]>
git.ipfire.org Git - ipfire-2.x.git/log
Michael Tremer [Fri, 17 May 2019 18:52:27 +0000 (19:52 +0100)]
Fix version information in backupiso script
Fixes: #12083
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Arne Fitzenreiter [Fri, 17 May 2019 05:10:52 +0000 (07:10 +0200)]
kernel: update to 4.14.120
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Thu, 16 May 2019 12:26:04 +0000 (14:26 +0200)]
kernel: update to 4.14.119
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Wed, 15 May 2019 11:17:26 +0000 (13:17 +0200)]
intel-microcode: update to
20190514
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Tue, 14 May 2019 09:02:03 +0000 (10:02 +0100)]
Update kernel rootfiles for armv5tel
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 13 May 2019 15:31:14 +0000 (16:31 +0100)]
Update kernel rootfiles for aarch64
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 12 May 2019 09:21:32 +0000 (10:21 +0100)]
xtables-addons: Explicitely add path for alternative kernels
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 12 May 2019 09:20:57 +0000 (10:20 +0100)]
linux: Fix touching incorrect version.h
This file has moved and the touch command created an empty version
of the file which caused that builds depending on that did not
complete.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 12 May 2019 08:28:10 +0000 (09:28 +0100)]
linux: objtool does not exist on all platforms
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 11 May 2019 03:24:29 +0000 (04:24 +0100)]
core132: Ship changes to unbound
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 11 May 2019 03:19:37 +0000 (04:19 +0100)]
unbound: Add Safe Search
This is a feature that will filter adult content from search
engine's results.
The old method of rewriting the HTTP request no longer works.
This method changes the DNS response for supported search engines
which violates our belief in DNSSEC and won't allow these search
engines to ever enable DNSSEC.
However, there is no better solution available to this and this
an optional feature, too.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Michael Tremer [Sat, 11 May 2019 03:18:08 +0000 (04:18 +0100)]
core132: Ship updated urlfilter.cgi
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 30 Apr 2019 16:06:08 +0000 (17:06 +0100)]
URL Filter: Drop Safe Search feature
This is not working for quite some time now because all search
engines have moved over to HTTPS. Therefore we no longer can
manipulate the URL query string.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 11 May 2019 01:20:15 +0000 (02:20 +0100)]
igmpproxy: Update to 0.2.1
This updates the package to its latest upstream version and should
be able to support IGMPv3.
Fixes: #12074
Suggested-by: Marc Roland <marc.roland@outlook.com>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 10 May 2019 09:25:46 +0000 (10:25 +0100)]
xtables-addons: Automatically detect location of kernel source
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 10 May 2019 09:12:50 +0000 (10:12 +0100)]
linux: Install kernel build system to /lib/modules
This is necessary so that we can clean up /usr/src after
each build and do not waste any space on the massive kernel
source.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 10 May 2019 09:10:25 +0000 (10:10 +0100)]
make.sh: Append -ipfire to fake kernel string
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 10 May 2019 02:38:49 +0000 (03:38 +0100)]
make.sh: Automatically enable build ramdisk on systems with 4GB RAM or more
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 9 May 2019 17:16:20 +0000 (18:16 +0100)]
iptables: Fix build without kernel source
The layer7 filter header files were not installed into /usr/include
and therefore we needed to keep the whole kernel source tree.
This is just a waste of space and this patch fixes this.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 8 May 2019 18:16:26 +0000 (19:16 +0100)]
make.sh: Mount /usr/src in memory for faster build
This patch enables that /usr/src is a ramdisk which should
give us fewer I/O operations when extracting tarballs or
writing small intermediate files by the compiler.
In some virtualised environments this should bring a good
performance boost.
There is no persistent data stored in this directory and
some persistent directories are mounted over it.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Alexander Koch [Thu, 9 May 2019 21:55:58 +0000 (23:55 +0200)]
Pakfire: Add Core-Version to "status"
Add the IPFire-Core-Version to the status message.
