This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via 7e5045312cce99db4f9055f3bf08c9edf98ee243 (commit) via 4ea6112ff02fe2ff3e7785e05f6671c729b64b6b (commit) via 3e19f681a147ae2f213035f505fc84dc77142caa (commit) via 6483ec30b93d32046ded45e9847cd8f46ee351e6 (commit) via 13cbb92ad415680c9501b896cd858d3ec6de5074 (commit) via 75f3182a394af273e91a7f721350d88923b45bb3 (commit) via 4744e4f00a0081284eee997de3b8f1b907dfe8fe (commit) via f832c7581f0be9247be564e660b4d31ad86058e4 (commit) via c472a30f30a6775fd263661ab89c69f88b1297f1 (commit) via aa90ed9c20bc95942742dd12ae2d6a7459dece40 (commit) via 0937bd9c01fd4c56fdee688e887958dc72a9b03b (commit) via 0cdb151831f88725a53d26341cb10c80fb24cb1d (commit) via 150378eae9b19e04c36392ada2281eb1849a8ae8 (commit) from 74fd04c3351afe83d4c0c727b33403570262c828 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 7e5045312cce99db4f9055f3bf08c9edf98ee243 Author: Peter Müller peter.mueller@ipfire.org Date: Fri Oct 23 21:27:59 2020 +0200
make.sh: no longer build Amavis, SpamAssassin and perl-Net-LibIDN
Signed-off-by: Peter Müller peter.mueller@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 4ea6112ff02fe2ff3e7785e05f6671c729b64b6b Author: Peter Müller peter.mueller@ipfire.org Date: Fri Oct 23 21:27:33 2020 +0200
drop perl-Net-LibIDN
This add-on was solely needed as a dependency for Amavis and is therefore no longer needed.
Signed-off-by: Peter Müller peter.mueller@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 3e19f681a147ae2f213035f505fc84dc77142caa Author: Peter Müller peter.mueller@ipfire.org Date: Fri Oct 23 21:27:07 2020 +0200
drop SpamAssassin add-on
This package has not been maintained well and is thereof outdated. At the time of writing, we neither (a) have a maintainer for this nor (b) believe it is wise to run a full-featured content scanner on a firewall for security purposes. (We can make do with Postfix, as it is known for being a very robust MTA and providess less attack surface than something actually inspecting transferred messages.)
Thereof, this patch drops the SpamAssassin add-on. In case it is desired in future versions of IPFire, it can be easily reverted, restoring the functionality and behaviour before.
Signed-off-by: Peter Müller peter.mueller@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 6483ec30b93d32046ded45e9847cd8f46ee351e6 Author: Peter Müller peter.mueller@ipfire.org Date: Fri Oct 23 21:26:43 2020 +0200
drop Amavis add-on
This package has not been maintained well and is thereof outdated. At the time of writing, we neither (a) have a maintainer for this nor (b) believe it is wise to run a full-featured content scanner on a firewall for security purposes. (We can make do with Postfix, as it is known for being a very robust MTA and providess less attack surface than something actually inspecting transferred messages.)
Thereof, this patch drops the Amavis add-on. In case it is desired in future versions of IPFire, it can be easily reverted, restoring the functionality and behaviour before.
Signed-off-by: Peter Müller peter.mueller@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 13cbb92ad415680c9501b896cd858d3ec6de5074 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Oct 20 09:15:03 2020 +0000
hostapd: Allow to make Management Frame Protection optional
WPA3 mandates MFP, but many clients do not support it at all.
Therefore this can now be set to optional and clients will fall back to WPA2.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 75f3182a394af273e91a7f721350d88923b45bb3 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Oct 19 14:48:57 2020 +0000
hostapd: Bump package version
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 4744e4f00a0081284eee997de3b8f1b907dfe8fe Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Oct 19 14:48:56 2020 +0000
hostapd: Import default configuration from hostapd 2.9
This change removes a couple of removed options and adds new ones. Notable changes are:
* Enable SAE (for WPA3) * Enable Airtime Policy * Enable Client Taxonomy * Enable using the new getrandom() syscall * Enable using epoll instead of select
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit f832c7581f0be9247be564e660b4d31ad86058e4 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Oct 19 14:48:55 2020 +0000
hostapd: Add WPA3 authentication to the web UI
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit c472a30f30a6775fd263661ab89c69f88b1297f1 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Oct 27 11:52:39 2020 +0000
core153: Ship suricata
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit aa90ed9c20bc95942742dd12ae2d6a7459dece40 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Oct 27 10:52:47 2020 +0100
ruleset-sources: Update snort dl urls.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 0937bd9c01fd4c56fdee688e887958dc72a9b03b Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Oct 27 10:49:31 2020 +0100
suricata: Automatically enable JA3 fingerprinting.
Enable JA3 fingerprinting if any rules are enabled which are using this kind of feature.
Fixes #12507.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 0cdb151831f88725a53d26341cb10c80fb24cb1d Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Oct 21 20:20:10 2020 +0200
suricata: Update to 6.0.0.
* Enable RDP and SIP parsers. * Enable new introduced parsers for RFB and DCERPC.
Because HTTP2 support and parser currently is experimental the suricata developers decided to disable it at default - we keep this default setting for now.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 150378eae9b19e04c36392ada2281eb1849a8ae8 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Oct 27 11:50:10 2020 +0000
Start Core Update 153
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
-----------------------------------------------------------------------
Summary of changes: config/amavisd/amavisd.conf | 438 --------------------- config/hostapd/config | 127 ++++-- config/rootfiles/common/suricata | 1 + config/rootfiles/core/{152 => 153}/exclude | 0 .../{oldcore/146 => core/153}/filelists/files | 5 +- .../131 => core/153}/filelists/ids-ruleset-sources | 0 .../rootfiles/core/{152 => 153}/filelists/suricata | 0 config/rootfiles/core/{152 => 153}/update.sh | 5 +- config/rootfiles/{core => oldcore}/152/exclude | 0 .../{core => oldcore}/152/filelists/aarch64/python | 0 .../152/filelists/aarch64/python3 | 0 .../152/filelists/armv5tel/python | 0 .../152/filelists/armv5tel/python3 | 0 .../152/filelists/ca-certificates | 0 .../{core => oldcore}/152/filelists/files | 0 .../{core => oldcore}/152/filelists/i586/python | 0 .../{core => oldcore}/152/filelists/i586/python3 | 0 .../rootfiles/{core => oldcore}/152/filelists/knot | 0 .../{core => oldcore}/152/filelists/libhtp | 0 .../{core => oldcore}/152/filelists/setup | 0 .../{core => oldcore}/152/filelists/suricata | 0 .../{core => oldcore}/152/filelists/unbound | 0 .../{core => oldcore}/152/filelists/x86_64/python | 0 .../{core => oldcore}/152/filelists/x86_64/python3 | 0 .../rootfiles/{core => oldcore}/152/filelists/yaml | 0 config/rootfiles/{core => oldcore}/152/update.sh | 0 config/rootfiles/packages/amavisd | 7 - config/rootfiles/packages/spamassassin | 228 ----------- config/suricata/ruleset-sources | 4 +- config/suricata/suricata.yaml | 28 +- doc/language_issues.de | 3 + doc/language_issues.en | 3 + doc/language_issues.es | 3 + doc/language_issues.fr | 3 + doc/language_issues.it | 3 + doc/language_issues.nl | 3 + doc/language_issues.pl | 3 + doc/language_issues.ru | 3 + doc/language_issues.tr | 3 + doc/language_missings | 24 ++ html/cgi-bin/wlanap.cgi | 44 ++- langs/en/cgi-bin/en.pl | 3 + lfs/amavisd | 94 ----- lfs/hostapd | 2 +- lfs/perl-Net-LibIDN | 83 ---- lfs/spamassassin | 88 ----- lfs/suricata | 4 +- make.sh | 5 +- src/initscripts/packages/amavisd | 45 --- src/initscripts/packages/spamassassin | 45 --- 50 files changed, 227 insertions(+), 1080 deletions(-) delete mode 100644 config/amavisd/amavisd.conf copy config/rootfiles/core/{152 => 153}/exclude (100%) copy config/rootfiles/{oldcore/146 => core/153}/filelists/files (51%) copy config/rootfiles/{oldcore/131 => core/153}/filelists/ids-ruleset-sources (100%) copy config/rootfiles/core/{152 => 153}/filelists/suricata (100%) copy config/rootfiles/core/{152 => 153}/update.sh (97%) rename config/rootfiles/{core => oldcore}/152/exclude (100%) rename config/rootfiles/{core => oldcore}/152/filelists/aarch64/python (100%) rename config/rootfiles/{core => oldcore}/152/filelists/aarch64/python3 (100%) rename config/rootfiles/{core => oldcore}/152/filelists/armv5tel/python (100%) rename config/rootfiles/{core => oldcore}/152/filelists/armv5tel/python3 (100%) rename config/rootfiles/{core => oldcore}/152/filelists/ca-certificates (100%) rename config/rootfiles/{core => oldcore}/152/filelists/files (100%) rename config/rootfiles/{core => oldcore}/152/filelists/i586/python (100%) rename config/rootfiles/{core => oldcore}/152/filelists/i586/python3 (100%) rename config/rootfiles/{core => oldcore}/152/filelists/knot (100%) rename config/rootfiles/{core => oldcore}/152/filelists/libhtp (100%) rename config/rootfiles/{core => oldcore}/152/filelists/setup (100%) rename config/rootfiles/{core => oldcore}/152/filelists/suricata (100%) rename config/rootfiles/{core => oldcore}/152/filelists/unbound (100%) rename config/rootfiles/{core => oldcore}/152/filelists/x86_64/python (100%) rename config/rootfiles/{core => oldcore}/152/filelists/x86_64/python3 (100%) rename config/rootfiles/{core => oldcore}/152/filelists/yaml (100%) rename config/rootfiles/{core => oldcore}/152/update.sh (100%) delete mode 100644 config/rootfiles/packages/amavisd delete mode 100644 config/rootfiles/packages/spamassassin delete mode 100644 lfs/amavisd delete mode 100644 lfs/perl-Net-LibIDN delete mode 100644 lfs/spamassassin delete mode 100644 src/initscripts/packages/amavisd delete mode 100644 src/initscripts/packages/spamassassin
