ipfire-2.x.git
2 months agocore133: Ship updated vpnmain.cgi file and regenerate configuration
Michael Tremer [Wed, 5 Jun 2019 04:08:31 +0000 (05:08 +0100)] 
core133: Ship updated vpnmain.cgi file and regenerate configuration

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agovpnmain.cgi: Fix wrong cipher suite generation when PFS is disabled
Michael Tremer [Wed, 5 Jun 2019 09:22:53 +0000 (10:22 +0100)] 
vpnmain.cgi: Fix wrong cipher suite generation when PFS is disabled

Fixes: #12091
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agomonit: Some fixes for 'monitrc'
Matthias Fischer [Wed, 5 Jun 2019 09:54:29 +0000 (11:54 +0200)] 
monit: Some fixes for 'monitrc'

Just cosmetics:
Removed all trailing spaces - there were a few...

Activated 'monit' start delay:
I activated this option to avoid running into a race condition while started through
'/etc/init.d/monit start'.

As mentioned in 'monit' manual:
"...if a service is slow to start, Monit can assume that the service is not running
and possibly try to start it [again] and raise an alert, while, in fact the service
is already about to start or already in its startup sequence."

This happened here during testing with (e.g.) Clamav.

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agocore133: Ship updated dhcp.cgi
Michael Tremer [Tue, 4 Jun 2019 23:33:36 +0000 (00:33 +0100)] 
core133: Ship updated dhcp.cgi

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agodhcp.cgi: Save fixed leases immediately after addition of a new lease
Bernhard Bitsch [Tue, 4 Jun 2019 10:24:00 +0000 (12:24 +0200)] 
dhcp.cgi: Save fixed leases immediately after addition of a new lease

This changes the behaviour of the script to immediately save the added
lease to file but still remain in edit mode to make changes.

If the user does not make any changes, the lease is immediately saved
and there is no second click required to write it to file.

This a more natural flow that is expected by almost all users of this
feature.

Fixes: #12050
Signed-off-by: Bernhard Bitsch <bbitsch@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agoSMT: Disable when system is vulnerable to L1TF (Foreshadow)
Michael Tremer [Tue, 4 Jun 2019 22:55:17 +0000 (23:55 +0100)] 
SMT: Disable when system is vulnerable to L1TF (Foreshadow)

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agoRootfile update for ARM kernels
Michael Tremer [Tue, 4 Jun 2019 22:44:49 +0000 (23:44 +0100)] 
Rootfile update for ARM kernels

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agoRootfile update for gcc on i586
Michael Tremer [Tue, 4 Jun 2019 22:41:59 +0000 (23:41 +0100)] 
Rootfile update for gcc on i586

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agocore133: Ship updated PAM
Michael Tremer [Tue, 4 Jun 2019 22:32:35 +0000 (23:32 +0100)] 
core133: Ship updated PAM

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agolinux-pam: Update to 1.3.1
Matthias Fischer [Wed, 5 Jun 2019 07:16:58 +0000 (09:16 +0200)] 
linux-pam: Update to 1.3.1

For details see:
https://github.com/linux-pam/linux-pam/releases

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agocore133: Ship updated rrdtool
Michael Tremer [Tue, 4 Jun 2019 22:31:51 +0000 (23:31 +0100)] 
core133: Ship updated rrdtool

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agorrdtool: Update to 1.7.2
Matthias Fischer [Wed, 5 Jun 2019 07:13:11 +0000 (09:13 +0200)] 
rrdtool: Update to 1.7.2

For details see:
https://oss.oetiker.ch/rrdtool/pub/CHANGES

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agoBUG 11487:solve problem with unexspected shutdown
sfeddersen [Tue, 4 Jun 2019 19:49:22 +0000 (21:49 +0200)] 
BUG 11487:solve problem with unexspected shutdown

Solve problem with unexspected shutdown problem when checking a single client.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agoRootfile update
Michael Tremer [Mon, 3 Jun 2019 08:20:05 +0000 (09:20 +0100)] 
Rootfile update

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agomake.sh: Set default ccache size to 4G
Michael Tremer [Sun, 2 Jun 2019 21:52:57 +0000 (22:52 +0100)] 
make.sh: Set default ccache size to 4G

Since we have now one cache for each architecture, we do not
need to make it too large.

