]> git.ipfire.org Git - ipfire-2.x.git/log
ipfire-2.x.git
2 weeks agolinux-firmware: ship needed config txt files. master
Arne Fitzenreiter [Tue, 26 Nov 2024 11:02:50 +0000 (12:02 +0100)] 
linux-firmware: ship needed config txt files.

these files are parsed by the kernel at firmware load and are needed!
don't remove it again.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2 weeks agokernel: update to 6.6.63
Arne Fitzenreiter [Mon, 25 Nov 2024 17:32:27 +0000 (18:32 +0100)] 
kernel: update to 6.6.63

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 weeks agokernel: rootfile update aarch64
Arne Fitzenreiter [Wed, 20 Nov 2024 14:51:39 +0000 (15:51 +0100)] 
kernel: rootfile update aarch64

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 weeks agokernel: rebase aarch64 patchset and add nanopi r2s plus oc devicetree
Arne Fitzenreiter [Wed, 20 Nov 2024 08:47:59 +0000 (09:47 +0100)] 
kernel: rebase aarch64 patchset and add nanopi r2s plus oc devicetree

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 weeks agotransmission: add minipnpc as dependency
Arne Fitzenreiter [Tue, 19 Nov 2024 19:32:47 +0000 (20:32 +0100)] 
transmission: add minipnpc as dependency

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 weeks agominiupnpc: change to addon pak
Arne Fitzenreiter [Tue, 19 Nov 2024 19:27:42 +0000 (20:27 +0100)] 
miniupnpc: change to addon pak

transmission need the lib at runtime.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 weeks agokernel: update to 6.6.62
Arne Fitzenreiter [Tue, 19 Nov 2024 18:19:28 +0000 (19:19 +0100)] 
kernel: update to 6.6.62

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 weeks agocollectd: fix errormessage on fresh installations
Arne Fitzenreiter [Sat, 9 Nov 2024 08:46:53 +0000 (09:46 +0100)] 
collectd: fix errormessage on fresh installations

the /etc/collectd.d/ folder must have at least one file in it
so this add an file with a comment that custom configs should placed
there.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 weeks agokernel: update to 6.6.60
Arne Fitzenreiter [Sat, 9 Nov 2024 08:46:24 +0000 (09:46 +0100)] 
kernel: update to 6.6.60

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 weeks agonetworking/red: remove leftover debugging messages.
Arne Fitzenreiter [Fri, 8 Nov 2024 17:49:52 +0000 (18:49 +0100)] 
networking/red: remove leftover debugging messages.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
5 weeks agohostapd: fix start/stop buttons
Arne Fitzenreiter [Wed, 6 Nov 2024 10:49:11 +0000 (11:49 +0100)] 
hostapd: fix start/stop buttons

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
5 weeks agonetwork-functions: fix add newline in $wireless_status
Arne Fitzenreiter [Tue, 5 Nov 2024 16:48:17 +0000 (17:48 +0100)] 
network-functions: fix add newline in $wireless_status

with the other syntax perl suggest this change.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
5 weeks agocore190: ship intel-microcode
Arne Fitzenreiter [Tue, 5 Nov 2024 13:34:35 +0000 (14:34 +0100)] 
core190: ship intel-microcode

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
5 weeks agointel-microcode: Update to version 20241029
Adolf Belka [Wed, 30 Oct 2024 13:28:38 +0000 (14:28 +0100)] 
intel-microcode: Update to version 20241029

- Update from version 20240910 to 20241029
- Update of rootfile not required
- Changelog
    20241029
Update for functional issues. Refer to 14th/13th Generation Intel® Core™
 Processor Specification Update for details at
 https://cdrdv2.intel.com/v1/dl/getContent/740518
Updated Platforms
 Processor   Stepping  F-M-S/PI     Old Ver   New Ver   Products
 RPL-E/HX/S  B0        06-b7-01/32  00000129  0000012b  Core Gen13/Gen14

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
5 weeks agosuricata: Explicitly ignore IPsec traffic unless enabled
Michael Tremer [Mon, 21 Oct 2024 17:03:06 +0000 (17:03 +0000)] 
suricata: Explicitly ignore IPsec traffic unless enabled

