people/pmueller/ipfire-2.x.git
10 days agoMerge branch 'master' of ssh://git.ipfire.org/pub/git/ipfire-2.x master
Peter Müller [Thu, 11 Apr 2019 16:04:02 +0000 (18:04 +0200)]
Merge branch 'master' of ssh://git.ipfire.org/pub/git/ipfire-2.x

12 days agowget: Update to 1.20.3
Matthias Fischer [Fri, 5 Apr 2019 19:55:12 +0000 (21:55 +0200)]
wget: Update to 1.20.3

For details see:
https://fossies.org/linux/wget/ChangeLog

Excerpt from "NEWS":

"2019-04-05  Tim Ruehsen  <tim.ruehsen@gmx.de>

Fix a buffer overflow vulnerability
* src/iri.c(do_conversion): Reallocate the output buffer to a larger
  size if it is already full"

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
12 days agocore130: Ship updated apache
Michael Tremer [Thu, 4 Apr 2019 01:04:28 +0000 (02:04 +0100)]
core130: Ship updated apache

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
12 days agoapache: Update to 2.4.39
Matthias Fischer [Thu, 4 Apr 2019 07:15:00 +0000 (09:15 +0200)]
apache: Update to 2.4.39

For details see:
http://mirror.checkdomain.de/apache//httpd/CHANGES_2.4.39

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
12 days agocore130: insert a core update for urgent fixes.
Arne Fitzenreiter [Tue, 9 Apr 2019 05:31:23 +0000 (07:31 +0200)]
core130: insert a core update for urgent fixes.

the bigger changes for suricata and kernel need longer time for test
so we insert a core with smaller but important fixes.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
12 days agocore130: ship strongswan
Arne Fitzenreiter [Tue, 9 Apr 2019 05:30:26 +0000 (07:30 +0200)]
core130: ship strongswan

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
12 days agocore130: Ship perl-Net-SSLeay
Michael Tremer [Mon, 8 Apr 2019 10:56:58 +0000 (11:56 +0100)]
core130: Ship perl-Net-SSLeay

This was still using the old version of OpenSSL.

Instead of linking the module (which we should have found earlier)
the module uses dlopen :(

Fixes: #12044
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
12 days agostrongswan: Manually install all routes for non-routed VPNs
Michael Tremer [Mon, 8 Apr 2019 15:41:24 +0000 (16:41 +0100)]
strongswan: Manually install all routes for non-routed VPNs

This is a regression from disabling charon.install_routes.

VPNs are routing fine as long as traffic is passing through
the firewall. Traps are not propertly used as long as these
routes are not present and therefore we won't trigger any
tunnels when traffic originates from the firewall.

Fixes: #12045
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
12 days agocore130: Ship updated wget
Michael Tremer [Thu, 4 Apr 2019 01:07:16 +0000 (02:07 +0100)]
core130: Ship updated wget

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
12 days agowget: Update to 1.20.2
Matthias Fischer [Thu, 4 Apr 2019 07:43:50 +0000 (09:43 +0200)]
wget: Update to 1.20.2

For details see:
https://fossies.org/linux/wget/ChangeLog

Excerpt from "NEWS":

* Changes in Wget 1.20.2
** NTLM authentication will retry under certain cases
** Fixed a buffer overflow vulnerability"

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
12 days agoclamav: Update to 0.101.2
Matthias Fischer [Wed, 27 Mar 2019 19:54:10 +0000 (20:54 +0100)]
clamav: Update to 0.101.2

For details see:
https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html

"ClamAV 0.101.2 is a patch release to address a handful of security related bugs."

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
12 days agoipsec-interfaces: Apply static routes (again) after creating IPsec interfaces
Michael Tremer [Mon, 18 Mar 2019 15:24:56 +0000 (15:24 +0000)]
ipsec-interfaces: Apply static routes (again) after creating IPsec interfaces

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
5 weeks agoensure Tor daemon files have correct permissions
Peter Müller [Fri, 15 Mar 2019 16:55:13 +0000 (17:55 +0100)]
ensure Tor daemon files have correct permissions

Set permissions for /var/lib/tor and /var/ipfire/tor to
tor:tor, regardless whether Tor user has been created before
or not.