Signed-off-by: Alexander Koch <ipfire@starkstromkonsument.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Thu, 9 May 2019 20:06:00 +0000 (20:06 +0000)]
Tor: update to 0.4.0.5
See https://blog.torproject.org/new-release-tor-0405 for release
announcements.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 10 May 2019 03:20:17 +0000 (04:20 +0100)]
core132: Ship updated hwdata
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Thu, 9 May 2019 13:40:00 +0000 (13:40 +0000)]
hwdata: update PCI/USB databases
PCI IDs: 2019-05-03 03:15:03
USB IDs: 2019-05-08 20:34:05
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 10 May 2019 03:19:05 +0000 (04:19 +0100)]
core132: Ship updated ca-certificates
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Thu, 9 May 2019 13:24:00 +0000 (13:24 +0000)]
update ca-certificates CA bundle
Update the CA certificates list to what Mozilla NSS ships currently.
The original file can be retrieved from:
https://hg.mozilla.org/mozilla-central/raw-file/tip/security/nss/lib/ckfw/builtins/certdata.txt
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 10 May 2019 03:16:39 +0000 (04:16 +0100)]
Update translations
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 10 May 2019 02:36:58 +0000 (03:36 +0100)]
Config: Disable XZ parallelism by default
Exporting XZ_OPT caused that every time xz was called, it automatically
enabled parallelism. The make systemm also launches multiple processes
at the same time to use more processor cores at the same time.
The combination of this causes memory exhaustion even on large systems
and has no performance gain. Therefore this is disabled by default
and only enabled where we need it which is already the case.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Florian Bührle [Sat, 11 May 2019 12:38:39 +0000 (14:38 +0200)]
zoneconf: Fix bug that resultet from last fix
Fix bug that prevents users from assigning NIC to RED if RED is in PPP
mode
Florian Bührle [Sat, 11 May 2019 11:28:12 +0000 (13:28 +0200)]
zoneconf: Fix bug in NIC assignment; Change visibility of unused zones
Fix a bug that allows users to add multiple NICs to non-bridged zones.
This fix includes a new error message.
Unused zones are now invisible instead of grey.
Michael Tremer [Thu, 9 May 2019 13:51:40 +0000 (14:51 +0100)]
routing: Fix potential authenticated XSS in input processing
An authenticated Stored XSS (Cross-site Scripting) exists in the
(https://192.168.0.241:444/cgi-bin/routing.cgi) Routing Table Entries
via the "Remark" text box or "remark" parameter. This is due to a
lack of user input validation in "Remark" text box or "remark"
parameter. It allows an authenticated WebGUI user with privileges
for the affected page to execute Stored Cross-site Scripting in
the Routing Table Entries (/cgi-bin/routing.cgi), which helps
attacker to redirect the victim to a attacker's phishing page.
The Stored XSS get prompted on the victims page whenever victim
tries to access the Routing Table Entries configuraiton page.
An attacker get access to the victim's session by performing
the CSRF and gather the cookie and session id's or possibly can
change the victims configuration using this Stored XSS.
This attack can possibly spoof the victim's informations.
Fixes: #12072
Reported-by: Dharmesh Baskaran <dharmesh201093@gmail.com>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 9 May 2019 15:16:35 +0000 (17:16 +0200)]
zoneconf: Remove red warning
This is a bit shouty and there are various places where we do not
warn about this problem, so this patch makes it more consistent.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 9 May 2019 15:13:52 +0000 (17:13 +0200)]
zoneconf: Fix spelling
This patch mainly changes "Macvtap" to the branded spelling and removes
short forms as well as hyphenation in German compound nouns.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 9 May 2019 15:11:24 +0000 (17:11 +0200)]
zoneconf: Move "None" option to the top
This is a more natural order of the options to me
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 9 May 2019 14:43:04 +0000 (15:43 +0100)]
web-user-interface: Ship new zoneconf.cgi file
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 9 May 2019 12:17:16 +0000 (13:17 +0100)]
core132: Ship updated captive.cgi
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 7 May 2019 20:36:21 +0000 (21:36 +0100)]
captive: Fix potential authenticated XSS in title processing
An authenticated Stored XSS (Cross-site Scripting) exists in the
(https://localhost:444/cgi-bin/captive.cgi) Captive Portal via the
"Title of Login Page" text box or "TITLE" parameter. This is due to
a lack of user input validation in "Title of Login Page" text box
or "TITLE" parameter. It allows an authenticated WebGUI user with
privileges for the affected page to execute Stored Cross-site
Scripting in the Captive Portal page (/cgi-bin/captive.cgi), which
helps attacker to redirect the victim to a attacker's page.
The Stored XSS get prompted on the victims page whenever victim
tries to access the Captive Portal page.