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
5 weeks agocore190: ship bind
Arne Fitzenreiter [Tue, 5 Nov 2024 08:19:23 +0000 (09:19 +0100)] 
core190: ship bind

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
5 weeks agobind: Update to 9.20.3
Matthias Fischer [Fri, 18 Oct 2024 16:46:18 +0000 (18:46 +0200)] 
bind: Update to 9.20.3

For details see:
https://downloads.isc.org/isc/bind9/9.20.3/doc/arm/html/notes.html#notes-for-bind-9-20-3

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
5 weeks agounbound: Update to 1.22.0
Matthias Fischer [Fri, 18 Oct 2024 16:37:22 +0000 (18:37 +0200)] 
unbound: Update to 1.22.0

For details see:
https://nlnetlabs.nl/projects/unbound/download/#unbound-1-22-0

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
5 weeks agocore190: ship unbound-dhcp-leases-bridge
Arne Fitzenreiter [Tue, 5 Nov 2024 08:13:56 +0000 (09:13 +0100)] 
core190: ship unbound-dhcp-leases-bridge

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
5 weeks agounbound-dhcp-leases-bridge: Fix expiry check on leases
Michael Tremer [Mon, 21 Oct 2024 16:38:49 +0000 (16:38 +0000)] 
unbound-dhcp-leases-bridge: Fix expiry check on leases

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
5 weeks agounbound-dhcp-leases-bridge: Don't overwrite static leases
Michael Tremer [Mon, 21 Oct 2024 16:38:48 +0000 (16:38 +0000)] 
unbound-dhcp-leases-bridge: Don't overwrite static leases

When we import all static leases, their remark will be used as hostname
(because WTF?) and might be overwritten if the device is not sending any
or even the same hostname.

This patch avoids that static leases will be modified.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
5 weeks agounbound-dhcp-leases-bridge: Fix typo
Michael Tremer [Mon, 21 Oct 2024 16:38:47 +0000 (16:38 +0000)] 
unbound-dhcp-leases-bridge: Fix typo

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
5 weeks agounbound-dhcp-leases-bridge: Don't export expired leases to Unbound
Michael Tremer [Mon, 21 Oct 2024 16:38:46 +0000 (16:38 +0000)] 
unbound-dhcp-leases-bridge: Don't export expired leases to Unbound

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
5 weeks agocore190: ship dhcp client changes
Arne Fitzenreiter [Tue, 5 Nov 2024 08:10:01 +0000 (09:10 +0100)] 
core190: ship dhcp client changes

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
5 weeks agonetworking: Allow changing DHCP Option Rapid Commit
Michael Tremer [Wed, 16 Oct 2024 10:47:17 +0000 (10:47 +0000)] 
networking: Allow changing DHCP Option Rapid Commit

This option needs to be configurable since some (braindead) ISPs have
started running broken DHCP servers to be bug-compatible with cheap
broken plastic routers.

By default we keep this option enabled, but it can now be turned off
whenever needed.

Suggested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
5 weeks agocore190: ship files with fixed chown syntax
Arne Fitzenreiter [Tue, 5 Nov 2024 07:57:59 +0000 (08:57 +0100)] 
core190: ship files with fixed chown syntax

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
5 weeks agochown: Replace . with : on all shipped scripts
Michael Tremer [Thu, 17 Oct 2024 14:54:16 +0000 (14:54 +0000)] 
chown: Replace . with : on all shipped scripts

I don't like this messy bootup screen that we have with all sorts of
warnings that actually don't cause any problems, but make the boot
messy and send the wrong message to users.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
5 weeks agocore190: ship network-hotplug-bridges
Arne Fitzenreiter [Tue, 5 Nov 2024 07:50:01 +0000 (08:50 +0100)] 
core190: ship network-hotplug-bridges

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
5 weeks agoudev: network-hotplug-bridges: Silence a warning when interfaces have gone away
Michael Tremer [Thu, 17 Oct 2024 14:54:15 +0000 (14:54 +0000)] 
udev: network-hotplug-bridges: Silence a warning when interfaces have gone away

It can happen that udev has an event for an interface in the queue that
has already gone away - or even just being renamed.