The largest build (i586 because of the two kernels) uses around
2.5GB after one build. So 4G will give us some space.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agocore133: Ship updated ovpnmain.cgi
Michael Tremer [Sun, 2 Jun 2019 21:49:42 +0000 (22:49 +0100)] 
core133: Ship updated ovpnmain.cgi

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agoovpnmain.cgi: Fixed line break for LZO option
Erik Kapfer [Sat, 1 Jun 2019 06:46:14 +0000 (08:46 +0200)] 
ovpnmain.cgi: Fixed line break for LZO option

It is better readable if everything is in one line.

Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agomonit: Update to 5.25.3
Matthias Fischer [Fri, 31 May 2019 19:54:45 +0000 (21:54 +0200)] 
monit: Update to 5.25.3

For details see:
https://mmonit.com/monit/changes/

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agomake.sh: Have a ccache for each architecture
Michael Tremer [Wed, 29 May 2019 14:28:45 +0000 (15:28 +0100)] 
make.sh: Have a ccache for each architecture

It does not make much sense to mix architectures into a single
ccache:

* There is never going to be a match
* The cache gets bigger and therefore slower
* If both architectures are being compiled one after the other and
  the cache hits its maximum size, cached but still needed content
  will be dropped
* Only both can be deleted together

This small change splits this into multiple caches. One per
architecture. Therefore we should be more efficient on builders
that build for multiple architectures.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agomiau: Drop package
Michael Tremer [Wed, 29 May 2019 14:24:29 +0000 (15:24 +0100)] 
miau: Drop package

This is not maintained since 2010

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agoopenssl: Update to 1.1.1c
Michael Tremer [Wed, 29 May 2019 10:22:22 +0000 (11:22 +0100)] 
openssl: Update to 1.1.1c

Fixes CVE-2019-1543

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agostrongswan: Update to 5.8.0
Michael Tremer [Tue, 28 May 2019 12:05:50 +0000 (13:05 +0100)] 
strongswan: Update to 5.8.0

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agotshark: Update to 3.0.2
Erik Kapfer [Tue, 28 May 2019 09:38:59 +0000 (11:38 +0200)] 
tshark: Update to 3.0.2

Incl. one vulnerability and several bug fixes. For full overview --> https://www.wireshark.org/docs/relnotes/wireshark-3.0.2.html .

- Disabled geoip support since libmaxminddb is not presant.
- Added dictionary in ROOTFILE to prevent "radius: Could not open file: '/usr/share/wireshark/radius/dictionary' " .
- Added CMAKE build type
- Removed profile examples and htmls completly from ROOTFILE.

Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agoccache: Automatically set size to 8GB
Michael Tremer [Tue, 28 May 2019 11:01:30 +0000 (12:01 +0100)] 
ccache: Automatically set size to 8GB

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agocore133: Ship toolchain changes
Michael Tremer [Tue, 28 May 2019 10:44:32 +0000 (11:44 +0100)] 
core133: Ship toolchain changes

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agoRootfile update
Michael Tremer [Tue, 28 May 2019 10:41:46 +0000 (11:41 +0100)] 
Rootfile update

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agohyperscan: Limit amount of memory being used during build
Michael Tremer [Tue, 28 May 2019 10:36:06 +0000 (11:36 +0100)] 
hyperscan: Limit amount of memory being used during build

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agoddns: Update to 011
Michael Tremer [Mon, 27 May 2019 15:25:01 +0000 (16:25 +0100)] 
ddns: Update to 011

Add support for two new providers and has some general bug fixes
included.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agocore133: Ship updated IPS ruleset sources
Michael Tremer [Mon, 27 May 2019 14:48:44 +0000 (15:48 +0100)] 
core133: Ship updated IPS ruleset sources

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agoruleset-sources: Update snort dl urls.
Stefan Schantl [Sun, 26 May 2019 18:11:55 +0000 (20:11 +0200)] 
ruleset-sources: Update snort dl urls.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agotor: Ship updated CGI
Michael Tremer [Mon, 27 May 2019 14:47:02 +0000 (15:47 +0100)] 
tor: Ship updated CGI