Difference in files: diff --git a/config/amavisd/amavisd.conf b/config/amavisd/amavisd.conf deleted file mode 100644 index 25b4d2682..000000000 --- a/config/amavisd/amavisd.conf +++ /dev/null @@ -1,438 +0,0 @@ -use strict; - -# a minimalistic configuration file for amavisd-new with all necessary settings -# -# see amavisd.conf-default for a list of all variables with their defaults; -# see amavisd.conf-sample for a traditional-style commented file; -# for more details see documentation in INSTALL, README_FILES/* -# and at http://www.ijs.si/software/amavisd/amavisd-new-docs.html - - -# COMMONLY ADJUSTED SETTINGS: - -# @bypass_virus_checks_maps = (1); # controls running of anti-virus code -# @bypass_spam_checks_maps = (1); # controls running of anti-spam code -# $bypass_decode_parts = 1; # controls running of decoders&dearchivers - -$max_servers = 2; # num of pre-forked children (2..15 is common), -m -$daemon_user = 'amavis'; # (no default; customary: vscan or amavis), -u -$daemon_group = 'amavis'; # (no default; customary: vscan or amavis), -g - -$mydomain = 'ipfire.org'; # a convenient default for other settings - -# $MYHOME = '/var/amavis'; # a convenient default for other settings, -H -$TEMPBASE = "$MYHOME/tmp"; # working directory, needs to exist, -T -$ENV{TMPDIR} = $TEMPBASE; # environment variable TMPDIR, used by SA, etc. -$QUARANTINEDIR = '/var/virusmails'; # -Q -# $quarantine_subdir_levels = 1; # add level of subdirs to disperse quarantine - -# $daemon_chroot_dir = $MYHOME; # chroot directory or undef, -R - -# $db_home = "$MYHOME/db"; # dir for bdb nanny/cache/snmp databases, -D -# $helpers_home = "$MYHOME/var"; # working directory for SpamAssassin, -S -# $lock_file = "$MYHOME/var/amavisd.lock"; # -L -# $pid_file = "$MYHOME/var/amavisd.pid"; # -P -#NOTE: create directories $MYHOME/tmp, $MYHOME/var, $MYHOME/db manually - -$log_level = 2; # verbosity 0..5, -d -$log_recip_templ = undef; # disable by-recipient level-0 log entries -$DO_SYSLOG = 1; # log via syslogd (preferred) -$syslog_facility = 'mail'; # Syslog facility as a string - # e.g.: mail, daemon, user, local0, ... local7 -$syslog_priority = 'debug'; # Syslog base (minimal) priority as a string, - # choose from: emerg, alert, crit, err, warning, notice, info, debug - -$enable_db = 1; # enable use of BerkeleyDB/libdb (SNMP and nanny) -$enable_global_cache = 1; # enable use of libdb-based cache if $enable_db=1 -$nanny_details_level = 2; # nanny verbosity: 1: traditional, 2: detailed - -@local_domains_maps = ( [".$mydomain"] ); # list of all local domains - -@mynetworks = qw( 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 ); - -$unix_socketname = "$MYHOME/amavisd.sock"; # amavisd-release or amavis-milter - # option(s) -p overrides $inet_socket_port and $unix_socketname - -$inet_socket_port = 10024; # listen on this local TCP port(s) -# $inet_socket_port = [10024,10026]; # listen on multiple TCP ports - -$policy_bank{'MYNETS'} = { # mail originating from @mynetworks - originating => 1, # is true in MYNETS by default, but let's make it explicit - os_fingerprint_method => undef, # don't query p0f for internal clients -}; - -# it is up to MTA to re-route mail from authenticated roaming users or -# from internal hosts to a dedicated TCP port (such as 10026) for filtering -$interface_policy{'10026'} = 'ORIGINATING'; - -$policy_bank{'ORIGINATING'} = { # mail supposedly originating from our users - originating => 1, # declare that mail was submitted by our smtp client - allow_disclaimers => 1, # enables disclaimer insertion if available - # notify administrator of locally originating malware - virus_admin_maps => ["virusalert@$mydomain"], - spam_admin_maps => ["spamalert@$mydomain"], - warnbadhsender => 1, - # forward to a smtpd service providing DKIM signing service - forward_method => 'smtp:[127.0.0.1]:10027', - # force MTA conversion to 7-bit (e.g. before DKIM signing) - smtpd_discard_ehlo_keywords => ['8BITMIME'], - bypass_banned_checks_maps => [1], # allow sending any file names and types - terminate_dsn_on_notify_success => 0, # don't remove NOTIFY=SUCCESS option -}; - -$interface_policy{'SOCK'} = 'AM.PDP-SOCK'; # only applies with $unix_socketname - -# Use with amavis-release over a socket or with Petr Rehor's amavis-milter.c -# (with amavis-milter.c from this package or old amavis.c client use 'AM.CL'): -$policy_bank{'AM.PDP-SOCK'} = { - protocol => 'AM.PDP', - auth_required_release => 0, # do not require secret_id for amavisd-release -}; - -$sa_tag_level_deflt = 2.0; # add spam info headers if at, or above that level -$sa_tag2_level_deflt = 6.2; # add 'spam detected' headers at that level -$sa_kill_level_deflt = 6.9; # triggers spam evasive actions (e.g. blocks mail) -$sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent -# $sa_quarantine_cutoff_level = 25; # spam level beyond which quarantine is off -$penpals_bonus_score = 8; # (no effect without a @storage_sql_dsn database) -$penpals_threshold_high = $sa_kill_level_deflt; # don't waste time on hi spam - -$sa_mail_body_size_limit = 400*1024; # don't waste time on SA if mail is larger -$sa_local_tests_only = 0; # only tests which do not require internet access? - -$virus_admin = "virusalert@$mydomain"; # notifications recip. - -$mailfrom_notify_admin = "virusalert@$mydomain"; # notifications sender -$mailfrom_notify_recip = "virusalert@$mydomain"; # notifications sender -$mailfrom_notify_spamadmin = "spam.police@$mydomain"; # notifications sender -$mailfrom_to_quarantine = ''; # null return path; uses original sender if undef - -@addr_extension_virus_maps = ('virus'); -@addr_extension_banned_maps = ('banned'); -@addr_extension_spam_maps = ('spam'); -@addr_extension_bad_header_maps = ('badh'); -# $recipient_delimiter = '+'; # undef disables address extensions altogether -# when enabling addr extensions do also Postfix/main.cf: recipient_delimiter=+ - -$path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin'; -# $dspam = 'dspam'; - -$MAXLEVELS = 14; -$MAXFILES = 1500; -$MIN_EXPANSION_QUOTA = 100*1024; # bytes (default undef, not enforced) -$MAX_EXPANSION_QUOTA = 300*1024*1024; # bytes (default undef, not enforced) - -$sa_spam_subject_tag = '***SPAM*** '; -$defang_virus = 1; # MIME-wrap passed infected mail -$defang_banned = 1; # MIME-wrap passed mail containing banned name -# for defanging bad headers only turn on certain minor contents categories: -$defang_by_ccat{+CC_BADH.",3"} = 1; # NUL or CR character in header -$defang_by_ccat{+CC_BADH.",5"} = 1; # header line longer than 998 characters -$defang_by_ccat{+CC_BADH.",6"} = 1; # header field syntax error - - -# OTHER MORE COMMON SETTINGS (defaults may suffice): - -$myhostname = 'ipfire.localdomain'; # must be a fully-qualified domain name! - -# $notify_method = 'smtp:[127.0.0.1]:10025'; -# $forward_method = 'smtp:[127.0.0.1]:10025'; # set to undef with milter! - -$final_virus_destiny = D_DISCARD; -$final_banned_destiny = D_BOUNCE; -$final_spam_destiny = D_DISCARD; -$final_bad_header_destiny = D_PASS; - - -# Notify virus sender? Bloß nicht! -$warnvirussender = 0; -# Notify spam sender? Bloß nicht! -$warnspamsender = 0; -# Notify sender of banned files? Kann man machen. -$warnbannedsender = 1; -# Notify sender of syntactically invalid header containing non-ASCII characters? Bloß nicht! -#$warnbadsender = 0; -# Notify virus (or banned files) RECIPIENT? Wie man möchte, ich finde es sinnvoll. -$warnvirusrecip = 1; -$warnbannedrecip = 1; -$warnbadhrecip = 1; - -# SOME OTHER VARIABLES WORTH CONSIDERING (see amavisd.conf-default for all) - -# $warnbadhsender, -# $warnvirusrecip, $warnbannedrecip, $warnbadhrecip, (or @warn*recip_maps) -# -# @bypass_virus_checks_maps, @bypass_spam_checks_maps, -# @bypass_banned_checks_maps, @bypass_header_checks_maps, -# -# @virus_lovers_maps, @spam_lovers_maps, -# @banned_files_lovers_maps, @bad_header_lovers_maps, -# -# @blacklist_sender_maps, @score_sender_maps, -# -# $clean_quarantine_method, $virus_quarantine_to, $banned_quarantine_to, -# $bad_header_quarantine_to, $spam_quarantine_to, -# -# $defang_bad_header, $defang_undecipherable, $defang_spam - - -# REMAINING IMPORTANT VARIABLES ARE LISTED HERE BECAUSE OF LONGER ASSIGNMENTS - -@keep_decoded_original_maps = (new_RE( -# qr'^MAIL$', # retain full original message for virus checking (can be slow) - qr'^MAIL-UNDECIPHERABLE$', # recheck full mail if it contains undecipherables - qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i, -# qr'^Zip archive data', # don't trust Archive::Zip -)); - - -# for $banned_namepath_re (a new-style of banned table) see amavisd.conf-sample - -$banned_filename_re = new_RE( - -### BLOCKED ANYWHERE -# qr'^UNDECIPHERABLE$', # is or contains any undecipherable components - qr'^.(exe-ms|dll)$', # banned file(1) types, rudimentary -# qr'^.(exe|lha|tnef|cab|dll)$', # banned file(1) types - -### BLOCK THE FOLLOWING, EXCEPT WITHIN UNIX ARCHIVES: -# [ qr'^.(gz|bz2)$' => 0 ], # allow any in gzip or bzip2 - [ qr'^.(rpm|cpio|tar)$' => 0 ], # allow any in Unix-type archives - - qr'..(pif|scr)$'i, # banned extensions - rudimentary -# qr'^.zip$', # block zip type - -### BLOCK THE FOLLOWING, EXCEPT WITHIN ARCHIVES: -# [ qr'^.(zip|rar|arc|arj|zoo)$'=> 0 ], # allow any within these archives - - qr'^application/x-msdownload$'i, # block these MIME types - qr'^application/x-msdos-program$'i, - qr'^application/hta$'i, - -# qr'^message/partial$'i, # rfc2046 MIME type -# qr'^message/external-body$'i, # rfc2046 MIME type - -# qr'^(application/x-msmetafile|image/x-wmf)$'i, # Windows Metafile MIME type -# qr'^.wmf$', # Windows Metafile file(1) type - - # block certain double extensions in filenames - qr'.[^./]*[A-Za-z][^./]*.\s*(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)[.\s]*$'i, - -# qr'{[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}}?'i, # Class ID CLSID, strict -# qr'{[0-9a-z]{4,}(-[0-9a-z]{4,}){0,7}}?'i, # Class ID extension CLSID, loose - - qr'..(exe|vbs|pif|scr|cpl)$'i, # banned extension - basic -# qr'..(exe|vbs|pif|scr|cpl|bat|cmd|com)$'i, # banned extension - basic+cmd -# qr'..(ade|adp|app|bas|bat|chm|cmd|com|cpl|crt|emf|exe|fxp|grp|hlp|hta| -# inf|ins|isp|js|jse|lnk|mda|mdb|mde|mdw|mdt|mdz|msc|msi|msp|mst| -# ops|pcd|pif|prg|reg|scr|sct|shb|shs|vb|vbe|vbs| -# wmf|wsc|wsf|wsh)$'ix, # banned ext - long -# qr'..(ani|cur|ico)$'i, # banned cursors and icons filename -# qr'^.ani$', # banned animated cursor file(1) type - -# qr'..