Then reading the MAC address fails. Because the shell expands the
"$(<...)" statement before running the whole line, the read check is
useless.

Because the code would get too complicated otherwise, I decided to use
cat. Not cool, but this does the job.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
5 weeks agowlanap.cgi: Use the correct array to fetch the current interface
Michael Tremer [Thu, 17 Oct 2024 14:54:14 +0000 (14:54 +0000)] 
wlanap.cgi: Use the correct array to fetch the current interface

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
5 weeks agohostapd: Enable logging to syslog
Michael Tremer [Thu, 17 Oct 2024 14:54:13 +0000 (14:54 +0000)] 
hostapd: Enable logging to syslog

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
5 weeks agokernel: update to 6.6.59
Arne Fitzenreiter [Mon, 4 Nov 2024 17:00:11 +0000 (18:00 +0100)] 
kernel: update to 6.6.59

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
6 weeks agogdb: rootfile update
Arne Fitzenreiter [Tue, 29 Oct 2024 12:03:16 +0000 (13:03 +0100)] 
gdb: rootfile update

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
6 weeks agoConfig: add ROOTFILE_APPEND variable to select rootfile
Arne Fitzenreiter [Sun, 27 Oct 2024 12:47:57 +0000 (13:47 +0100)] 
Config: add ROOTFILE_APPEND variable to select rootfile

also gcc on riscv64 has to different rootfile at build so make
the selection of an additional rootfile univarsal.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
6 weeks agokernel: fix riscv64 rootfile
Arne Fitzenreiter [Sun, 27 Oct 2024 08:48:23 +0000 (09:48 +0100)] 
kernel: fix riscv64 rootfile

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
6 weeks agokernel: update riscv64 config and rootfile
Arne Fitzenreiter [Sat, 26 Oct 2024 08:06:12 +0000 (10:06 +0200)] 
kernel: update riscv64 config and rootfile

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
6 weeks agogdb: update rootfile
Arne Fitzenreiter [Sat, 26 Oct 2024 08:01:08 +0000 (10:01 +0200)] 
gdb: update rootfile

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
6 weeks agoruby: make rootfile arch independend
Arne Fitzenreiter [Sat, 26 Oct 2024 07:54:31 +0000 (09:54 +0200)] 
ruby: make rootfile arch independend

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
6 weeks agogdb: update aarch64 rootfile
Arne Fitzenreiter [Thu, 24 Oct 2024 06:22:54 +0000 (08:22 +0200)] 
gdb: update aarch64 rootfile

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
6 weeks agokernel: update to 6.6.58
Arne Fitzenreiter [Thu, 24 Oct 2024 06:22:21 +0000 (08:22 +0200)] 
kernel: update to 6.6.58

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
6 weeks agocdrom: add serial console to uEFI menu
Arne Fitzenreiter [Thu, 24 Oct 2024 06:20:17 +0000 (08:20 +0200)] 
cdrom: add serial console to uEFI menu

this is only needed on systems that support both video out and serial
console to force serial.

6 weeks agoflash-images: move sleep 1 to a better place
Arne Fitzenreiter [Thu, 24 Oct 2024 06:18:07 +0000 (08:18 +0200)] 
flash-images: move sleep 1 to a better place

kpartx trigger the automount feature of some desktop environments
which result in a mounted filesystem if it was created to fast after
kpartx.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
7 weeks agoflash-images: add sleep 1 after umount the images
Arne Fitzenreiter [Wed, 16 Oct 2024 19:37:19 +0000 (21:37 +0200)] 
flash-images: add sleep 1 after umount the images

sometime zerofree will not able to write without this delay.
I have no idea why?

