +0000)] 
core138: add logwatch

4 weeks agoddns: Update to 012
Stefan Schantl [Tue, 5 Nov 2019 09:37:44 +0000 (10:37 +0100)] 
ddns: Update to 012

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 weeks agocore138: add suricata changes
Arne Fitzenreiter [Wed, 13 Nov 2019 19:20:17 +0000 (19:20 +0000)] 
core138: add suricata changes

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 weeks agosuricata: Use DNS_SERVERS declaration from external file.
Stefan Schantl [Tue, 5 Nov 2019 09:32:02 +0000 (10:32 +0100)] 
suricata: Use DNS_SERVERS declaration from external file.

These settings now will be read from
/var/ipfire/suricata/suricata-dns-servers.yaml, which will be
generated by the generate_dns_servers_file() function, located in
ids-functions.pl and called by various scripts.

Fixes #12166.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 weeks agored.up: Generate Suricata DNS servers file on reconnect.
Stefan Schantl [Tue, 5 Nov 2019 09:32:01 +0000 (10:32 +0100)] 
red.up: Generate Suricata DNS servers file on reconnect.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 weeks agoconvert-snort: Generate DNS servers file.
Stefan Schantl [Tue, 5 Nov 2019 09:32:00 +0000 (10:32 +0100)] 
convert-snort: Generate DNS servers file.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 weeks agoids.cgi: Generate and store the DNS server configuration.
Stefan Schantl [Tue, 5 Nov 2019 09:31:59 +0000 (10:31 +0100)] 
ids.cgi: Generate and store the DNS server configuration.

This will be done by the recently added generate_dns_servers_file()
function from ids-functions.pl.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 weeks agoids-functions.pl: Introduce generate_dns_servers_file()
Stefan Schantl [Tue, 5 Nov 2019 09:31:58 +0000 (10:31 +0100)] 
ids-functions.pl: Introduce generate_dns_servers_file()

This function is used to generate a yaml file which take care of the
current used DNS configuration and should be included in the main
suricata config file.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 weeks agologwatch: Update to 7.5.2
Matthias Fischer [Tue, 5 Nov 2019 08:07:46 +0000 (09:07 +0100)] 
logwatch: Update to 7.5.2

For details see:
https://build.opensuse.org/package/view_file/server:monitoring/logwatch/ChangeLog?expand=1

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 weeks agoApache: deny framing of WebUI from different origins
peter.mueller@ipfire.org [Mon, 4 Nov 2019 18:53:00 +0000 (18:53 +0000)] 
Apache: deny framing of WebUI from different origins

There is no legitimate reason to do this. Setting header X-Frame-Options
to "sameorigin" is necessary for displaying some collectd graphs on the
WebUI.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 weeks agocore138: add ipfire-interface.conf
Arne Fitzenreiter [Wed, 13 Nov 2019 19:10:03 +0000 (19:10 +0000)] 
core138: add ipfire-interface.conf

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 weeks agoApache: prevent Referrer leaks via WebUI
peter.mueller@ipfire.org [Mon, 4 Nov 2019 18:52:00 +0000 (18:52 +0000)] 
Apache: prevent Referrer leaks via WebUI

By default, even modern browsers sent the URL of ther originating
site to another one when accessing hyperlinks. This is an information
leak and may expose internal details (such as FQDN or IP address)
of an IPFire installation to a third party.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 weeks agocore138: add ipfire-interface-ssl.conf
Arne Fitzenreiter [Wed, 13 Nov 2019 19:08:02 +0000 (19:08 +0000)] 
core138: add ipfire-interface-ssl.conf

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 weeks agoApache: drop CBC ciphers for WebUI
peter.mueller@ipfire.org [Mon, 4 Nov 2019 18:35:00 +0000 (18:35 +0000)] 
Apache: drop CBC ciphers for WebUI

CBC ciphers contain some known vulnerabilities and should not be used
anymore. While dropping them for OpenSSL clients or public web servers
still causes interoperability problems with legacy setups, they can
be safely removed from IPFire's administrative UI.

This patch changes the used cipersuite to:

TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any      Au=any  Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_256_GCM_SHA384  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(256) Mac=AEAD
TLS_AES_128_GCM_SHA256  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(128) Mac=AEAD
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(128) Mac=AEAD

Since TLS 1.3 ciphers will be added automatically by OpenSSL, mentioning
them in "SSLCipherSuite" is unnecessary. ECDSA is preferred over RSA for
performance reasons.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 weeks agocore138: add openssl
Arne Fitzenreiter [Wed, 13 Nov 2019 19:04:48 +0000 (19:04 +0000)] 
core138: add openssl

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 weeks agoOpenSSL: drop preferring of Chacha20/Poly1305 over AES-GCM
peter.mueller@ipfire.org [Mon, 4 Nov 2019 18:24:00 +0000 (18:24 +0000)] 
OpenSSL: drop preferring of Chacha20/Poly1305 over AES-GCM

As hardware acceleration for AES is emerging (Fireinfo indicates
30.98% of reporting installations support this, compared to
28.22% in summer), there is no more reason to manually prefer
Chacha20/Poly1305 over it.

