This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via d120fd4a92338af978dc6d53a803a4d34e8fb99e (commit) via a174e5e1f84e750e30c24824e20d87d0a98b7850 (commit) via 2bc995c836acc63103df15e9da76ff5b97549184 (commit) via ee4e219f5fa62ed8e6a4a7968b811479d57e8b9b (commit) via 36cdd4e1f211edc870870826fa7e168bac1363d1 (commit) via f85c916d7fdac9e8afea8a8bb75a51f62ec52ff0 (commit) via af4370b4a80d46b2b042542be570cea54229b2c5 (commit) via 1dc4f86e68910f05f6163d33b06d493c9f05892e (commit) via be5ed5d01e45c6f467ad2e1350fcad968353ee67 (commit) via 05948d0805342faa5d2516c120b0ac30e732172d (commit) via 2acc41c04c3a62ed215c35ca0a47907f82122891 (commit) via d5957c5cd28c33c4a5220ab1a61a679ae47c340a (commit) via d6cc871067ef7f6cf69e261a84579b7403ffcee3 (commit) via 1a65ea1b7291337e6de44a2d4696a00bbf23f7db (commit) from ee9bc7c477408e6cabe79e56549355712caae97a (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit d120fd4a92338af978dc6d53a803a4d34e8fb99e Author: Matthias Fischer matthias.fischer@ipfire.org Date: Thu Feb 6 17:26:38 2020 +0100
clamav: Update to 0.102.2
For details see: https://blog.clamav.net/2020/02/clamav-01022-security-patch-released.html
"ClamAV 0.102.2 is a security patch release..."
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit a174e5e1f84e750e30c24824e20d87d0a98b7850 Author: Jonatan Schlag jonatan.schlag@ipfire.org Date: Sat Feb 1 14:15:40 2020 +0000
Qemu: remove not needed files for aarch64 and PA-RISC
Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 2bc995c836acc63103df15e9da76ff5b97549184 Author: Jonatan Schlag jonatan.schlag@ipfire.org Date: Sat Feb 1 14:15:39 2020 +0000
Qemu: Remove unneeded files
These are needed for s390, riscv and microblaze.
See https://lists.fedoraproject.org/pipermail/packaging/2012-July/008557.html
Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit ee4e219f5fa62ed8e6a4a7968b811479d57e8b9b Author: Jonatan Schlag jonatan.schlag@ipfire.org Date: Sat Feb 1 14:15:38 2020 +0000
Qemu: remove files for sparc
This is based on the debian package content (qemu-system-sparc)
Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 36cdd4e1f211edc870870826fa7e168bac1363d1 Author: Jonatan Schlag jonatan.schlag@ipfire.org Date: Sat Feb 1 14:15:37 2020 +0000
Qemu: remove files only needed for Power PC
This is based on the debian package content (qemu-system-pcc)
Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit f85c916d7fdac9e8afea8a8bb75a51f62ec52ff0 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Tue Jan 28 18:27:36 2020 +0100
tmux: Update to 3.0.a
For details see: https://raw.githubusercontent.com/tmux/tmux/3.0a/CHANGES
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit af4370b4a80d46b2b042542be570cea54229b2c5 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Feb 12 20:12:29 2020 +0000
core142: add squid to updater
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 1dc4f86e68910f05f6163d33b06d493c9f05892e Author: Matthias Fischer matthias.fischer@ipfire.org Date: Sat Jan 25 19:51:28 2020 +0100
squid: Update to 4.10
For details see: http://www.squid-cache.org/Versions/v4/changesets/
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit be5ed5d01e45c6f467ad2e1350fcad968353ee67 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Sat Jan 25 19:48:45 2020 +0100
mc: Update to 4.8.24
For details see: http://midnight-commander.org/wiki/NEWS-4.8.24
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 05948d0805342faa5d2516c120b0ac30e732172d Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Feb 12 20:07:56 2020 +0000
core142: add suricata changes to updater
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 2acc41c04c3a62ed215c35ca0a47907f82122891 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Jan 23 12:24:48 2020 +0100
suricata: Enable RDP protocol parser.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit d5957c5cd28c33c4a5220ab1a61a679ae47c340a Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Jan 23 10:44:28 2020 +0100