This ensures Tor starts properly on existing systems after
reinstallation of the add-on. Thanks to Michael for the hint.

Further, a comment for new Tor user in /etc/passwd has been added.

Fixes #11779.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
5 weeks agocore130: Fix another error in rootfile
Stefan Schantl [Fri, 15 Mar 2019 14:33:29 +0000 (15:33 +0100)]
core130: Fix another error in rootfile

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
5 weeks agocore130: Fix errors in rootfile
Michael Tremer [Fri, 15 Mar 2019 13:20:23 +0000 (13:20 +0000)]
core130: Fix errors in rootfile

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
5 weeks agoUpdate IPS translation
Michael Tremer [Thu, 14 Mar 2019 16:52:38 +0000 (16:52 +0000)]
Update IPS translation

* Fix typos
* Fix compound nouns (especially in German)
* Remove unused strings

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
5 weeks agonut: Disable parallel build
Michael Tremer [Thu, 14 Mar 2019 14:01:45 +0000 (14:01 +0000)]
nut: Disable parallel build

nut just fails to build when running in parallel

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
5 weeks agocore130: Ship suricata
Michael Tremer [Thu, 14 Mar 2019 13:48:25 +0000 (13:48 +0000)]
core130: Ship suricata

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
5 weeks agoUpdate contributors
Michael Tremer [Thu, 14 Mar 2019 13:20:56 +0000 (13:20 +0000)]
Update contributors

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
5 weeks agoUpdate translations
Michael Tremer [Thu, 14 Mar 2019 13:20:22 +0000 (13:20 +0000)]
Update translations

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
5 weeks agoMerge remote-tracking branch 'stevee/next-suricata' into next
Michael Tremer [Thu, 14 Mar 2019 13:19:35 +0000 (13:19 +0000)]
Merge remote-tracking branch 'stevee/next-suricata' into next

5 weeks agocore130: Ship updated firewall script
Michael Tremer [Thu, 14 Mar 2019 13:16:33 +0000 (13:16 +0000)]
core130: Ship updated firewall script

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
5 weeks agoadd IPtables chain for outgoing Tor traffic
Peter Müller [Mon, 11 Mar 2019 20:07:00 +0000 (20:07 +0000)]
add IPtables chain for outgoing Tor traffic

If Tor is operating in relay mode, it has to open a lot of outgoing
TCP connections. These should be separated from any other outgoing
connections, as allowing _all_ outgoing traffic will be unwanted and
risky in most cases.

Thereof, Tor will be running as a dedicated user (see second patch),
allowing usage of user-based IPtables rulesets.

Partially fixes #11779.

Singed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
5 weeks agorun Tor under dedicated user
Peter Müller [Mon, 11 Mar 2019 20:07:00 +0000 (20:07 +0000)]
run Tor under dedicated user

This allows more-fine granular firewall rules (see first patch for
further information). Further, it prevents other services running as
"nobody" (Apache, ...) from reading Tor relay keys.

Fixes #11779.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
5 weeks agoStart Core Update 130
Michael Tremer [Thu, 14 Mar 2019 13:15:03 +0000 (13:15 +0000)]
Start Core Update 130

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
5 weeks agosuricata: Fix amount of listened nfqueues
Stefan Schantl [Wed, 13 Mar 2019 11:14:30 +0000 (12:14 +0100)]
suricata: Fix amount of listened nfqueues

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
5 weeks agoamavisd: update to 2.11.1
Peter Müller [Mon, 11 Mar 2019 19:35:00 +0000 (19:35 +0000)]
amavisd: update to 2.11.1

