ipfire-2.x.git
2 years agocore118: Ship update accelerator downloader
Michael Tremer [Sun, 7 Jan 2018 19:51:07 +0000 (19:51 +0000)] 
core118: Ship update accelerator downloader

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoFix bug 11567 updxlrator: don't prematurely release lock file
Justin Luth [Sat, 30 Dec 2017 06:25:50 +0000 (09:25 +0300)] 
Fix bug 11567 updxlrator: don't prematurely release lock file

With Microsoft's new style of downloading updates,
where portions of a patch are requested multiple times per second,
it has become extremely common for downloads to reach > 100%.
Due to an early unlinking of the "lock" file, there is a big window of
opportunity (between the unlink and wget actually saving some data)
for multiple download/wget threads to start, adding to the same file.
So not only is bandwidth wasted by duplicate downloads running
simultaneously, but the resulting file is corrupt anyway.

The problem is noticed more often by low bandwidth users
(who need the benefits of updxlrator the most)
because then wget's latency is even longer, creating
a very wide window of opportunity.

Ultimately, this needs something like "flock", where the
file is set and tested in one operation. But for now,
settle with the current test / create lock solution, and
just stop unnecessarily releasing the lock.

Since the file already exists as a lock when wget starts,
wget now must ALWAYS run with --continue, which
works fine on a zero-sized file.

Signed-off-by: Justin Luth <jluth@mail.com>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoupdxlrator: show hostaddr in debuglog
Justin Luth [Sat, 30 Dec 2017 05:48:37 +0000 (08:48 +0300)] 
updxlrator: show hostaddr in debuglog

There is nowhere in the debuglog any indication of
which client is requesting the file that updxlrator
is providing (or caching). Especially for those
huge Windows 10 downloads, it is valuable to
see which client is requesting them, especially
when the same client requests the same download
multiple times a second.

This only impacts users who turn on debugging.

Signed-off-by: Justin Luth <jluth@mail.com>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoFix bug 11558 updxlrator: use mirror mode for SHA1, filenames
Justin Luth [Sat, 30 Dec 2017 19:12:01 +0000 (22:12 +0300)] 
Fix bug 11558 updxlrator: use mirror mode for SHA1, filenames

Most Microsoft updates now contain an SHA1 hash in the filename.
Since these files are uniquely identifiable, use mirror mode
(which creates a hash of just the filename instead of the entire URL)
to cache them. (But first check the URL cache to see if it
has been downloaded as a URL already.)

This is a HUGELY needed fix. Windows 10 updates are 5+ GB
per month, and we lose several days of bandwidth downloading
duplicates from different mirrors. Sometimes a single client
will request the same patch from multiple mirrors. That's bad.
This patch will save a ton of bandwidth, and lots of disk space.

The patch limits the SHA1 test to microsoft only, but it
could be easily expanded to other vendors if there is a need.

Signed-off-by: Justin Luth <jluth@mail.com>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agocore118: Ship updated update accelerator
Michael Tremer [Sun, 7 Jan 2018 19:28:28 +0000 (19:28 +0000)] 
core118: Ship updated update accelerator

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoFix bug 10504: match download's sourceurl mangling in, updxlrator
Justin Luth [Fri, 29 Dec 2017 14:12:27 +0000 (17:12 +0300)] 
Fix bug 10504: match download's sourceurl mangling in, updxlrator

Updatexlrator stores its files in a hash of the URL.

The download utility mangles the URL for [+/~], but
the updxlrator only does it for [/]. Thus, download
stores the result as one hash, and updxlrator looks for it
with a different hash. The result is that the file is
re-downloaded every time by both the client, and updxlrator.

This is fixed by making updxlrator mangle the url in the
same way as the downloader. apt-get install g++ would
be a good test for this.