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agotor.cgi: Disable debugging output
Erik Kapfer [Sun, 26 May 2019 15:02:56 +0000 (17:02 +0200)] 
tor.cgi: Disable debugging output

Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agocore133: Drop metadata for jansson package
Michael Tremer [Mon, 27 May 2019 14:42:50 +0000 (15:42 +0100)] 
core133: Drop metadata for jansson package

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agocore133: Ship hyperscan
Michael Tremer [Mon, 27 May 2019 14:40:31 +0000 (15:40 +0100)] 
core133: Ship hyperscan

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agohyperscan: Move rootfiles to arch directories
Michael Tremer [Mon, 27 May 2019 14:38:42 +0000 (15:38 +0100)] 
hyperscan: Move rootfiles to arch directories

This package is only compiled on x86_64 and i586 and cannot
be packaged in any of the other architectures.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agohyperscan: New package
Stefan Schantl [Sun, 26 May 2019 17:56:47 +0000 (19:56 +0200)] 
hyperscan: New package

This package adds hyperscan support to suricata

Fixes #12053.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agoragel: New package
Stefan Schantl [Sun, 26 May 2019 17:56:46 +0000 (19:56 +0200)] 
ragel: New package

This is a build dependency of hyperscan

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agocolm: New package
Stefan Schantl [Sun, 26 May 2019 17:56:45 +0000 (19:56 +0200)] 
colm: New package

This is a build dependency of ragel, which is a build dependency of
hyperscan.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agoasterisk: Remove dependency to jansson.
Stefan Schantl [Sun, 26 May 2019 17:51:40 +0000 (19:51 +0200)] 
asterisk: Remove dependency to jansson.

The package has become part of the main system.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agojansson: Move to core system and update to 2.12
Stefan Schantl [Sun, 26 May 2019 17:51:39 +0000 (19:51 +0200)] 
jansson: Move to core system and update to 2.12

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agoRootfile update
Michael Tremer [Mon, 27 May 2019 13:37:23 +0000 (14:37 +0100)] 
Rootfile update

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agocore133: readd late core132 changes to core133
Arne Fitzenreiter [Sun, 26 May 2019 15:27:16 +0000 (17:27 +0200)] 
core133: readd late core132 changes to core133

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2 months agoMerge branch 'master' into next
Arne Fitzenreiter [Sun, 26 May 2019 15:23:54 +0000 (17:23 +0200)] 
Merge branch 'master' into next

2 months agocore132: security conf should not executable core132
Arne Fitzenreiter [Sun, 26 May 2019 14:17:04 +0000 (16:17 +0200)] 
core132: security conf should not executable

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2 months agotor: Depend on libseccomp
Michael Tremer [Thu, 23 May 2019 00:50:29 +0000 (01:50 +0100)] 
tor: Depend on libseccomp

Suggested-by: Erik Kapfer <erik.kapfer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agoids-functions.pl: Do not delete the whitelist file on rulesdir cleanup.
Stefan Schantl [Fri, 24 May 2019 15:45:33 +0000 (17:45 +0200)] 
ids-functions.pl: Do not delete the whitelist file on rulesdir cleanup.

Fixes #12087.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2 months agocore132: set correct permissions of security settings file.
Arne Fitzenreiter [Sun, 26 May 2019 14:05:41 +0000 (16:05 +0200)] 
core132: set correct permissions of security settings file.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2 months agovulnerabilities.cgi: again change colours
Arne Fitzenreiter [Sat, 25 May 2019 05:39:38 +0000 (07:39 +0200)] 
vulnerabilities.cgi: again change colours

red - vulnerable
blue - mitigated
green - not affected

because we not really trust the mitigations so they shound not green.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2 months agovulnerabilities.cgi fix string handling
Arne Fitzenreiter [Sat, 25 May 2019 04:54:35 +0000 (06:54 +0200)] 
vulnerabilities.cgi fix string handling

remove lf at the end for correct matching
and not strip "Mitigated:" if it was not full working and still
vulnerable.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2 months agovulnerabilities.cgi: Regard mitigations that only mitigate something still as vulnerable
Michael Tremer [Wed, 22 May 2019 10:08:43 +0000 (11:08 +0100)] 
vulnerabilities.cgi: Regard mitigations that only mitigate something still as vulnerable