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
7 weeks agovdr: update to version 2.6.9
Arne Fitzenreiter [Wed, 16 Oct 2024 19:35:00 +0000 (21:35 +0200)] 
vdr: update to version 2.6.9

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
7 weeks agolfs/Config: fix used rootfile for linux headers
Arne Fitzenreiter [Wed, 16 Oct 2024 19:33:58 +0000 (21:33 +0200)] 
lfs/Config: fix used rootfile for linux headers

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
7 weeks agonmap: rootfile update
Arne Fitzenreiter [Wed, 16 Oct 2024 19:32:40 +0000 (21:32 +0200)] 
nmap: rootfile update

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
7 weeks agofreeradius: update rootfile and increment PAK_VER
Arne Fitzenreiter [Wed, 16 Oct 2024 19:30:32 +0000 (21:30 +0200)] 
freeradius: update rootfile and increment PAK_VER

new package is needed because a lib was not shipped with v21

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
7 weeks agowhatmask: update rootfile
Arne Fitzenreiter [Wed, 16 Oct 2024 19:29:15 +0000 (21:29 +0200)] 
whatmask: update rootfile

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
7 weeks agopkg-config: update rootfile
Arne Fitzenreiter [Wed, 16 Oct 2024 19:28:27 +0000 (21:28 +0200)] 
pkg-config: update rootfile
:
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
7 weeks agoperl-MIME-Tools: update rootfile
Arne Fitzenreiter [Wed, 16 Oct 2024 19:27:34 +0000 (21:27 +0200)] 
perl-MIME-Tools: update rootfile

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
7 weeks agoperl-Archive-Zip: update rootfile
Arne Fitzenreiter [Wed, 16 Oct 2024 19:26:16 +0000 (21:26 +0200)] 
perl-Archive-Zip: update rootfile

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
7 weeks agoautoconf-archive: update rootfile
Arne Fitzenreiter [Wed, 16 Oct 2024 19:25:17 +0000 (21:25 +0200)] 
autoconf-archive: update rootfile

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
7 weeks agocmake: update rootfile
Arne Fitzenreiter [Wed, 16 Oct 2024 19:24:16 +0000 (21:24 +0200)] 
cmake: update rootfile

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
8 weeks agomake.sh: Check for changes in logs
Michael Tremer [Wed, 16 Oct 2024 16:40:50 +0000 (16:40 +0000)] 
make.sh: Check for changes in logs

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
8 weeks agodhcpcd: Update to version 10.1.0
Adolf Belka [Tue, 15 Oct 2024 07:35:22 +0000 (09:35 +0200)] 
dhcpcd: Update to version 10.1.0

- Update from version 10.0.10 to 10.1.0
- Update of rootfile not required
- Changelog
    10.1.0
Bug Fixes
dhcp: get_option_uint32/16 only accept options with correct len by
 @taoyl-g in #357
Include frame header in buffer length by @acst1223 in #371
For full changelog see commits delta in
 https://github.com/NetworkConfiguration/dhcpcd/compare/v10.0.10...v10.1.0

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
8 weeks agosquid: Update to 6.12
Matthias Fischer [Sat, 12 Oct 2024 15:48:43 +0000 (17:48 +0200)] 
squid: Update to 6.12

For details see:
https://github.com/squid-cache/squid/commits/v6

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
8 weeks agomonit: Update to 5.34.2
Matthias Fischer [Sat, 12 Oct 2024 15:46:12 +0000 (17:46 +0200)] 
monit: Update to 5.34.2

For details see:
https://mmonit.com/monit/changes/

"Fixed: The network protocol test may occasionally fail with a
"Poll failed: Interrupted system call" error."

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
8 weeks agomake.sh: Avoid finding non-existant rootfiles
Michael Tremer [Mon, 14 Oct 2024 09:02:37 +0000 (09:02 +0000)] 
make.sh: Avoid finding non-existant rootfiles

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
8 weeks agokernel: Enable IO uring
Michael Tremer [Mon, 14 Oct 2024 09:00:21 +0000 (09:00 +0000)] 
kernel: Enable IO uring

This is a feature more and more tools start using now and will help to
keep performance of the OS up.

This was enabled on riscv64 already.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
8 weeks agotshark: Update to version 4.4.1
Adolf Belka [Thu, 10 Oct 2024 16:01:11 +0000 (18:01 +0200)] 
tshark: Update to version 4.4.1

- Update from version 4.2.7 to 4.4.1
- The 4.4.x series is the new Stable Release replascing the 4.2.x series which becomes
   the Old Stable Release.
- There is an sobump so find-dependencies was run for the three libraries with changes
   but all linked programs are within tshark.
- Changelog is too large to include here. Links provided
    4.4.1
https://www.wireshark.org/docs/relnotes/wireshark-4.4.1.html
    4.4.0
https://www.wireshark.org/docs/relnotes/wireshark-4.4.0.html

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
8 weeks agomake.sh: Show rootfiles that contain some architecture
Michael Tremer [Sat, 12 Oct 2024 09:34:45 +0000 (09:34 +0000)] 
make.sh: Show rootfiles that contain some architecture

Previously, make.sh just failed but did not explain why it was unhappy.