Signed-off-by: Justin Luth  <jluth@mail.com>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agocore118: Ship updated ids.cgi
Michael Tremer [Sun, 7 Jan 2018 19:22:27 +0000 (19:22 +0000)] 
core118: Ship updated ids.cgi

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agosnort 2.9.11.1: 'ids.cgi' - Update for snort rules download url
Matthias Fischer [Sat, 6 Jan 2018 08:18:39 +0000 (09:18 +0100)] 
snort 2.9.11.1: 'ids.cgi' - Update for snort rules download url

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agocore118: Ship updated snort
Michael Tremer [Sun, 7 Jan 2018 19:21:35 +0000 (19:21 +0000)] 
core118: Ship updated snort

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agosnort: Update to 2.9.11.1
Matthias Fischer [Fri, 5 Jan 2018 17:28:00 +0000 (18:28 +0100)] 
snort: Update to 2.9.11.1

For details see:

Release notes:
https://snort.org/downloads/snort/release_notes_2.9.11.1.txt

Changelog:
https://snort.org/downloads/snort/changelog_2.9.11.1.txt

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agocore118: Ship updated fireinfo.cgi
Michael Tremer [Sun, 7 Jan 2018 19:19:12 +0000 (19:19 +0000)] 
core118: Ship updated fireinfo.cgi

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agouse HTTPS for links to fireinfo.ipfire.org
Peter Müller [Sun, 7 Jan 2018 10:01:36 +0000 (11:01 +0100)] 
use HTTPS for links to fireinfo.ipfire.org

Since fireinfo.ipfire.org is now supporting HTTPS, the
links in the WebUI should point to the secure version of the site.

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoship updated showrequestfromcountry.cgi file
Peter Müller [Sun, 7 Jan 2018 12:55:05 +0000 (13:55 +0100)] 
ship updated showrequestfromcountry.cgi file

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agofix GeoIP lookup in showrequestfromcountry.dat
Peter Müller [Sun, 7 Jan 2018 12:52:11 +0000 (13:52 +0100)] 
fix GeoIP lookup in showrequestfromcountry.dat

This issue was caused by the rewrite of the perl GeoIP
library.

Fixes #11571.

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Tested-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoUpdate rootfiles
Michael Tremer [Fri, 5 Jan 2018 18:04:47 +0000 (18:04 +0000)] 
Update rootfiles

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agocore118: Drop PHP files in updater
Michael Tremer [Fri, 5 Jan 2018 13:45:37 +0000 (13:45 +0000)] 
core118: Drop PHP files in updater

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agocore118: Restart apache to drop PHP module
Michael Tremer [Fri, 5 Jan 2018 13:41:32 +0000 (13:41 +0000)] 
core118: Restart apache to drop PHP module

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoDrop PHP
Michael Tremer [Fri, 5 Jan 2018 13:37:25 +0000 (13:37 +0000)] 
Drop PHP

This is no longer needed and in the telephone conference
on Dec 4th, it was decided to drop it.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoDrop owncloud
Michael Tremer [Fri, 5 Jan 2018 13:28:59 +0000 (13:28 +0000)] 
Drop owncloud

We are going to remove PHP and owncloud requires it

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoDrop mediatomb
Michael Tremer [Fri, 5 Jan 2018 13:26:33 +0000 (13:26 +0000)] 
Drop mediatomb

This didn't build and run in ages and has been removed from
the repositories quite a while ago.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoDrop openmailadmin config (forgot this last time)
Michael Tremer [Fri, 5 Jan 2018 13:24:21 +0000 (13:24 +0000)] 
Drop openmailadmin config (forgot this last time)

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoRootfiles update
Michael Tremer [Fri, 5 Jan 2018 13:18:50 +0000 (13:18 +0000)] 
Rootfiles update

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agomake.sh: lowering parallel buildprocesses
Arne Fitzenreiter [Mon, 18 Dec 2017 15:48:13 +0000 (16:48 +0100)] 
make.sh: lowering parallel buildprocesses

higher values raise the system load but not speedup the build

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2 years agoDrop tunctl
Michael Tremer [Sat, 16 Dec 2017 12:39:31 +0000 (12:39 +0000)] 
Drop tunctl

We don't use this at all

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoDrop phpSANE
Michael Tremer [Sat, 16 Dec 2017 12:38:01 +0000 (12:38 +0000)] 
Drop phpSANE