An attacker get access to the victim's session by performing the
CSRF and gather the cookie and session id's or possibly can
change the victims configuration using this Stored XSS.
This attack can possibly spoof the victim's informations.
Fixes: #12071
Reported-by: Dharmesh Baskaran <dharmesh201093@gmail.com>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Stefan Schantl [Tue, 7 May 2019 17:17:16 +0000 (19:17 +0200)]
guardian: Remove snort related options.
IPFire has moved to suricata as IDS/IPS system, therefore all snort related
options has become obsolete.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Wed, 8 May 2019 11:14:46 +0000 (12:14 +0100)]
core132: Ship VLAN GUI
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Florian Bührle [Wed, 8 May 2019 10:56:18 +0000 (11:56 +0100)]
webif: Add a GUI for configuring VLAN interfaces
This patch adds a new CGI file which allows users to edit the
VLAN configuration as well as configuring zones as bridges.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Florian Bührle [Wed, 8 May 2019 10:43:11 +0000 (11:43 +0100)]
udev: Accept MAC addresses for PARENT_DEV
This allows us to create VLAN interfaces even when the
name of the parent interface might vary.
This patch also appends the VLAN tag to interfaces
when the zone is in bridge mode.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Stefan Schantl [Tue, 7 May 2019 17:17:16 +0000 (19:17 +0200)]
guardian: Remove snort related options.
IPFire has moved to suricata as IDS/IPS system, therefore all snort related
options has become obsolete.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Tue, 7 May 2019 21:54:11 +0000 (22:54 +0100)]
squid: Link against libatomic on ARM
This package failed to build on ARM because atomic functions
are being emulated on ARM32 and the required library was not
linked.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 7 May 2019 20:19:53 +0000 (21:19 +0100)]
xfsprogs: Disable LTO on armv5tel
LTO fails on ARM, but since we do not require it, we can
disable it here.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 7 May 2019 22:53:43 +0000 (23:53 +0100)]
core132: Ship updated pakfire files
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Alexander Koch [Sat, 27 Apr 2019 19:26:46 +0000 (21:26 +0200)]
zabbix_agentd: Add UserParameter for Pakfire Status
Ship the UserParameter for monitoring the status of pakfire for keeping track of available updates etc.
Signed-off-by: Alexander Koch <ipfire@starkstromkonsument.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Alexander Koch [Sat, 27 Apr 2019 19:26:45 +0000 (21:26 +0200)]
Pakfire: Add new command line argument "status"
This enables Pakfire to return a Status-Summary for the Current Core-Update-Level, time since last updates, the availability of a core-/packet-update and if a reboot is required to complete an update. This can be used by monitoring agents (e.g. zabbix_agentd) to monitor the update status of the IPFire device.
Signed-off-by: Alexander Koch <ipfire@starkstromkonsument.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Alexander Koch [Sat, 27 Apr 2019 19:26:44 +0000 (21:26 +0200)]
zabbix_agentd: update to 4.2.1
Release notes: https://www.zabbix.com/rn/rn4.2.1
Signed-off-by: Alexander Koch <ipfire@starkstromkonsument.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 7 May 2019 22:50:26 +0000 (23:50 +0100)]
core132: Ship updated libedit
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Wed, 1 May 2019 17:32:15 +0000 (19:32 +0200)]
libedit: Update to
20190324 -3.1
For details see:
https://thrysoee.dk/editline/
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 7 May 2019 22:49:47 +0000 (23:49 +0100)]
core132: Ship updated knot
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Wed, 1 May 2019 17:28:16 +0000 (19:28 +0200)]
knot: Update to 2.8.1
For details see:
https://www.knot-dns.cz/2019-04-09-version-281.html
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 7 May 2019 22:48:41 +0000 (23:48 +0100)]
core132: Ship updated bind
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Sat, 27 Apr 2019 00:19:34 +0000 (02:19 +0200)]
bind: Update to 9.11.6-P1
For details see:
http://ftp.isc.org/isc/bind9/9.11.6-P1/RELEASE-NOTES-bind-9.11.6-P1.html
"Security Fixes
The TCP client quota set using the tcp-clients option could be exceeded in some cases.
This could lead to exhaustion of file descriptors. This flaw is disclosed in CVE-2018-5743.