This patch adds a message which rootfiles contain which architecture.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agomympd: update to 18.0.0
Arne Fitzenreiter [Fri, 11 Oct 2024 11:30:13 +0000 (13:30 +0200)] 
mympd: update to 18.0.0

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2 months agokernel: update to 6.6.56
Arne Fitzenreiter [Fri, 11 Oct 2024 11:17:53 +0000 (13:17 +0200)] 
kernel: update to 6.6.56

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2 months agortl8812au: add missing rootfile.
Arne Fitzenreiter [Fri, 11 Oct 2024 11:12:17 +0000 (13:12 +0200)] 
rtl8812au: add missing rootfile.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2 months agomonit: Update to 5.34.1
Matthias Fischer [Wed, 9 Oct 2024 12:42:00 +0000 (14:42 +0200)] 
monit: Update to 5.34.1

For details see:
https://mmonit.com/monit/changes/

"Fixed: The check program now avoids leaving zombie processes between cycles."

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agolcdproc: removal as discussed in Conf call 7th Oct
Adolf Belka [Tue, 8 Oct 2024 21:34:26 +0000 (23:34 +0200)] 
lcdproc: removal as discussed in Conf call 7th Oct

- removal of lfs, rootfile and config files
- backup includes file is also removed, althouigh it was an empty file, so not backing
   anything up.

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agompfire: removal as discussed in Conf call 7th Oct
Adolf Belka [Tue, 8 Oct 2024 16:45:59 +0000 (18:45 +0200)] 
mpfire: removal as discussed in Conf call 7th Oct

- removal of lfs, rootfile, backup, paks, misc-progs, mpfire perl, language file
   content, mpfire.cgi, mpfire menu references and files, mpfire specific image,
   web-user-interface references and references in manualpages.

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agocore190: Ship ppp
Michael Tremer [Wed, 9 Oct 2024 18:25:33 +0000 (18:25 +0000)] 
core190: Ship ppp

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agoppp: Update to version 2.5.1
Adolf Belka [Tue, 8 Oct 2024 12:24:24 +0000 (14:24 +0200)] 
ppp: Update to version 2.5.1

- Update from version commit e1266c7 to 2.5.1
- Version 2.5.1 has around 34 additional commits from e1266c7. To me all look minor
   changes, some related to other system types such as Solaris that we don't use.
- Update of rootfile
- They have added example to the configuration files to prevent accidental overwriting
   of configuration systems.
- Changelog - There is no longer any changelog provided. Even the one that used to
   exist for version 2.5.0 has been removed. The only option now is to look through the
   commits - https://github.com/ppp-project/ppp/commits/master/?before=d5aeec65752d4a9b3bb46771d0b221c4a4a6539e+35
- Some of the patches had to be updated as the changes were enough that some hunks did
   not get found for patching. Patch file number 6 has been removed as the sed lines are
   no longer to be found in the configure file. The other files that patched successfully
   were renamed to 2.5.1

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agoMerge branch 'master' into next
Michael Tremer [Tue, 8 Oct 2024 08:48:14 +0000 (08:48 +0000)] 
Merge branch 'master' into next

2 months agohostapd: update to git 64d60bb4 core189 v2.29-core189
Arne Fitzenreiter [Sun, 29 Sep 2024 16:03:58 +0000 (18:03 +0200)] 
hostapd: update to git 64d60bb4

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agowlanap.cgi: Fix copying configuration
Michael Tremer [Fri, 20 Sep 2024 12:12:07 +0000 (14:12 +0200)] 
wlanap.cgi: Fix copying configuration