The upstream project is dead.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoDrop cacti
Michael Tremer [Sat, 16 Dec 2017 12:35:12 +0000 (12:35 +0000)] 
Drop cacti

This package was discontinued upstream and seems to be
a bit more lively again. However, nobody of the team
wants to maintain cacti. Therefore this is being dropped
for now.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoDrop openmailadmin package
Michael Tremer [Sat, 16 Dec 2017 12:33:05 +0000 (12:33 +0000)] 
Drop openmailadmin package

This is EOL upstream for over ten years now and therefore
we cannot continue to support this either.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoDrop nagios
Michael Tremer [Sat, 16 Dec 2017 12:31:47 +0000 (12:31 +0000)] 
Drop nagios

This is no longer maintained and icinga is available.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agonagios nrpe: Depend on nagios-plugins package instead of main nagios package
Michael Tremer [Sat, 16 Dec 2017 12:29:43 +0000 (12:29 +0000)] 
nagios nrpe: Depend on nagios-plugins package instead of main nagios package

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoDecouple nagios-plugins from icinga
Michael Tremer [Sat, 16 Dec 2017 12:29:06 +0000 (12:29 +0000)] 
Decouple nagios-plugins from icinga

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agocore118: Reload apache to make configuration changes take effect
Michael Tremer [Sat, 16 Dec 2017 12:18:45 +0000 (12:18 +0000)] 
core118: Reload apache to make configuration changes take effect

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoprevent loading resources from external sites
Peter Müller [Sun, 3 Dec 2017 19:34:02 +0000 (20:34 +0100)] 
prevent loading resources from external sites

Make Apache transmit a CSP (Content Security Policy) header
for WebUI and Captive Portal contents.

This prevents some XSS and content injection attacks, especially
in case no transport encryption (Captive Portal!) can be used.

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agocore118: Add changed apache configuration
Michael Tremer [Sat, 16 Dec 2017 12:16:54 +0000 (12:16 +0000)] 
core118: Add changed apache configuration

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoprevent IE from interpreting HTML MIME type
Peter Müller [Sun, 3 Dec 2017 17:10:47 +0000 (18:10 +0100)] 
prevent IE from interpreting HTML MIME type

Add X-Content-Type-Options header to prevent Internet Explorer
from interpreting the MIME type of a server answer on its own,
which could lead to security risks.

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoDrop nagiosql
Michael Tremer [Thu, 14 Dec 2017 17:48:24 +0000 (17:48 +0000)] 
Drop nagiosql

This is no longer maintained any more and therefore being dropped

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agomark 3DES and 1024 bit DH params as weak
Peter Müller [Sun, 10 Dec 2017 10:17:16 +0000 (11:17 +0100)] 
mark 3DES and 1024 bit DH params as weak

These are not considered secure anymore but are unfortunately
still needed in some cases (legacy hardware, ...).

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agofireinfo: Update to 2.1.12
Michael Tremer [Thu, 14 Dec 2017 17:44:20 +0000 (17:44 +0000)] 
fireinfo: Update to 2.1.12

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agocore118: Ship updated language files
Michael Tremer [Thu, 14 Dec 2017 16:47:01 +0000 (16:47 +0000)] 
core118: Ship updated language files

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoupdate german translations
Peter Müller [Sun, 10 Dec 2017 10:09:35 +0000 (11:09 +0100)] 
update german translations

Correct some grammar errors and unify spelling of interface names (GREEN vs. GRÜN).

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agocore118: Ship updated openssh
Michael Tremer [Thu, 14 Dec 2017 16:44:44 +0000 (16:44 +0000)] 
core118: Ship updated openssh

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoopenssh: update to 7.6p1
Peter Müller [Tue, 5 Dec 2017 13:48:01 +0000 (14:48 +0100)] 
openssh: update to 7.6p1

Signed-off-by: Marcel Lorenz <marcel.lorenz@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoupdate tor to 0.3.1.9
Peter Müller [Fri, 8 Dec 2017 14:44:02 +0000 (15:44 +0100)] 
update tor to 0.3.1.9