(mim|b64|bhx|hqx|xxe|uu|uue)$'i, # banned extension - WinZip vulnerab. -); -# See http://support.microsoft.com/default.aspx?scid=kb;EN-US;q262631 -# and http://www.cknow.com/vtutor/vtextensions.htm - - -# ENVELOPE SENDER SOFT-WHITELISTING / SOFT-BLACKLISTING - -@score_sender_maps = ({ # a by-recipient hash lookup table, - # results from all matching recipient tables are summed - -# ## per-recipient personal tables (NOTE: positive: black, negative: white) -# 'user1@example.com' => [{'bla-mobile.press@example.com' => 10.0}], -# 'user3@example.com' => [{'.ebay.com' => -3.0}], -# 'user4@example.com' => [{'cleargreen@cleargreen.com' => -7.0, -# '.cleargreen.com' => -5.0}], - - ## site-wide opinions about senders (the '.' matches any recipient) - '.' => [ # the _first_ matching sender determines the score boost - - new_RE( # regexp-type lookup table, just happens to be all soft-blacklist - [qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'i => 5.0], - [qr'^(greatcasino|investments|lose_weight_today|market.alert)@'i=> 5.0], - [qr'^(money2you|MyGreenCard|new.tld.registry|opt-out|opt-in)@'i=> 5.0], - [qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@'i => 5.0], - [qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@'i => 5.0], - [qr'^(your_friend|greatoffers)@'i => 5.0], - [qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i => 5.0], - ), - -# read_hash("/var/amavis/sender_scores_sitewide"), - - { # a hash-type lookup table (associative array) - 'nobody@cert.org' => -3.0, - 'cert-advisory@us-cert.gov' => -3.0, - 'owner-alert@iss.net' => -3.0, - 'slashdot@slashdot.org' => -3.0, - 'securityfocus.com' => -3.0, - 'ntbugtraq@listserv.ntbugtraq.com' => -3.0, - 'security-alerts@linuxsecurity.com' => -3.0, - 'mailman-announce-admin@python.org' => -3.0, - 'amavis-user-admin@lists.sourceforge.net'=> -3.0, - 'amavis-user-bounces@lists.sourceforge.net' => -3.0, - 'spamassassin.apache.org' => -3.0, - 'notification-return@lists.sophos.com' => -3.0, - 'owner-postfix-users@postfix.org' => -3.0, - 'owner-postfix-announce@postfix.org' => -3.0, - 'owner-sendmail-announce@lists.sendmail.org' => -3.0, - 'sendmail-announce-request@lists.sendmail.org' => -3.0, - 'donotreply@sendmail.org' => -3.0, - 'ca+envelope@sendmail.org' => -3.0, - 'noreply@freshmeat.net' => -3.0, - 'owner-technews@postel.acm.org' => -3.0, - 'ietf-123-owner@loki.ietf.org' => -3.0, - 'cvs-commits-list-admin@gnome.org' => -3.0, - 'rt-users-admin@lists.fsck.com' => -3.0, - 'clp-request@comp.nus.edu.sg' => -3.0, - 'surveys-errors@lists.nua.ie' => -3.0, - 'emailnews@genomeweb.com' => -5.0, - 'yahoo-dev-null@yahoo-inc.com' => -3.0, - 'returns.groups.yahoo.com' => -3.0, - 'clusternews@linuxnetworx.com' => -3.0, - lc('lvs-users-admin@LinuxVirtualServer.org') => -3.0, - lc('owner-textbreakingnews@CNNIMAIL12.CNN.COM') => -5.0, - - # soft-blacklisting (positive score) - 'sender@example.net' => 3.0, - '.example.net' => 1.0, - - }, - ], # end of site-wide tables -}); - - -@decoders = ( - ['mail', &do_mime_decode], - ['asc', &do_ascii], - ['uue', &do_ascii], - ['hqx', &do_ascii], - ['ync', &do_ascii], - ['F', &do_uncompress, ['unfreeze','freeze -d','melt','fcat'] ], - ['Z', &do_uncompress, ['uncompress','gzip -d','zcat'] ], - ['gz', &do_uncompress, 'gzip -d'], - ['gz', &do_gunzip], - ['bz2', &do_uncompress, 'bzip2 -d'], - ['lzo', &do_uncompress, 'lzop -d'], - ['rpm', &do_uncompress, ['rpm2cpio.pl','rpm2cpio'] ], - ['cpio', &do_pax_cpio, ['pax','gcpio','cpio'] ], - ['tar', &do_pax_cpio, ['pax','gcpio','cpio'] ], - ['deb', &do_ar, 'ar'], -# ['a', &do_ar, 'ar'], # unpacking .a seems an overkill - ['zip', &do_unzip], - ['7z', &do_7zip, ['7zr','7za','7z'] ], - ['rar', &do_unrar, ['rar','unrar'] ], - ['arj', &do_unarj, ['arj','unarj'] ], - ['arc', &do_arc, ['nomarch','arc'] ], - ['zoo', &do_zoo, ['zoo','unzoo'] ], - ['lha', &do_lha, 'lha'], -# ['doc', &do_ole, 'ripole'], - ['cab', &do_cabextract, 'cabextract'], - ['tnef', &do_tnef_ext, 'tnef'], - ['tnef', &do_tnef], -# ['sit', &do_unstuff, 'unstuff'], # broken/unsafe decoder - ['exe', &do_executable, ['rar','unrar'], 'lha', ['arj','unarj'] ], -); - - -@av_scanners = ( - -# ### http://www.clamav.net/ - ['ClamAV-clamd', - &ask_daemon, ["CONTSCAN {}\n", "/var/run/clamd"], - qr/\bOK$/, qr/\bFOUND$/, - qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ], -# # NOTE: run clamd under the same user as amavisd, or run it under its own -# # uid such as clamav, add user clamav to the amavis group, and then add -# # AllowSupplementaryGroups to clamd.conf; -# # NOTE: match socket name (LocalSocket) in clamav.conf to the socket name in -# # this entry; when running chrooted one may prefer socket "$MYHOME/clamd". - -# ### http://www.f-prot.com/ -# ['FRISK F-Prot Daemon', -# &ask_daemon, -# ["GET {}/*?-dumb%20-archive%20-packed HTTP/1.0\r\n\r\n", -# ['127.0.0.1:10200','127.0.0.1:10201','127.0.0.1:10202', -# '127.0.0.1:10203','127.0.0.1:10204'] ], -# qr/(?i)<summary[^>]*>clean</summary>/, -# qr/(?i)<summary[^>]*>infected</summary>/, -# qr/(?i)<name>(.+)</name>/ ], - - ### http://www.kaspersky.com/ (kav4mailservers) - ['KasperskyLab AVP - aveclient', - ['/usr/local/kav/bin/aveclient','/usr/local/share/kav/bin/aveclient', - '/opt/kav/5.5/kav4mailservers/bin/aveclient','aveclient'], - '-p /var/run/aveserver -s {}/*', - [0,3,6,8], qr/\b(INFECTED|SUSPICION|SUSPICIOUS)\b/, - qr/(?:INFECTED|WARNING|SUSPICION|SUSPICIOUS) (.+)/, - ], - # NOTE: one may prefer [0],[2,3,4,5], depending on how suspicious, - # currupted or protected archives are to be handled - - ### http://www.avira.com/ - ### Avira AntiVir (formerly H+BEDV) or (old) CentralCommand Vexira Antivirus - ['Avira AntiVir', ['antivir','vexira'], - '--allfiles -noboot -nombr -rs -s -z {}', [0], qr/ALERT:|VIRUS:/, - qr/(?x)^\s* (?: ALERT: \s* (?: [ | [^']* ' ) | - (?i) VIRUS:\ .*?\ virus\ '?) ( [^]\s']+ )/ ], - # NOTE: if you only have a demo version, remove -z and add 214, as in: - # '--allfiles -noboot -nombr -rs -s {}', [0,214], qr/ALERT:|VIRUS:/, - -# ### http://www.avast.com/ -# ['avast! Antivirus daemon', -# &ask_daemon, # greets with 220, terminate with QUIT -# ["SCAN {}\015\012QUIT\015\012", '/var/run/avast4/mailscanner.sock'], -# qr/\t[+]/, qr/\t[L]\t/, qr/\t[L]\t([^[ \t\015\012]+)/ ], - -# ### http://www.avast.com/ -# ['avast! Antivirus - Client/Server Version', 'avastlite', -# '-a /var/run/avast4/mailscanner.sock -n {}', [0], [1], -# qr/\t[L]\t([^[ \t\015\012]+)/ ], - - ### http://www.avast.com/ - ['avast! Antivirus', ['/usr/bin/avastcmd','avastcmd'], - '-a -i -n -t=A {}', [0], [1], qr/\binfected by:\s+([^ \t\n[]]+)/ ], - - ### http://www.bitdefender.com/ - ['BitDefender', 'bdc', - '--arc --mail {}', qr/^Infected files *:0+(?!\d)/, - qr/^(?:Infected files|Identified viruses|Suspect files) *:0*[1-9]/, - qr/(?:suspected|infected): (.*)(?:\033|$)/ ], - # consider also: --all --nowarn --alev=15 --flev=15. The --all argument may - # not apply to your version of bdc, check documentation and see 'bdc --help' - -); - - -@av_scanners_backup = ( - - ### http://www.clamav.net/ - backs up clamd or Mail::ClamAV - ['ClamAV-clamscan', 'clamscan', - "--stdout --no-summary -r --tempdir=$TEMPBASE {}", - [0], qr/:.*\sFOUND$/, qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ], - - ### http://www.f-prot.com/ - backs up F-Prot Daemon - ['FRISK F-Prot Antivirus', ['f-prot','f-prot.sh'], - '-dumb -archive -packed {}', [0,8], [3,6], # or: [0], [3,6,8], - qr/(?:Infection:|security risk named) (.+)|\s+contains\s+(.+)$/ ], - - ### http://www.kaspersky.com/ - ['Kaspersky Antivirus v5.5', - ['/opt/kaspersky/kav4fs/bin/kav4fs-kavscanner', - '/opt/kav/5.5/kav4unix/bin/kavscanner', - '/opt/kav/5.5/kav4mailservers/bin/kavscanner', 'kavscanner'], - '-i0 -xn -xp -mn -R -ePASBME {}/*', [0,10,15], [5,20,21,25], - qr/(?:INFECTED|WARNING|SUSPICION|SUSPICIOUS) (.*)/ , -# sub {chdir('/opt/kav/bin') or die "Can't chdir to kav: $!"}, -# sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"}, - ], - -# always succeeds (uncomment to consider mail clean if all other scanners fail) -# ['always-clean', sub {0}], - -); - - -1; # insure a defined return diff --git a/config/hostapd/config b/config/hostapd/config index 66ebbf1ce..78206ed78 100644 --- a/config/hostapd/config +++ b/config/hostapd/config @@ -15,22 +15,31 @@ CONFIG_DRIVER_HOSTAP=y # Driver interface for wired authenticator #CONFIG_DRIVER_WIRED=y
-# Driver interface for Prism54 driver -CONFIG_DRIVER_PRISM54=y - # Driver interface for drivers using the nl80211 kernel interface CONFIG_DRIVER_NL80211=y -# driver_nl80211.c requires a rather new libnl (version 1.1) which may not be -# shipped with your distribution yet. If that is the case, you need to build -# newer libnl version and point the hostapd build to use it. -#LIBNL=/usr/src/libnl -#CFLAGS += -I$(LIBNL)/include -#LIBS += -L$(LIBNL)/lib + +# QCA vendor extensions to nl80211 +#CONFIG_DRIVER_NL80211_QCA=y + +# driver_nl80211.c requires libnl. If you are compiling it yourself +# you may need to point hostapd to your version of libnl. +# +#CFLAGS += -I$<path to libnl include files> +#LIBS += -L$<path to libnl library files> + +# Use libnl v2.0 (or 3.0) libraries. +#CONFIG_LIBNL20=y + +# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored) +CONFIG_LIBNL32=y +
# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver) #CONFIG_DRIVER_BSD=y #CFLAGS += -I/usr/local/include #LIBS += -L/usr/local/lib +#LIBS_p += -L/usr/local/lib +#LIBS_c += -L/usr/local/lib
# Driver interface for no driver (e.g., RADIUS server only) #CONFIG_DRIVER_NONE=y @@ -41,12 +50,12 @@ CONFIG_IAPP=y # WPA2/IEEE 802.11i RSN pre-authentication CONFIG_RSN_PREAUTH=y
-# PeerKey handshake for Station to Station Link (IEEE 802.11e DLS) -CONFIG_PEERKEY=y - # IEEE 802.11w (management frame protection) CONFIG_IEEE80211W=y
+# Support Operating Channel Validation +#CONFIG_OCV=y + # Integrated EAP server CONFIG_EAP=y
@@ -99,24 +108,30 @@ CONFIG_EAP_TTLS=y #CONFIG_EAP_GPSK_SHA256=y
# EAP-FAST for the integrated EAP server -# Note: Default OpenSSL package does not include support for all the -# functionality needed for EAP-FAST. If EAP-FAST is enabled with OpenSSL, -# the OpenSSL library must be patched (openssl-0.9.9-session-ticket.patch) -# to add the needed functions. #CONFIG_EAP_FAST=y
+# EAP-TEAP for the integrated EAP server +# Note: The current EAP-TEAP implementation is experimental and should not be +# enabled for production use. The IETF RFC 7170 that defines EAP-TEAP has number +# of conflicting statements and missing details and the implementation has +# vendor specific workarounds for those and as such, may not interoperate with +# any other implementation. This should not be used for anything else than +# experimentation and interoperability testing until those issues has been +# resolved. +#CONFIG_EAP_TEAP=y + # Wi-Fi Protected Setup (WPS) -CONFIG_WPS=y +#CONFIG_WPS=y # Enable UPnP support for external WPS Registrars -CONFIG_WPS_UPNP=y +#CONFIG_WPS_UPNP=y # Enable WPS support with NFC config method #CONFIG_WPS_NFC=y
