webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-14 13:02:58 +02:00
Code Issues Packages Projects Releases Wiki Activity
13,381 Commits 2 Branches 1 Tag
40407aee99546b4f25632bcaeb796d2a53cb1bcb
Commit Graph

29 Commits

Author SHA1 Message Date
Michael Tremer
933bfbf305 core132: Ship updated ovpnmain.cgi file 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-20 10:52:16 +01:00
Arne Fitzenreiter
9961167a52 core132: add log.dat to updater 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-05-20 07:14:12 +02:00
Michael Tremer
f809b8d5c7 core132: Ship updated apache configuration 
A reload would be sufficient.

I could not find why apache needs to be restarted.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-17 20:30:13 +01:00
Michael Tremer
0aa21ad307 Fix version information in backupiso script 
Fixes: #12083
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-17 19:52:27 +01:00
Arne Fitzenreiter
d099196501 kernel: update to 4.14.119 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-05-16 14:26:04 +02:00
Arne Fitzenreiter
29b907c677 intel-microcode: update to 20190514 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-05-15 13:17:26 +02:00
Michael Tremer
fd4cea1e34 core132: Ship changes to unbound 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-11 04:24:29 +01:00
Michael Tremer
76630c4336 core132: Ship updated urlfilter.cgi 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-11 04:18:08 +01:00
Michael Tremer
38d19a50a0 core132: Ship updated hwdata 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-10 04:20:17 +01:00
Michael Tremer
c209eaedb9 core132: Ship updated ca-certificates 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-10 04:19:05 +01:00
Michael Tremer
88e64c23c1 routing: Fix potential authenticated XSS in input processing 
An authenticated Stored XSS (Cross-site Scripting) exists in the
(https://192.168.0.241:444/cgi-bin/routing.cgi) Routing Table Entries
via the "Remark" text box  or "remark" parameter. This is due to a
lack of user input validation in "Remark" text box  or "remark"
parameter. It allows an authenticated WebGUI user with privileges
for the affected page to execute Stored Cross-site Scripting in
the Routing Table Entries (/cgi-bin/routing.cgi), which helps
attacker to redirect the victim to a attacker's phishing page.

The Stored XSS get prompted on the victims page whenever victim
tries to access the Routing Table Entries configuraiton page.

An attacker get access to the victim's session by performing
the CSRF and gather the cookie and session id's or possibly can
change the victims configuration using this Stored XSS.

This attack can possibly spoof the victim's informations.

Fixes: #12072
Reported-by: Dharmesh Baskaran <dharmesh201093@gmail.com>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-10 09:04:54 +01:00
Michael Tremer
f0e0056eef core132: Ship updated captive.cgi 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-09 13:17:16 +01:00
Michael Tremer
939f227e0b core132: Ship VLAN GUI 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-08 12:15:27 +01:00
Michael Tremer
68f2b71778 core132: Ship updated pakfire files 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-07 23:53:43 +01:00
Michael Tremer
673db997cc core132: Ship updated libedit 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-07 23:50:26 +01:00
Michael Tremer
7f07bdb43f core132: Ship updated knot 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-07 23:49:47 +01:00
Michael Tremer
92f4652226 core132: Ship updated bind 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-07 23:48:41 +01:00
Michael Tremer
bc78976cc6 core132: Ship updated dhcpcd 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-07 23:46:36 +01:00
Michael Tremer
b38710a1cd firewall: Allow SNAT rules with RED interface 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-07 23:45:17 +01:00
Michael Tremer
5a4617a871 core132: Ship updated firewall rules generator 
This patch also requires a reboot after installing this update
so that the changed ruleset is being applied.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-30 10:58:31 +01:00
Michael Tremer
fabe150953 core132: Ship updated suricata initscript 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-23 20:56:07 +01:00
Michael Tremer
a1cd844f71 core132: Ship updated convert-snort script 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-23 20:55:22 +01:00
Alexander Koch
6088176639 core132: Bugfix for typo in filelist 
Signed-off-by: Alexander Koch <ipfire@starkstromkonsument.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-23 20:53:36 +01:00
Michael Tremer
f27bac491a core132: Ship updated list of mime types 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-23 20:20:14 +01:00
Michael Tremer
2dd5e64592 suricata: Do not always convert rules to be bi-directional 
This creates some overhead that we do not need and rules need to
be adjusted to match any direction they are supposed to match.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-23 20:18:07 +01:00
Michael Tremer
e967871e8f Update contributors 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-20 14:21:46 +01:00
Michael Tremer
08caa596fa core132: Ship WPAD/proxy changes 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-20 14:20:06 +01:00
Michael Tremer
75faf7ac4f core132: Ship changed suricata configuration 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-20 14:10:47 +01:00
Michael Tremer
7af7ced6fc Start Core Update 132 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-20 14:07:43 +01:00