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agovulnerabilities.cgi: Simplify regexes
Michael Tremer [Wed, 22 May 2019 10:05:20 +0000 (11:05 +0100)] 
vulnerabilities.cgi: Simplify regexes

We can do the split in one.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agoMerge branch 'toolchain' into next
Michael Tremer [Fri, 24 May 2019 05:55:03 +0000 (06:55 +0100)] 
Merge branch 'toolchain' into next

2 months agoMerge remote-tracking branch 'ms/faster-build' into next
Michael Tremer [Fri, 24 May 2019 05:54:16 +0000 (06:54 +0100)] 
Merge remote-tracking branch 'ms/faster-build' into next

2 months agocore133: Ship updated squid
Michael Tremer [Fri, 24 May 2019 05:39:37 +0000 (06:39 +0100)] 
core133: Ship updated squid

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agosquid: Update to 4.7
Matthias Fischer [Fri, 24 May 2019 18:46:59 +0000 (20:46 +0200)] 
squid: Update to 4.7

For details see:

http://www.squid-cache.org/Versions/v4/changesets/

Fixes among other things the old 'filedescriptors' problem, so this patch was deleted.

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agocore133: Ship updated bind
Michael Tremer [Fri, 24 May 2019 05:37:21 +0000 (06:37 +0100)] 
core133: Ship updated bind

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agobind: Update to 9.11.7
Matthias Fischer [Fri, 24 May 2019 18:53:15 +0000 (20:53 +0200)] 
bind: Update to 9.11.7

For details see:
http://ftp.isc.org/isc/bind9/9.11.7/RELEASE-NOTES-bind-9.11.7.html

"Security Fixes

  The TCP client quota set using the tcp-clients option could be exceeded in some cases.
  This could lead to exhaustion of file descriptors.
  This flaw is disclosed in CVE-2018-5743. [GL #615]"

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agoStart Core Update 133
Michael Tremer [Fri, 24 May 2019 05:35:46 +0000 (06:35 +0100)] 
Start Core Update 133

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months ago.gitignore: Ignore some backup files
Michael Tremer [Fri, 24 May 2019 05:30:46 +0000 (06:30 +0100)] 
.gitignore: Ignore some backup files

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agotor: Depend on libseccomp
Michael Tremer [Thu, 23 May 2019 00:50:29 +0000 (01:50 +0100)] 
tor: Depend on libseccomp

Suggested-by: Erik Kapfer <erik.kapfer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agounbound: Safe Search: Enable Restrict-Moderate for YouTube
Michael Tremer [Wed, 22 May 2019 14:29:32 +0000 (15:29 +0100)] 
unbound: Safe Search: Enable Restrict-Moderate for YouTube

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agoUpdate German translations
Michael Tremer [Wed, 22 May 2019 10:23:07 +0000 (11:23 +0100)] 
Update German translations

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agovulnerabilities.cgi: Regard mitigations that only mitigate something still as vulnerable
Michael Tremer [Wed, 22 May 2019 10:08:43 +0000 (11:08 +0100)] 
vulnerabilities.cgi: Regard mitigations that only mitigate something still as vulnerable

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agovulnerabilities.cgi: Simplify regexes
Michael Tremer [Wed, 22 May 2019 10:05:20 +0000 (11:05 +0100)] 
vulnerabilities.cgi: Simplify regexes

We can do the split in one.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agoMerge branch 'master' into next
Arne Fitzenreiter [Wed, 22 May 2019 10:34:41 +0000 (12:34 +0200)] 
Merge branch 'master' into next

2 months agovulnerablities: change to logic colours
Arne Fitzenreiter [Wed, 22 May 2019 10:34:03 +0000 (12:34 +0200)] 
vulnerablities: change to logic colours

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2 months agoMerge branch 'next'
Arne Fitzenreiter [Wed, 22 May 2019 08:38:02 +0000 (10:38 +0200)] 
Merge branch 'next'