This allows to uncheck checkboxes again.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agowlanap.cgi: Change broadcast SSID to hide SSID
Michael Tremer [Fri, 20 Sep 2024 11:55:40 +0000 (13:55 +0200)] 
wlanap.cgi: Change broadcast SSID to hide SSID

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agowlanap.cgi: Default to channel 0 for ACS
Michael Tremer [Fri, 20 Sep 2024 11:19:10 +0000 (13:19 +0200)] 
wlanap.cgi: Default to channel 0 for ACS

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agowlanap.cgi: Enable Neighbourhood Scan by default
Michael Tremer [Fri, 20 Sep 2024 11:17:59 +0000 (13:17 +0200)] 
wlanap.cgi: Enable Neighbourhood Scan by default

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agowlanap.cgi: Don't try to show status if there is no interface
Michael Tremer [Fri, 20 Sep 2024 11:16:44 +0000 (13:16 +0200)] 
wlanap.cgi: Don't try to show status if there is no interface

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agowlanap.cgi: Correctly show broadcast SSID status
Michael Tremer [Fri, 20 Sep 2024 11:13:41 +0000 (13:13 +0200)] 
wlanap.cgi: Correctly show broadcast SSID status

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agowlanap.cgi: Disable generating Perl warnings
Michael Tremer [Fri, 20 Sep 2024 10:30:03 +0000 (11:30 +0100)] 
wlanap.cgi: Disable generating Perl warnings

Reported-by: Waynie <waynet@ucpix.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agocore189: Ship rules.pl
Michael Tremer [Tue, 8 Oct 2024 08:43:39 +0000 (08:43 +0000)] 
core189: Ship rules.pl

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agofirewall: Flush SYN_FLOOD_PROTECTION
Michael Tremer [Mon, 7 Oct 2024 09:13:12 +0000 (09:13 +0000)] 
firewall: Flush SYN_FLOOD_PROTECTION

This chain was not flushed when the firewall was being reloaded which
made any ports appear as open when rules have been disabled or deleted.

This has no security implications, but nevertheless isn't right.

Reported-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agocore190: Ship ncat again (just to be sure)
Michael Tremer [Mon, 7 Oct 2024 10:24:09 +0000 (10:24 +0000)] 
core190: Ship ncat again (just to be sure)

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agoMerge branch 'master' into next
Michael Tremer [Mon, 7 Oct 2024 10:23:22 +0000 (10:23 +0000)] 
Merge branch 'master' into next

2 months agocore189: Ship ncat
Michael Tremer [Mon, 7 Oct 2024 10:22:33 +0000 (10:22 +0000)] 
core189: Ship ncat

This is required for the new Unbound/DHCP Leases bridge to work.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agoncat: Make this package part of the core system
Michael Tremer [Mon, 7 Oct 2024 10:18:57 +0000 (10:18 +0000)] 
ncat: Make this package part of the core system

The nc command is required for the Unbound/DHCP leases bridge.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agocore190: Ship Unbound again
Michael Tremer [Mon, 7 Oct 2024 09:15:40 +0000 (09:15 +0000)] 
core190: Ship Unbound again

This was a late addition to c189

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agoMerge branch 'master' into next
Michael Tremer [Mon, 7 Oct 2024 09:15:04 +0000 (09:15 +0000)] 
Merge branch 'master' into next

2 months agocore190: Ship rules.pl
Michael Tremer [Mon, 7 Oct 2024 09:14:37 +0000 (09:14 +0000)] 
core190: Ship rules.pl

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agofirewall: Flush SYN_FLOOD_PROTECTION
Michael Tremer [Mon, 7 Oct 2024 09:13:12 +0000 (09:13 +0000)] 
firewall: Flush SYN_FLOOD_PROTECTION

This chain was not flushed when the firewall was being reloaded which
made any ports appear as open when rules have been disabled or deleted.

This has no security implications, but nevertheless isn't right.

Reported-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agocore189: Ship and restart Unbound
Michael Tremer [Fri, 4 Oct 2024 11:46:22 +0000 (11:46 +0000)] 
core189: Ship and restart Unbound

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agounbound: Update to 1.21.1
Matthias Fischer [Fri, 4 Oct 2024 08:41:17 +0000 (10:41 +0200)] 
unbound: Update to 1.21.1

For details see:
https://nlnetlabs.nl/projects/unbound/download/#unbound-1-21-1

"Fix CVE-2024-8508, unbounded name compression could lead to denial of service."

