Awesome Privacy

Recent Commits

• Michael Tremer (26 Mar 24)

  IPS: Fix how we show EOL providers There is no need to add a legend as I find it confusing. The change that people are using an EOL is rather slim and so I don't to waste space. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

• Michael Tremer (26 Mar 24)

  core185: Fix update.sh syntax issues Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

• Adolf Belka (25 Mar 24)

  CU185-update.sh: Add drop hostile in & out logging entries if not already present - This v2 patch corrects that the previous script was looking for =on. If a user had modified the preferences to change it to =off then the script would have resulted in both =on and =off versions being in the settings file. - This patch ensures that those people who updated to CU184 before the CU184-update.sh patch fix to add the logging entries was added will get their optionsfw settings file correctly updated with CU185 - This only adds the LOGDROPHOSTILEIN & LOGDROPHOSTILEOUT entries if they do not already exist in the optionsfw settings file. - This change also does the check for LOGDROPHOSTILEIN and LOGDROPHOSTILEOUT as two separate checks and then runs the firewall update command Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

• Adolf Belka (25 Mar 24)

  shadow: Update login.defs to remove reference to cracklib - From shadow-15.0.0 all references to cracklib were removed from shadow. Apparently some functions were no longer accessible and the shadow team decided to remove cracklib references completely. This was not mentioned in the changelkog for 15.0.0 - This resulkts in gettinbg the message configuration error - unknown item 'CRACKKLIB_DICTPATH' ( notify administrator ) when logging in to the console. - The login to the console occurs successfully so the message is only a warning that cracklib is no longer used. - IPfire does not use cracklkib anyway so this patch removes the section referring to cracklib from the login.defs configuration file. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

• Adolf Belka (25 Mar 24)

  samba: Add wsdd as a dependency to samba - Add wsdd as a dependency to samba so it will be installed together with samba Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

• Adolf Belka (20 Mar 24)

  CU185-update.sh: Add drop hostile in & out logging entries if not already present - This patch ensures that those people who updated to CU184 before the CU184-update.sh patch fix to add the logging entries was added will get their optionsfw settings file correctly updated with CU185 - This only adds the LOGDROPHOSTILEIN & LOGDROPHOSTILEOUT entries if they do noit already exist in the optionsfw settings file. Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

• Stefan Schantl (22 Mar 24)

  ids.cgi: Improve add provider logic Do not longer add unsupported/removed providers as an option when adding a new/first ruleset provider. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

• Michael Tremer (22 Mar 24)

  core185: Ship IPS files Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

• Stefan Schantl (21 Mar 24)

  ids.cgi: Adjust code for marking unsupported providers Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

• Stefan Schantl (21 Mar 24)

  ruleset-sources: Restore generic details about recently dropped providers At least these informations are required to display something usefull on the webgui, even if a provider has been dropped. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

• Stefan Schantl (21 Mar 24)

  update-ids-ruleset: Disable provider if not dl_url can be obtained Unsupported/Removed provides does not longer have these information Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

• Stefan Schantl (21 Mar 24)

  ids.cgi: Change check if a provider is not longer supported This check is now based on a download URL instead of checking if an entry in the ruleset sources is present. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

• Stefan Schantl (21 Mar 24)

  ids-functions.pl: Improve logic to get the cached rulesfile of a provider Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

• Michael Tremer (21 Mar 24)

  core185: Ship IPS ruleset sources Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

• Michael Tremer (20 Mar 24)

  suricata: Update to 7.0.4 https://suricata.io/2024/03/19/suricata-7-0-4-and-6-0-17-released/ Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

• Michael Tremer (20 Mar 24)

  core185: Ship libhtp Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

• Michael Tremer (20 Mar 24)

  libhtp: Update to 0.5.47 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

• Michael Tremer (20 Mar 24)

  Config: Update source upload URL Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

• Michael Tremer (19 Mar 24)

  wsdd: Remove dropped initscript Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