2 months agofinish: core132
Arne Fitzenreiter [Wed, 22 May 2019 08:33:20 +0000 (10:33 +0200)] 
finish: core132

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2 months agovulnerablities.cgi: add colours for vuln,smt and unknown output.
Arne Fitzenreiter [Wed, 22 May 2019 08:22:53 +0000 (10:22 +0200)] 
vulnerablities.cgi: add colours for vuln,smt and unknown output.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2 months agokernel: update to 4.14.121
Arne Fitzenreiter [Tue, 21 May 2019 18:42:51 +0000 (20:42 +0200)] 
kernel: update to 4.14.121

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2 months agovnstat: fix errormessage at first boot
Arne Fitzenreiter [Tue, 21 May 2019 18:36:16 +0000 (20:36 +0200)] 
vnstat: fix errormessage at first boot

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2 months agoconfigroot: create main/security settings file
Arne Fitzenreiter [Tue, 21 May 2019 13:03:21 +0000 (15:03 +0200)] 
configroot: create main/security settings file

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2 months agoweb-user-interface: update rootfile
Arne Fitzenreiter [Tue, 21 May 2019 13:02:54 +0000 (15:02 +0200)] 
web-user-interface: update rootfile

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2 months agocore132: Ship vulnerabilities.cgi
Michael Tremer [Mon, 20 May 2019 20:55:55 +0000 (21:55 +0100)] 
core132: Ship vulnerabilities.cgi

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agoSMT: Show status on vulnerabilities.cgi
Michael Tremer [Mon, 20 May 2019 20:54:05 +0000 (21:54 +0100)] 
SMT: Show status on vulnerabilities.cgi

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agovulnerabilities.cgi: Disable debugging output
Michael Tremer [Mon, 20 May 2019 20:39:03 +0000 (21:39 +0100)] 
vulnerabilities.cgi: Disable debugging output

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agoAdd the new vulnerabilities CGI file to the System menu
Michael Tremer [Mon, 20 May 2019 20:38:20 +0000 (21:38 +0100)] 
Add the new vulnerabilities CGI file to the System menu

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agoSMT: Apply settings according to configuration
Michael Tremer [Mon, 20 May 2019 20:30:26 +0000 (21:30 +0100)] 
SMT: Apply settings according to configuration

SMT can be forced on.

By default, all systems that are vulnerable to RIDL/Fallout
will have SMT disabled by default.

Systems that are not vulnerable to that will keep SMT enabled.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agoAdd new CGI file to show CPU vulnerability status
Michael Tremer [Mon, 20 May 2019 20:17:17 +0000 (21:17 +0100)] 
Add new CGI file to show CPU vulnerability status

This is supposed to help users to have an idea about
the status of the used hardware.

Additionally, it allows users to enable/disable SMT.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agosuricata: Ship updated rule download script
Michael Tremer [Mon, 20 May 2019 18:10:15 +0000 (19:10 +0100)] 
suricata: Ship updated rule download script

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agoupdate-ids-ruleset: Release ids_page_lock when the downloader fails.
Stefan Schantl [Mon, 20 May 2019 18:06:22 +0000 (20:06 +0200)] 
update-ids-ruleset: Release ids_page_lock when the downloader fails.

Fixes #12085.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agoids.cgi: Fix upstream proxy validation
Peter Müller [Sat, 18 May 2019 15:14:00 +0000 (15:14 +0000)] 
ids.cgi: Fix upstream proxy validation

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agospectre-meltdown-checker: Update to 0.41
Michael Tremer [Mon, 20 May 2019 17:04:49 +0000 (18:04 +0100)] 
spectre-meltdown-checker: Update to 0.41

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agoUpdate French translation
Stéphane Pautrel [Mon, 20 May 2019 09:59:12 +0000 (10:59 +0100)] 
Update French translation

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agozoneconf: Reindent with tabs
Michael Tremer [Mon, 20 May 2019 09:56:13 +0000 (10:56 +0100)] 
zoneconf: Reindent with tabs

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agoUpdate translations
Michael Tremer [Mon, 20 May 2019 09:55:02 +0000 (10:55 +0100)] 
Update translations