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agocore190: Ship Suricata & libhtp
Michael Tremer [Wed, 2 Oct 2024 16:02:32 +0000 (16:02 +0000)] 
core190: Ship Suricata & libhtp

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agosuricata: Update to 7.0.7
Matthias Fischer [Wed, 2 Oct 2024 13:41:33 +0000 (15:41 +0200)] 
suricata: Update to 7.0.7

Exerpt from changelog:
"7.0.7 -- 2024-10-01

Security #7289: http: missing hashtable random seed leads to potential DoS(CRITICAL - CVE 2024-47188)
Security #7268: ja4: non alphanumeric characters in alpn lead to panic (7.0.x backport)(HIGH - CVE 2024-47522)
Security #7258: thash: random factor not used; possible abusive hash collisions (7.0.x backport)(CRITICAL - CVE 2024-47187)
Security #7215: defrag: off by one leads to possible evasion (7.0.x backport)(HIGH - CVE 2024-45796)
Security #7196: datasets: rule with unset makes suricata abort (7.0.x backport)(HIGH - CVE 2024-45795)
Security #7192: http: quadratic complexity in headers processing/finding (7.0.x backport)(CRITICAL - CVE 2024-45797)
Bug #7290: tls: a rule stops working since 7.0.5 (7.0.x backport)
Bug #7286: eve/tls: enabling JA4 breaks custom field selection
Bug #7276: ja3: Error: ja3: Buffer should not be NULL (7.0.x backport)
Bug #7271: pgsql: track 'progress' in tx per direction (7.0.x backport)
Bug #7265: detect/flow: ACK with data on 3whs fails to match 'flow:established' (7.0.x backport)
Bug #7257: fuzz: CIFuzz is not fuzzing PRs as it is supposed to (7.0.x backport)
Bug #7242: app-layer-protocol: negated matching false positive (7.0.x backport)
Bug #7239: tls: Invalid ja3 due to double client hello (7.0.x backport)
Bug #7225: dataset: lookup function is not working with ip type (7.0.x backport)
Bug #7214: frames: stream frame is not always the first one registered (7.0.x backport)
Bug #7207: cbindgen: comptability with newer version 0.27 (7.0.x backport)
Bug #7198: log/rfb: inconsistent key value security_result or security-result
Bug #7194: output: jb context not closed on error in EvePacket
Bug #7188: detect: dcerpc logging and matching issues (7.0.x backport)
Bug #7182: fuzz: File confyaml.c is missing (7.0.x backport)
Bug #7173: detect/integers: do not bother to free NULL pointer on setup/parse failure (7.0.x backport)
Bug #7166: profiling: rule profiling doesn't support absolute paths (7.0.x backport)
Bug #7159: tcp: 'broken ack' event set on flow timeout (7.0.x backport)
Bug #7136: util/thash: debug assertion for memuse (7.0.x backport)
Bug #7122: smb/ntlmssp: nonsense smb.ntlmssp.version values (7.0.x backport)
Bug #7116: dpdk: timestamping packets through TSC does not yield the same time as kernel time (7.0.x backport)
Bug #7066: alert/metadata: no pgsql object encapsulation (7.0.x backport)
Bug #7054: bypass: cannot bypass udp flow from first packet (7.0.x backport)
Bug #7001: pgsql: trigger raw stream reassembly (7.0.x backport)
Bug #6608: file: do not store if filestore:both,flow is triggered after the file was set to nostore (7.0.x backport)
Bug #6555: eve/alert: payload/payload_printable misrepresent data in case of overlaps (7.0.x backport)
Bug #6541: landlock: coverity warnings (7.0.x backport)
Optimization #7134: detect/snmp.version: do not free NULL pointer
Optimization #7075: dns/tcp: allow triggering raw stream reassembly (7.0.x backport)
Feature #7102: iprep: support seeing if rule is part of a rep list (7.0.x backport)
Feature #6674: detect: allow alert-then-pass logic (7.0.x backport)
Task #7249: libhtp 0.5.49 (7.0.x backport)
Task #7168: dns: make the version field in a dns object required (7.0.x backport)
Documentation #6641: doc: add tcp timeout fix to upgrade guide (7.0.x backport)"

