diff options
| -rw-r--r-- | config/freeradius2/freeradiuseapconf.xml | 2 | ||||
| -rw-r--r-- | config/haproxy-devel/pkg/haproxy.inc | 17 | ||||
| -rw-r--r-- | config/haproxy-devel/pkg/haproxy_utils.inc | 41 | ||||
| -rw-r--r-- | config/haproxy-devel/www/haproxy_listeners_edit.php | 3 | ||||
| -rw-r--r-- | config/haproxy-devel/www/haproxy_pool_edit.php | 2 | ||||
| -rw-r--r-- | config/openbgpd/openbgpd.inc | 116 | ||||
| -rw-r--r-- | config/openbgpd/openbgpd.xml | 14 | ||||
| -rwxr-xr-x | config/snort/snort.inc | 2 | ||||
| -rwxr-xr-x | config/snort/snort.xml | 4 | ||||
| -rw-r--r-- | config/snort/snort_defs.inc | 4 | ||||
| -rw-r--r-- | config/snort/snort_generate_conf.php | 7 | ||||
| -rw-r--r-- | config/snort/snort_migrate_config.php | 2 | ||||
| -rw-r--r-- | config/snort/snort_post_install.php | 4 | ||||
| -rw-r--r-- | config/syslog-ng/syslog-ng.inc | 6 | ||||
| -rw-r--r-- | pkg_config.10.xml | 41 | ||||
| -rw-r--r-- | pkg_config.8.xml | 2 | ||||
| -rw-r--r-- | pkg_config.8.xml.amd64 | 2 |
17 files changed, 214 insertions, 55 deletions
diff --git a/config/freeradius2/freeradiuseapconf.xml b/config/freeradius2/freeradiuseapconf.xml index 947ef6b9..a5ea88bd 100644 --- a/config/freeradius2/freeradiuseapconf.xml +++ b/config/freeradius2/freeradiuseapconf.xml @@ -470,7 +470,7 @@ <field> <fielddescr>Microsoft Statement of Health (SoH) Support</fielddescr> <fieldname>vareapconfpeapsohenable</fieldname> - <description><![CDATA[You can accept/reject clients based on Microsoft's Statement of Health, such as if they are missing Windows updates, don't have a firewall enabled, antivirus not in line with policy, etc. You need to change server-file for your needs. It cannot be changed from GUI and will be deleted after package reinstallation. (/usr/local/etc/raddb/sites-available/soh). (Default: no)]]></description> + <description><![CDATA[You can accept/reject clients based on Microsoft's Statement of Health, such as if they are missing Windows updates, don't have a firewall enabled, antivirus not in line with policy, etc. You need to change server-file for your needs. It cannot be changed from GUI and will be deleted after package reinstallation. (/usr/local/etc/raddb/sites-available/soh). (Default: Disable)]]></description> <type>select</type> <default_value>Disable</default_value> <options> diff --git a/config/haproxy-devel/pkg/haproxy.inc b/config/haproxy-devel/pkg/haproxy.inc index 6e07625f..eceef783 100644 --- a/config/haproxy-devel/pkg/haproxy.inc +++ b/config/haproxy-devel/pkg/haproxy.inc @@ -957,18 +957,23 @@ function haproxy_write_certificate_crl($filename, $crlid, $append = false) { unset($crl); } -function haproxy_write_certificate_fullchain($filename, $certid, $append = false) { +function haproxy_write_certificate_fullchain($filename, $certid, $append = false, $skiproot = true) { $cert = haproxy_lookup_cert($certid); $certcontent = base64_decode($cert['crt']); if (isset($cert['prv'])) $certcontent .= "\r\n".base64_decode($cert['prv']); - $certchaincontent = ca_chain($cert); - if ($certchaincontent != "") { - $certcontent .= "\r\n" . $certchaincontent; + $ca = $cert; + while(!empty($ca['caref'])) { + $ca = lookup_ca($ca['caref']); + if ($ca) { + if ($skiproot && (cert_get_subject($ca['crt']) == cert_get_issuer($ca['crt']))) + break; + $certcontent .