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
5 weeks agoPostfix: update to 3.4.3
Peter Müller [Mon, 11 Mar 2019 19:28:00 +0000 (19:28 +0000)]
Postfix: update to 3.4.3

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
5 weeks agoinstaller: Set the clock correctly when installing over network
Michael Tremer [Wed, 13 Mar 2019 08:05:27 +0000 (08:05 +0000)]
installer: Set the clock correctly when installing over network

If a system has a not very up to date clock, downloading files
over HTTPS is impossible.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
5 weeks agocore129: finish update
Arne Fitzenreiter [Wed, 13 Mar 2019 14:18:52 +0000 (15:18 +0100)]
core129: finish update

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
5 weeks agou-boot: try to boot without ramdisk if the system cannot load it
Arne Fitzenreiter [Wed, 13 Mar 2019 14:17:28 +0000 (15:17 +0100)]
u-boot: try to boot without ramdisk if the system cannot load it

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
5 weeks agoknot: update to 2.8.0 and build/install only kdig
Arne Fitzenreiter [Wed, 13 Mar 2019 14:06:23 +0000 (15:06 +0100)]
knot: update to 2.8.0 and build/install only kdig

This fix compile errors on small arm boards. (cc1 internal error)

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
5 weeks agogroff: update to 1.22.4
Arne Fitzenreiter [Wed, 13 Mar 2019 14:04:40 +0000 (15:04 +0100)]
groff: update to 1.22.4

This fix compile problems on small arm boards. (cc1 internal error)

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
5 weeks agosuricata: Remove unneeded stuff during build
Stefan Schantl [Wed, 13 Mar 2019 09:03:48 +0000 (10:03 +0100)]
suricata: Remove unneeded stuff during build

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
5 weeks agoRevert "kernel: cleanup unused rpi patch"
Arne Fitzenreiter [Wed, 13 Mar 2019 08:38:21 +0000 (09:38 +0100)]
Revert "kernel: cleanup unused rpi patch"

This reverts commit a2d49659f3947e5a5a77cbc1bf384eb0b2760ca9.

The patch is still needed to prevent strange crashes

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
5 weeks agoUpdate list of contributors
Michael Tremer [Mon, 11 Mar 2019 15:58:45 +0000 (15:58 +0000)]
Update list of contributors

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
5 weeks agocore129: Ship updated dnsforward.cgi
Michael Tremer [Mon, 11 Mar 2019 15:58:04 +0000 (15:58 +0000)]
core129: Ship updated dnsforward.cgi

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
5 weeks agoMerge remote-tracking branch 'ms/dns-forwarding' into next
Michael Tremer [Mon, 11 Mar 2019 15:57:15 +0000 (15:57 +0000)]
Merge remote-tracking branch 'ms/dns-forwarding' into next

5 weeks agocore129: Ship updated dhcp.cgi
Michael Tremer [Mon, 11 Mar 2019 09:54:19 +0000 (09:54 +0000)]
core129: Ship updated dhcp.cgi

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
5 weeks agoMerge remote-tracking branch 'ms/dhcp' into next
Michael Tremer [Mon, 11 Mar 2019 09:53:56 +0000 (09:53 +0000)]
Merge remote-tracking branch 'ms/dhcp' into next

5 weeks agoTor WebUI: drop relay bandwith options < 1 MBit/s
Peter Müller [Fri, 8 Mar 2019 19:17:00 +0000 (19:17 +0000)]
Tor WebUI: drop relay bandwith options < 1 MBit/s

Tor requires at least 1 MBit/s in order to participate.