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agolibhtp: Update to 0.5.49
Matthias Fischer [Wed, 2 Oct 2024 13:41:32 +0000 (15:41 +0200)] 
libhtp: Update to 0.5.49

For details see:
https://github.com/OISF/libhtp/releases/tag/0.5.49

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agohostapd: update to git 64d60bb4
Arne Fitzenreiter [Sun, 29 Sep 2024 16:03:58 +0000 (18:03 +0200)] 
hostapd: update to git 64d60bb4

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agoMerge branch 'master' into next
Michael Tremer [Sun, 29 Sep 2024 11:29:11 +0000 (11:29 +0000)] 
Merge branch 'master' into next

2 months agompd: fix chown syntax
Arne Fitzenreiter [Sun, 29 Sep 2024 07:44:55 +0000 (09:44 +0200)] 
mpd: fix chown syntax

this remove a warning at boot that user and group should
seperated by ":" and not by "."

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agoovpnmain.cgi: Remove using dropped &General::getlastip() function
Michael Tremer [Thu, 26 Sep 2024 20:40:04 +0000 (20:40 +0000)] 
ovpnmain.cgi: Remove using dropped &General::getlastip() function

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agodnsdist: Update to version 1.9.6
Adolf Belka [Tue, 24 Sep 2024 10:33:36 +0000 (12:33 +0200)] 
dnsdist: Update to version 1.9.6

- Update from version 1.9.4 to 1.9.6
- Tested building on riscv64 and it built without issues and rootfile is sam as for
   x86_64 & aarch64. So supported architectures has been removed and dnsdist is available
   on all three architectures.
- Update of rootfile not required
- Changelog
    1.9.6
New Features
    Add support for a callback when a new tickets key is added
     References: pull request 14449
Improvements
    Make the logging functions available to all Lua environments
     References: pull request 14438
    Handle Quiche >= 0.22.0
     References: pull request 14450
    Don’t include openssl/engine.h if it’s not going to be used (Sander Hoentjen)
     References: pull request 14452
Bug Fixes
    Dedup Prometheus help and type lines for custom metrics with labels¶
     References: #14395, pull request 14439
    Fix a race in the XSK/AF_XDP backend handling code
     References: pull request 14436
    dns.cc: use pdns::views::UnsignedCharView
     References: pull request 14437
    1.9.5
New Features
    Add a Lua FFI function to set proxy protocol values
     References: pull request 14338
    Add Lua FFI bindings to generate SVC responses
     References: pull request 14339
Bug Fixes
    Use the correct source IP for outgoing QUIC datagrams
     References: pull request 14166
    Reply to HTTP/2 PING frames immediately
     References: pull request 14163
    Log the correct amount of bytes sent for DoH w/ nghttp2
     References: pull request 14332
    Prevent a race when calling registerWebHandler at runtime
     References: pull request 14170
    Enforce a maximum number of HTTP request fields and a maximum HTTP request line size
     References: pull request 14333
    Fix a race condition with custom Lua web handlers
     References: pull request 14342
    Syslog should be enabled by default
     References: pull request 14331
    Fix a warning when compiling the unit tests without XSK¶
     References: pull request 14334
    autoconf: allow prerelease systemd versions (Chris Hofstaedtler)
     References: pull request 14335
    Edit the systemd unit file, CAP_BPF is no longer enough
     References: #14279, pull request 14336
    Fix ‘Error creating TCP worker’ error message
     References: pull request 14337

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agoheader.pl: Force browsers to reload rrdimage.js
Michael Tremer [Thu, 26 Sep 2024 14:13:10 +0000 (14:13 +0000)] 
header.pl: Force browsers to reload rrdimage.js

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agoovpnmain.cgi: Fix IP address calculation with static pools
Michael Tremer [Sun, 22 Sep 2024 14:33:03 +0000 (14:33 +0000)] 
ovpnmain.cgi: Fix IP address calculation with static pools

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>