[GL #615]"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 7 May 2019 22:46:36 +0000 (23:46 +0100)]
core132: Ship updated dhcpcd
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Sat, 4 May 2019 19:59:15 +0000 (21:59 +0200)]
dhcpcd: Update to 7.2.2
For details see:
https://roy.marples.name/
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 7 May 2019 22:44:44 +0000 (23:44 +0100)]
firewall: Allow SNAT rules with RED interface
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Stefan Schantl [Wed, 1 May 2019 18:19:01 +0000 (20:19 +0200)]
suricata: Update to 4.1.4
This is a minor update to the latest available version from
the suricata 4.1 series.
Fixes #12068.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Stefan Schantl [Wed, 1 May 2019 18:19:01 +0000 (20:19 +0200)]
suricata: Update to 4.1.4
This is a minor update to the latest available version from
the suricata 4.1 series.
Fixes #12068.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Stefan Schantl [Wed, 1 May 2019 15:03:06 +0000 (17:03 +0200)]
suricata: Remove PID file on stop
Force the initscript to remove the PID file when calling "stop" section.
If suricata crashes during startup, the PID file still remains and the service
cannot be started anymore until the file has been deleted.
Now when calling "stop" or "restart" the PID file will be deleted and the service
can be used again.
Fixes #12067.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Stefan Schantl [Wed, 1 May 2019 14:49:25 +0000 (16:49 +0200)]
update-ids-ruleset: Set correct ownership for the rulestarball.
The script usualy will be executed by cron which will start it with
root permissions, so the downloaded tarball is owned by this user.
This has to be changed to the user which runs the WUI (nobody:nobody) to
allow, changing the ruleset to an other one and to display the ruleset area.
Fixes #12066
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Wed, 1 May 2019 16:04:36 +0000 (18:04 +0200)]
Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next
Stefan Schantl [Wed, 1 May 2019 15:03:06 +0000 (17:03 +0200)]
suricata: Remove PID file on stop
Force the initscript to remove the PID file when calling "stop" section.
If suricata crashes during startup, the PID file still remains and the service
cannot be started anymore until the file has been deleted.
Now when calling "stop" or "restart" the PID file will be deleted and the service
can be used again.
Fixes #12067.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Stefan Schantl [Wed, 1 May 2019 14:49:25 +0000 (16:49 +0200)]
update-ids-ruleset: Set correct ownership for the rulestarball.
The script usualy will be executed by cron which will start it with
root permissions, so the downloaded tarball is owned by this user.
This has to be changed to the user which runs the WUI (nobody:nobody) to
allow, changing the ruleset to an other one and to display the ruleset area.
Fixes #12066
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Tue, 30 Apr 2019 09:58:31 +0000 (10:58 +0100)]
core132: Ship updated firewall rules generator
This patch also requires a reboot after installing this update
so that the changed ruleset is being applied.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 30 Apr 2019 09:56:05 +0000 (10:56 +0100)]
firewall: Fix source/destination interface settings
When a forwarding rule is being created, we sometimes create
INPUT/OUTPUT rules, too. Those were slightly invalid because
the source and destination interfaces where passed, too.
This could render some rules in certain circumstances useless.
This patch fixes this and only adds -i for INPUT and -o for
OUTPUT rules.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 30 Apr 2019 09:45:34 +0000 (10:45 +0100)]
firewall: Add more rules to input/output when adding rules to forward
The special_input/output_targets array assumed that firewall access
will always be denied. However, rules also need to be created when
access is granted. Therefore the ACCEPT target needs to be included
in this list and rules must be created in INPUTFW/OUTGOINGFW too
when ACCEPT rules are created in FORWARDFW.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 30 Apr 2019 09:45:02 +0000 (10:45 +0100)]
grub: Update rootfile on i586
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 29 Apr 2019 12:44:28 +0000 (13:44 +0100)]
glibc: Update rootfile for i586
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 28 Apr 2019 08:38:45 +0000 (09:38 +0100)]
glibc: Update to 2.29
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 27 Apr 2019 16:43:41 +0000 (17:43 +0100)]
python3: Build package in toolchain
This will be required to build glibc 2.29
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 27 Apr 2019 12:28:34 +0000 (13:28 +0100)]
gcc: Update rootfile for aarch64
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 27 Apr 2019 12:28:24 +0000 (13:28 +0100)]
