Peter Müller [Thu, 11 Apr 2019 16:04:02 +0000 (18:04 +0200)]
Merge branch 'master' of ssh://git.ipfire.org/pub/git/ipfire-2.x
Matthias Fischer [Fri, 5 Apr 2019 19:55:12 +0000 (21:55 +0200)]
wget: Update to 1.20.3
For details see:
https://fossies.org/linux/wget/ChangeLog
Excerpt from "NEWS":
"2019-04-05 Tim Ruehsen <tim.ruehsen@gmx.de>
Fix a buffer overflow vulnerability
* src/iri.c(do_conversion): Reallocate the output buffer to a larger
size if it is already full"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 4 Apr 2019 01:04:28 +0000 (02:04 +0100)]
core130: Ship updated apache
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Matthias Fischer [Thu, 4 Apr 2019 07:15:00 +0000 (09:15 +0200)]
apache: Update to 2.4.39
For details see:
http://mirror.checkdomain.de/apache//httpd/CHANGES_2.4.39
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Arne Fitzenreiter [Tue, 9 Apr 2019 05:31:23 +0000 (07:31 +0200)]
core130: insert a core update for urgent fixes.
the bigger changes for suricata and kernel need longer time for test
so we insert a core with smaller but important fixes.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Tue, 9 Apr 2019 05:30:26 +0000 (07:30 +0200)]
core130: ship strongswan
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Mon, 8 Apr 2019 10:56:58 +0000 (11:56 +0100)]
core130: Ship perl-Net-SSLeay
This was still using the old version of OpenSSL.
Instead of linking the module (which we should have found earlier)
the module uses dlopen :(
Fixes: #12044
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 8 Apr 2019 15:41:24 +0000 (16:41 +0100)]
strongswan: Manually install all routes for non-routed VPNs
This is a regression from disabling charon.install_routes.
VPNs are routing fine as long as traffic is passing through
the firewall. Traps are not propertly used as long as these
routes are not present and therefore we won't trigger any
tunnels when traffic originates from the firewall.
Fixes: #12045
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 4 Apr 2019 01:07:16 +0000 (02:07 +0100)]
core130: Ship updated wget
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Thu, 4 Apr 2019 07:43:50 +0000 (09:43 +0200)]
wget: Update to 1.20.2
For details see:
https://fossies.org/linux/wget/ChangeLog
Excerpt from "NEWS":
* Changes in Wget 1.20.2
** NTLM authentication will retry under certain cases
** Fixed a buffer overflow vulnerability"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Wed, 27 Mar 2019 19:54:10 +0000 (20:54 +0100)]
clamav: Update to 0.101.2
For details see:
https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html
"ClamAV 0.101.2 is a patch release to address a handful of security related bugs."
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 18 Mar 2019 15:24:56 +0000 (15:24 +0000)]
ipsec-interfaces: Apply static routes (again) after creating IPsec interfaces
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Peter Müller [Fri, 15 Mar 2019 16:55:13 +0000 (17:55 +0100)]
ensure Tor daemon files have correct permissions
Set permissions for /var/lib/tor and /var/ipfire/tor to
tor:tor, regardless whether Tor user has been created before
or not.
This ensures Tor starts properly on existing systems after
reinstallation of the add-on. Thanks to Michael for the hint.
Further, a comment for new Tor user in /etc/passwd has been added.