# EAP-IKEv2 -CONFIG_EAP_IKEV2=y +#CONFIG_EAP_IKEV2=y
# Trusted Network Connect (EAP-TNC) -CONFIG_EAP_TNC=y +#CONFIG_EAP_TNC=y
# EAP-EKE for the integrated EAP server #CONFIG_EAP_EKE=y @@ -133,10 +148,10 @@ CONFIG_PKCS12=y #CONFIG_IPV6=y
# IEEE Std 802.11r-2008 (Fast BSS Transition) -CONFIG_IEEE80211R=y +#CONFIG_IEEE80211R=y
# Use the hostapd's IEEE 802.11 authentication (ACL), but without -# the IEEE 802.11 Management capability (e.g., madwifi or FreeBSD/net80211) +# the IEEE 802.11 Management capability (e.g., FreeBSD/net80211) #CONFIG_DRIVER_RADIUS_ACL=y
# IEEE 802.11n (High Throughput) support @@ -149,6 +164,12 @@ CONFIG_IEEE80211N=y # IEEE 802.11ac (Very High Throughput) support CONFIG_IEEE80211AC=y
+# IEEE 802.11ax HE support +# Note: This is experimental and work in progress. The definitions are still +# subject to change and this should not be expected to interoperate with the +# final IEEE 802.11ax version. +#CONFIG_IEEE80211AX=y + # Remove debugging code that is printing out debug messages to stdout. # This can be used to reduce the size of the hostapd considerably if debugging # code is not needed. @@ -158,6 +179,9 @@ CONFIG_IEEE80211AC=y # Disabled by default. #CONFIG_DEBUG_FILE=y
+# Send debug messages to syslog instead of stdout +#CONFIG_DEBUG_SYSLOG=y + # Add support for sending all debug messages (regardless of debug verbosity) # to the Linux kernel tracing facility. This helps debug the entire stack by # making it easy to record everything happening from the driver up into the @@ -235,10 +259,25 @@ CONFIG_IEEE80211AC=y # requirements described above. #CONFIG_NO_RANDOM_POOL=y
+# Should we attempt to use the getrandom(2) call that provides more reliable +# yet secure randomness source than /dev/random on Linux 3.17 and newer. +# Requires glibc 2.25 to build, falls back to /dev/random if unavailable. +CONFIG_GETRANDOM=y + +# Should we use poll instead of select? Select is used by default. +#CONFIG_ELOOP_POLL=y + +# Should we use epoll instead of select? Select is used by default. +CONFIG_ELOOP_EPOLL=y + +# Should we use kqueue instead of select? Select is used by default. +#CONFIG_ELOOP_KQUEUE=y + # Select TLS implementation # openssl = OpenSSL (default) # gnutls = GnuTLS # internal = Internal TLSv1 implementation (experimental) +# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental) # none = Empty template #CONFIG_TLS=openssl
@@ -251,6 +290,10 @@ CONFIG_IEEE80211AC=y # can be enabled to enable use of stronger crypto algorithms. #CONFIG_TLSV12=y
+# Select which ciphers to use by default with OpenSSL if the user does not +# specify them. +#CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW" + # If CONFIG_TLS=internal is used, additional library and include paths are # needed for LibTomMath. Alternatively, an integrated, minimal version of # LibTomMath can be used. See beginning of libtommath.c for details on benefits @@ -278,6 +321,12 @@ CONFIG_IEEE80211AC=y # Enable SQLite database support in hlr_auc_gw, EAP-SIM DB, and eap_user_file #CONFIG_SQLITE=y
+# Enable Fast Session Transfer (FST) +#CONFIG_FST=y + +# Enable CLI commands for FST testing +#CONFIG_FST_TEST=y + # Testing options # This can be used to enable some testing options (see also the example # configuration file) that are really useful only for testing clients that @@ -309,3 +358,37 @@ CONFIG_IEEE80211AC=y # http://wireless.kernel.org/en/users/Documentation/acs # CONFIG_ACS=y + +# Multiband Operation support +# These extentions facilitate efficient use of multiple frequency bands +# available to the AP and the devices that may associate with it. +#CONFIG_MBO=y + +# Client Taxonomy +# Has the AP retain the Probe Request and (Re)Association Request frames from +# a client, from which a signature can be produced which can identify the model +# of client device like "Nexus 6P" or "iPhone 5s". +CONFIG_TAXONOMY=y + +# Fast Initial Link Setup (FILS) (IEEE 802.11ai) +#CONFIG_FILS=y +# FILS shared key authentication with PFS +#CONFIG_FILS_SK_PFS=y + +# Include internal line edit mode in hostapd_cli. This can be used to provide +# limited command line editing and history support. +#CONFIG_WPA_CLI_EDIT=y + +# Opportunistic Wireless Encryption (OWE) +# Experimental implementation of draft-harkins-owe-07.txt +#CONFIG_OWE=y + +# Airtime policy support +CONFIG_AIRTIME_POLICY=y + +# Override default value for the wpa_disable_eapol_key_retries configuration +# parameter. See that parameter in hostapd.conf for more details. +#CFLAGS += -DDEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES=1 + +# Custom configuration +CONFIG_SAE=y diff --git a/config/rootfiles/common/suricata b/config/rootfiles/common/suricata index 41b02525d..f891fa449 100644 --- a/config/rootfiles/common/suricata +++ b/config/rootfiles/common/suricata @@ -3,6 +3,7 @@ etc/suricata/suricata.yaml #root/.cargo #root/.cargo/.package-cache usr/bin/suricata +#usr/include/suricata-plugin.h #usr/share/doc/suricata #usr/share/doc/suricata/AUTHORS #usr/share/doc/suricata/Basic_Setup.txt diff --git a/config/rootfiles/core/152/exclude b/config/rootfiles/core/153/exclude similarity index 100% rename from config/rootfiles/core/152/exclude rename to config/rootfiles/core/153/exclude diff --git a/config/rootfiles/core/153/filelists/files b/config/rootfiles/core/153/filelists/files new file mode 100644 index 000000000..b58587e6a --- /dev/null +++ b/config/rootfiles/core/153/filelists/files @@ -0,0 +1,4 @@ +etc/issue +etc/os-release +etc/system-release +srv/web/ipfire/cgi-bin/credits.cgi diff --git a/config/rootfiles/core/153/filelists/ids-ruleset-sources b/config/rootfiles/core/153/filelists/ids-ruleset-sources new file mode 120000 index 000000000..a226ada39 --- /dev/null +++ b/config/rootfiles/core/153/filelists/ids-ruleset-sources @@ -0,0 +1 @@ +../../../common/ids-ruleset-sources \ No newline at end of file diff --git a/config/rootfiles/core/152/filelists/suricata b/config/rootfiles/core/153/filelists/suricata similarity index 100% rename from config/rootfiles/core/152/filelists/suricata rename to config/rootfiles/core/153/filelists/suricata diff --git a/config/rootfiles/core/153/update.sh b/config/rootfiles/core/153/update.sh new file mode 100644 index 000000000..68d1513aa --- /dev/null +++ b/config/rootfiles/core/153/update.sh @@ -0,0 +1,68 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 3 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2020 IPFire-Team info@ipfire.org. # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh +/usr/local/bin/backupctrl exclude >/dev/null 2>&1 + +core=153 + +# Remove old core updates from pakfire cache to save space... +for (( i=1; i<=$core; i++ )); do + rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire +done + +# Remove files + +# Stop services + +# Extract files +extract_files + +# update linker config +ldconfig + +# Update Language cache +#/usr/local/bin/update-lang-cache + +# Filesytem cleanup +/usr/local/bin/filesystem-cleanup + +# Start services +/etc/init.d/suricata restart + +# This update needs a reboot... +#touch /var/run/need_reboot + +# Finish +/etc/init.d/fireinfo start +sendprofile + +# Update grub config to display new core version +if [ -e /boot/grub/grub.cfg ]; then + grub-mkconfig -o /boot/grub/grub.cfg +fi + +sync + +# Don't report the exitcode last command +exit 0 diff --git a/config/rootfiles/oldcore/152/exclude b/config/rootfiles/oldcore/152/exclude new file mode 100644 index 000000000..e7500a03d --- /dev/null +++ b/config/rootfiles/oldcore/152/exclude @@ -0,0 +1,32 @@ +boot/config.txt +boot/grub/grub.cfg +boot/grub/grubenv +etc/alternatives +etc/collectd.custom +etc/default/grub +etc/ipsec.conf +etc/ipsec.secrets +etc/ipsec.user.conf +etc/ipsec.user.secrets +etc/localtime +etc/shadow +etc/snort/snort.conf +etc/ssl/openssl.cnf +etc/sudoers +etc/sysconfig/firewall.local +etc/sysconfig/rc.local +etc/udev/rules.d/30-persistent-network.rules +srv/web/ipfire/html/proxy.pac +var/ipfire/dma +var/ipfire/time +var/ipfire/firewall/locationblock +var/ipfire/fwhosts/customlocationgrp +var/ipfire/ovpn +var/ipfire/urlfilter/blacklist +var/ipfire/urlfilter/settings +var/lib/alternatives +var/log/cache +var/log/dhcpcd.log +var/log/messages +var/state/dhcp/dhcpd.leases +var/updatecache diff --git a/config/rootfiles/core/152/filelists/aarch64/python b/config/rootfiles/oldcore/152/filelists/aarch64/python similarity index 100% rename from config/rootfiles/core/152/filelists/aarch64/python rename to config/rootfiles/oldcore/152/filelists/aarch64/python diff --git a/config/rootfiles/core/152/filelists/aarch64/python3 b/config/rootfiles/oldcore/152/filelists/aarch64/python3 similarity index 100% rename from config/rootfiles/core/152/filelists/aarch64/python3 rename to config/rootfiles/oldcore/152/filelists/aarch64/python3 diff --git a/config/rootfiles/core/152/filelists/armv5tel/python b/config/rootfiles/oldcore/152/filelists/armv5tel/python similarity index 100% rename from config/rootfiles/core/152/filelists/armv5tel/python rename to config/rootfiles/oldcore/152/filelists/armv5tel/python diff --git a/config/rootfiles/core/152/filelists/armv5tel/python3 b/config/rootfiles/oldcore/152/filelists/armv5tel/python3 similarity index 100% rename from config/rootfiles/core/152/filelists/armv5tel/python3 rename to config/rootfiles/oldcore/152/filelists/armv5tel/python3 diff --git a/config/rootfiles/core/152/filelists/ca-certificates b/config/rootfiles/oldcore/152/filelists/ca-certificates similarity index 100% rename from config/rootfiles/core/152/filelists/ca-certificates rename to config/rootfiles/oldcore/152/filelists/ca-certificates diff --git a/config/rootfiles/core/152/filelists/files b/config/rootfiles/oldcore/152/filelists/files similarity index 100% rename from config/rootfiles/core/152/filelists/files rename to config/rootfiles/oldcore/152/filelists/files diff --git a/config/rootfiles/core/152/filelists/i586/python b/config/rootfiles/oldcore/152/filelists/i586/python similarity index 100% rename from config/rootfiles/core/152/filelists/i586/python rename to config/rootfiles/oldcore/152/filelists/i586/python diff --git a/config/rootfiles/core/152/filelists/i586/python3 b/config/rootfiles/oldcore/152/filelists/i586/python3 similarity index 100% rename from config/rootfiles/core/152/filelists/i586/python3 rename to config/rootfiles/oldcore/152/filelists/i586/python3 diff --git a/config/rootfiles/core/152/filelists/knot b/config/rootfiles/oldcore/152/filelists/knot similarity index 100% rename from config/rootfiles/core/152/filelists/knot rename to config/rootfiles/oldcore/152/filelists/knot diff --git a/config/rootfiles/core/152/filelists/libhtp