Fixes #12001

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
5 weeks agodnsdist: Limit to fewer concurrent build processes
Michael Tremer [Mon, 11 Mar 2019 09:38:56 +0000 (09:38 +0000)]
dnsdist: Limit to fewer concurrent build processes

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
5 weeks agocore129: Ship updated less
Michael Tremer [Sun, 10 Mar 2019 18:23:22 +0000 (18:23 +0000)]
core129: Ship updated less

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
5 weeks agoless: update to 530
Peter Müller [Fri, 8 Mar 2019 19:19:00 +0000 (19:19 +0000)]
less: update to 530

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
5 weeks agoPostfix: update to 3.4.1
Peter Müller [Fri, 8 Mar 2019 19:22:00 +0000 (19:22 +0000)]
Postfix: update to 3.4.1

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
5 weeks agoslang: revert parallelized build
Matthias Fischer [Sun, 10 Mar 2019 17:04:31 +0000 (18:04 +0100)]
slang: revert parallelized build

This partially reverts https://git.ipfire.org/?p=ipfire-2.x.git;a=blob;f=lfs/slang;h=217e74c77317d4c829913f934458779fd278bf29;hb=23164efba5f57b3d8ccb07a166b613f2f951e1b6

'slang 2.3.0' doesn't like "$(MAKETUNING)"

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
5 weeks agoIDS: Set owner of suricata logging directory to correct user
Stefan Schantl [Sun, 10 Mar 2019 17:52:40 +0000 (18:52 +0100)]
IDS: Set owner of suricata logging directory to correct user

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
5 weeks agoRename snort user and group to suricata
Stefan Schantl [Sun, 10 Mar 2019 17:50:37 +0000 (18:50 +0100)]
Rename snort user and group to suricata

This only affects new installations.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
5 weeks agosuricata: Run as non-root user
Michael Tremer [Sat, 2 Mar 2019 17:26:34 +0000 (17:26 +0000)]
suricata: Run as non-root user

This patch does not have any effect (yet) and is untested
because suricata needs to be built against libcap-ng which
is currently not being packaged for IPFire.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
6 weeks agosuricata: Update to 4.1.3
Stefan Schantl [Sun, 10 Mar 2019 16:34:03 +0000 (17:34 +0100)]
suricata: Update to 4.1.3

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
6 weeks agoMove IDS/IPS menu entry to firewall section
Stefan Schantl [Sun, 10 Mar 2019 12:27:52 +0000 (13:27 +0100)]
Move IDS/IPS menu entry to firewall section

Fixes #12011.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
6 weeks ago/etc/group: Order groups by ID
Michael Tremer [Fri, 8 Mar 2019 10:11:23 +0000 (10:11 +0000)]
/etc/group: Order groups by ID

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 weeks ago/etc/passwd: Order users by ID
Michael Tremer [Fri, 8 Mar 2019 10:08:02 +0000 (10:08 +0000)]
/etc/passwd: Order users by ID

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 weeks agozabbix_agent: Create /var/run/zabbix in initscript
Michael Tremer [Fri, 8 Mar 2019 10:04:28 +0000 (10:04 +0000)]
zabbix_agent: Create /var/run/zabbix in initscript

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 weeks agozabbix_agent: Ensure that the user exists on all systems
Michael Tremer [Fri, 8 Mar 2019 09:58:56 +0000 (09:58 +0000)]
zabbix_agent: Ensure that the user exists on all systems

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 weeks agozabbix_agentd: New addon
Alexander Koch [Wed, 13 Feb 2019 23:06:19 +0000 (00:06 +0100)]
zabbix_agentd: New addon

New addon for monitoring IPFire by Zabbix Monitoring (https://www.zabbix.com/features).
See https://forum.ipfire.org/viewtopic.php?f=52&t=22039 and https://lists.ipfire.org/pipermail/development/2019-February/005324.html for further details.

Best regards,
Alex

Signed-off-by: Alexander Koch <ipfire@starkstromkonsument.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 weeks agoiptables: Commented legacy ip(6)tables entries from ROOTFILE
Erik Kapfer [Fri, 8 Mar 2019 04:51:55 +0000 (05:51 +0100)]
iptables: Commented legacy ip(6)tables entries from ROOTFILE

Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 weeks agoinstaller: Download ISO via HTTPS
Michael Tremer [Thu, 7 Mar 2019 11:27:19 +0000 (11:27 +0000)]
installer: Download ISO via HTTPS

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 weeks agoRevert "boost: Build with -O2 only"
Michael Tremer [Thu, 7 Mar 2019 10:29:31 +0000 (10:29 +0000)]
Revert "boost: Build with -O2 only"

This reverts commit 9ff5b381eb8a4e129978c34f969e312c302ea7b1.