• Adolf Belka (18 Mar 24)

  wsdd: Update install and uninstall pak files - As wsdd is now started by samba when it is started then the wsdd install and uninstall paks no longer need to create the symlinks for starting and stopping wsdd and no longer need the start_service and stop_service commands in the paks. Fixes: bug#13445 Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

• Adolf Belka (18 Mar 24)

  wsdd: Update of lfs file - fixes bug#13445 - Removal of services line as wsdd will now be started by the samba option in the addon services wui page - Removal of installing separate wsdd initscript as it is nowe integrated into the samba initscript. Fixes: bug#13445 Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

• Adolf Belka (18 Mar 24)

  wsdd: remove wsdd initscript as now covered by samba - fixes bug#13445 Fixes: bug#13445 Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

• Adolf Belka (18 Mar 24)

  samba: Integrate wsdd initscript into samba initscript - bug#13445 - This integrates the wsdd initscript functions into the samba initscript. When samba is started or stopped or the status requested then wsdd is part of that process. - Tested in my vm testbed and confirmed to work for start, stop and status. Confirmed pid's shown with status command are in the appropriate pid files. Fixes: bug#13445 Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

• Michael Tremer (19 Mar 24)

  core185: Ship ppp Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

• Adolf Belka (15 Mar 24)

  ppp: Update to include bug fixes that should be in 2.5.1 but not yet released - Update from version 2.5.0 to commit e1266c7 - Update of rootfile - When ppp-2.5.0 was released it had a bug bin it that the lock and run directories had non standard defaults but also that if the directory did not exist ppp just ignored it and continued to start but would then have error messages in the logs about not being able to cretae the lock file - This issue was raised in the ppp github issues and a set of patches merged into ppp. - The plan was written in Nov 2023 that this would be released as 2.5.1, however nearly three months later there is no sight of 2.5.1 being released and people continue to flag up the lock directory issues and have to apply a workaround to create the directory in local.rc - This patch has taken the zip source tarball of master at the commit e1266c7. The zip tarball was then extracted and then tar'd back up as a tar.gz file with the version set at e1266c7 rather than master. I could not find any other way to get a source tarball\ created at a certain commit stage. - The patch ppp-2.5.0-2-everywhere-O_CLOEXEC-harder.patch had to be updated due to some changes in the source files. - The patch ppp-2.5.0-7-add-configure-check-to-see-if-we-have-struct-sockaddr_ll.patch was removed as the changes are now built into the source tarball. - This will need to be tested thoroughly by people with ppp to confirm that the lock directory is created if it doesn't exist on the system. I can't test that as I have no access to a ppp connection system. - For a view of the changelog between 2.5.0 and e1266c7 the github commits list needs to be reviewed. https://github.com/ppp-project/ppp/commits/master/?before=e1266c76d1ad39f98f11676e34f180f78c5a510c+35 Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

• Michael Tremer (18 Mar 24)

  make.sh: Update contributors Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

• Matthias Fischer (16 Mar 24)

  unbound: Update to 1.19.3 For details see: https://nlnetlabs.nl/projects/unbound/download/#unbound-1-19-3 Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

• Michael Tremer (18 Mar 24)

  Merge branch 'master' into next

• Adolf Belka (16 Mar 24)

  CU184-update.sh: Add drop hostile in & out logging entries - My drop hostile patch set updated the WUI entries to include in and out logging options but the values need to be added to the optionsfw entries for existing systems being upgraded. - After the existing CU184 update the LOGDROPHOSTILEIN and LOGDROPHO)STILEOUT entries are not in the settings file which trewats them as being set to off, even though they are enabled in the WUI update. - This patch adds the LOGDROPHOSTILEIN and LOGDROPHOSTILEOUT entries into the settings file and then runs the firewallctrl command to apply to the firewall. - Ran a CU184 update on a CU183 vm system and then ran the comands added into the update.sh script and then did a reboot. Entries include and DROP_HOSTILE entries start to be logged again. Tested-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

• Arne Fitzenreiter (15 Mar 24)

  mympd: update to 14.1.0 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>