bpfire

mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-12 12:15:52 +02:00

Author	SHA1	Message	Date
Matthias Fischer	5ed7bbd52f	logrotate: Update to 3.13.0 For details see: https://github.com/logrotate/logrotate/releases Best, Matthias Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-10-16 19:19:39 +01:00
Michael Tremer	b62c826fd8	PDF-API2: Add optional dependencies to read TrueType fonts Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-10-16 17:43:32 +01:00
Michael Tremer	e3c3625c34	Make perl-PDF-API2 part of the base system Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-10-16 17:31:51 +01:00
Michael Tremer	30b0e0ca1b	PDF-API2: Update to 2.033 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-10-16 17:28:51 +01:00
Michael Tremer	d7d5774529	KRACK attack: Patch wpa_supplicant & hostapd A vulnerability was found in how a number of implementations can be triggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by replaying a specific frame that is used to manage the keys. Such reinstallation of the encryption key can result in two different types of vulnerabilities: disabling replay protection and significantly reducing the security of encryption to the point of allowing frames to be decrypted or some parts of the keys to be determined by an attacker depending on which cipher is used. This fixes: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-10-16 15:49:35 +01:00
Michael Tremer	a54350cdb9	captive: Allow PDF export of coupons Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-10-16 16:36:24 +02:00
Michael Tremer	ebfb899693	captive: Add headline to T&C box Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-10-16 15:03:39 +02:00
Michael Tremer	c484679bb3	Download sources via HTTPS Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-10-12 15:56:34 +01:00
Michael Tremer	fb76fc5144	installer: Fix detection if we have the correct ISO image mounted Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-10-12 15:50:31 +01:00
Michael Tremer	f754146b1e	installer: Allow download of ISO images over HTTPS Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-10-12 15:32:21 +01:00
Michael Tremer	7ef43add02	ipfire-netboot: Update to v2.0 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-10-11 21:03:09 +01:00
Matthias Fischer	e735d91f03	unbound: Update to 1.6.7 For details see: http://www.unbound.net/download.html Best, Matthias Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-10-11 20:06:48 +01:00
Peter Müller	50846453cb	also force TLS when requiring user authentication in WebUI Force TLS _and_ a valid login when accessing protected directories. Signed-off-by: Peter Müller <peter.mueller@link38.eu> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-10-11 20:06:27 +01:00
Peter Müller	78fa47700d	generate ECDSA key on existing installations This is required since Apache crashes if any of the key/certificate files does not exist. Signed-off-by: Peter Müller <peter.mueller@link38.eu> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-10-11 20:05:55 +01:00
Peter Müller	fbc9cfd769	ship changed files for Apache and ECDSA Signed-off-by: Peter Müller <peter.mueller@link38.eu> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-10-11 20:05:53 +01:00
Peter Müller	73ba228620	enable dual-stack ECDSA and RSA certificates in Apache Note: Apache crashes if any of these files does not exist. Thereof it is necessary to generate missing keys on existing installations. Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-10-11 20:05:37 +01:00
Peter Müller	5760f93a74	generate ECDSA key on existing installations Generate ECDSA key (and sign it) in case it does not exist. That way, httpscert can be ran on existing installations without breaking already generated (RSA) keys. Signed-off-by: Peter Müller <peter.mueller@link38.eu> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-10-11 20:05:34 +01:00
Peter Müller	f227ae4fd2	prefer ECDSA over RSA and remove clutter Priorize ECDSA before RSA and remove unused cipher suites. Remove redundant OpenSSL directives to make SSL configuration more readable. Signed-off-by: Peter Müller <peter.mueller@link38.eu> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-10-11 20:05:16 +01:00
Matthias Fischer	5c6ae344fc	web-user-interface: Removed 'dial.cgi' from lfs-file 'dial.cgi' was removed in https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=dc6ed83537e1bcc1347ad16bee095ef4d641bc69 Best, Matthias Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-10-11 20:01:48 +01:00
Michael Tremer	0b289b3af0	netboot: Update to 1.2 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-10-11 19:59:48 +01:00
Michael Tremer	e2bd5a6eb9	captive: Allow editing terms in coupon mode Since the terms are always shown when set, we need a way to edit them in coupon mode as well. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-10-11 14:52:03 +01:00
Michael Tremer	2f27148cbb	core115: Ship updated extrahd.pl Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-10-11 12:20:44 +01:00
Matthias Fischer	3c3dfd165e	Remove PRINT-line in extrahd.pl As shown in https://forum.ipfire.org/viewtopic.php?f=50&t=19563#p111055 PRINT-output somehow garbles bash-prompt. Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-10-11 12:19:58 +01:00
Michael Tremer	ebf697a097	core115: Ship latest OpenVPN changes Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-10-11 11:56:07 +01:00