Boost wants to build with -O3 no matter what

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 weeks agounbound: Mark domains as insecure from DNS forwarding
Michael Tremer [Tue, 5 Mar 2019 16:58:29 +0000 (16:58 +0000)]
unbound: Mark domains as insecure from DNS forwarding

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 weeks agoDNS Forwarding: Add UI to Allow to disable DNSSEC for a zone
Michael Tremer [Tue, 5 Mar 2019 16:10:17 +0000 (16:10 +0000)]
DNS Forwarding: Add UI to Allow to disable DNSSEC for a zone

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 weeks agoMerge branch 'ipsec-on-demand' into next
Michael Tremer [Tue, 5 Mar 2019 15:25:36 +0000 (15:25 +0000)]
Merge branch 'ipsec-on-demand' into next

6 weeks agovpnmain.cgi: Make on-demand mode default for IPsec VPNs
Michael Tremer [Tue, 5 Mar 2019 15:24:19 +0000 (15:24 +0000)]
vpnmain.cgi: Make on-demand mode default for IPsec VPNs

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 weeks agovpnmain.cgi: Carry over START_ACTION attribute correctly
Michael Tremer [Tue, 5 Mar 2019 15:23:33 +0000 (15:23 +0000)]
vpnmain.cgi: Carry over START_ACTION attribute correctly

This setting was not carried correctly and therefore the default was ignored.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 weeks agomake.sh: Fit more processes into memory
Michael Tremer [Mon, 4 Mar 2019 17:21:15 +0000 (17:21 +0000)]
make.sh: Fit more processes into memory

Because we have a good way to limit processes now, we should
increase the default size a little bit

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 weeks agoboost: Build with -O2 only
Michael Tremer [Mon, 4 Mar 2019 17:20:52 +0000 (17:20 +0000)]
boost: Build with -O2 only

This should increase build speed

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 weeks agoConfig: Builds don't seem to like the space
Michael Tremer [Mon, 4 Mar 2019 11:57:22 +0000 (11:57 +0000)]
Config: Builds don't seem to like the space

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 weeks agoperl: Limit build to 23 parallel processes
Michael Tremer [Mon, 4 Mar 2019 11:52:34 +0000 (11:52 +0000)]
perl: Limit build to 23 parallel processes

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 weeks agomake.sh: Introduce MAX_PARALLELISM
Michael Tremer [Mon, 4 Mar 2019 11:51:08 +0000 (11:51 +0000)]
make.sh: Introduce MAX_PARALLELISM

This will now adjust MAKETUNING to not launch more processes
than MAX_PARALLELISM. Handy to limit builds that use a lot of memory.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 weeks agomake.sh: Drop MAKETUNING
Michael Tremer [Mon, 4 Mar 2019 11:45:30 +0000 (11:45 +0000)]
make.sh: Drop MAKETUNING

This is now set in lfs/Config

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 weeks agomake.sh: Introduce DEFAULT_PARALLELISM
Michael Tremer [Mon, 4 Mar 2019 11:43:47 +0000 (11:43 +0000)]
make.sh: Introduce DEFAULT_PARALLELISM

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 weeks agomake.sh: Use variable instead of calling system_processors function again
Michael Tremer [Mon, 4 Mar 2019 11:38:38 +0000 (11:38 +0000)]
make.sh: Use variable instead of calling system_processors function again

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 weeks agomake.sh: Rename HOST_MEM to SYSTEM_MEMORY
Michael Tremer [Mon, 4 Mar 2019 11:35:15 +0000 (11:35 +0000)]
make.sh: Rename HOST_MEM to SYSTEM_MEMORY