= "\r\n" . base64_decode($ca['crt']); + } else + break; } - unset($certchaincontent); $flags = $append ? FILE_APPEND : 0; file_put_contents($filename, $certcontent, $flags); unset($certcontent); @@ -1155,7 +1160,7 @@ function haproxy_writeconf($configpath) { if ($frontend['sslocsp'] == 'yes') { if (!empty(haproxy_getocspurl($filename))) { haproxy_write_certificate_issuer($filename . ".issuer", $frontend['ssloffloadcert']); - touch($filename . ".ocsp"); + touch($filename . ".ocsp");//create initial empty file. this will trigger updates, and inform haproxy it 'should' be using ocsp } } diff --git a/config/haproxy-devel/pkg/haproxy_utils.inc b/config/haproxy-devel/pkg/haproxy_utils.inc index 3d841a25..ec72b986 100644 --- a/config/haproxy-devel/pkg/haproxy_utils.inc +++ b/config/haproxy-devel/pkg/haproxy_utils.inc @@ -39,32 +39,37 @@ class haproxy_utils { public function query_dns($host, $querytype="A,AAAA") { $result = array(); $types = explode(',',$querytype); - $recordtypes = 0; + $recordtype = 0; foreach($types as $type){ switch ($type) { case 'A': - $recordtypes += DNS_A; + $recordtype = DNS_A; break; case 'AAAA': - $recordtypes += DNS_AAAA; + $recordtype = DNS_AAAA; break; } - } - if ($recordtypes == 0) - return $result; - - $dnsresult = dns_get_record($host, $recordtypes); - foreach($dnsresult as $item) { - $newitem["typeid"] = $item['type']; - switch ($item['type']) { - case 'A': - $newitem["data"] = $item['ip']; - break; - case 'AAAA': - $newitem["data"] = $item['ipv6']; - break; + if ($recordtype != 0) { + //query one type at a time, querying multiple types in one call dns_get_record fails if one is not present.. + $errreporting = error_reporting(); + error_reporting($errreporting & ~E_WARNING);// dns_get_record throws a warning if nothing is resolved.. + $dnsresult = dns_get_record($host, $recordtype); + error_reporting($errreporting); + if (is_array($dnsresult)) { + foreach($dnsresult as $item) { + $newitem["typeid"] = $item['type']; + switch ($item['type']) { + case 'A': + $newitem["data"] = $item['ip']; + break; + case 'AAAA': + $newitem["data"] = $item['ipv6']; + break; + } + $result[] = $newitem; + } + } } - $result[] = $newitem; } return $result; } diff --git a/config/haproxy-devel/www/haproxy_listeners_edit.php b/config/haproxy-devel/www/haproxy_listeners_edit.php index 5b726d08..6998e099 100644 --- a/config/haproxy-devel/www/haproxy_listeners_edit.php +++ b/config/haproxy-devel/www/haproxy_listeners_edit.php @@ -811,7 +811,8 @@ $primaryfrontends = get_haproxy_frontends($excludefrontend); <input type='text' name='dcertadv' size="64" id='dcertadv' <?if(isset($pconfig['dcertadv'])) echo 'value="'.htmlspecialchars($pconfig['dcertadv']).'"';?> /> <br/> NOTE: Paste additional ssl options(without commas) to include on ssl listening options.<br/> - some options: force-sslv3, force-tlsv10 force-tlsv11 force-tlsv12 no-sslv3 no-tlsv10 no-tlsv11 no-tlsv12 no-tls-tickets + some options: force-sslv3, force-tlsv10 force-tlsv11 force-tlsv12 no-sslv3 no-tlsv10 no-tlsv11 no-tlsv12 no-tls-tickets<br/> + Example: no-sslv3 ciphers EECDH+aRSA+AES:TLSv1+kRSA+AES:TLSv1+kRSA+3DES </td> </tr> <tr class="haproxy_ssloffloading_enabled haproxy_primary"> diff --git a/config/haproxy-devel/www/haproxy_pool_edit.php b/config/haproxy-devel/www/haproxy_pool_edit.php index 5e38b12d..0824e45c 100644 --- a/config/haproxy-devel/www/haproxy_pool_edit.php +++ b/config/haproxy-devel/www/haproxy_pool_edit.php @@ -961,7 +961,7 @@ set by the 'retries' parameter.