ruleset-sources: Update snort dl urls.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit d6cc871067ef7f6cf69e261a84579b7403ffcee3 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Jan 23 10:44:27 2020 +0100
suricata: Enable new and rust-depended protocol parsers.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 1a65ea1b7291337e6de44a2d4696a00bbf23f7db Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Jan 23 10:44:26 2020 +0100
Suricata: Update to 5.0.1
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
-----------------------------------------------------------------------
Summary of changes: config/rootfiles/core/142/filelists/files | 2 + .../{oldcore/100 => core/142}/filelists/squid | 0 .../{oldcore/131 => core/142}/filelists/suricata | 0 config/rootfiles/packages/mc | 2 + config/rootfiles/packages/qemu | 44 +++++++++++----------- config/suricata/ruleset-sources | 4 +- config/suricata/suricata.yaml | 25 ++++++++++-- lfs/clamav | 6 +-- lfs/mc | 6 +-- lfs/squid | 4 +- lfs/suricata | 10 +++-- lfs/tmux | 11 ++++-- src/initscripts/system/suricata | 10 ++--- 13 files changed, 75 insertions(+), 49 deletions(-) copy config/rootfiles/{oldcore/100 => core/142}/filelists/squid (100%) copy config/rootfiles/{oldcore/131 => core/142}/filelists/suricata (100%)
Difference in files: diff --git a/config/rootfiles/core/142/filelists/files b/config/rootfiles/core/142/filelists/files index ce4e51768..868de3215 100644 --- a/config/rootfiles/core/142/filelists/files +++ b/config/rootfiles/core/142/filelists/files @@ -2,3 +2,5 @@ etc/system-release etc/issue srv/web/ipfire/cgi-bin/credits.cgi var/ipfire/langs +etc/suricata/suricata.yaml +var/ipfire/suricata/ruleset-sources diff --git a/config/rootfiles/core/142/filelists/squid b/config/rootfiles/core/142/filelists/squid new file mode 120000 index 000000000..2dc8372a0 --- /dev/null +++ b/config/rootfiles/core/142/filelists/squid @@ -0,0 +1 @@ +../../../common/squid \ No newline at end of file diff --git a/config/rootfiles/core/142/filelists/suricata b/config/rootfiles/core/142/filelists/suricata new file mode 120000 index 000000000..f671f6993 --- /dev/null +++ b/config/rootfiles/core/142/filelists/suricata @@ -0,0 +1 @@ +../../../common/suricata \ No newline at end of file diff --git a/config/rootfiles/packages/mc b/config/rootfiles/packages/mc index 73ff588c7..42a6aadf4 100644 --- a/config/rootfiles/packages/mc +++ b/config/rootfiles/packages/mc @@ -111,6 +111,7 @@ usr/share/mc/skins/featured.ini usr/share/mc/skins/gotar.ini usr/share/mc/skins/gray-green-purple256.ini usr/share/mc/skins/gray-orange-blue256.ini +usr/share/mc/skins/julia256.ini usr/share/mc/skins/mc46.ini usr/share/mc/skins/modarcon16-defbg.ini usr/share/mc/skins/modarcon16.ini @@ -217,6 +218,7 @@ usr/share/mc/syntax/unknown.syntax usr/share/mc/syntax/verilog.syntax usr/share/mc/syntax/vhdl.syntax usr/share/mc/syntax/xml.syntax +usr/share/mc/syntax/yabasic.syntax usr/share/mc/syntax/yaml.syntax usr/share/mc/syntax/yum-repo.syntax usr/share/mc/syntax/yxx.syntax diff --git a/config/rootfiles/packages/qemu b/config/rootfiles/packages/qemu index e5c0cd189..af9499d2a 100644 --- a/config/rootfiles/packages/qemu +++ b/config/rootfiles/packages/qemu @@ -48,13 +48,13 @@ usr/libexec/qemu-bridge-helper #usr/share/icons/hicolor/scalable/apps #usr/share/icons/hicolor/scalable/apps/qemu.svg #usr/share/qemu -usr/share/qemu/QEMU,cgthree.bin -usr/share/qemu/QEMU,tcx.bin -usr/share/qemu/bamboo.dtb +#usr/share/qemu/QEMU,cgthree.bin +#usr/share/qemu/QEMU,tcx.bin +#usr/share/qemu/bamboo.dtb usr/share/qemu/bios-256k.bin usr/share/qemu/bios.bin -usr/share/qemu/canyonlands.dtb -usr/share/qemu/edk2-aarch64-code.fd +#usr/share/qemu/canyonlands.dtb +#usr/share/qemu/edk2-aarch64-code.fd usr/share/qemu/edk2-arm-code.fd usr/share/qemu/edk2-arm-vars.fd