]>
git.ipfire.org Git - people/pmueller/ipfire-2.x.git/log
Arne Fitzenreiter [Sun, 20 Oct 2019 20:18:56 +0000 (20:18 +0000)]
Revert "QoS: Use CLASSIFY iptables target instead of MARK"
This reverts commit
3e151d19f9b813206e36da6b66fdc8cc99cdd26f .
Arne Fitzenreiter [Sun, 20 Oct 2019 20:18:34 +0000 (20:18 +0000)]
Revert "QoS: Drop tc filter rules to move marked packets into the correct class"
This reverts commit
63f7d7475e97d74d4bcd23bd739b6b1721e55e14 .
Arne Fitzenreiter [Sun, 20 Oct 2019 20:18:00 +0000 (20:18 +0000)]
Revert "QoS: Drop support for subclasses"
This reverts commit
bc4d4da87009ebffcd93d30dcbfffff797b92588 .
Arne Fitzenreiter [Sun, 20 Oct 2019 20:17:18 +0000 (20:17 +0000)]
Revert "QoS: Drop support for setting TOS bits per class"
This reverts commit
3174d9c6b610c1f1ce1e7a8828a4575def2e2392 .
Arne Fitzenreiter [Sun, 20 Oct 2019 20:16:05 +0000 (20:16 +0000)]
Revert "QoS: No longer set TOS bits for ACK packets"
This reverts commit
b1c695e872f0b1968dadee7fc38cf3258423c3ac .
Arne Fitzenreiter [Sun, 20 Oct 2019 09:51:04 +0000 (09:51 +0000)]
core137: don't start QoS
QoS need to load kernel modules but the currect kernel
was removed so it cannot correct start without a reboot.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Daniel Weismüller [Fri, 18 Oct 2019 14:59:49 +0000 (16:59 +0200)]
core137: Remove imq0 and unload imq module after QoS has been stopped
Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Fri, 18 Oct 2019 21:07:44 +0000 (23:07 +0200)]
kernel: update to 4.14.150
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Fri, 18 Oct 2019 18:39:47 +0000 (20:39 +0200)]
Revert "suricata: Enable rust support"
This reverts commit
5b87687cb1d37d81dbc701706e40f40f2cb16348 .
Arne Fitzenreiter [Fri, 18 Oct 2019 18:37:50 +0000 (20:37 +0200)]
rust: disabled build
rust build code with illegal instructions on armv5tel
so this need more checking
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Fri, 18 Oct 2019 14:19:59 +0000 (16:19 +0200)]
core137: add path of qosctrl
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Fri, 18 Oct 2019 14:16:35 +0000 (16:16 +0200)]
core137: erase lm_sensors config after collectd start
this is needed to research the sensors with updated kernel
after next reboot.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Fri, 18 Oct 2019 14:13:49 +0000 (16:13 +0200)]
Revert "firewall: always allow outgoing DNS traffic to root servers"
This reverts commit
70cd5c42f003292bd1ecb9e38018782679dbd01e .
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Tue, 15 Oct 2019 07:50:12 +0000 (07:50 +0000)]
Revert "dhcpcd: Update to 8.0.2"
This reverts commit
0184e5806da57226bbe24dbcbf11b093299cb9f4 .
Arne Fitzenreiter [Tue, 15 Oct 2019 07:49:31 +0000 (07:49 +0000)]
Revert "dhcpcd: Update to 8.0.3"
This reverts commit
8a001e556c02af3f34eacead4e8a44f482a67509 .
Arne Fitzenreiter [Tue, 15 Oct 2019 07:48:56 +0000 (07:48 +0000)]
Revert "dhcpcd: Update to 8.0.6"
This reverts commit
a4bb11243f0d43b7e95ec0195879aa0dd6a94b9e .
Arne Fitzenreiter [Tue, 15 Oct 2019 07:48:12 +0000 (07:48 +0000)]
Revert "dhcpcd: Update to 8.1.0"
This reverts commit
4863f2096cde6fd93618d1f774c6d16499ee3f63 .
Arne Fitzenreiter [Tue, 15 Oct 2019 07:38:21 +0000 (07:38 +0000)]
Revert "bash: update to 5.0"
This reverts commit
700f11b305e941bb42b0a0b4e451af962b1bc23d .
Arne Fitzenreiter [Tue, 15 Oct 2019 07:37:54 +0000 (07:37 +0000)]
Revert "readline: update to 8.0"
This reverts commit
6e8e8ee41cfcec7338a5674c21c0e8aa62a59a04 .