</div> <td colspan="2" valign="top" class="listtopic">Advanced</td> </tr> <tr class="" align="left" id='Strict-Transport-Security'> - <td width="22%" valign="top" class="vncell">Strict-Transport-Security</td> + <td width="22%" valign="top" class="vncell">HSTS Strict-Transport-Security</td> <td width="78%" class="vtable" colspan="2"> When configured enables "HTTP Strict Transport Security" leave empty to disable. (only used on 'http' frontends)<br/> <b>WARNING! the domain will only work over https with a valid certificate!</b><br/> diff --git a/config/openbgpd/openbgpd.inc b/config/openbgpd/openbgpd.inc index c625cff8..038ffa11 100644 --- a/config/openbgpd/openbgpd.inc +++ b/config/openbgpd/openbgpd.inc @@ -191,6 +191,46 @@ function openbgpd_install_conf() { @chmod("{$bgpd_config_base}/bgpd.conf", 0600); unset($conffile); + $carp_ip_status_check = ""; + if (is_ipaddr($openbgpd_conf['carpstatusip'])) { + + $pfs_version = substr(trim(file_get_contents("/etc/version")),0,3); + switch ($pfs_version) { + case "2.0": + case "2.1": + /* Check for 2.1 and before */ + $carpcheckinterface = trim(find_carp_interface($openbgpd_conf['carpstatusip'])); + $carp_ip_status_check = <<<EOF + +CARP_STATUS=`/sbin/ifconfig {$carpcheckinterface} | /usr/bin/grep carp: | /usr/bin/awk '{print \$2;}'` +if [ \${CARP_STATUS} != "MASTER" ]; then + exit; +fi + +EOF; + break; + case "2.2": + default: + /* Check for 2.2 and later */ + if (is_array($config['virtualip']['vip'])) { + foreach ($config['virtualip']['vip'] as $vip) { + if (($vip['mode'] == "carp") && ($vip['subnet'] == $openbgpd_conf['carpstatusip'])) { + $carpcheckinterface = escapeshellarg(get_real_interface($vip['interface'])); + $vhid = escapeshellarg($vip['vhid']); + $carp_ip_status_check = <<<EOF + +CARP_STATUS=`/sbin/ifconfig {$carpcheckinterface} | /usr/bin/grep 'carp:' | /usr/bin/grep 'vhid {$vhid}' | /usr/bin/awk '{print \$2;}'` +if [ \${CARP_STATUS} != "MASTER" ]; then + exit; +fi +EOF; + } + } + } + break; + } + } + // Create rc.d file $rc_file_stop = <<<EOF killall -TERM bgpd @@ -210,6 +250,7 @@ fi NUMBGPD=`ps auxw | grep -c '[b]gpd.*parent'` if [ \${NUMBGPD} -lt 1 ] ; then + {$carp_ip_status_check} {$pkg_bin}/bgpd -f {$bgpd_config_base}/bgpd.conf else {$pkg_bin}/bgpctl reload @@ -225,13 +266,36 @@ EOF; $_gb = exec("/sbin/sysctl net.inet.ip.ipsec_in_use=1"); // bgpd process running? if so reload, else start. + + // Kick off newly created rc.d script + if (is_ipaddr($openbgpd_conf['carpstatusip'])) { + $status = openbgpd_get_carp_status_by_ip($openbgpd_conf['carpstatusip']); + switch (strtoupper($status)) { + // Stop the service if the VIP is in BACKUP or INIT state. + case "BACKUP": + case "INIT": + exec("/usr/local/etc/rc.d/bgpd.sh stop"); + break; + // Start the service if the VIP is MASTER state. + case "MASTER": + // Assume it's up if the status can't be determined. + default: + openbgpd_restart(); + break; + } + } else { + openbgpd_restart(); + } + + conf_mount_ro(); +} + +function openbgpd_restart() { if(is_openbgpd_running() == true) { exec("{$pkg_bin}/bgpctl reload"); } else { exec("{$pkg_bin}/bgpd -f {$bgpd_config_base}/bgpd.conf"); } - - conf_mount_ro(); } // get the raw openbgpd confi file for manual inspection/editing @@ -362,4 +426,52 @@ function is_openbgpd_running() { return false; } +function openbgpd_get_carp_status_by_ip($ipaddr) { + $iface = trim(find_carp_interface($ipaddr)); + if ($iface) { + $status = get_carp_interface_status($iface); + // If there is no status for that interface, return null. + if (!