b/config/rootfiles/oldcore/152/filelists/libhtp similarity index 100% rename from config/rootfiles/core/152/filelists/libhtp rename to config/rootfiles/oldcore/152/filelists/libhtp diff --git a/config/rootfiles/core/152/filelists/setup b/config/rootfiles/oldcore/152/filelists/setup similarity index 100% rename from config/rootfiles/core/152/filelists/setup rename to config/rootfiles/oldcore/152/filelists/setup diff --git a/config/rootfiles/oldcore/152/filelists/suricata b/config/rootfiles/oldcore/152/filelists/suricata new file mode 120000 index 000000000..f671f6993 --- /dev/null +++ b/config/rootfiles/oldcore/152/filelists/suricata @@ -0,0 +1 @@ +../../../common/suricata \ No newline at end of file diff --git a/config/rootfiles/core/152/filelists/unbound b/config/rootfiles/oldcore/152/filelists/unbound similarity index 100% rename from config/rootfiles/core/152/filelists/unbound rename to config/rootfiles/oldcore/152/filelists/unbound diff --git a/config/rootfiles/core/152/filelists/x86_64/python b/config/rootfiles/oldcore/152/filelists/x86_64/python similarity index 100% rename from config/rootfiles/core/152/filelists/x86_64/python rename to config/rootfiles/oldcore/152/filelists/x86_64/python diff --git a/config/rootfiles/core/152/filelists/x86_64/python3 b/config/rootfiles/oldcore/152/filelists/x86_64/python3 similarity index 100% rename from config/rootfiles/core/152/filelists/x86_64/python3 rename to config/rootfiles/oldcore/152/filelists/x86_64/python3 diff --git a/config/rootfiles/core/152/filelists/yaml b/config/rootfiles/oldcore/152/filelists/yaml similarity index 100% rename from config/rootfiles/core/152/filelists/yaml rename to config/rootfiles/oldcore/152/filelists/yaml diff --git a/config/rootfiles/core/152/update.sh b/config/rootfiles/oldcore/152/update.sh similarity index 100% rename from config/rootfiles/core/152/update.sh rename to config/rootfiles/oldcore/152/update.sh diff --git a/config/rootfiles/packages/amavisd b/config/rootfiles/packages/amavisd deleted file mode 100644 index f2e1c3f3b..000000000 --- a/config/rootfiles/packages/amavisd +++ /dev/null @@ -1,7 +0,0 @@ -etc/amavisd.conf -etc/rc.d/init.d/amavisd -usr/bin/amavisd -var/amavis -var/amavis/db -var/amavis/tmp -var/virusmails diff --git a/config/rootfiles/packages/spamassassin b/config/rootfiles/packages/spamassassin deleted file mode 100644 index fb916edd8..000000000 --- a/config/rootfiles/packages/spamassassin +++ /dev/null @@ -1,228 +0,0 @@ -etc/mail -#etc/mail/spamassassin -#etc/mail/spamassassin/init.pre -#etc/mail/spamassassin/local.cf -#etc/mail/spamassassin/v310.pre -#etc/mail/spamassassin/v312.pre -#etc/mail/spamassassin/v320.pre -#etc/mail/spamassassin/v330.pre -#etc/mail/spamassassin/v340.pre -#etc/mail/spamassassin/v341.pre -#etc/mail/spamassassin/v342.pre -etc/rc.d/init.d/spamassassin -usr/bin/sa-awl -usr/bin/sa-check_spamd -usr/bin/sa-compile -usr/bin/sa-learn -usr/bin/sa-update -usr/bin/spamassassin -usr/bin/spamc -usr/bin/spamd -usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/AICache.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/ArchiveIterator.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/AsyncLoop.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/AutoWhitelist.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Bayes -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Bayes.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Bayes/CombineChi.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Bayes/CombineNaiveBayes.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/BayesStore -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/BayesStore.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/BayesStore/BDB.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/BayesStore/DBM.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/BayesStore/MySQL.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/BayesStore/PgSQL.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/BayesStore/Redis.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/BayesStore/SDBM.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/BayesStore/SQL.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Client.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Conf -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Conf.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Conf/LDAP.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Conf/Parser.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Conf/SQL.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Constants.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/DBBasedAddrList.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Dns.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/DnsResolver.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/HTML.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Locales.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Locker -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Locker.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Locker/Flock.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Locker/UnixNFSSafe.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Locker/Win32.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Logger -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Logger.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Logger/File.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Logger/Stderr.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Logger/Syslog.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/MailingList.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Message -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Message.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Message/Metadata -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Message/Metadata.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Message/Metadata/Received.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Message/Node.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/NetSet.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/PerMsgLearner.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/PerMsgStatus.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/PersistentAddrList.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Plugin -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Plugin.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Plugin/ASN.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Plugin/AWL.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Plugin/AccessDB.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Plugin/AntiVirus.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Plugin/AskDNS.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Plugin/AutoLearnThreshold.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Plugin/Bayes.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Plugin/BodyEval.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Plugin/BodyRuleBaseExtractor.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Plugin/Check.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Plugin/DCC.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Plugin/DKIM.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Plugin/DNSEval.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Plugin/FreeMail.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Plugin/FromNameSpoof.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Plugin/HTMLEval.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Plugin/HTTPSMismatch.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Plugin/HashBL.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Plugin/Hashcash.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Plugin/HeaderEval.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Plugin/ImageInfo.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Plugin/MIMEEval.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Plugin/MIMEHeader.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Plugin/OneLineBodyRuleType.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Plugin/PDFInfo.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Plugin/PhishTag.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Plugin/Phishing.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Plugin/Pyzor.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Plugin/Razor2.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Plugin/RelayCountry.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Plugin/RelayEval.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Plugin/ReplaceTags.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Plugin/ResourceLimits.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Plugin/Reuse.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Plugin/Rule2XSBody.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Plugin/SPF.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Plugin/Shortcircuit.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Plugin/SpamCop.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Plugin/Test.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Plugin/TextCat.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Plugin/TxRep.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Plugin/URIDNSBL.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Plugin/URIDetail.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Plugin/URIEval.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Plugin/URILocalBL.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Plugin/VBounce.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Plugin/WLBLEval.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Plugin/WhiteListSubject.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/PluginHandler.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/RegistryBoundaries.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Reporter.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/SQLBasedAddrList.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/SpamdForkScaling.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/SubProcBackChannel.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Timeout.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Util -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Util.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Util/DependencyInfo.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Util/Progress.