Arne Fitzenreiter [Tue, 15 Oct 2019 07:37:23 +0000 (07:37 +0000)]
Revert "update rootfiles for bash and readline"
This reverts commit
f41d936026b576ef7207754fa1d667d983fded06 .
Arne Fitzenreiter [Tue, 15 Oct 2019 07:36:47 +0000 (07:36 +0000)]
Revert "bash: add patches 001 - 011 for 5.0 version"
This reverts commit
2c0ee2b9624c4c7c3b3ce7b1deadae9df6ca9a32 .
Arne Fitzenreiter [Tue, 15 Oct 2019 07:36:00 +0000 (07:36 +0000)]
Revert "readline: add patch 001 for version 8.0"
This reverts commit
c5f0c44451737c543021e4ba958404a019ed7562 .
Arne Fitzenreiter [Tue, 15 Oct 2019 07:35:22 +0000 (07:35 +0000)]
Revert "bash/readline: drop orphaned patches"
This reverts commit
95f1c332d8c63896b540c3a07335236ef08cee01 .
Arne Fitzenreiter [Tue, 15 Oct 2019 07:31:56 +0000 (07:31 +0000)]
Revert "ship updated bash and readline"
there are missing files libs/bash/* in the rootfiles and there
are addons linked against readline-6.3 so we still need this
as readline-compat
This reverts commit
5c0345f5c1c247c8fc33c9447221caa134f27d86 .
Michael Tremer [Mon, 14 Oct 2019 17:11:37 +0000 (19:11 +0200)]
vpnmain.cgi+ovpnmain.cgi: Fix file upload with new versions of Perl
File uploads did not work since Perl was upgraded. This patch
fixes that problem by only checking if an object was returned
instead of performing a string comparison.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Mon, 14 Oct 2019 18:09:39 +0000 (18:09 +0000)]
core137: add qos changes to updater
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Mon, 14 Oct 2019 16:46:27 +0000 (16:46 +0000)]
QoS: Increase queue size and quantum for fq_codel
This optimises the QoS to process more bandwidth.
The limit variable sets the maximum number of packets in the
queue which was regularly exceeded on fast connections with
the old setting. This now allows up to 10G of data transfer
and is set to the default of fq_codel.
Quantum sets how many bytes can be read from the queue per
iteration. This is now set to the default again, which is
the size of an Ethernet frame including its header.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Mon, 14 Oct 2019 16:46:26 +0000 (16:46 +0000)]
QoS: No longer set TOS bits for ACK packets
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Mon, 14 Oct 2019 16:46:25 +0000 (16:46 +0000)]
QoS: Drop support for setting TOS bits per class
This is useless since no ISP will evaluate those settings
any more and it has a rather large impact on throughput.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Mon, 14 Oct 2019 16:46:24 +0000 (16:46 +0000)]
QoS: Drop support for subclasses
This feature was never properly implemented and the UI was dead
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Mon, 14 Oct 2019 16:46:23 +0000 (16:46 +0000)]
QoS: Drop tc filter rules to move marked packets into the correct class
This is no longer necessary since we are now using CLASSIFY
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Mon, 14 Oct 2019 16:46:22 +0000 (16:46 +0000)]
QoS: Use CLASSIFY iptables target instead of MARK
We have been running into loads of conflicts by using MARK for
various components on the OS (suricata, IPsec, QoS, ...) which
was sometimes hard to resolve.
iptables comes with a target which directly sorts packets into
the correct class which results in less code and not using the
mark.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Mon, 14 Oct 2019 16:46:21 +0000 (16:46 +0000)]
QoS: Move packet classification to FORWARD chain for ingress
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Mon, 14 Oct 2019 16:46:20 +0000 (16:46 +0000)]
QoS: Suppress an error message when cleaning up from previous runs
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Mon, 14 Oct 2019 16:46:19 +0000 (16:46 +0000)]
linux+iptables: Drop support for IMQ
This is no longer needed since we are using IFB now
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Mon, 14 Oct 2019 16:46:17 +0000 (16:46 +0000)]
QoS: Start qosd immediately
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Mon, 14 Oct 2019 16:46:18 +0000 (16:46 +0000)]
QoS: Do not delete egress qdisc after classes have been created
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Mon, 14 Oct 2019 16:46:16 +0000 (16:46 +0000)]
QoS: Silence RRD tool warnings
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Mon, 14 Oct 2019 16:46:15 +0000 (16:46 +0000)]
QoS: Process incoming packets in PREROUTING only
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Mon, 14 Oct 2019 16:46:14 +0000 (16:46 +0000)]
QoS: Tidy up qdiscs after QoS is being stopped
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Mon, 14 Oct 2019 16:46:13 +0000 (16:46 +0000)]
Revert "Make IMQ Switchable between PREROUTING and POSTROUTING"
This reverts commit
88b8ffac6b258e7b7687eb26111134bf435e23ca .