We had two variables holding the same data

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 weeks agomake.sh: Pass number of processors and total memory so that we can adjust MAKETUNING
Michael Tremer [Mon, 4 Mar 2019 11:33:50 +0000 (11:33 +0000)]
make.sh: Pass number of processors and total memory so that we can adjust MAKETUNING

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 weeks agoParallelized build for several packages
Wolfgang Apolinarski [Wed, 20 Feb 2019 19:18:06 +0000 (20:18 +0100)]
Parallelized build for several packages

Added $(MAKETUNING) to several packages.
Marked packages that do not support parallel build.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 weeks agocore129: Ship wpa_supplicant
Michael Tremer [Mon, 4 Mar 2019 09:25:13 +0000 (09:25 +0000)]
core129: Ship wpa_supplicant

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 weeks agowpa_supplicant: Update to 2.7
Matthias Fischer [Tue, 5 Mar 2019 18:12:52 +0000 (19:12 +0100)]
wpa_supplicant: Update to 2.7

For details see:
https://w1.fi/cgit/hostap/plain/wpa_supplicant/ChangeLog

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 weeks agohostapd: Update to 2.7
Matthias Fischer [Tue, 5 Mar 2019 18:12:51 +0000 (19:12 +0100)]
hostapd: Update to 2.7

For details see:
https://w1.fi/cgit/hostap/plain/hostapd/ChangeLog

This patch sticks to 'wpa_supplicant: Update to 2.7'.

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 weeks agonetsnmp: Fix rootfile to build on other architectures
Michael Tremer [Sun, 3 Mar 2019 13:33:52 +0000 (13:33 +0000)]
netsnmp: Fix rootfile to build on other architectures

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 weeks agonetsnmpd: OpenSSL patch is incl. in new version
Erik Kapfer [Wed, 27 Feb 2019 05:03:48 +0000 (06:03 +0100)]
netsnmpd: OpenSSL patch is incl. in new version

Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 weeks agonetsnmpd: Update to version 5.8
Erik Kapfer [Wed, 27 Feb 2019 05:03:47 +0000 (06:03 +0100)]
netsnmpd: Update to version 5.8

Overview of the changes can be found in here https://sourceforge.net/p/net-snmp/mailman/message/36386084/ .

Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
6 weeks agoiptables: Update to 1.8.2
Erik Kapfer [Sun, 3 Mar 2019 08:09:18 +0000 (09:09 +0100)]
iptables: Update to 1.8.2

netfilter-layer7 has also been updated to v2.23 .

Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
7 weeks agolibcap-ng: New package
Stefan Schantl [Sun, 3 Mar 2019 14:10:02 +0000 (15:10 +0100)]
libcap-ng: New package

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
7 weeks agosuricata: Drop parsers I have never heard of
Michael Tremer [Sat, 2 Mar 2019 17:18:39 +0000 (17:18 +0000)]
suricata: Drop parsers I have never heard of

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
7 weeks agosuricata: Configure HTTP decoder
Michael Tremer [Sat, 2 Mar 2019 17:18:38 +0000 (17:18 +0000)]
suricata: Configure HTTP decoder

This will now scan all request and response bodies where possible
and use up to 256MB of RAM

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
7 weeks agoRevert "Suricata: detect DNS events on port 853, too"
Michael Tremer [Sat, 2 Mar 2019 17:18:37 +0000 (17:18 +0000)]
Revert "Suricata: detect DNS events on port 853, too"

This reverts commit ad99f959e2b83dd9f1275c1d385140271c8926ae.

It does not make any sense to try to decode the TLS connection
with the DNS decoder.

Therefore should 853 (TCP only) be added to the TLS decoder.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
7 weeks agoUnpack intel microcode before initramfs images are being built
Michael Tremer [Sat, 2 Mar 2019 14:55:04 +0000 (14:55 +0000)]
Unpack intel microcode before initramfs images are being built

Previously, the microcode updates were not packaged in the shipped
initramfs images which causes that Intel processors are still running
on outdated microcode.