$status) + $status = null; + } else { + // If there is no VIP by that IP, return null. + $status = null; + } + return $status; +} + +function openbgpd_plugin_carp($pluginparams) { + global $config; + require_once("service-utils.inc"); + // Called when a CARP interface changes state + // $pluginparams['event'] either 'rc.carpmaster' or 'rc.carpbackup' + // $pluginparams['interface'] contains the affected interface + + /* If there is no bgp config, then stop */ + if(is_array($config['installedpackages']['openbgpd']['config'])) { + $openbgpd_conf = &$config['installedpackages']['openbgpd']['config'][0]; + } else { + return null; + } + /* If there is no properly configured CARP status check IP, then stop */ + if (!is_ipaddr($openbgpd_conf['carpstatusip'])) { + return null; + } + list($vhid, $iface) = explode("@", trim($pluginparams['interface'])); + $friendly = convert_real_interface_to_friendly_interface_name($iface); + $carp_iface = "{$friendly}_vip${vhid}"; + + /* If this CARP transition is not from the IP address to check, then stop. */ + if (get_interface_ip($carp_iface) != $openbgpd_conf['carpstatusip']) { + return null; + } + + /* Start or stop the service as needed based on the CARP transition. */ + if ($pluginparams['event'] == "rc.carpmaster") { + start_service("bgpd"); + } elseif ($pluginparams['event'] == "rc.carpbackup") { + stop_service("bgpd"); + } +} + ?> diff --git a/config/openbgpd/openbgpd.xml b/config/openbgpd/openbgpd.xml index ff40452a..e7d77786 100644 --- a/config/openbgpd/openbgpd.xml +++ b/config/openbgpd/openbgpd.xml @@ -105,6 +105,11 @@ <url>/openbgpd_status.php</url> </tab> </tabs> + <plugins> + <item> + <type>plugin_carp</type> + </item> + </plugins> <fields> <field> <fielddescr>Autonomous Systems (AS) Number</fielddescr> @@ -143,8 +148,13 @@ <description>Set the router ID to the given IP address, which must be local to the machine.</description> <type>input</type> </field> - - + <field> + <fielddescr>CARP Status IP</fielddescr> + <fieldname>carpstatusip</fieldname> + <description>IP address used to determine the CARP status. When the VIP is in BACKUP status, bgpd will not be started. <br/>NOTE: On 2.1.x and before this requires changes to /etc/rc.carpmaster to start bgpd and /etc/rc.carpbackup to stop bgpd or it will not be fully effective. On pfSense 2.2.x and later, full support is automatic.</description> + <type>input</type> + <size>25</size> + </field> <field> <fielddescr>Networks</fielddescr> <fieldname>network</fieldname> diff --git a/config/snort/snort.inc b/config/snort/snort.inc index 64ab6ea5..bb5ff792 100755 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -40,7 +40,7 @@ require_once("filter.inc"); require("/usr/local/pkg/snort/snort_defs.inc"); // Snort GUI needs some extra PHP memory space to manipulate large rules arrays -ini_set("memory_limit", "256M"); +ini_set("memory_limit", "384M"); // Explicitly declare this as global so it works through function call includes global $g, $config, $rebuild_rules, $pfSense_snort_version; diff --git a/config/snort/snort.xml b/config/snort/snort.xml index 1f1a7d24..c9401f05 100755 --- a/config/snort/snort.xml +++ b/config/snort/snort.xml @@ -46,8 +46,8 @@ <requirements>None</requirements> <faq>Currently there are no FAQ items provided.