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Mon, 14 Oct 2019 16:46:12 +0000 (16:46 +0000)]
QoS: Use Intermediate Functional Block
This is an alternative implementation to the Intermediate Queuing
Device (IMQ) which is an out-of-tree kernel patch and has been
criticised for being slow, especially with mutliple processors.
IFB is part of the mainline kernel and a lot less code.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Mon, 14 Oct 2019 16:46:11 +0000 (16:46 +0000)]
QoS: Do not manually load iptables modules
This should not be necessary and causes the script to
wait for two seconds.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Mon, 14 Oct 2019 17:57:58 +0000 (17:57 +0000)]
core137: add updated sysctl.conf
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Mon, 14 Oct 2019 16:44:54 +0000 (16:44 +0000)]
sysctl: Adopt more settings from the IBM HPC guidelines
https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Welcome%20to%20High%20Performance%20Computing%20%28HPC%29%20Central/page/Linux%20System%20Tuning%20Recommendations
Since we have already configured most of our IP/TCP stack
for low latency and fast throughput, these settings complete
those efforts.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Mon, 14 Oct 2019 17:49:32 +0000 (17:49 +0000)]
core137: add updated 99-geoip-database
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Mon, 14 Oct 2019 16:43:58 +0000 (16:43 +0000)]
99-geoip-database: Fix download
This script started a fresh download every time it was called,
which is unnecessary.
The check to skip the download did not work because it was
looking for the old data format.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Mon, 14 Oct 2019 17:46:27 +0000 (17:46 +0000)]
core137: add updated xt_geoip_update
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Daniel Weismüller [Mon, 14 Oct 2019 14:47:56 +0000 (16:47 +0200)]
xt_geoip_update: Always call the cleanup function when some step fails
Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Daniel Weismüller [Mon, 14 Oct 2019 14:47:55 +0000 (16:47 +0200)]
xt_geoip_update: Do not create temporary directories again
These already exist
Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Daniel Weismüller [Mon, 14 Oct 2019 14:47:54 +0000 (16:47 +0200)]
xt_geoip_update: Use /var/tmp for temporary data
Since we have some systems that are restricted to only 2GB of
space on /, we need to move this to where we have enough space.
Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Daniel Weismüller [Mon, 14 Oct 2019 14:47:53 +0000 (16:47 +0200)]
xt_geoip_update: Perform cleanup after successful operation
The temporary files were never being cleaned up after the script
has finished compiling the database.
Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Mon, 14 Oct 2019 17:42:35 +0000 (17:42 +0000)]
core137: add dns.cgi to update
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
peter.mueller@ipfire.org [Sun, 13 Oct 2019 11:13:00 +0000 (11:13 +0000)]
fix link to public DNS server list in dns.cgi
Fixes: #11851
Reported-by: Dani W <assgex@gmail.com>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
peter.mueller@ipfire.org [Sun, 13 Oct 2019 11:09:00 +0000 (11:09 +0000)]
fix typo in hostapd initscript
Fixes: #11237
Reported-by: Tom Rymes <tomvend@rymes.com>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
peter.mueller@ipfire.org [Sun, 13 Oct 2019 09:39:00 +0000 (09:39 +0000)]
rust: fix year in LFS file
Tempus fugit, I know... :-)
Cc: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Mon, 14 Oct 2019 17:36:36 +0000 (17:36 +0000)]
core137: add updated ruleset-sources
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Stefan Schantl [Fri, 11 Oct 2019 18:44:00 +0000 (20:44 +0200)]
ruleset-sources: Update snort dl urls.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Mon, 14 Oct 2019 17:30:37 +0000 (17:30 +0000)]
core137: add updated backup.pl
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Tim FitzGeorge [Fri, 11 Oct 2019 18:42:05 +0000 (19:42 +0100)]
Restart logging after restoring backup
Send SIGHUP to syslogd and suricata after restoring backup. This ensures that
if the restored backup includes log files that any new log messages get
appended to the restored log files. Otherwise they will be written to the
old log files which are pending deletion.
httpd is told to restart using apachectl, which is the equivalent of sending
a signal. 'graceful' (USR1) is used rather than 'restart' (HUP) because the
latter immediately kills the process restoring the backup, preventing
converters from running.