Fixes #11779.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Stefan Schantl [Fri, 15 Mar 2019 14:33:29 +0000 (15:33 +0100)]
core130: Fix another error in rootfile
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 15 Mar 2019 13:20:23 +0000 (13:20 +0000)]
core130: Fix errors in rootfile
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 14 Mar 2019 16:52:38 +0000 (16:52 +0000)]
Update IPS translation
* Fix typos
* Fix compound nouns (especially in German)
* Remove unused strings
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 14 Mar 2019 14:01:45 +0000 (14:01 +0000)]
nut: Disable parallel build
nut just fails to build when running in parallel
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 14 Mar 2019 13:48:25 +0000 (13:48 +0000)]
core130: Ship suricata
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 14 Mar 2019 13:20:56 +0000 (13:20 +0000)]
Update contributors
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 14 Mar 2019 13:20:22 +0000 (13:20 +0000)]
Update translations
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 14 Mar 2019 13:19:35 +0000 (13:19 +0000)]
Merge remote-tracking branch 'stevee/next-suricata' into next
Michael Tremer [Thu, 14 Mar 2019 13:16:33 +0000 (13:16 +0000)]
core130: Ship updated firewall script
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Mon, 11 Mar 2019 20:07:00 +0000 (20:07 +0000)]
add IPtables chain for outgoing Tor traffic
If Tor is operating in relay mode, it has to open a lot of outgoing
TCP connections. These should be separated from any other outgoing
connections, as allowing _all_ outgoing traffic will be unwanted and
risky in most cases.
Thereof, Tor will be running as a dedicated user (see second patch),
allowing usage of user-based IPtables rulesets.
Partially fixes #11779.
Singed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Mon, 11 Mar 2019 20:07:00 +0000 (20:07 +0000)]
run Tor under dedicated user
This allows more-fine granular firewall rules (see first patch for
further information). Further, it prevents other services running as
"nobody" (Apache, ...) from reading Tor relay keys.
Fixes #11779.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 14 Mar 2019 13:15:03 +0000 (13:15 +0000)]
Start Core Update 130
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Stefan Schantl [Wed, 13 Mar 2019 11:14:30 +0000 (12:14 +0100)]
suricata: Fix amount of listened nfqueues
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Peter Müller [Mon, 11 Mar 2019 19:35:00 +0000 (19:35 +0000)]
amavisd: update to 2.11.1
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Mon, 11 Mar 2019 19:28:00 +0000 (19:28 +0000)]
Postfix: update to 3.4.3
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 13 Mar 2019 08:05:27 +0000 (08:05 +0000)]
installer: Set the clock correctly when installing over network
If a system has a not very up to date clock, downloading files
over HTTPS is impossible.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Arne Fitzenreiter [Wed, 13 Mar 2019 14:18:52 +0000 (15:18 +0100)]
core129: finish update
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Wed, 13 Mar 2019 14:17:28 +0000 (15:17 +0100)]
u-boot: try to boot without ramdisk if the system cannot load it
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Wed, 13 Mar 2019 14:06:23 +0000 (15:06 +0100)]
knot: update to 2.8.0 and build/install only kdig
This fix compile errors on small arm boards. (cc1 internal error)
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Wed, 13 Mar 2019 14:04:40 +0000 (15:04 +0100)]
groff: update to 1.22.4
This fix compile problems on small arm boards. (cc1 internal error)
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Stefan Schantl [Wed, 13 Mar 2019 09:03:48 +0000 (10:03 +0100)]
suricata: Remove unneeded stuff during build
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Arne Fitzenreiter [Wed, 13 Mar 2019 08:38:21 +0000 (09:38 +0100)]
Revert "kernel: cleanup unused rpi patch"
This reverts commit
a2d49659f3947e5a5a77cbc1bf384eb0b2760ca9.
The patch is still needed to prevent strange crashes
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Mon, 11 Mar 2019 15:58:45 +0000 (15:58 +0000)]
Update list of contributors
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 11 Mar 2019 15:58:04 +0000 (15:58 +0000)]
core129: Ship updated dnsforward.cgi
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 11 Mar 2019 15:57:15 +0000 (15:57 +0000)]
Merge remote-tracking branch 'ms/dns-forwarding' into next
Michael Tremer [Mon, 11 Mar 2019 09:54:19 +0000 (09:54 +0000)]
core129: Ship updated dhcp.cgi
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 11 Mar 2019 09:53:56 +0000 (09:53 +0000)]
Merge remote-tracking branch 'ms/dhcp' into next
Peter Müller [Fri, 8 Mar 2019 19:17:00 +0000 (19:17 +0000)]
Tor WebUI: drop relay bandwith options < 1 MBit/s
Tor requires at least 1 MBit/s in order to participate.