</faq> <name>Snort</name> - <version>2.9.7.2</version> - <title>Services:2.9.7.2 pkg v3.2.4</title> + <version>2.9.7.3</version> + <title>Services:2.9.7.3 pkg v3.2.5</title> <include_file>/usr/local/pkg/snort/snort.inc</include_file> <menu> <name>Snort</name> diff --git a/config/snort/snort_defs.inc b/config/snort/snort_defs.inc index 912fa3d3..3f5c82e5 100644 --- a/config/snort/snort_defs.inc +++ b/config/snort/snort_defs.inc @@ -5,7 +5,7 @@ * Copyright (C) 2006 Scott Ullrich * Copyright (C) 2009-2010 Robert Zelaya * Copyright (C) 2011-2012 Ermal Luci - * Copyright (C) 2013,2014 Bill Meeks + * Copyright (C) 2013-2015 Bill Meeks * part of pfSense * All rights reserved. * @@ -55,7 +55,7 @@ if (!defined("SNORT_BIN_VERSION")) { if (!empty($snortver[0])) define("SNORT_BIN_VERSION", $snortver[0]); else - define("SNORT_BIN_VERSION", "2.9.7.2"); + define("SNORT_BIN_VERSION", "2.9.7.3"); } if (!defined("SNORT_SID_MODS_PATH")) define('SNORT_SID_MODS_PATH', "{$g['vardb_path']}/snort/sidmods/"); diff --git a/config/snort/snort_generate_conf.php b/config/snort/snort_generate_conf.php index 297e833b..646697bf 100644 --- a/config/snort/snort_generate_conf.php +++ b/config/snort/snort_generate_conf.php @@ -876,9 +876,9 @@ if (is_array($snortcfg['wlist_files']['item'])) { } } if (!empty($blist_files)) - $ip_lists = $blist_files; + $ip_lists = ", \\ \n\t" . $blist_files; if (!empty($wlist_files)) - $ip_lists .= ", \\ \n" . $wlist_files; + $ip_lists .= ", \\ \n\t" . $wlist_files; if ($snortcfg['iprep_scan_local'] == 'on') $ip_lists .= ", \\ \n\tscan_local"; @@ -888,8 +888,7 @@ preprocessor reputation: \ memcap {$snortcfg['iprep_memcap']}, \ priority {$snortcfg['iprep_priority']}, \ nested_ip {$snortcfg['iprep_nested_ip']}, \ - white {$snortcfg['iprep_white']}, \ - {$ip_lists} + white {$snortcfg['iprep_white']}{$ip_lists} EOD; diff --git a/config/snort/snort_migrate_config.php b/config/snort/snort_migrate_config.php index 941a8151..dcc5aa76 100644 --- a/config/snort/snort_migrate_config.php +++ b/config/snort/snort_migrate_config.php @@ -533,7 +533,7 @@ unset($r); // Log a message if we changed anything if ($updated_cfg) { - $config['installedpackages']['snortglobal']['snort_config_ver'] = "3.2.4"; + $config['installedpackages']['snortglobal']['snort_config_ver'] = "3.2.5"; log_error("[Snort] Settings successfully migrated to new configuration format..."); } else diff --git a/config/snort/snort_post_install.php b/config/snort/snort_post_install.php index f93f1c87..7b931246 100644 --- a/config/snort/snort_post_install.php +++ b/config/snort/snort_post_install.php @@ -263,8 +263,8 @@ if (stristr($config['widgets']['sequence'], "snort_alerts-container") === FALSE) $config['widgets']['sequence'] .= ",{$snort_widget_container}"; /* Update Snort package version in configuration */ -$config['installedpackages']['snortglobal']['snort_config_ver'] = "3.2.4"; -write_config("Snort pkg v3.2.4: post-install configuration saved."); +$config['installedpackages']['snortglobal']['snort_config_ver'] = "3.2.5"; +write_config("Snort pkg v3.2.5: post-install configuration saved."); /* Done with post-install, so clear flag */ unset($g['snort_postinstall']); diff --git a/config/syslog-ng/syslog-ng.inc b/config/syslog-ng/syslog-ng.inc index 818ae123..bbec3a7c 100644 --- a/config/syslog-ng/syslog-ng.inc +++ b/config/syslog-ng/syslog-ng.inc @@ -37,7 +37,11 @@ require_once('service-utils.inc'); if(!function_exists("filter_configure")) require_once("filter.inc"); -define("SYSLOGNG_BASEDIR", "/usr/pbi/syslog-ng-" . php_uname("m") . "/"); +$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); +if ($pf_version == "2.1" || $pf_version == "2.2") + define("SYSLOGNG_BASEDIR", "/usr/pbi/syslog-ng-" . php_uname("m") . "/"); +else + define("SYSLOGNG_BASEDIR", "/usr/local/"); function syslogng_get_real_interface_address($interface) { $interface = convert_friendly_interface_to_real_interface_name($interface); diff --git a/pkg_config.10.xml b/pkg_config.10.xml index 560c8426..66b3360e 100644 --- a/pkg_config.10.xml +++ b/pkg_config.10.xml @@ -2,7 +2,7 @@ <!