Fixes: 12196
Signed-off-by: Tim FitzGeorge <ipfr@tfitzgeorge.me.uk>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Mon, 14 Oct 2019 17:22:44 +0000 (17:22 +0000)]
core137: add ipset to update
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Erik Kapfer [Thu, 10 Oct 2019 16:30:48 +0000 (18:30 +0200)]
ipset: Update to version 7.3
Some kernel part fixes are included. For a overview of the changelog,
take a look in here --> http://ipset.netfilter.org/changelog.html .
Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
peter.mueller@ipfire.org [Mon, 7 Oct 2019 18:19:00 +0000 (18:19 +0000)]
ship updated bash and readline
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
peter.mueller@ipfire.org [Mon, 7 Oct 2019 18:19:00 +0000 (18:19 +0000)]
bash/readline: drop orphaned patches
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
peter.mueller@ipfire.org [Mon, 7 Oct 2019 18:18:00 +0000 (18:18 +0000)]
readline: add patch 001 for version 8.0
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
peter.mueller@ipfire.org [Mon, 7 Oct 2019 18:18:00 +0000 (18:18 +0000)]
bash: add patches 001 - 011 for 5.0 version
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
peter.mueller@ipfire.org [Mon, 7 Oct 2019 18:17:00 +0000 (18:17 +0000)]
update rootfiles for bash and readline
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
peter.mueller@ipfire.org [Mon, 7 Oct 2019 18:16:00 +0000 (18:16 +0000)]
readline: update to 8.0
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
peter.mueller@ipfire.org [Mon, 7 Oct 2019 18:15:00 +0000 (18:15 +0000)]
bash: update to 5.0
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Matthias Fischer [Sat, 12 Oct 2019 23:05:57 +0000 (01:05 +0200)]
dhcpcd: Update to 8.1.0
For details see:
https://roy.marples.name/blog/dhcpcd-8-1-0-released
"DragonFlyBSD: Improved rc.d handling
Fix carrier status after a route socket overflow
Allow domain spaced options
DHCP: Allow not sending Force Renew Nonce or Reconf Accept
IPv4LL: Now passes Apple Bonjour test versions 1.4 and 1.5
ARP: Fix a typo and remove pragma (thus working with old gcc)
DHCP6: Fix a cosmetic issue with infinite leases
DHCP6: SLA 0 and Prefix Len 0 will now add a delegated /64 address
Ignore some virtual interfaces such as Tap and Bridge by default
BPF: Move validation logic out of BPF and back into dhcpcd"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Sat, 12 Oct 2019 15:57:59 +0000 (15:57 +0000)]
core137: close update
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Sat, 12 Oct 2019 15:56:40 +0000 (15:56 +0000)]
core137: restart updated services
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Sat, 12 Oct 2019 11:12:03 +0000 (13:12 +0200)]
kernel: update to 4.14.149
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Wed, 9 Oct 2019 18:23:05 +0000 (20:23 +0200)]
rust: update armv5tel rootfile
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Wed, 9 Oct 2019 16:11:32 +0000 (18:11 +0200)]
rust: add i586 and aarch64 rootfile
todo: armv5tel is still missing...
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Wed, 9 Oct 2019 16:10:23 +0000 (18:10 +0200)]
sane: add special aarch64 rootfile
libsane-qcam is not available for aarch64 so we need an extra rootfile
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Wed, 9 Oct 2019 16:06:54 +0000 (18:06 +0200)]
sane: rootfile update
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Wed, 9 Oct 2019 16:05:50 +0000 (18:05 +0200)]
tshark: rootfile update
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Wed, 9 Oct 2019 16:04:30 +0000 (18:04 +0200)]
speedtest-cli: add rootfile
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Wed, 9 Oct 2019 06:37:23 +0000 (08:37 +0200)]
sane/stage2: remove sanedloop
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Tue, 8 Oct 2019 19:49:01 +0000 (19:49 +0000)]
rust: fix typo
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Tue, 8 Oct 2019 19:44:54 +0000 (19:44 +0000)]
rust: fix md5 sums for i586 and arm
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Stefan Schantl [Mon, 7 Oct 2019 18:44:05 +0000 (20:44 +0200)]
suricata: Enable rust support
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Stefan Schantl [Mon, 7 Oct 2019 18:44:04 +0000 (20:44 +0200)]
rust: New package.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Erik Kapfer [Sun, 6 Oct 2019 07:23:19 +0000 (09:23 +0200)]
ncat: Update to version 7.80
Several improvements has been added. This update is part of the nmap-7.80 update.
For the complete changelog take a look in here --> https://seclists.org/nmap-announce/2019/0 .
Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Erik Kapfer [Sun, 6 Oct 2019 07:16:57 +0000 (09:16 +0200)]
nmap: Update to version 7.80
Several improvements, NSE scripts and libraries has been added.
The complete changelog can be found in here --> https://seclists.org/nmap-announce/2019/0 .
Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Tue, 8 Oct 2019 19:05:50 +0000 (19:05 +0000)]
core137: ship libpcap
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Matthias Fischer [Sat, 5 Oct 2019 07:37:15 +0000 (09:37 +0200)]
libpcap: Update to 1.9.1
For details see:
https://www.tcpdump.org/libpcap-changes.txt
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Tue, 8 Oct 2019 19:03:50 +0000 (19:03 +0000)]
core137: ship unbound
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Matthias Fischer [Sat, 5 Oct 2019 07:09:29 +0000 (09:09 +0200)]
unbound: Update to 1.9.4
For details see:
https://nlnetlabs.nl/pipermail/unbound-users/2019-October/011832.html
"This release is a fix for vulnerability CVE-2019-16866 that causes a
failure when a specially crafted query is received."
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Matthias Fischer [Sat, 5 Oct 2019 07:05:25 +0000 (09:05 +0200)]
tcpdump: Update to 4.9.3
For details see:
https://www.tcpdump.org/tcpdump-changes.txt
"Fix buffer overflow/overread vulnerabilities:
CVE-2017-16808 (AoE)
CVE-2018-14468 (FrameRelay)
CVE-2018-14469 (IKEv1)
CVE-2018-14470 (BABEL)
CVE-2018-14466 (AFS/RX)
CVE-2018-14461 (LDP)
CVE-2018-14462 (ICMP)
CVE-2018-14465 (RSVP)
CVE-2018-14881 (BGP)
CVE-2018-14464 (LMP)
CVE-2018-14463 (VRRP)
CVE-2018-14467 (BGP)
CVE-2018-10103 (SMB - partially fixed, but SMB printing disabled)
CVE-2018-10105 (SMB - too unreliably reproduced, SMB printing disabled)
CVE-2018-14880 (OSPF6)
CVE-2018-16451 (SMB)
CVE-2018-14882 (RPL)
CVE-2018-16227 (802.11)
CVE-2018-16229 (DCCP)
CVE-2018-16301 (was fixed in libpcap)
CVE-2018-16230 (BGP)
CVE-2018-16452 (SMB)
CVE-2018-16300 (BGP)
CVE-2018-16228 (HNCP)
CVE-2019-15166 (LMP)
CVE-2019-15167 (VRRP)
Fix for cmdline argument/local issues:
CVE-2018-14879 (tcpdump -V)"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Matthias Fischer [Sat, 5 Oct 2019 06:59:04 +0000 (08:59 +0200)]
clamav: Update to 0.102.0
For details see:
https://blog.clamav.net/2019/10/clamav-01020-has-been-released.html
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Matthias Fischer [Sat, 5 Oct 2019 06:51:15 +0000 (08:51 +0200)]
nano: Update to 4.5
For details see:
https://www.nano-editor.org/news.php
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Erik Kapfer [Fri, 4 Oct 2019 17:26:26 +0000 (19:26 +0200)]
tshark: Update to version 3.0.5
The jump from 3.0.2 to 3.0.5 includes several bugfixes, updated protocols and new and updated capture support.
The complete release notes can be found in here --> https://www.wireshark.org/docs/relnotes/ .
Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Tue, 8 Oct 2019 18:56:47 +0000 (18:56 +0000)]
core137: ship strongwan and vpnmain.cgi
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Wed, 2 Oct 2019 10:31:54 +0000 (10:31 +0000)]
IPsec: Add support for Curve448
This is supported since strongswan 5.7.2 and is a good alternative
to Curve25519 because Curve448 is almost equally secure but performs
faster.
https://en.wikipedia.org/wiki/Curve448
This is enabled by default although we do not expect many other
implementations to be able to support this.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Wed, 2 Oct 2019 10:31:53 +0000 (10:31 +0000)]
strongswan: Update 5.8.1
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Wed, 2 Oct 2019 08:53:50 +0000 (08:53 +0000)]
speedtest-cli: New package
This is a CLI implementation to test the speed of an internet
connection.
I find this quite useful when there is no access to a client
computer on the network and this will give you a rough idea
about the connection speed.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Stephan Feddersen [Tue, 1 Oct 2019 20:07:39 +0000 (22:07 +0200)]
WIO:Add fr language
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Stephan Feddersen [Tue, 1 Oct 2019 20:01:40 +0000 (22:01 +0200)]
WIO: Add french translation file
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>