Fixes #12001
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 11 Mar 2019 09:38:56 +0000 (09:38 +0000)]
dnsdist: Limit to fewer concurrent build processes
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 10 Mar 2019 18:23:22 +0000 (18:23 +0000)]
core129: Ship updated less
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Fri, 8 Mar 2019 19:19:00 +0000 (19:19 +0000)]
less: update to 530
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Fri, 8 Mar 2019 19:22:00 +0000 (19:22 +0000)]
Postfix: update to 3.4.1
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Sun, 10 Mar 2019 17:04:31 +0000 (18:04 +0100)]
slang: revert parallelized build
This partially reverts https://git.ipfire.org/?p=ipfire-2.x.git;a=blob;f=lfs/slang;h=
217e74c77317d4c829913f934458779fd278bf29;hb=
23164efba5f57b3d8ccb07a166b613f2f951e1b6
'slang 2.3.0' doesn't like "$(MAKETUNING)"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Stefan Schantl [Sun, 10 Mar 2019 17:52:40 +0000 (18:52 +0100)]
IDS: Set owner of suricata logging directory to correct user
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Stefan Schantl [Sun, 10 Mar 2019 17:50:37 +0000 (18:50 +0100)]
Rename snort user and group to suricata
This only affects new installations.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Michael Tremer [Sat, 2 Mar 2019 17:26:34 +0000 (17:26 +0000)]
suricata: Run as non-root user
This patch does not have any effect (yet) and is untested
because suricata needs to be built against libcap-ng which
is currently not being packaged for IPFire.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Stefan Schantl [Sun, 10 Mar 2019 16:34:03 +0000 (17:34 +0100)]
suricata: Update to 4.1.3
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Stefan Schantl [Sun, 10 Mar 2019 12:27:52 +0000 (13:27 +0100)]
Move IDS/IPS menu entry to firewall section
Fixes #12011.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Michael Tremer [Fri, 8 Mar 2019 10:11:23 +0000 (10:11 +0000)]
/etc/group: Order groups by ID
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 8 Mar 2019 10:08:02 +0000 (10:08 +0000)]
/etc/passwd: Order users by ID
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 8 Mar 2019 10:04:28 +0000 (10:04 +0000)]
zabbix_agent: Create /var/run/zabbix in initscript
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 8 Mar 2019 09:58:56 +0000 (09:58 +0000)]
zabbix_agent: Ensure that the user exists on all systems
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Alexander Koch [Wed, 13 Feb 2019 23:06:19 +0000 (00:06 +0100)]
zabbix_agentd: New addon
New addon for monitoring IPFire by Zabbix Monitoring (https://www.zabbix.com/features).
See https://forum.ipfire.org/viewtopic.php?f=52&t=22039 and https://lists.ipfire.org/pipermail/development/2019-February/005324.html for further details.
Best regards,
Alex
Signed-off-by: Alexander Koch <ipfire@starkstromkonsument.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Erik Kapfer [Fri, 8 Mar 2019 04:51:55 +0000 (05:51 +0100)]
iptables: Commented legacy ip(6)tables entries from ROOTFILE
Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 7 Mar 2019 11:27:19 +0000 (11:27 +0000)]
installer: Download ISO via HTTPS
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 7 Mar 2019 10:29:31 +0000 (10:29 +0000)]
Revert "boost: Build with -O2 only"
This reverts commit
9ff5b381eb8a4e129978c34f969e312c302ea7b1.