-- pfSense packages --> <pfsensepkgs> <copy_packages_to_host_ssh_port>22</copy_packages_to_host_ssh_port> -<copy_packages_to_host_ssh>packagecopy@files.pfsense.org</copy_packages_to_host_ssh> +<copy_packages_to_host_ssh>packagecopy@files.atx.pfsense.org</copy_packages_to_host_ssh> <copy_packages_to_folder_ssh>/usr/local/www/files/packages/10/All/</copy_packages_to_folder_ssh> <depends_on_package_base_url>https://files.pfsense.org/packages/10/All/</depends_on_package_base_url> <packages> @@ -49,6 +49,7 @@ <maintainer>marcellocoutinho@gmail.com robreg@zsurob.hu</maintainer> <configurationfile>asterisk.xml</configurationfile> <after_install_info>Please visit the Asterisk tab on status menu.</after_install_info> + <maximum_version>2.2.999</maximum_version> </package> <package> <name>bind</name> @@ -69,6 +70,7 @@ <port>dns/bind99</port> </build_pbi> <build_options>bind_UNSET_FORCE=IDN REPLACE_BASE FIXED_RRSET GSSAPI LARGE_FILE;bind_SET_FORCE=IPV6 LINKS SSL THREADS XML DLZ_FILESYSTEM FILTER_AAAA SIGCHASE RRL</build_options> + <maximum_version>2.2.999</maximum_version> </package> <package> <name>Filer</name> @@ -82,6 +84,7 @@ <required_version>2.2</required_version> <maintainer>bscholer@cshl.edu</maintainer> <configurationfile>filer.xml</configurationfile> + <maximum_version>2.2.999</maximum_version> </package> <package> <name>Strikeback</name> @@ -172,7 +175,7 @@ Supports ACLs for smart backend switching.]]></descr> <website>http://haproxy.1wt.eu/</website> <category>Services</category> - <version>0.24</version> + <version>0.26</version> <status>Release</status> <required_version>2.2</required_version> <config_file>https://packages.pfsense.org/packages/config/haproxy-devel/haproxy.xml</config_file> @@ -186,7 +189,7 @@ <custom_name>haproxy-devel</custom_name> <port>net/haproxy-devel</port> </build_pbi> - <build_options>WITH_OPENSSL_PORT=yes;haproxy_UNSET_FORCE=DPCRE;haproxy_SET_FORCE=OPENSSL SPCRE</build_options> + <build_options>WITH_OPENSSL_PORT=yes;haproxy_UNSET_FORCE=DPCRE;haproxy_SET_FORCE=OPENSSL SPCRE LUA</build_options> </package> <package> <name>Apache with mod_security-dev</name> @@ -216,6 +219,7 @@ </build_pbi> <build_options>apache24_UNSET_FORCE=MPM_PREFORK;apache24_SET_FORCE=MPM_EVENT SLOTMEM_SHM MOST_ENABLED_MODULES MPM_SHARED SESSION_ENABLED_MODULES PROXY_ENABLED_MODULES SESSION_ENABLED_MODULES;mod_security_SET_FORCE=MLOGC</build_options> <after_install_info>Please visit the ProxyServer settings tab and set the service up so that it may be started.</after_install_info> + <maximum_version>2.2.999</maximum_version> </package> <package> <name>Proxy Server with mod_security</name> @@ -328,6 +332,7 @@ <status>Stable</status> <required_version>2.2</required_version> <configurationfile>tftp.xml</configurationfile> + <maximum_version>2.2.999</maximum_version> </package> <package> <name>PHPService</name> @@ -392,14 +397,14 @@ <category>Security</category> <run_depends>bin/snort:security/snort</run_depends> <port_category>security</port_category> - <depends_on_package_pbi>snort-2.9.7.2-##ARCH##.pbi</depends_on_package_pbi> + <depends_on_package_pbi>snort-2.9.7.3-##ARCH##.pbi</depends_on_package_pbi> <build_pbi> <port>security/snort</port> <ports_after>security/barnyard2</ports_after> </build_pbi> <build_options>barnyard2_UNSET_FORCE=ODBC