Release Notes: https://gitweb.torproject.org/tor.git/plain/ReleaseNotes?id=tor-0.3.1.9

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoStart Core Update 118
Michael Tremer [Thu, 14 Dec 2017 15:55:27 +0000 (15:55 +0000)] 
Start Core Update 118

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agofinish core117
Arne Fitzenreiter [Tue, 12 Dec 2017 20:36:25 +0000 (21:36 +0100)] 
finish core117

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2 years agopakfire: Properly check if we have our key with our fingerprint
Michael Tremer [Tue, 12 Dec 2017 19:40:01 +0000 (19:40 +0000)] 
pakfire: Properly check if we have our key with our fingerprint

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agopakfire: Drop importing CACert's PGP key
Michael Tremer [Tue, 12 Dec 2017 19:28:16 +0000 (19:28 +0000)] 
pakfire: Drop importing CACert's PGP key

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agomake.sh limit build to 23 parallel threads.
Arne Fitzenreiter [Sun, 10 Dec 2017 07:18:06 +0000 (08:18 +0100)] 
make.sh limit build to 23 parallel threads.

perl will not work with more parallel build processes.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2 years agostrip: use toolchain binary inside of chroot to strip
Arne Fitzenreiter [Sun, 10 Dec 2017 06:59:43 +0000 (07:59 +0100)] 
strip: use toolchain binary inside of chroot to strip

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2 years agoopenssl: Update to 1.0.2n
Michael Tremer [Fri, 8 Dec 2017 13:58:26 +0000 (13:58 +0000)] 
openssl: Update to 1.0.2n

OpenSSL Security Advisory [07 Dec 2017]
========================================

Read/write after SSL object in error state (CVE-2017-3737)
==========================================================

Severity: Moderate

OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state"
mechanism. The intent was that if a fatal error occurred during a handshake then
OpenSSL would move into the error state and would immediately fail if you
attempted to continue the handshake. This works as designed for the explicit
handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()),
however due to a bug it does not work correctly if SSL_read() or SSL_write() is
called directly. In that scenario, if the handshake fails then a fatal error
will be returned in the initial function call. If SSL_read()/SSL_write() is
subsequently called by the application for the same SSL object then it will
succeed and the data is passed without being decrypted/encrypted directly from
the SSL/TLS record layer.

In order to exploit this issue an application bug would have to be present that
resulted in a call to SSL_read()/SSL_write() being issued after having already
received a fatal error.

This issue does not affect OpenSSL 1.1.0.

OpenSSL 1.0.2 users should upgrade to 1.0.2n

This issue was reported to OpenSSL on 10th November 2017 by David Benjamin
(Google). The fix was proposed by David Benjamin and implemented by Matt Caswell
of the OpenSSL development team.

rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)
=========================================================

Severity: Low

There is an overflow bug in the AVX2 Montgomery multiplication procedure
used in exponentiation with 1024-bit moduli. No EC algorithms are affected.
Analysis suggests that attacks against RSA and DSA as a result of this defect
would be very difficult to perform and are not believed likely. Attacks
against DH1024 are considered just feasible, because most of the work
necessary to deduce information about a private key may be performed offline.
The amount of resources required for such an attack would be significant.
However, for an attack on TLS to be meaningful, the server would have to share
the DH1024 private key among multiple clients, which is no longer an option
since CVE-2016-0701.

This only affects processors that support the AVX2 but not ADX extensions
like Intel Haswell (4th generation).

Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732
and CVE-2015-3193.

Due to the low severity of this issue we are not issuing a new release of
OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it
becomes available. The fix is also available in commit e502cc86d in the OpenSSL
git repository.

OpenSSL 1.0.2 users should upgrade to 1.0.2n

This issue was reported to OpenSSL on 22nd November 2017 by David Benjamin
(Google). The issue was originally found via the OSS-Fuzz project. The fix was
developed by Andy Polyakov of the OpenSSL development team.

Note
====

Support for version 1.0.1 ended on 31st December 2016. Support for versions
0.9.8 and 1.0.0 ended on 31st December 2015. Those versions are no longer
receiving security updates.