Boost wants to build with -O3 no matter what
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 5 Mar 2019 16:58:29 +0000 (16:58 +0000)]
unbound: Mark domains as insecure from DNS forwarding
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 5 Mar 2019 16:10:17 +0000 (16:10 +0000)]
DNS Forwarding: Add UI to Allow to disable DNSSEC for a zone
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 5 Mar 2019 15:25:36 +0000 (15:25 +0000)]
Merge branch 'ipsec-on-demand' into next
Michael Tremer [Tue, 5 Mar 2019 15:24:19 +0000 (15:24 +0000)]
vpnmain.cgi: Make on-demand mode default for IPsec VPNs
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 5 Mar 2019 15:23:33 +0000 (15:23 +0000)]
vpnmain.cgi: Carry over START_ACTION attribute correctly
This setting was not carried correctly and therefore the default was ignored.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 4 Mar 2019 17:21:15 +0000 (17:21 +0000)]
make.sh: Fit more processes into memory
Because we have a good way to limit processes now, we should
increase the default size a little bit
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 4 Mar 2019 17:20:52 +0000 (17:20 +0000)]
boost: Build with -O2 only
This should increase build speed
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 4 Mar 2019 11:57:22 +0000 (11:57 +0000)]
Config: Builds don't seem to like the space
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 4 Mar 2019 11:52:34 +0000 (11:52 +0000)]
perl: Limit build to 23 parallel processes
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 4 Mar 2019 11:51:08 +0000 (11:51 +0000)]
make.sh: Introduce MAX_PARALLELISM
This will now adjust MAKETUNING to not launch more processes
than MAX_PARALLELISM. Handy to limit builds that use a lot of memory.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 4 Mar 2019 11:45:30 +0000 (11:45 +0000)]
make.sh: Drop MAKETUNING
This is now set in lfs/Config
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 4 Mar 2019 11:43:47 +0000 (11:43 +0000)]
make.sh: Introduce DEFAULT_PARALLELISM
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 4 Mar 2019 11:38:38 +0000 (11:38 +0000)]
make.sh: Use variable instead of calling system_processors function again
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 4 Mar 2019 11:35:15 +0000 (11:35 +0000)]
make.sh: Rename HOST_MEM to SYSTEM_MEMORY
We had two variables holding the same data
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 4 Mar 2019 11:33:50 +0000 (11:33 +0000)]
make.sh: Pass number of processors and total memory so that we can adjust MAKETUNING
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Wolfgang Apolinarski [Wed, 20 Feb 2019 19:18:06 +0000 (20:18 +0100)]
Parallelized build for several packages
Added $(MAKETUNING) to several packages.
Marked packages that do not support parallel build.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 4 Mar 2019 09:25:13 +0000 (09:25 +0000)]
core129: Ship wpa_supplicant
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Tue, 5 Mar 2019 18:12:52 +0000 (19:12 +0100)]
wpa_supplicant: Update to 2.7
For details see:
https://w1.fi/cgit/hostap/plain/wpa_supplicant/ChangeLog
Best,
Matthias
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Tue, 5 Mar 2019 18:12:51 +0000 (19:12 +0100)]
hostapd: Update to 2.7
For details see:
https://w1.fi/cgit/hostap/plain/hostapd/ChangeLog
This patch sticks to 'wpa_supplicant: Update to 2.7'.
Best,
Matthias
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 3 Mar 2019 13:33:52 +0000 (13:33 +0000)]
netsnmp: Fix rootfile to build on other architectures
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Erik Kapfer [Wed, 27 Feb 2019 05:03:48 +0000 (06:03 +0100)]
netsnmpd: OpenSSL patch is incl. in new version
Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Erik Kapfer [Wed, 27 Feb 2019 05:03:47 +0000 (06:03 +0100)]
netsnmpd: Update to version 5.8
Overview of the changes can be found in here https://sourceforge.net/p/net-snmp/mailman/message/
36386084/ .
Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Erik Kapfer [Sun, 3 Mar 2019 08:09:18 +0000 (09:09 +0100)]
iptables: Update to 1.8.2
netfilter-layer7 has also been updated to v2.23 .
Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Stefan Schantl [Sun, 3 Mar 2019 14:10:02 +0000 (15:10 +0100)]
libcap-ng: New package
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Michael Tremer [Sat, 2 Mar 2019 17:18:39 +0000 (17:18 +0000)]
suricata: Drop parsers I have never heard of
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Michael Tremer [Sat, 2 Mar 2019 17:18:38 +0000 (17:18 +0000)]
suricata: Configure HTTP decoder
This will now scan all request and response bodies where possible
and use up to 256MB of RAM
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Michael Tremer [Sat, 2 Mar 2019 17:18:37 +0000 (17:18 +0000)]
Revert "Suricata: detect DNS events on port 853, too"
This reverts commit
ad99f959e2b83dd9f1275c1d385140271c8926ae.
It does not make any sense to try to decode the TLS connection
with the DNS decoder.
Therefore should 853 (TCP only) be added to the TLS decoder.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Michael Tremer [Sat, 2 Mar 2019 14:55:04 +0000 (14:55 +0000)]
Unpack intel microcode before initramfs images are being built
Previously, the microcode updates were not packaged in the shipped
initramfs images which causes that Intel processors are still running
on outdated microcode.
This patch moves intel-microcode before we build the initramfs images.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 2 Mar 2019 14:14:14 +0000 (14:14 +0000)]
core129: Ship updated proxy.cgi
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Sun, 3 Mar 2019 08:37:01 +0000 (09:37 +0100)]
Bug 12008 - Typo in 'proxy.cgi' leads to wrong path for 'basic_ldap_auth'
Hi,
This should fix https://bugzilla.ipfire.org/show_bug.cgi?id=12008
Best,
Matthias
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 2 Mar 2019 14:12:18 +0000 (14:12 +0000)]
core129: Ship updated ipset
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Erik Kapfer [Sun, 3 Mar 2019 08:22:50 +0000 (09:22 +0100)]
ipset: Update to version 7.1
Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 2 Mar 2019 14:11:02 +0000 (14:11 +0000)]
core129: Ship updated tar
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Sat, 2 Mar 2019 20:24:15 +0000 (21:24 +0100)]
tar: Update to 1.32
For details see:
http://git.savannah.gnu.org/cgit/tar.git/log/
Best,
Matthias
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 2 Mar 2019 14:10:21 +0000 (14:10 +0000)]
core129: Ship updated bind
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Sat, 2 Mar 2019 20:19:03 +0000 (21:19 +0100)]
bind: Update to 9.11.6
For details see:
http://ftp.isc.org/isc/bind9/9.11.6/RELEASE-NOTES-bind-9.11.6.html
Best,
Matthias
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 2 Mar 2019 14:09:00 +0000 (14:09 +0000)]
core129: Ship updated squid
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Sat, 2 Mar 2019 20:08:06 +0000 (21:08 +0100)]
squid: Update to 4.6
For details see:
http://www.squid-cache.org/Versions/v4/changesets/
The 'configure'-option "--disable-ipv6" was removed, it is no longer necessary.
See:
https://lists.ipfire.org/pipermail/development/2016-April/002046.html
"The --disable-ipv6 build option is now deprecated.
...
Squid-3.5.7 and later will perform IPv6 availability tests on startup in
all builds.
- Where IPv6 is unavailable Squid will continue exactly as it would
have had the build option not been used.
These Squid can have the build option removed now."
The warning message concerning a "BCP 177 violation" while
starting 'squid' can be ignored.
Best,
Matthias
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 2 Mar 2019 13:24:44 +0000 (13:24 +0000)]
spectre-meltdown-checker: New package
This makes it easy to install the script and check the vulnerability status
of a system IPFire is running on.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 2 Mar 2019 13:01:42 +0000 (13:01 +0000)]
binutils: Ship strings & readelf
This is needed by the spectre meltdown checker script
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 2 Mar 2019 12:01:06 +0000 (12:01 +0000)]
Update German translation
Mainly adds translation for new IPsec features
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
git://git.ipfire.org / people / pmueller / ipfire-2.x.git / log