usr/share/qemu/edk2-i386-code.fd @@ -74,11 +74,11 @@ usr/share/qemu/efi-vmxnet3.rom usr/share/qemu/firmware usr/share/qemu/firmware/50-edk2-i386-secure.json usr/share/qemu/firmware/50-edk2-x86_64-secure.json -usr/share/qemu/firmware/60-edk2-aarch64.json +#usr/share/qemu/firmware/60-edk2-aarch64.json usr/share/qemu/firmware/60-edk2-arm.json usr/share/qemu/firmware/60-edk2-i386.json usr/share/qemu/firmware/60-edk2-x86_64.json -usr/share/qemu/hppa-firmware.img +#usr/share/qemu/hppa-firmware.img usr/share/qemu/keymaps usr/share/qemu/keymaps/ar usr/share/qemu/keymaps/bepo @@ -118,16 +118,16 @@ usr/share/qemu/kvmvapic.bin usr/share/qemu/linuxboot.bin usr/share/qemu/linuxboot_dma.bin usr/share/qemu/multiboot.bin -usr/share/qemu/openbios-ppc -usr/share/qemu/openbios-sparc32 -usr/share/qemu/openbios-sparc64 -usr/share/qemu/opensbi-riscv32-virt-fw_jump.bin -usr/share/qemu/opensbi-riscv64-sifive_u-fw_jump.bin -usr/share/qemu/opensbi-riscv64-virt-fw_jump.bin -usr/share/qemu/palcode-clipper -usr/share/qemu/petalogix-ml605.dtb -usr/share/qemu/petalogix-s3adsp1800.dtb -usr/share/qemu/ppc_rom.bin +#usr/share/qemu/openbios-ppc +#usr/share/qemu/openbios-sparc32 +#usr/share/qemu/openbios-sparc64 +#usr/share/qemu/opensbi-riscv32-virt-fw_jump.bin +#usr/share/qemu/opensbi-riscv64-sifive_u-fw_jump.bin +#usr/share/qemu/opensbi-riscv64-virt-fw_jump.bin +#usr/share/qemu/palcode-clipper +#usr/share/qemu/petalogix-ml605.dtb +#usr/share/qemu/petalogix-s3adsp1800.dtb +#usr/share/qemu/ppc_rom.bin usr/share/qemu/pvh.bin usr/share/qemu/pxe-e1000.rom usr/share/qemu/pxe-eepro100.rom @@ -137,12 +137,12 @@ usr/share/qemu/pxe-rtl8139.rom usr/share/qemu/pxe-virtio.rom usr/share/qemu/qemu-nsis.bmp usr/share/qemu/qemu_vga.ndrv -usr/share/qemu/s390-ccw.img -usr/share/qemu/s390-netboot.img +#usr/share/qemu/s390-ccw.img +#usr/share/qemu/s390-netboot.img usr/share/qemu/sgabios.bin -usr/share/qemu/skiboot.lid -usr/share/qemu/slof.bin -usr/share/qemu/spapr-rtas.bin +#usr/share/qemu/skiboot.lid +#usr/share/qemu/slof.bin +#usr/share/qemu/spapr-rtas.bin usr/share/qemu/trace-events-all usr/share/qemu/u-boot-sam460-20100605.bin usr/share/qemu/u-boot.e500 diff --git a/config/suricata/ruleset-sources b/config/suricata/ruleset-sources index ef8d8482b..814a3e0d1 100644 --- a/config/suricata/ruleset-sources +++ b/config/suricata/ruleset-sources @@ -1,8 +1,8 @@ # Ruleset for registered sourcefire users. -registered = https://www.snort.org/rules/snortrules-snapshot-29150.tar.gz?oinkcode=<oinkcode> +registered = https://www.snort.org/rules/snortrules-snapshot-29151.tar.gz?oinkcode=<oinkcode>
# Ruleset for registered sourcefire users with valid subscription. -subscripted = https://www.snort.org/rules/snortrules-snapshot-29150.tar.gz?oinkcode=<oinkcode> +subscripted = https://www.snort.org/rules/snortrules-snapshot-29151.tar.gz?oinkcode=<oinkcode>
# Community rules from sourcefire. community = https://www.snort.org/rules/community diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml index af9cb75a9..ed71898f4 100644 --- a/config/suricata/suricata.yaml +++ b/config/suricata/suricata.yaml @@ -148,7 +148,9 @@ nfq: app-layer: protocols: krb5: - enabled: no # Requires rust + enabled: yes + snmp: + enabled: yes ikev2: enabled: yes tls: @@ -156,6 +158,12 @@ app-layer: detection-ports: dp: "[443,444,465,853,993,995]"
+ # Generate JA3 fingerprint from client hello. If not specified it + # will be disabled by default, but enabled if rules require it. + #ja3-fingerprints: auto + # Generate JA3 fingerprint from client hello + ja3-fingerprints: no + # Completely stop processing TLS/SSL session after the handshake # completed. If bypass is enabled this will also trigger flow # bypass. If disabled (the default), TLS/SSL session is still @@ -165,6 +173,8 @@ app-layer: enabled: yes ftp: enabled: yes + rdp: + enabled: yes ssh: enabled: yes smtp: @@ -203,9 +213,10 @@ app-layer: enabled: yes detection-ports: dp: 139, 445 - # smb2 detection is disabled internally inside the engine. - #smb2: - # enabled: yes + nfs: + enabled: yes + tftp: + enabled: yes dns: # memcaps. Globally and per flow/state. global-memcap: 32mb @@ -271,6 +282,12 @@ app-layer: double-decode-path: no double-decode-query: no