References
==========

URL for this Security Advisory:
https://www.openssl.org/news/secadv/20171207.txt

Note: the online version of the advisory may be updated with additional details
over time.

For details of OpenSSL severity classifications please see:
https://www.openssl.org/policies/secpolicy.html

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agopakfire - 'functions.pl': fixed typo
Matthias Fischer [Sun, 3 Dec 2017 13:16:16 +0000 (14:16 +0100)] 
pakfire - 'functions.pl': fixed typo

Just read this typo in a forum posting. Couldn't resist...

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoUpdate for numerous lfs-files: removed deprecated configure options
Matthias Fischer [Mon, 4 Dec 2017 17:25:55 +0000 (18:25 +0100)] 
Update for numerous lfs-files: removed deprecated configure options

Also includes some reformatting, but no changes to configuration.

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoOpenVPN: Allow to set routes to IPsec networks
Michael Tremer [Mon, 4 Dec 2017 17:51:53 +0000 (17:51 +0000)] 
OpenVPN: Allow to set routes to IPsec networks

This makes hub-and-spoke designs with OpenVPN RW and
IPsec N2N easier to configure

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoIPsec: Allow configuring inactivity timeout when in on-demand mode
Michael Tremer [Mon, 4 Dec 2017 17:31:53 +0000 (17:31 +0000)] 
IPsec: Allow configuring inactivity timeout when in on-demand mode

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoIPsec: Drop support for MODP with subgroup
Michael Tremer [Mon, 4 Dec 2017 13:12:38 +0000 (13:12 +0000)] 
IPsec: Drop support for MODP with subgroup

These come from questionable sources and are not considered
to be secure any more: https://eprint.iacr.org/2016/961

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agocore117: Ship updated CGI files
Michael Tremer [Sat, 2 Dec 2017 12:25:09 +0000 (12:25 +0000)] 
core117: Ship updated CGI files

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agodisplay GeoIP information on active network connections
Peter Müller [Wed, 15 Nov 2017 22:10:43 +0000 (23:10 +0100)] 
display GeoIP information on active network connections

Display GeoIP information on active network connections in WebUI.
Use newly implemented function in /var/ipfire/geoip-functions.pl .

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agodisplay GeoIP information on ipinfo.cgi
Peter Müller [Wed, 15 Nov 2017 21:56:36 +0000 (22:56 +0100)] 
display GeoIP information on ipinfo.cgi

Display GeoIP information on ipinfo.cgi and use newly implemented
function in /var/ipfire/geoip-functions.pl .

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agocore117: Ship updated sudo package
Michael Tremer [Sat, 2 Dec 2017 12:23:39 +0000 (12:23 +0000)] 
core117: Ship updated sudo package

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agomc: Update to 4.8.20
Matthias Fischer [Wed, 29 Nov 2017 17:16:46 +0000 (18:16 +0100)] 
mc: Update to 4.8.20

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agosudo: Fix for lfs-file (Typo)
Matthias Fischer [Sat, 2 Dec 2017 09:10:23 +0000 (10:10 +0100)] 
sudo: Fix for lfs-file (Typo)

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agonano: Update to 2.9.1
Matthias Fischer [Sat, 2 Dec 2017 09:16:39 +0000 (10:16 +0100)] 
nano: Update to 2.9.1

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoDrop separate ffmpeg-libs package
Michael Tremer [Sat, 2 Dec 2017 12:22:00 +0000 (12:22 +0000)] 
Drop separate ffmpeg-libs package

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agostrip: Explicitely call right binaries
Michael Tremer [Fri, 1 Dec 2017 16:31:25 +0000 (16:31 +0000)] 
strip: Explicitely call right binaries

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoffmpeg: Update to 3.4
Michael Tremer [Fri, 1 Dec 2017 15:41:15 +0000 (15:41 +0000)] 
ffmpeg: Update to 3.4

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agonasm: Update to 2.13.02
Michael Tremer [Thu, 30 Nov 2017 17:01:24 +0000 (17:01 +0000)] 
nasm: Update to 2.13.02