Further, overall performance is expected to increase as server
CPUs usually come with AES-NI today, where Chacha/Poly would
be an unnecessary bottleneck. Small systems without AES-NI,
however, compute Chacha/Poly measurable, but not significantly faster,
so there only was a small advantage of this.

This patch changes the OpenSSL default ciphersuite to:

TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any      Au=any  Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_256_GCM_SHA384  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(256) Mac=AEAD
TLS_AES_128_GCM_SHA256  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(128) Mac=AEAD
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA384
ECDHE-ECDSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=Camellia(256) Mac=SHA384
ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA384
ECDHE-RSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=Camellia(256) Mac=SHA384
ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA256
ECDHE-ECDSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=Camellia(128) Mac=SHA256
ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA256
ECDHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=Camellia(128) Mac=SHA256
DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(256) Mac=AEAD
DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH       Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD
DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES256-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA256
DHE-RSA-CAMELLIA256-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=Camellia(256) Mac=SHA256
DHE-RSA-AES128-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA256
DHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=Camellia(128) Mac=SHA256
ECDHE-ECDSA-AES256-SHA  TLSv1 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA1
ECDHE-ECDSA-AES128-SHA  TLSv1 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA1
ECDHE-RSA-AES256-SHA    TLSv1 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA1
ECDHE-RSA-AES128-SHA    TLSv1 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA1
DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH       Au=RSA  Enc=Camellia(256) Mac=SHA1
DHE-RSA-AES128-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA1
DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH       Au=RSA  Enc=Camellia(128) Mac=SHA1
AES256-GCM-SHA384       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(256) Mac=AEAD
AES128-GCM-SHA256       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(128) Mac=AEAD
AES256-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA256
CAMELLIA256-SHA256      TLSv1.2 Kx=RSA      Au=RSA  Enc=Camellia(256) Mac=SHA256
AES128-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA256
CAMELLIA128-SHA256      TLSv1.2 Kx=RSA      Au=RSA  Enc=Camellia(128) Mac=SHA256
AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
CAMELLIA256-SHA         SSLv3 Kx=RSA      Au=RSA  Enc=Camellia(256) Mac=SHA1
AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1
CAMELLIA128-SHA         SSLv3 Kx=RSA      Au=RSA  Enc=Camellia(128) Mac=SHA1

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 weeks agocore138: add ovpnmain.cgi
Arne Fitzenreiter [Wed, 13 Nov 2019 18:55:53 +0000 (18:55 +0000)] 
core138: add ovpnmain.cgi

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 weeks agoOpenVPN: Fix max-clients option
Erik Kapfer [Mon, 4 Nov 2019 14:52:26 +0000 (15:52 +0100)] 
OpenVPN: Fix max-clients option

Fix: Triggered by https://forum.ipfire.org/viewtopic.php?f=16&t=23551

Since the 'DHCP_WINS' cgiparam has been set for the max-client directive, changes in the WUI has not been adapted to server.conf.

Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 weeks agocore138: add unbound initscript
Arne Fitzenreiter [Wed, 13 Nov 2019 18:54:28 +0000 (18:54 +0000)] 
core138: add unbound initscript

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 weeks agounbound: Fix whitespace error in initscript
Michael Tremer [Mon, 4 Nov 2019 12:02:46 +0000 (12:02 +0000)] 
unbound: Fix whitespace error in initscript

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 weeks agocore138: add openvpn
Arne Fitzenreiter [Wed, 13 Nov 2019 18:52:15 +0000 (18:52 +0000)] 
core138: add openvpn

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 weeks agoOpenVPN: Update to version 2.4.8
Erik Kapfer [Fri, 1 Nov 2019 13:33:06 +0000 (14:33 +0100)] 
OpenVPN: Update to version 2.4.8

This is primarily a maintenance release with bugfixes and improvements. All changes can be overviewed in here -->
https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24 .

Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 weeks agocore138: add init.d/functions
Arne Fitzenreiter [Wed, 13 Nov 2019 18:50:07 +0000 (18:50 +0000)] 
core138: add init.d/functions

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 weeks agoinitscripts: Tell users to report bugs on Bugzilla
Michael Tremer [Thu, 31 Oct 2019 18:09:05 +0000 (18:09 +0000)] 
initscripts: Tell users to report bugs on Bugzilla

I have been receiving a couple of emails recently directed
at info@ipfire.org with bug reports when a system did not
boot up or shut down properly.

This is obviously not the right way to report bugs, but
we are telling our users to do so.

This patch changes this to report bugs to Bugzilla like
it should be.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>