+ ntp: + enabled: yes + dhcp: + enabled: yes + sip: + enabled: yes
# Limit for the maximum number of asn1 frames to decode (default 256) asn1-max-frames: 256 diff --git a/lfs/clamav b/lfs/clamav index 9c0aab55f..debba0a7e 100644 --- a/lfs/clamav +++ b/lfs/clamav @@ -24,7 +24,7 @@
include Config
-VER = 0.102.1 +VER = 0.102.2
THISAPP = clamav-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = clamav -PAK_VER = 48 +PAK_VER = 49
DEPS = ""
@@ -50,7 +50,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 3d5f5f10a1bea212823050286c8c5b96 +$(DL_FILE)_MD5 = ecf5dd2c5c43aeed1c4b458b2e689847
install : $(TARGET)
diff --git a/lfs/mc b/lfs/mc index ff23c4064..528cb4d4a 100644 --- a/lfs/mc +++ b/lfs/mc @@ -24,7 +24,7 @@
include Config
-VER = 4.8.23 +VER = 4.8.24
THISAPP = mc-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = mc -PAK_VER = 18 +PAK_VER = 19
DEPS = ""
@@ -44,7 +44,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 466c3135f727f8ac2102d060a080ace3 +$(DL_FILE)_MD5 = 3a11df2dd379dd67c497c8d2c344715c
install : $(TARGET)
diff --git a/lfs/squid b/lfs/squid index 9801c153b..8553d7113 100644 --- a/lfs/squid +++ b/lfs/squid @@ -24,7 +24,7 @@
include Config
-VER = 4.9 +VER = 4.10
THISAPP = squid-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -46,7 +46,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 5c2e335dd1e8ced9dda6e0e11894b344 +$(DL_FILE)_MD5 = af7ac6e70f9bd03ae4fcec0c9b99c38a
install : $(TARGET)
diff --git a/lfs/suricata b/lfs/suricata index b3d22003b..e17eb5e08 100644 --- a/lfs/suricata +++ b/lfs/suricata @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2019 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2020 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 4.1.6 +VER = 5.0.1
THISAPP = suricata-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = da5de1e8053f05cbd295793210117d34 +$(DL_FILE)_MD5 = 8ba12183d5d4b086755e6f510f2149e2
install : $(TARGET)
@@ -82,7 +82,9 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) --disable-python \ --with-libjansson-libraries=/usr/lib \ --with-libjansson-includes=/usr/include \ - --disable-suricata-update + --disable-suricata-update \ + --enable-rust + cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install cd $(DIR_APP) && make install-conf diff --git a/lfs/tmux b/lfs/tmux index d08904132..e91f5e0cf 100644 --- a/lfs/tmux +++ b/lfs/tmux @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2019 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 2.7 +VER = 3.0a
THISAPP = tmux-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = tmux -PAK_VER = 6 +PAK_VER = 7
DEPS = ""
@@ -44,7 +44,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = bcdfcf910c94c3e02ce6b1c035880306 +$(DL_FILE)_MD5 = 003b7df5b12ba2553710492b89850ce5
install : $(TARGET)
@@ -77,6 +77,9 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) + + cd $(DIR_APP) && ./autogen.sh + cd $(DIR_APP) && ./configure \ --prefix=/usr
diff --git a/src/initscripts/system/suricata b/src/initscripts/system/suricata index 5dc408262..29e58a7e2 100644 --- a/src/initscripts/system/suricata +++ b/src/initscripts/system/suricata @@ -6,7 +6,7 @@ # # Author : Stefan Schantl stefan.schantl@ipfire.org # -# Version : 01.02 +# Version : 01.03 # # Notes : # @@ -159,11 +159,11 @@ case "$1" in cpu_count=$(get_cpu_count)
# Numer of NFQUES. - NFQUEUES= + NFQUEUES="-q 0"
- for i in $(seq 0 $((cpu_count-1)) ); do - NFQUEUES+="-q $i " - done + if [ $cpu_count -gt "1" ]; then + NFQUEUES+=":$(($cpu_count-1))" + fi
# Check if the IDS should be started. if [ "$ENABLE_IDS" == "on" ]; then
hooks/post-receive -- IPFire 2.x development tree