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoUpdate strongswan rootfile
Michael Tremer [Thu, 30 Nov 2017 16:09:48 +0000 (16:09 +0000)] 
Update strongswan rootfile

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agomisc-progs: syslogdctrl: Fix data type of protocol variable
Michael Tremer [Thu, 30 Nov 2017 14:36:28 +0000 (14:36 +0000)] 
misc-progs: syslogdctrl: Fix data type of protocol variable

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agocore117: Regenerate language cache
Michael Tremer [Wed, 29 Nov 2017 12:41:16 +0000 (12:41 +0000)] 
core117: Regenerate language cache

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agocore117: Ship updated strongswan
Michael Tremer [Wed, 29 Nov 2017 12:40:53 +0000 (12:40 +0000)] 
core117: Ship updated strongswan

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agostrongswan: Update to 5.6.1
Michael Tremer [Wed, 29 Nov 2017 12:39:04 +0000 (12:39 +0000)] 
strongswan: Update to 5.6.1

Drop support for Padlock which is not in wide usage
any more and creates some rootfile trouble every time.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoEnglish is the reference language
Michael Tremer [Wed, 29 Nov 2017 12:15:41 +0000 (12:15 +0000)] 
English is the reference language

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agocaptive: Translate times for coupon expiry time
Michael Tremer [Wed, 29 Nov 2017 12:11:58 +0000 (12:11 +0000)] 
captive: Translate times for coupon expiry time

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agocore117: Ship updated netexternal.cgi
Michael Tremer [Wed, 29 Nov 2017 12:06:01 +0000 (12:06 +0000)] 
core117: Ship updated netexternal.cgi

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoadd GeoIP and rDNS information to used nameservers
Peter Müller [Wed, 15 Nov 2017 21:49:00 +0000 (22:49 +0100)] 
add GeoIP and rDNS information to used nameservers

Add GeoIP and rDNS information to DNS nameserver list at netexternal.cgi

Use newly implemented GeoIP function in /var/ipfire/geoip-functions.pl

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agocore117: Ship updated ids.dat
Michael Tremer [Wed, 29 Nov 2017 12:04:05 +0000 (12:04 +0000)] 
core117: Ship updated ids.dat

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoshow IDS rule names correctly in WebUI log
Peter Müller [Tue, 21 Nov 2017 19:27:45 +0000 (20:27 +0100)] 
show IDS rule names correctly in WebUI log

The WebUI IDS log did not display the rule name for alerts
where a signature with a five digit number was triggered
(some Emerging Threats signatures are using them).

Changing the regular expression so it will match on five
digit SIDs, too.

Fixes #11519.

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agocore117: Ship updated index.cgi
Michael Tremer [Wed, 29 Nov 2017 12:02:50 +0000 (12:02 +0000)] 
core117: Ship updated index.cgi

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agolink to DNS server status page on index.cgi
Peter Müller [Fri, 24 Nov 2017 19:28:02 +0000 (20:28 +0100)] 
link to DNS server status page on index.cgi

Show a link to the DNS server status at netexternal.cgi
on index.cgi in WebUI.

For the lazy ones... :-)

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agocorrect wrong headline at hardwaregraphs.cgi
Peter Müller [Fri, 24 Nov 2017 19:32:55 +0000 (20:32 +0100)] 
correct wrong headline at hardwaregraphs.cgi

The page description (title and headline) should print
"hardware graphs" instead of only mentioning HDDs.

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agocore117: Ship updated netother.cgi
Michael Tremer [Wed, 29 Nov 2017 12:00:33 +0000 (12:00 +0000)] 
core117: Ship updated netother.cgi

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoUpdate translations
Michael Tremer [Wed, 29 Nov 2017 12:00:13 +0000 (12:00 +0000)] 
Update translations

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agotranslate 'firewall hits' at netother.cgi
Peter Müller [Fri, 24 Nov 2017 19:39:34 +0000 (20:39 +0100)] 
translate 'firewall hits' at netother.cgi

Also translate 'firewall hits' at the network status
(other) page in WebUI.