PGSQL PRELUDE;barnyard2_SET_FORCE=GRE IPV6 MPLS MYSQL PORT_PCAP BRO;snort_SET_FORCE=BARNYARD PERFPROFILE SOURCEFIRE GRE IPV6 NORMALIZER APPID;snort_UNSET_FORCE=PULLEDPORK FILEINSPECT HA</build_options> <config_file>https://packages.pfsense.org/packages/config/snort/snort.xml</config_file> - <version>3.2.4</version> + <version>3.2.5</version> <required_version>2.2</required_version> <status>Stable</status> <configurationfile>/snort.xml</configurationfile> @@ -421,6 +426,7 @@ <status>Stable</status> <required_version>2.2</required_version> <configurationfile>olsrd.xml</configurationfile> + <maximum_version>2.2.999</maximum_version> </package> <package> <name>routed</name> @@ -454,6 +460,7 @@ <facilityname>spamd</facilityname> <logfilename>spamd.log</logfilename> </logging> + <maximum_version>2.2.999</maximum_version> </package> <package> <name>Postfix Forwarder</name> @@ -476,6 +483,7 @@ <port>mail/postfix</port> </build_pbi> <build_options>postfix_SET_FORCE=PCRE SASL2 SPF TLS</build_options> + <maximum_version>2.2.999</maximum_version> </package> <package> <name>Dansguardian</name> @@ -523,6 +531,7 @@ <ports_after>shells/bash mail/pyzor mail/dcc-dccd security/clamav mail/spamassassin</ports_after> </build_pbi> <build_options>mailscanner_UNSET_FORCE=BDC CLAMAVMODULE;mailscanner_SET_FORCE=SPAMASSASSIN CLAMAV;spamassassin_SET_FORCE=DCC</build_options> + <maximum_version>2.2.999</maximum_version> </package> <package> <name>siproxd</name> @@ -553,7 +562,7 @@ <build_pbi> <port>net/openbgpd</port> </build_pbi> - <version>0.9.3_2</version> + <version>0.9.3_3</version> <status>STABLE</status> <pkginfolink>https://doc.pfsense.org/index.php/OpenBGPD_package</pkginfolink> <required_version>2.2</required_version> @@ -602,6 +611,7 @@ </build_pbi> <build_options>sarg_UNSET_FORCE=PHP</build_options> <after_install_info>Please visit sarg settings on Status Menu to configure sarg.</after_install_info> + <maximum_version>2.2.999</maximum_version> </package> <package> <name>Ipguard-dev</name> @@ -624,6 +634,7 @@ <port>security/ipguard</port> </build_pbi> <after_install_info>Please visit ipguard settings on the Firewall Menu to configure.</after_install_info> + <maximum_version>2.2.999</maximum_version> </package> <package> <name>Varnish3</name> @@ -647,6 +658,7 @@ <ports_after>lang/gcc</ports_after> </build_pbi> <build_options>gcc_UNSET_FORCE=JAVA</build_options> + <maximum_version>2.2.999</maximum_version> </package> <package> <name>vnstat2</name> @@ -667,6 +679,7 @@ <config_file>https://packages.pfsense.org/packages/config/vnstat2/vnstat2.xml</config_file> <configurationfile>vnstat2.xml</configurationfile> <after_install_info></after_install_info> + <maximum_version>2.2.999</maximum_version> </package> <package> <name>dns-server</name> @@ -687,6 +700,7 @@ <port>dns/djbdns</port> </build_pbi> <build_options>ucspi-tcp_SET_FORCE=IPV6;djbdns_SET_FORCE=SRV;djbdns_UNSET_FORCE=DUMPCACHE IGNOREIP JUMBO PERSISTENT_MMAP</build_options> + <maximum_version>2.2.999</maximum_version> </package> <package> <name>Open-VM-Tools</name> @@ -774,6 +788,7 @@ <build_pbi> <port>net-im/imspector</port> </build_pbi> + <maximum_version>2.2.999</maximum_version> </package> <package> <name>nut</name> @@ -792,6 +807,7 @@ <port>sysutils/nut</port> </build_pbi> <pkginfolink>https://doc.pfsense.org/index.php/Nut_package</pkginfolink> + <maximum_version>2.2.999</maximum_version> </package> <package> <name>diag_new_states</name> @@ -804,6 +820,7 @@ <status>BETA</status> <config_file>https://packages.pfsense.org/packages/config/diag_states_pt/diag_new_states.xml</config_file> <configurationfile>https://packages.pfsense.org/packages/config/diag_states_pt/diag_new_states.xml</configurationfile> + <maximum_version>2.2.999</maximum_version> </package> <package> <name>darkstat</name> @@ -858,6 +875,7 @@ <build_pbi> <port>net/widentd</port> </build_pbi> + <maximum_version>2.2.999</maximum_version> </package> <package> <name>freeradius2</name> @@ -904,6 +922,7 @@ <port>net-mgmt/bandwidthd</port> </build_pbi> <build_options>libgd_UNSET_FORCE=FONTCONFIG XPM</build_options> + <maximum_version>2.2.999</maximum_version> </package> <package> <name>stunnel</name> @@ -923,6 +942,7 @@ <port>security/stunnel</port> </build_pbi> <build_options>stunnel_SET_FORCE=PTHREAD LIBWRAP;stunnel_UNSET_FORCE=FORK UCONTEXT IPV6</build_options> + <maximum_version>2.2.999</maximum_version> </package> <package> <name>iperf</name> @@ -958,6 +978,7 @@ <build_pbi> <port>benchmarks/netio</port> </build_pbi> + <maximum_version>2.2.999</maximum_version> </package> <package> <name>mtr-nox11</name> @@ -1441,10 +1462,12 @@ <website>http://www.balabit.com/network-security/syslog-ng/</website> <descr>Syslog-ng syslog server. This service is not intended to replace the default pfSense syslog server but rather acts as an independent syslog server.</descr> <category>Services</category> - <version>3.6.2_3 pkg.v.1.0.6</version> + <version>1.0.6</version> <status>ALPHA</status> <required_version>2.2</required_version> <depends_on_package_pbi>syslog-ng-3.6.2_3-##ARCH##.pbi</depends_on_package_pbi> + <port_category>sysutils</port_category> + <run_depends>sbin/syslog-ng:sysutils/syslog-ng</run_depends> <build_pbi> <ports_before>sysutils/logrotate</ports_before> <port>sysutils/syslog-ng</port> @@ -1452,7 +1475,6 @@ <maintainer>laleger@gmail.com</maintainer> <config_file>https://packages.pfsense.org/packages/config/syslog-ng/syslog-ng.xml</config_file> <configurationfile>syslog-ng.xml</configurationfile> - <maximum_version>2.2.999</maximum_version> </package> <package> <name>Zabbix Agent LTS</name> @@ -1618,13 +1640,14 @@ <status>BETA</status> <depends_on_package_pbi>ladvd-1.0.4_1-##ARCH##.pbi</depends_on_package_pbi> <config_file>https://packages.pfsense.org/packages/config/ladvd/ladvd.xml</config_file> + <port_category>net</port_category> + <run_depends>sbin/ladvd:net/ladvd</run_depends> <build_pbi> <port>net/ladvd</port> </build_pbi> <pkginfolink></pkginfolink> <required_version>2.2</required_version> <configurationfile>ladvd.xml</configurationfile> - <maximum_version>2.2.999</maximum_version> </package> <package> <name>suricata</name> diff --git a/pkg_config.8.xml b/pkg_config.8.xml index 9e59b3ac..b7bf2019 100644 --- a/pkg_config.8.xml +++ b/pkg_config.8.xml @@ -651,7 +651,7 @@ <build_pbi> <port>net/openbgpd</port> </build_pbi> - <version>0.9.2</version> + <version>0.9.2_1</version> <status>STABLE</status> <pkginfolink>https://doc.pfsense.org/index.php/OpenBGPD_package</pkginfolink> <required_version>1.3</required_version> diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64 index a572b727..bbeb5449 100644 --- a/pkg_config.8.xml.amd64 +++ b/pkg_config.8.xml.amd64 @@ -638,7 +638,7 @@ <build_pbi> <port>net/openbgpd</port> </build_pbi> - <version>0.9.2</version> + <version>0.9.2_1</version> <status>STABLE</status> <pkginfolink>https://doc.pfsense.org/index.php/OpenBGPD_package</pkginfolink> <required_version>1.3</required_version> |