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agoAdded reboot notice
Florian Bührle [Sun, 19 May 2019 21:33:45 +0000 (23:33 +0200)] 
Added reboot notice

Added a reboot notice and made table rows more distinguishable by
alternating their background color. This improves usability.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agozoneconf: Switch rows/columns
Florian Bührle [Sun, 19 May 2019 21:04:24 +0000 (23:04 +0200)] 
zoneconf: Switch rows/columns

This change is necessary because the table can grow larger than the main
container if a user has many NICs on their machine.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agoUpdate contributors
Michael Tremer [Mon, 20 May 2019 09:52:42 +0000 (10:52 +0100)] 
Update contributors

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agocore132: Ship updated ovpnmain.cgi file
Michael Tremer [Mon, 20 May 2019 09:52:16 +0000 (10:52 +0100)] 
core132: Ship updated ovpnmain.cgi file

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agoovpn_reorganize_encryption: Integrate LZO from global to advanced section
Erik Kapfer [Sat, 27 Apr 2019 14:05:51 +0000 (16:05 +0200)] 
ovpn_reorganize_encryption: Integrate LZO from global to advanced section

Fixes: #11819

- Since the Voracle vulnerability, LZO is better placed under advanced section cause under specific circumstances it is exploitable.
- Warning/hint has been added in the option defaults description.

Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agoUpdate translations
Michael Tremer [Mon, 20 May 2019 09:51:09 +0000 (10:51 +0100)] 
Update translations

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agoovpn_reorganize_encryption: Added tls-auth into global section
Erik Kapfer [Sat, 27 Apr 2019 14:05:50 +0000 (16:05 +0200)] 
ovpn_reorganize_encryption: Added tls-auth into global section

- Since HMAC selection is already in global section, it makes sense to keep the encryption togehter.
- Given tls-auth better understandable name.

Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agoovpn_reorganize_encryption: Integrate HMAC selection to global section
Erik Kapfer [Sat, 27 Apr 2019 14:05:49 +0000 (16:05 +0200)] 
ovpn_reorganize_encryption: Integrate HMAC selection to global section

Fixes: #12009 and #11824

- Since HMACs will be used in any configuration it is better placed in the global menu.
- Adapted global section to advanced and marked sections with a headline for better overview.
- Deleted old headline in advanced section cause it is not needed anymore.
- Added check if settings do not includes 'DAUTH', if possible SHA512 will be used and written to settings file.
    Old configurations with SHA1 will be untouched.

Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agotshark: Drop special package scripts
Michael Tremer [Mon, 20 May 2019 09:48:25 +0000 (10:48 +0100)] 
tshark: Drop special package scripts

We are not doing anything different from the default here,
so we do not need an extra copy of them.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agotshark: New addon
Erik Kapfer [Sun, 19 May 2019 04:37:03 +0000 (06:37 +0200)] 
tshark: New addon

Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agoBUG 11696: VPN Subnets missing from wpad.dat
Oliver Fuhrer [Sun, 19 May 2019 13:30:52 +0000 (15:30 +0200)] 
BUG 11696: VPN Subnets missing from wpad.dat

This patch fixes the behavior in 11696 and adds IPSEC and OpenVPN n2n subnets to wpad.dat so they don't pass through the proxy.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agotor: Bump release version
Michael Tremer [Mon, 20 May 2019 09:09:26 +0000 (10:09 +0100)] 
tor: Bump release version

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agoTor: specify correct user for default configuration
Peter Müller [Sat, 18 May 2019 14:40:00 +0000 (14:40 +0000)] 
Tor: specify correct user for default configuration

While being built with user/group set to "tor", the default
configuration still contains the old username.

This patch adjusts it to the correct value. The issue was
caused by insufficient testing, which I apologise for.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 months agomake.sh: comment to update backupiso if version change
Arne Fitzenreiter [Mon, 20 May 2019 05:24:04 +0000 (07:24 +0200)] 
make.sh: comment to update backupiso if version change

It was to offten forgotten to update the backupiso script
that need to download the matching iso from the servers
so i added a comment.

no functional change

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>