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Util/ScopedTimer.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Util/TieOneStringHash.pm -#usr/lib/perl5/site_perl/5.30.0/Mail/SpamAssassin/Util/TinyRedis.pm -#usr/lib/perl5/site_perl/5.30.0/spamassassin-run.pod -#usr/lib/perl5/site_perl/5.30.0/xxxMACHINExxx-linux-thread-multi/auto/Mail/SpamAssassin -#usr/lib/perl5/site_perl/5.30.0/xxxMACHINExxx-linux-thread-multi/auto/Mail/SpamAssassin/.packlist -#usr/share/man/man1/sa-awl.1 -#usr/share/man/man1/sa-compile.1 -#usr/share/man/man1/sa-learn.1 -#usr/share/man/man1/sa-update.1 -#usr/share/man/man1/spamassassin-run.1 -#usr/share/man/man1/spamassassin.1 -#usr/share/man/man1/spamc.1 -#usr/share/man/man1/spamd.1 -#usr/share/man/man3/Mail::SpamAssassin.3 -#usr/share/man/man3/Mail::SpamAssassin::AICache.3 -#usr/share/man/man3/Mail::SpamAssassin::ArchiveIterator.3 -#usr/share/man/man3/Mail::SpamAssassin::AsyncLoop.3 -#usr/share/man/man3/Mail::SpamAssassin::AutoWhitelist.3 -#usr/share/man/man3/Mail::SpamAssassin::Bayes.3 -#usr/share/man/man3/Mail::SpamAssassin::BayesStore.3 -#usr/share/man/man3/Mail::SpamAssassin::BayesStore::BDB.3 -#usr/share/man/man3/Mail::SpamAssassin::BayesStore::MySQL.3 -#usr/share/man/man3/Mail::SpamAssassin::BayesStore::PgSQL.3 -#usr/share/man/man3/Mail::SpamAssassin::BayesStore::Redis.3 -#usr/share/man/man3/Mail::SpamAssassin::BayesStore::SQL.3 -#usr/share/man/man3/Mail::SpamAssassin::Client.3 -#usr/share/man/man3/Mail::SpamAssassin::Conf.3 -#usr/share/man/man3/Mail::SpamAssassin::Conf::LDAP.3 -#usr/share/man/man3/Mail::SpamAssassin::Conf::Parser.3 -#usr/share/man/man3/Mail::SpamAssassin::Conf::SQL.3 -#usr/share/man/man3/Mail::SpamAssassin::DnsResolver.3 -#usr/share/man/man3/Mail::SpamAssassin::Logger.3 -#usr/share/man/man3/Mail::SpamAssassin::Logger::File.3 -#usr/share/man/man3/Mail::SpamAssassin::Logger::Stderr.3 -#usr/share/man/man3/Mail::SpamAssassin::Logger::Syslog.3 -#usr/share/man/man3/Mail::SpamAssassin::Message.3 -#usr/share/man/man3/Mail::SpamAssassin::Message::Metadata.3 -#usr/share/man/man3/Mail::SpamAssassin::Message::Node.3 -#usr/share/man/man3/Mail::SpamAssassin::PerMsgLearner.3 -#usr/share/man/man3/Mail::SpamAssassin::PerMsgStatus.3 -#usr/share/man/man3/Mail::SpamAssassin::PersistentAddrList.3 -#usr/share/man/man3/Mail::SpamAssassin::Plugin.3 -#usr/share/man/man3/Mail::SpamAssassin::Plugin::ASN.3 -#usr/share/man/man3/Mail::SpamAssassin::Plugin::AWL.3 -#usr/share/man/man3/Mail::SpamAssassin::Plugin::AccessDB.3 -#usr/share/man/man3/Mail::SpamAssassin::Plugin::AntiVirus.3 -#usr/share/man/man3/Mail::SpamAssassin::Plugin::AskDNS.3 -#usr/share/man/man3/Mail::SpamAssassin::Plugin::AutoLearnThreshold.3 -#usr/share/man/man3/Mail::SpamAssassin::Plugin::Bayes.3 -#usr/share/man/man3/Mail::SpamAssassin::Plugin::BodyRuleBaseExtractor.3 -#usr/share/man/man3/Mail::SpamAssassin::Plugin::Check.3 -#usr/share/man/man3/Mail::SpamAssassin::Plugin::DCC.3 -#usr/share/man/man3/Mail::SpamAssassin::Plugin::DKIM.3 -#usr/share/man/man3/Mail::SpamAssassin::Plugin::DNSEval.3 -#usr/share/man/man3/Mail::SpamAssassin::Plugin::FromNameSpoof.3 -#usr/share/man/man3/Mail::SpamAssassin::Plugin::HashBL.3 -#usr/share/man/man3/Mail::SpamAssassin::Plugin::Hashcash.3 -#usr/share/man/man3/Mail::SpamAssassin::Plugin::MIMEEval.3 -#usr/share/man/man3/Mail::SpamAssassin::Plugin::MIMEHeader.3 -#usr/share/man/man3/Mail::SpamAssassin::Plugin::OneLineBodyRuleType.3 -#usr/share/man/man3/Mail::SpamAssassin::Plugin::PDFInfo.3 -#usr/share/man/man3/Mail::SpamAssassin::Plugin::PhishTag.3 -#usr/share/man/man3/Mail::SpamAssassin::Plugin::Phishing.3 -#usr/share/man/man3/Mail::SpamAssassin::Plugin::Pyzor.3 -#usr/share/man/man3/Mail::SpamAssassin::Plugin::Razor2.3 -#usr/share/man/man3/Mail::SpamAssassin::Plugin::RelayCountry.3 -#usr/share/man/man3/Mail::SpamAssassin::Plugin::ReplaceTags.3 -#usr/share/man/man3/Mail::SpamAssassin::Plugin::ResourceLimits.3 -#usr/share/man/man3/Mail::SpamAssassin::Plugin::Reuse.3 -#usr/share/man/man3/Mail::SpamAssassin::Plugin::Rule2XSBody.3 -#usr/share/man/man3/Mail::SpamAssassin::Plugin::SPF.3 -#usr/share/man/man3/Mail::SpamAssassin::Plugin::Shortcircuit.3 -#usr/share/man/man3/Mail::SpamAssassin::Plugin::SpamCop.3 -#usr/share/man/man3/Mail::SpamAssassin::Plugin::Test.3 -#usr/share/man/man3/Mail::SpamAssassin::Plugin::TextCat.3 -#usr/share/man/man3/Mail::SpamAssassin::Plugin::TxRep.3 -#usr/share/man/man3/Mail::SpamAssassin::Plugin::URIDNSBL.3 -#usr/share/man/man3/Mail::SpamAssassin::Plugin::URIDetail.3 -#usr/share/man/man3/Mail::SpamAssassin::Plugin::URILocalBL.3 -#usr/share/man/man3/Mail::SpamAssassin::Plugin::VBounce.3 -#usr/share/man/man3/Mail::SpamAssassin::Plugin::WhiteListSubject.3 -#usr/share/man/man3/Mail::SpamAssassin::PluginHandler.3 -#usr/share/man/man3/Mail::SpamAssassin::RegistryBoundaries.3 -#usr/share/man/man3/Mail::SpamAssassin::SQLBasedAddrList.3 -#usr/share/man/man3/Mail::SpamAssassin::SubProcBackChannel.3 -#usr/share/man/man3/Mail::SpamAssassin::Timeout.3 -#usr/share/man/man3/Mail::SpamAssassin::Util.3 -#usr/share/man/man3/Mail::SpamAssassin::Util::DependencyInfo.3 -#usr/share/man/man3/Mail::SpamAssassin::Util::Progress.3 -#usr/share/man/man3/spamassassin-run.3 -usr/share/spamassassin -#usr/share/spamassassin/languages -#usr/share/spamassassin/sa-update-pubkey.txt -#usr/share/spamassassin/user_prefs.template diff --git a/config/suricata/ruleset-sources b/config/suricata/ruleset-sources index 8b25346b5..a00cef945 100644 --- a/config/suricata/ruleset-sources +++ b/config/suricata/ruleset-sources @@ -1,8 +1,8 @@ # Ruleset for registered sourcefire users. -registered = https://www.snort.org/rules/snortrules-snapshot-29151.tar.gz?oinkcode=<oinkcode> +registered = https://www.snort.org/rules/snortrules-snapshot-29161.tar.gz?oinkcode=<oinkcode>
# Ruleset for registered sourcefire users with valid subscription. -subscripted = https://www.snort.org/rules/snortrules-snapshot-29151.tar.gz?oinkcode=<oinkcode> +subscripted = https://www.snort.org/rules/snortrules-snapshot-29161.tar.gz?oinkcode=<oinkcode>
# Community rules from sourcefire. community = https://www.snort.org/rules/community diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml index 43f10c89d..4e9e39967 100644 --- a/config/suricata/suricata.yaml +++ b/config/suricata/suricata.yaml @@ -271,14 +271,16 @@ outputs:
#- dnp3 - ftp - #- rdp + - rdp - nfs - smb - tftp - ikev2 + - dcerpc - krb5 - snmp - #- sip + - rfb + - sip - dhcp: enabled: yes # When extended mode is on, all DHCP messages are logged @@ -287,6 +289,12 @@ outputs: # to an IP address is logged. extended: no - ssh + - mqtt: + # passwords: yes # enable output of passwords + # HTTP2 logging. HTTP2 support is currently experimental and + # disabled by default. To enable, uncomment the following line + # and be sure to enable http2 in the app-layer section. + #- http2 - stats: totals: yes # stats for all threads merged together threads: no # per thread stats @@ -358,6 +366,14 @@ nfq: # "detection-only" enables protocol detection only (parser disabled). app-layer: protocols: + rfb: + enabled: yes + detection-ports: + dp: 5900, 5901, 5902, 5903, 5904, 5905, 5906, 5907, 5908, 5909 + # MQTT, disabled by default. + mqtt: + # enabled: no + # max-msg-length: 1mb krb5: enabled: yes snmp: @@ -371,9 +387,7 @@ app-layer:
# Generate JA3 fingerprint from client hello. If not specified it # will be disabled by default, but enabled if rules require it. - #ja3-fingerprints: auto - # Generate JA3 fingerprint from client hello - ja3-fingerprints: no + ja3-fingerprints: auto
# Completely stop processing TLS/SSL session after the handshake # completed. If bypass is enabled this will also trigger flow @@ -388,6 +402,10 @@ app-layer: enabled: yes ssh: enabled: yes + #hassh: yes + # HTTP2: Experimental HTTP 2 support. Disabled by default. + http2: + enabled: no smtp: enabled: yes # Configure SMTP-MIME Decoder diff --git a/doc/language_issues.de b/doc/language_issues.de index 6fcafc460..f3246cd18 100644 --- a/doc/language_issues.de +++ b/doc/language_issues.de @@ -888,3 +888,6 @@ WARNING: untranslated string: show tls-auth key = Show tls-auth key WARNING: untranslated string: smb daemon = SMB Daemon WARNING: untranslated string: user management = User Management WARNING: untranslated string: winbind daemon = Winbind Daemon +WARNING: untranslated string: wlanap 802.11w disabled = Disabled +WARNING: untranslated string: wlanap 802.11w enforced = Enforced +WARNING: untranslated string: wlanap 802.11w optional = Optional diff --git a/doc/language_issues.en b/doc/language_issues.en index c0a618da6..9efb56a39 100644 --- a/doc/language_issues.en +++ b/doc/language_issues.en @@ -2138,6 +2138,9 @@ WARNING: untranslated string: wlan client wpa mode ccmp tkip = CCMP-TKIP WARNING: untranslated string: wlan client wpa mode tkip tkip = TKIP-TKIP WARNING: untranslated string: wlan clients = Wireless clients WARNING: untranslated string: wlanap = Access Point +WARNING: untranslated string: wlanap 802.11w disabled = Disabled +WARNING: untranslated string: wlanap 802.11w enforced = Enforced +WARNING: untranslated string: wlanap 802.11w optional = Optional WARNING: untranslated string: wlanap auto = Automatic Channel Selection WARNING: untranslated string: wlanap broadcast ssid = Broadcast SSID WARNING: untranslated string: wlanap channel = Channel diff --git a/doc/language_issues.es b/doc/language_issues.es index 689eeca7c..e01f5aa98 100644 --- a/doc/language_issues.es +++ b/doc/language_issues.es @@ -1513,6 +1513,9 @@ WARNING: untranslated string: wlan client wpa mode ccmp tkip = CCMP-TKIP WARNING: untranslated string: wlan client wpa mode tkip tkip = TKIP-TKIP WARNING: untranslated string: wlan clients = Wireless clients WARNING: untranslated string: wlanap = Access Point +WARNING: untranslated string: wlanap 802.11w disabled = Disabled +WARNING: untranslated string: wlanap 802.11w enforced = Enforced +WARNING: untranslated string: wlanap 802.11w optional = Optional WARNING: untranslated string: wlanap auto = Automatic Channel Selection WARNING: untranslated string: wlanap broadcast ssid = Broadcast SSID WARNING: untranslated string: wlanap client isolation = Client Isolation diff --git a/doc/language_issues.fr b/doc/language_issues.fr index 632acf938..1f5654456 100644 --- a/doc/language_issues.fr +++ b/doc/language_issues.fr @@ -925,3 +925,6 @@ WARNING: untranslated string: samba server role standalone = Standalone WARNING: untranslated string: smb daemon = SMB Daemon WARNING: untranslated string: user management = User Management WARNING: untranslated string: winbind daemon = Winbind Daemon +WARNING: untranslated string: wlanap 802.11w disabled = Disabled +WARNING: untranslated string: wlanap 802.11w enforced = Enforced +WARNING: untranslated string: wlanap 802.11w optional = Optional diff --git a/doc/language_issues.it b/doc/language_issues.it index 99a7f3e8d..2f41213a8 100644 --- a/doc/language_issues.it +++ b/doc/language_issues.it @@ -1191,6 +1191,9 @@ WARNING: untranslated string: wlan client password = Password WARNING: untranslated string: wlan client tls cipher = TLS Cipher WARNING: untranslated string: wlan client tls version = TLS Version WARNING: untranslated string: wlanap = Access Point +WARNING: untranslated string: wlanap 802.11w disabled = Disabled +WARNING: untranslated string: wlanap 802.11w enforced = Enforced +WARNING: untranslated string: wlanap 802.11w optional = Optional WARNING: untranslated string: wlanap auto = Automatic Channel Selection WARNING: untranslated string: wlanap broadcast ssid = Broadcast SSID WARNING: untranslated string: wlanap client isolation = Client Isolation diff --git a/doc/language_issues.nl b/doc/language_issues.nl index 2afa7b0f3..d486349bc 100644 --- a/doc/language_issues.nl +++ b/doc/language_issues.nl @@ -1231,6 +1231,9 @@ WARNING: untranslated string: wlan client password = Password WARNING: untranslated string: wlan client tls cipher = TLS Cipher WARNING: untranslated string: wlan client tls version = TLS Version WARNING: untranslated string: wlanap = Access Point +WARNING: untranslated string: wlanap 802.11w disabled = Disabled +WARNING: untranslated string: wlanap 802.11w enforced = Enforced +WARNING: untranslated string: wlanap 802.11w optional = Optional WARNING: untranslated string: wlanap auto = Automatic Channel Selection WARNING: untranslated string: wlanap broadcast ssid = Broadcast SSID WARNING: untranslated string: wlanap client isolation = Client Isolation diff --git a/doc/language_issues.pl b/doc/language_issues.pl index 689eeca7c..e01f5aa98 100644 --- a/doc/language_issues.pl +++ b/doc/language_issues.pl @@ -1513,6 +1513,9 @@ WARNING: untranslated string: wlan client wpa mode ccmp tkip = CCMP-TKIP WARNING: untranslated string: wlan client wpa mode tkip tkip = TKIP-TKIP WARNING: untranslated string: wlan clients = Wireless clients WARNING: untranslated string: wlanap = Access Point +WARNING: untranslated string: wlanap 802.11w disabled = Disabled +WARNING: untranslated string: wlanap 802.11w enforced = Enforced +WARNING: untranslated string: wlanap 802.11w optional = Optional WARNING: untranslated string: wlanap auto = Automatic Channel Selection WARNING: untranslated string: wlanap broadcast ssid = Broadcast SSID WARNING: untranslated string: wlanap client isolation = Client Isolation diff --git a/doc/language_issues.ru b/doc/language_issues.ru index ac9715beb..cc2fe7489 100644 --- a/doc/language_issues.ru +++ b/doc/language_issues.ru @@ -1508,6 +1508,9 @@ WARNING: untranslated string: wlan client wpa mode ccmp tkip = CCMP-TKIP WARNING: untranslated string: wlan client wpa mode tkip tkip = TKIP-TKIP WARNING: untranslated string: wlan clients = Wireless clients WARNING: untranslated string: wlanap = Access Point +WARNING: untranslated string: wlanap 802.11w disabled = Disabled +WARNING: untranslated string: wlanap 802.11w enforced = Enforced +WARNING: untranslated string: wlanap 802.11w optional = Optional WARNING: untranslated string: wlanap auto = Automatic Channel Selection WARNING: untranslated string: wlanap broadcast ssid = Broadcast SSID WARNING: untranslated string: wlanap client isolation = Client Isolation diff --git a/doc/language_issues.tr b/doc/language_issues.tr index 7613e2ff7..99ead4c4a 100644 --- a/doc/language_issues.tr +++ b/doc/language_issues.tr @@ -1055,6 +1055,9 @@ WARNING: untranslated string: vpn wait = WAITING WARNING: untranslated string: vulnerability = Vulnerability WARNING: untranslated string: vulnerable = Vulnerable WARNING: untranslated string: winbind daemon = Winbind Daemon +WARNING: untranslated string: wlanap 802.11w disabled = Disabled +WARNING: untranslated string: wlanap 802.11w enforced = Enforced +WARNING: untranslated string: wlanap 802.11w optional = Optional WARNING: untranslated string: wlanap auto = Automatic Channel Selection WARNING: untranslated string: wlanap broadcast ssid = Broadcast SSID WARNING: untranslated string: wlanap client isolation = Client Isolation diff --git a/doc/language_missings b/doc/language_missings index a1fcdc334..c519c5a6a 100644 --- a/doc/language_missings +++ b/doc/language_missings @@ -61,6 +61,9 @@ < user management < vpn configuration main < winbind daemon +< wlanap 802.11w disabled +< wlanap 802.11w enforced +< wlanap 802.11w optional ############################################################################ # Checking cgi-bin translations for language: es # ############################################################################ @@ -869,6 +872,9 @@ < winbind daemon < wireless network < wlanap +< wlanap 802.11w disabled +< wlanap 802.11w enforced +< wlanap 802.11w optional < wlanap auto < wlanap broadcast ssid < wlanap client isolation @@ -958,6 +964,9 @@ < upload fcdsl.o < user management < winbind daemon +< wlanap 802.11w disabled +< wlanap 802.11w enforced +< wlanap 802.11w optional ############################################################################ # Checking cgi-bin translations for language: it # ############################################################################ @@ -1287,6 +1296,9 @@ < winbind daemon < wireless network < wlanap +< wlanap 802.11w disabled +< wlanap 802.11w enforced +< wlanap 802.11w optional < wlanap auto < wlanap broadcast ssid < wlanap client isolation @@ -1710,6 +1722,9 @@ < winbind daemon < wireless network < wlanap +< wlanap 802.11w disabled +< wlanap 802.11w enforced +< wlanap 802.11w optional < wlanap auto < wlanap broadcast ssid < wlanap client isolation @@ -2541,6 +2556,9 @@ < winbind daemon < wireless network < wlanap +< wlanap 802.11w disabled +< wlanap 802.11w enforced +< wlanap 802.11w optional < wlanap auto < wlanap broadcast ssid < wlanap client isolation @@ -3410,6 +3428,9 @@ < winbind daemon < wireless network < wlanap +< wlanap 802.11w disabled +< wlanap 802.11w enforced +< wlanap 802.11w optional < wlanap auto < wlanap broadcast ssid < wlanap client isolation @@ -3630,6 +3651,9 @@ < vulnerable < Weekly < winbind daemon +< wlanap 802.11w disabled +< wlanap 802.11w enforced +< wlanap 802.11w optional < wlanap auto < wlanap broadcast ssid < wlanap client isolation diff --git a/html/cgi-bin/wlanap.cgi b/html/cgi-bin/wlanap.cgi index 2c28d50e5..fd7e9a679 100644 --- a/html/cgi-bin/wlanap.cgi +++ b/html/cgi-bin/wlanap.cgi @@ -130,7 +130,7 @@ if ( $wlanapsettings{'ACTION'} eq "$Lang::tr{'wlanap del interface'}" ){
if ( $wlanapsettings{'ACTION'} eq "$Lang::tr{'save'}" ){ # verify WPA Passphrase - only with enabled enc - if (($wlanapsettings{'ENC'} eq "wpa1") || ($wlanapsettings{'ENC'} eq "wpa2") || ($wlanapsettings{'ENC'} eq "wpa1+2")){ + if ($wlanapsettings{'ENC'} ne "none") { # must be 8 .. 63 characters if ( (length($wlanapsettings{'PWD'}) < 8) || (length($wlanapsettings{'PWD'}) > 63)){ $errormessage .= "$Lang::tr{'wlanap invalid wpa'}<br />"; @@ -258,9 +258,10 @@ $checked{'CLIENTISOLATION'}{'off'} = ''; $checked{'CLIENTISOLATION'}{'on'} = ''; $checked{'CLIENTISOLATION'}{$wlanapsettings{'CLIENTISOLATION'}} = "checked='checked'";
-$checked{'IEEE80211W'}{'off'} = ''; -$checked{'IEEE80211W'}{'on'} = ''; -$checked{'IEEE80211W'}{$wlanapsettings{'IEEE80211W'}} = "checked='checked'"; +$selected{'IEEE80211W'}{'off'} = ''; +$selected{'IEEE80211W'}{'optional'} = ''; +$selected{'IEEE80211W'}{'on'} = ''; +$selected{'IEEE80211W'}{$wlanapsettings{'IEEE80211W'}} = "selected";
$selected{'ENC'}{$wlanapsettings{'ENC'}} = "selected='selected'"; $selected{'CHANNEL'}{$wlanapsettings{'CHANNEL'}} = "selected='selected'"; @@ -442,19 +443,20 @@ print<<END <option value='none' $selected{'ENC'}{'none'}>$Lang::tr{'wlanap none'}</option> <option value='wpa1' $selected{'ENC'}{'wpa1'}>WPA1</option> <option value='wpa2' $selected{'ENC'}{'wpa2'}>WPA2</option> + <option value='wpa3' $selected{'ENC'}{'wpa3'}>WPA3</option> <option value='wpa1+2' $selected{'ENC'}{'wpa1+2'}>WPA1+2</option> + <option value='wpa2+3' $selected{'ENC'}{'wpa2+3'}>WPA2+3</option> </select> </td></tr> <tr><td width='25%' class='base'>Passphrase: </td><td class='base' colspan='3'><input type='text' name='PWD' size='30' value='$wlanapsettings{'PWD'}' /></td></tr> <tr> <td width='25%' class='base'>$Lang::tr{'wlanap management frame protection'}: </td> <td class='base' colspan="3"> - <label> - $Lang::tr{'on'} <input type='radio' name='IEEE80211W' value='on' $checked{'IEEE80211W'}{'on'} /> - </label> | - <label> - <input type='radio' name='IEEE80211W' value='off' $checked{'IEEE80211W'}{'off'} /> $Lang::tr{'off'} - </label> + <select name="IEEE80211W"> + <option value="off" $selected{'IEEE80211W'}{'off'}>$Lang::tr{'wlanap 802.11w disabled'}</option> + <option value="optional" $selected{'IEEE80211W'}{'optional'}>$Lang::tr{'wlanap 802.11w optional'}</option> + <option value="on" $selected{'IEEE80211W'}{'on'}>$Lang::tr{'wlanap 802.11w enforced'}</option> + </select> </td> </tr> <tr><td colspan='4'><br></td></tr> @@ -684,6 +686,8 @@ END # Management Frame Protection (802.11w) if ($wlanapsettings{'IEEE80211W'} eq "on") { print CONFIGFILE "ieee80211w=2\n"; + } elsif ($wlanapsettings{'IEEE80211W'} eq "optional") { + print CONFIGFILE "ieee80211w=1\n"; } else { print CONFIGFILE "ieee80211w=0\n"; } @@ -707,6 +711,16 @@ wpa_passphrase=$wlanapsettings{'PWD'} wpa_key_mgmt=WPA-PSK rsn_pairwise=CCMP END +; + }elsif ( $wlanapsettings{'ENC'} eq 'wpa3'){ + print CONFIGFILE <<END +######################### wpa hostapd configuration ############################ +# +wpa=2 +wpa_passphrase=$wlanapsettings{'PWD'} +wpa_key_mgmt=SAE +rsn_pairwise=CCMP +END ; } elsif ( $wlanapsettings{'ENC'} eq 'wpa1+2'){ print CONFIGFILE <<END @@ -718,6 +732,16 @@ wpa_key_mgmt=WPA-PSK wpa_pairwise=TKIP rsn_pairwise=CCMP END +; + }elsif ( $wlanapsettings{'ENC'} eq 'wpa2+3'){ + print CONFIGFILE <<END +######################### wpa hostapd configuration ############################ +# +wpa=2 +wpa_passphrase=$wlanapsettings{'PWD'} +wpa_key_mgmt=WPA-PSK SAE +rsn_pairwise=CCMP +END ; } close CONFIGFILE; diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 0b4f098a7..d00de3d03 