binutils: Update rootfile for aarch64
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 26 Apr 2019 15:16:10 +0000 (16:16 +0100)]
make.sh: Bump toolchain version
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 26 Apr 2019 15:15:46 +0000 (16:15 +0100)]
gcc: Update to 8.3.0
This patch carries the rootfile for x86_64 only.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 26 Apr 2019 15:15:12 +0000 (16:15 +0100)]
binutils: Update to 2.32
This patch carries the rootfile for x86_64 only.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 28 Apr 2019 08:41:50 +0000 (09:41 +0100)]
grub: Fix rootfile
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 27 Apr 2019 02:58:44 +0000 (03:58 +0100)]
grub: Fix relocation type issue
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 27 Apr 2019 00:40:43 +0000 (01:40 +0100)]
ipfire-netboot: Fix compiling and linking with new GCC & binutils
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 26 Apr 2019 23:21:39 +0000 (00:21 +0100)]
sarg: Fix build with newer GCCs
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Arne Fitzenreiter [Fri, 26 Apr 2019 17:39:55 +0000 (19:39 +0200)]
Merge branch 'master' into next
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Fri, 26 Apr 2019 15:11:17 +0000 (16:11 +0100)]
grub: Fix build error with GCC 8
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 26 Apr 2019 15:10:25 +0000 (16:10 +0100)]
grub: Disable efiemu on PC builds
This won't compile with GCC 8 and we do not need it
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 26 Apr 2019 15:05:20 +0000 (16:05 +0100)]
nasm: Update to 2.14.02
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 26 Apr 2019 15:06:10 +0000 (16:06 +0100)]
ltrace: Bump package version
This package needs to be rebuilt because it uses elfutils
which has had an soname bump.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 26 Apr 2019 15:04:48 +0000 (16:04 +0100)]
elfutils: Update to 0.176
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Erik Kapfer [Fri, 26 Apr 2019 15:08:35 +0000 (17:08 +0200)]
OpenVPN: Fixed certificate generation in French
Fixes #12060
Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Stefan Schantl [Thu, 25 Apr 2019 17:31:48 +0000 (19:31 +0200)]
initscripts/suricata: Rework creation of firewall rules.
The script now will use the previously introduced seperate firewall chains called
IPS_INPUT, IPS_FORWARD and IPS_OUTPUT.
The commit also creates an AND connection between the choosen network zones in the UI and
the final firwall rules.
Fixes #12062.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Stefan Schantl [Thu, 25 Apr 2019 17:31:47 +0000 (19:31 +0200)]
initscripts/suricata: Move functions order and always use flush_fw_chain function
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Stefan Schantl [Thu, 25 Apr 2019 17:31:46 +0000 (19:31 +0200)]
firewall: Use seperate firewall chains for passing traffic to the IPS
Create and use seperate iptables chain called IPS_INPUT, IPS_FORWARD and IPS_OUTPUT
to be more flexible which kind of traffic should be passed to suricata.
Reference #12062
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Fri, 26 Apr 2019 05:43:21 +0000 (07:43 +0200)]
hostapd: bump package version
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Wed, 24 Apr 2019 10:24:33 +0000 (11:24 +0100)]
hostap: Fix wiring of checkboxes for client isolation
The checkboxes were swapped which lead to client isolation
being enabled when the UI said disabled and vice-versa.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 24 Apr 2019 10:31:28 +0000 (11:31 +0100)]
hostap: Translate configuration settings
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 24 Apr 2019 10:24:33 +0000 (11:24 +0100)]
hostap: Fix wiring of checkboxes for client isolation
The checkboxes were swapped which lead to client isolation
being enabled when the UI said disabled and vice-versa.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 24 Apr 2019 10:08:36 +0000 (11:08 +0100)]
hostap: Remove deprecated directive
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 24 Apr 2019 09:43:50 +0000 (10:43 +0100)]
hostap: Enable 80MHz bandwidth by default (when using ACS)
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 24 Apr 2019 09:39:25 +0000 (10:39 +0100)]
hostap: Enable option to force clients to use 802.11w
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 24 Apr 2019 09:12:29 +0000 (10:12 +0100)]
hostap: Allow to use Automatic Channel Selection (ACS)
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Stefan Schantl [Tue, 23 Apr 2019 18:33:02 +0000 (20:33 +0200)]
convert-snort: Fix ownership of the generated homenet file.
Fixes #12059.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Stefan Schantl [Tue, 23 Apr 2019 19:27:53 +0000 (21:27 +0200)]
suricata: Use device ppp0 if PPPoE dialin is used.
Fixes #12058.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>