This patch moves intel-microcode before we build the initramfs images.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
7 weeks agocore129: Ship updated proxy.cgi
Michael Tremer [Sat, 2 Mar 2019 14:14:14 +0000 (14:14 +0000)]
core129: Ship updated proxy.cgi

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
7 weeks agoBug 12008 - Typo in 'proxy.cgi' leads to wrong path for 'basic_ldap_auth'
Matthias Fischer [Sun, 3 Mar 2019 08:37:01 +0000 (09:37 +0100)]
Bug 12008 - Typo in 'proxy.cgi' leads to wrong path for 'basic_ldap_auth'

Hi,

This should fix https://bugzilla.ipfire.org/show_bug.cgi?id=12008

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
7 weeks agocore129: Ship updated ipset
Michael Tremer [Sat, 2 Mar 2019 14:12:18 +0000 (14:12 +0000)]
core129: Ship updated ipset

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
7 weeks agoipset: Update to version 7.1
Erik Kapfer [Sun, 3 Mar 2019 08:22:50 +0000 (09:22 +0100)]
ipset: Update to version 7.1

Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
7 weeks agocore129: Ship updated tar
Michael Tremer [Sat, 2 Mar 2019 14:11:02 +0000 (14:11 +0000)]
core129: Ship updated tar

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
7 weeks agotar: Update to 1.32
Matthias Fischer [Sat, 2 Mar 2019 20:24:15 +0000 (21:24 +0100)]
tar: Update to 1.32

For details see:
http://git.savannah.gnu.org/cgit/tar.git/log/

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
7 weeks agocore129: Ship updated bind
Michael Tremer [Sat, 2 Mar 2019 14:10:21 +0000 (14:10 +0000)]
core129: Ship updated bind

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
7 weeks agobind: Update to 9.11.6
Matthias Fischer [Sat, 2 Mar 2019 20:19:03 +0000 (21:19 +0100)]
bind: Update to 9.11.6

For details see:
http://ftp.isc.org/isc/bind9/9.11.6/RELEASE-NOTES-bind-9.11.6.html

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
7 weeks agocore129: Ship updated squid
Michael Tremer [Sat, 2 Mar 2019 14:09:00 +0000 (14:09 +0000)]
core129: Ship updated squid

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
7 weeks agosquid: Update to 4.6
Matthias Fischer [Sat, 2 Mar 2019 20:08:06 +0000 (21:08 +0100)]
squid: Update to 4.6

For details see:
http://www.squid-cache.org/Versions/v4/changesets/

The 'configure'-option "--disable-ipv6" was removed, it is no longer necessary.

See:
https://lists.ipfire.org/pipermail/development/2016-April/002046.html

"The --disable-ipv6 build option is now deprecated.
...
Squid-3.5.7 and later will perform IPv6 availability tests on startup in
all builds.

- Where IPv6 is unavailable Squid will continue exactly as it would
have had the build option not been used.

These Squid can have the build option removed now."

The warning message concerning a "BCP 177 violation" while
starting 'squid' can be ignored.

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
7 weeks agospectre-meltdown-checker: New package
Michael Tremer [Sat, 2 Mar 2019 13:24:44 +0000 (13:24 +0000)]
spectre-meltdown-checker: New package

This makes it easy to install the script and check the vulnerability status
of a system IPFire is running on.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
7 weeks agobinutils: Ship strings & readelf
Michael Tremer [Sat, 2 Mar 2019 13:01:42 +0000 (13:01 +0000)]
binutils: Ship strings & readelf

This is needed by the spectre meltdown checker script

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
7 weeks agoUpdate German translation
Michael Tremer [Sat, 2 Mar 2019 12:01:06 +0000 (12:01 +0000)]
Update German translation

Mainly adds translation for new IPsec features

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>