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -2962,6 +2962,9 @@ 'wlan client wpa mode tkip tkip' => 'TKIP-TKIP', 'wlan clients' => 'Wireless clients', 'wlanap' => 'Access Point', +'wlanap 802.11w disabled' => 'Disabled', +'wlanap 802.11w enforced' => 'Enforced', +'wlanap 802.11w optional' => 'Optional', 'wlanap auto' => 'Automatic Channel Selection', 'wlanap broadcast ssid' => 'Broadcast SSID', 'wlanap channel' => 'Channel', diff --git a/lfs/amavisd b/lfs/amavisd deleted file mode 100644 index 43d3c6060..000000000 --- a/lfs/amavisd +++ /dev/null @@ -1,94 +0,0 @@ -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2007-2019 IPFire Team info@ipfire.org # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see http://www.gnu.org/licenses/. # -# # -############################################################################### - -############################################################################### -# Definitions -############################################################################### - -include Config - -VER = 2.11.1 - -THISAPP = amavisd-new-$(VER) -DL_FILE = $(THISAPP).tar.bz2 -DL_FROM = $(URL_IPFIRE) -DIR_APP = $(DIR_SRC)/$(THISAPP) -TARGET = $(DIR_INFO)/$(THISAPP) -PROG = amavisd -PAK_VER = 3 - -DEPS = clamav spamassassin perl-Net-LibIDN - -############################################################################### -# Top-level Rules -############################################################################### - -objects = $(DL_FILE) - -$(DL_FILE) = $(DL_FROM)/$(DL_FILE) - -$(DL_FILE)_MD5 = f89fc043c790e35137121e45f2890703 - -install : $(TARGET) - -check : $(patsubst %,$(DIR_CHK)/%,$(objects)) - -download :$(patsubst %,$(DIR_DL)/%,$(objects)) - -md5 : $(subst %,%_MD5,$(objects)) - -dist: - @$(PAK) - -############################################################################### -# Downloading, checking, md5sum -############################################################################### - -$(patsubst %,$(DIR_CHK)/%,$(objects)) : - @$(CHECK) - -$(patsubst %,$(DIR_DL)/%,$(objects)) : - @$(LOAD) - -$(subst %,%_MD5,$(objects)) : - @$(MD5) - -############################################################################### -# Installation Details -############################################################################### - -$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) - @$(PREBUILD) - @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar xf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && cp -f amavisd /usr/bin - chown root.root /usr/bin/amavisd - chmod 755 /usr/bin/amavisd - - #install initscripts - $(call INSTALL_INITSCRIPT,amavisd) - - cp -fv $(DIR_SRC)/config/amavisd/amavisd.conf /etc - chown root.root /etc/amavisd.conf - chmod 644 /etc/amavisd.conf - -mkdir -p /var/amavis/{db,tmp} /var/virusmails - chown amavis.amavis -Rv /var/{amavis,virusmails} - chmod 750 -Rv /var/{amavis,virusmails} - @rm -rf $(DIR_APP) - @$(POSTBUILD) diff --git a/lfs/hostapd b/lfs/hostapd index b208c732d..f70d09f4b 100644 --- a/lfs/hostapd +++ b/lfs/hostapd @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = hostapd -PAK_VER = 51 +PAK_VER = 52
DEPS =
diff --git a/lfs/perl-Net-LibIDN b/lfs/perl-Net-LibIDN deleted file mode 100644 index a9ec173b9..000000000 --- a/lfs/perl-Net-LibIDN +++ /dev/null @@ -1,83 +0,0 @@ -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2007-2019 IPFire Team info@ipfire.org # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see http://www.gnu.org/licenses/. # -# # -############################################################################### - - -############################################################################### -# Definitions -############################################################################### -include Config -VER = 0.12 - -THISAPP = Net-LibIDN-$(VER) -DL_FILE = ${THISAPP}.tar.gz -DL_FROM = $(URL_IPFIRE) -DIR_APP = $(DIR_SRC)/$(THISAPP) -TARGET = $(DIR_INFO)/$(THISAPP) - -PROG = perl-Net-LibIDN -DEPS = -PAK_VER = 1 - -############################################################################### -# Top-level Rules -############################################################################### - -objects = $(DL_FILE) - -$(DL_FILE) = $(DL_FROM)/$(DL_FILE) - -$(DL_FILE)_MD5 = c3e4de2065009d67bcb1df0afb473e12 - -install : $(TARGET) - -check : $(patsubst %,$(DIR_CHK)/%,$(objects)) - -download :$(patsubst %,$(DIR_DL)/%,$(objects)) - -md5 : $(subst %,%_MD5,$(objects)) - -dist: - @$(PAK) - -############################################################################### -# Downloading, checking, md5sum -############################################################################### - -$(patsubst %,$(DIR_CHK)/%,$(objects)) : - @$(CHECK) - -$(patsubst %,$(DIR_DL)/%,$(objects)) : - @$(LOAD) - -$(subst %,%_MD5,$(objects)) : - @$(MD5) - -############################################################################### -# Installation Details -############################################################################### - -$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) - @$(PREBUILD) - @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && perl Makefile.PL - cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE) - cd $(DIR_APP) && make install - @rm -rf $(DIR_APP) - @$(POSTBUILD) diff --git a/lfs/spamassassin b/lfs/spamassassin deleted file mode 100644 index d1ad7ddd7..000000000 --- a/lfs/spamassassin +++ /dev/null @@ -1,88 +0,0 @@ -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2007-2019 IPFire Team info@ipfire.org # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see http://www.gnu.org/licenses/. # -# # -############################################################################### - -############################################################################### -# Definitions -############################################################################### - -include Config - -VER = 3.4.2 - -THISAPP = Mail-SpamAssassin-$(VER) -DL_FILE = $(THISAPP).tar.bz2 -DL_FROM = $(URL_IPFIRE) -DIR_APP = $(DIR_SRC)/$(THISAPP) -TARGET = $(DIR_INFO)/$(THISAPP) -PROG = spamassassin -PAK_VER = 3 - -DEPS = - -############################################################################### -# Top-level Rules -############################################################################### - -objects = $(DL_FILE) - -$(DL_FILE) = $(DL_FROM)/$(DL_FILE) - -$(DL_FILE)_MD5 = 4f4c38a7cd4ae3e3750895ae21d2fc78 - -install : $(TARGET) - -check : $(patsubst %,$(DIR_CHK)/%,$(objects)) - -download :$(patsubst %,$(DIR_DL)/%,$(objects)) - -md5 : $(subst %,%_MD5,$(objects)) - -dist: - @$(PAK) - -############################################################################### -# Downloading, checking, md5sum -############################################################################### - -$(patsubst %,$(DIR_CHK)/%,$(objects)) : - @$(CHECK) - -$(patsubst %,$(DIR_DL)/%,$(objects)) : - @$(LOAD) - -$(subst %,%_MD5,$(objects)) : - @$(MD5) - -############################################################################### -# Installation Details -############################################################################### - -$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) - @$(PREBUILD) - @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && yes 'n' | perl Makefile.PL - cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE) - cd $(DIR_APP) && make install - - #install initscripts - $(call INSTALL_INITSCRIPT,spamassassin) - - @rm -rf $(DIR_APP) - @$(POSTBUILD) diff --git a/lfs/suricata b/lfs/suricata index f981232a2..e89bf1e63 100644 --- a/lfs/suricata +++ b/lfs/suricata @@ -24,7 +24,7 @@
include Config
-VER = 5.0.4 +VER = 6.0.0
THISAPP = suricata-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = c08809d5641a790a95a56d4dc7eba2f2 +$(DL_FILE)_MD5 = bbddcf2f209930206ef21977d40120d2
install : $(TARGET)
diff --git a/make.sh b/make.sh index 9ddfd4c07..11de06e4c 100755 --- a/make.sh +++ b/make.sh @@ -26,7 +26,7 @@ NAME="IPFire" # Software name SNAME="ipfire" # Short name # If you update the version don't forget to update backupiso and add it to core update VERSION="2.25" # Version number -CORE="152" # Core Level (Filename) +CORE="153" # Core Level (Filename) SLOGAN="www.ipfire.org" # Software slogan CONFIG_ROOT=/var/ipfire # Configuration rootdir NICE=10 # Nice level @@ -1417,9 +1417,6 @@ buildipfire() { lfsmake2 fetchmail lfsmake2 clamav lfsmake2 perl-NetAddr-IP - lfsmake2 spamassassin - lfsmake2 perl-Net-LibIDN - lfsmake2 amavisd lfsmake2 dma lfsmake2 alsa lfsmake2 mpfire diff --git a/src/initscripts/packages/amavisd b/src/initscripts/packages/amavisd deleted file mode 100644 index 115ffe973..000000000 --- a/src/initscripts/packages/amavisd +++ /dev/null @@ -1,45 +0,0 @@ -#!/bin/sh -######################################################################## -# Begin $rc_base/init.d/amavisd -# -# Description : Amavisd Init Script -# -# Authors : Michael Tremer (ms@ipfire.org) -# -# Version : 01.00 -# -# Notes : -# -######################################################################## - -. /etc/sysconfig/rc -. ${rc_functions} - -case "${1}" in - start) - boot_mesg "Starting AMaViS Daemon..." - loadproc /usr/bin/amavisd - ;; - - stop) - boot_mesg "Stopping AMaViS Daemon..." - killproc /usr/bin/amavisd - ;; - - restart) - ${0} stop - sleep 1 - ${0} start - ;; - - status) - statusproc /usr/bin/amavisd - ;; - - *) - echo "Usage: ${0} {start|stop|restart|status}" - exit 1 - ;; -esac - -# End $rc_base/init.d/amavisd diff --git a/src/initscripts/packages/spamassassin b/src/initscripts/packages/spamassassin deleted file mode 100644 index 73403a8ec..000000000 --- a/src/initscripts/packages/spamassassin +++ /dev/null @@ -1,45 +0,0 @@ -#!/bin/sh -######################################################################## -# Begin $rc_base/init.d/spamassassin -# -# Description : Spamassassin Init Script -# -# Authors : Michael Tremer (ms@ipfire.org) -# -# Version : 01.00 -# -# Notes : -# -######################################################################## - -. /etc/sysconfig/rc -. ${rc_functions} - -case "${1}" in - start) - boot_mesg "Starting Spamassassin Daemon..." - loadproc -n 10 /usr/bin/spamd -d - ;; - - stop) - boot_mesg "Stopping Spamassassin Daemon..." - killproc /usr/bin/spamd - ;; - - restart) - ${0} stop - sleep 1 - ${0} start - ;; - - status) - statusproc /usr/bin/spamd - ;; - - *) - echo "Usage: ${0} {start|stop|restart|status}" - exit 1 - ;; -esac - -# End $rc_base/init.d/spamassassin
hooks/post-receive -- IPFire 2.x development tree