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agocore117: Ship updated credits.cgi
Michael Tremer [Wed, 29 Nov 2017 11:59:08 +0000 (11:59 +0000)] 
core117: Ship updated credits.cgi

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoupdate links to www.ipfire.org at credits.cgi
Peter Müller [Tue, 28 Nov 2017 19:41:53 +0000 (20:41 +0100)] 
update links to www.ipfire.org at credits.cgi

The links to the IPFire homepage in the credits.cgi file should
point to the HTTPS version of the site now.

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agocaptive: Escape any special characters in title on PDF vouchers
Michael Tremer [Wed, 29 Nov 2017 11:57:37 +0000 (11:57 +0000)] 
captive: Escape any special characters in title on PDF vouchers

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agomake.sh: Create /tools_${arch} link only when building a toolchain
Michael Tremer [Wed, 29 Nov 2017 11:54:37 +0000 (11:54 +0000)] 
make.sh: Create /tools_${arch} link only when building a toolchain

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agocore117: Ship latest updates of syslogging
Michael Tremer [Tue, 28 Nov 2017 17:49:25 +0000 (17:49 +0000)] 
core117: Ship latest updates of syslogging

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoadd language strings
Peter Müller [Mon, 20 Nov 2017 18:40:32 +0000 (19:40 +0100)] 
add language strings

Add language strings for changed config.dat CGI file.

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoallow changing remote syslog protocol to TCP
Peter Müller [Mon, 20 Nov 2017 18:40:17 +0000 (19:40 +0100)] 
allow changing remote syslog protocol to TCP

Add option to change remote syslog protocol to TCP, which
is more reliable than UDP, but might be unsupported  on
older syslog servers.

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoallow remote syslog via TCP in syslogdctrl.c
Peter Müller [Mon, 20 Nov 2017 18:40:11 +0000 (19:40 +0100)] 
allow remote syslog via TCP in syslogdctrl.c

Make syslogctrl.c use TCP as remote logging file if specified so.

Thanks to Michael for reviewing this.

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agomake.sh: Simplify maths to determine cursor position
Michael Tremer [Tue, 28 Nov 2017 17:44:49 +0000 (17:44 +0000)] 
make.sh: Simplify maths to determine cursor position

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agomake.sh: Improve formatting of options
Michael Tremer [Tue, 28 Nov 2017 17:36:07 +0000 (17:36 +0000)] 
make.sh: Improve formatting of options

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agomake.sh: Fix position of SKIP message when building packages
Michael Tremer [Tue, 28 Nov 2017 17:34:02 +0000 (17:34 +0000)] 
make.sh: Fix position of SKIP message when building packages

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agossl: Drop package which isn't maintained any more
Michael Tremer [Tue, 28 Nov 2017 17:14:29 +0000 (17:14 +0000)] 
ssl: Drop package which isn't maintained any more

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoDrop vsftpd which isn't actively maintained any more
Michael Tremer [Tue, 28 Nov 2017 13:46:07 +0000 (13:46 +0000)] 
Drop vsftpd which isn't actively maintained any more

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agopound: Drop package which isn't very actively maintained any more
Michael Tremer [Tue, 28 Nov 2017 15:55:19 +0000 (15:55 +0000)] 
pound: Drop package which isn't very actively maintained any more

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agomake.sh: Drop generating a global rootfile
Michael Tremer [Tue, 28 Nov 2017 17:28:09 +0000 (17:28 +0000)] 
make.sh: Drop generating a global rootfile

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agomake.sh: Fix printing a log line
Michael Tremer [Tue, 28 Nov 2017 17:27:36 +0000 (17:27 +0000)] 
make.sh: Fix printing a log line

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agomake.sh: Continue producing nice output after screen has been resized
Michael Tremer [Tue, 28 Nov 2017 17:22:23 +0000 (17:22 +0000)] 
make.sh: Continue producing nice output after screen has been resized

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agocore117: Ship updated vpnmain.cgi
Michael Tremer [Tue, 28 Nov 2017 17:19:27 +0000 (17:19 +0000)] 
core117: Ship updated vpnmain.cgi

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>