Erik Kapfer	b66b02ab73	OpenVPN: Fix for '--ns-cert-type server is deprecated' . - Added extended key usage based on RFC3280 TLS rules for OpenVPNs OpenSSL configuration, so '--remote-cert-tls' can be used instead of the old and deprecated '--ns-cert-type' if the host certificate are newely generated with this options. Nevertheless both directives (old and new) will work also with old CAs. - Automatic detection if the host certificate uses the new options. If it does, '--remote-cert-tls server' will be automatically set into the client configuration files for Net-to-Net and Roadwarriors connections. If it does NOT, the old '--ns-cert-type server' directive will be set in the client configuration file. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-10-11 11:55:16 +01:00
Peter Müller	b0b4d09c56	remove unused dial.cgi directives from Apache vhosts config Remove configuration lines in Apache vhosts files which are not used anymore (old dial.cgi stuff). Signed-off-by: Peter Müller <peter.mueller@link38.eu> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-10-11 11:12:00 +01:00
Peter Müller	dc6ed83537	delete unused dial.cgi file Signed-off-by: Peter Müller <peter.mueller@link38.eu> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-10-10 12:22:19 +01:00
Michael Tremer	436479a29f	core115: No need to reload apache after it has been restarted Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-10-09 14:58:41 +01:00
Michael Tremer	c8e03c7c53	core115: Regenerate IPsec configuration Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-10-09 14:58:26 +01:00
Peter Müller	e34e72b6e1	add missing check for Curve25519 in vpnmain.cgi This fixes bug #11501 which causes IPsec connections to crash if Curve25519 has been enabled. Signed-off-by: Peter Müller <peter.mueller@link38.eu> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-10-09 14:54:37 +01:00
Michael Tremer	bfa0f1dfc0	core115: Rebuild language cache during update Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-10-09 14:50:29 +01:00
Michael Tremer	2ac90665e8	core115: Ship updated apache Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-10-09 14:49:34 +01:00
Matthias Fischer	e3fc1d0a2b	apache: Update to 2.4.28 http://apache.mirror.digionline.de//httpd/CHANGES_2.4.28 Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-10-09 14:46:00 +01:00
Michael Tremer	bef7ad5bbe	captive: Fix saving empty terms Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-10-09 14:34:21 +01:00
Michael Tremer	6772cc8035	Download ISO images from https://downloads.ipfire.org Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-10-06 13:03:40 +01:00
Michael Tremer	5e6fcc8844	Pull latest translations for installer & setup from Transifex Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-10-06 12:15:26 +01:00
Michael Tremer	1294c52ca5	core115: Include captive portal in updater Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-10-06 11:48:49 +01:00
Michael Tremer	112a09508e	core115: Add captive portal cron jobs to updater Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-10-05 11:38:05 +01:00
Michael Tremer	bbc69f228d	captive portal: Correctly initialise an array for 8h timeout Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-10-05 11:11:32 +01:00
Michael Tremer	cb40ff6027	captive portal: Reload firewall rules after cleanup This is not necessary to stop any clients from accessing the Internet, but if we know that we don't need a line for certain any more, we can as well remove the firewall rule straight away. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-10-05 12:09:58 +02:00
Michael Tremer	9c83954567	captivectrl: Remove unused code Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-10-05 12:06:45 +02:00
Michael Tremer	b1773d1a37	captive portal: Don't remove unlimited access after one hour Reported-by: Daniel Weismüller <daniel.weismueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-10-05 12:04:29 +02:00
Michael Tremer	027614d2dc	Merge branch 'captive-portal' into next	2017-10-04 16:10:07 +01:00
Michael Tremer	0a219160ac	captive portal: Allow sessions to expire after 8 hours Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-10-04 14:21:12 +01:00
Michael Tremer	1f06098ba7	captive-portal: Serve Ubuntu font files locally Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-10-04 12:55:17 +01:00
Michael Tremer	70f6cba43e	Add Ubuntu font family package Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-10-04 12:47:28 +01:00
Michael Tremer	e2d934cf2b	core115: Ship update for OpenVPN Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-09-30 12:34:37 +01:00
Matthias Fischer	67970637d0	openvpn: Update to 2.3.18 Fixes CVE-2017-12166: out of bounds write in key-method 1 For details see: https://community.openvpn.net/openvpn/wiki/CVE-2017-12166 Changelog: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.18 Removed an unrecognized 'configure'-option. Best, Matthias Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-09-30 12:33:15 +01:00
Matthias Fischer	fc9a434cbc	tor: Update to 3.1.7 Fixes TROVE-2017-008 and CVE-2017-0380 and others.... For details see https://gitweb.torproject.org/tor.git/plain/ReleaseNotes?id=tor-0.3.1.7 "Tor 0.3.1.7 is the first stable release in the 0.3.1 series." Best, Matthias Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-09-30 12:33:11 +01:00
Michael Tremer	36f5d20ef7	core115: Ship cosmetic improvements in proxy.cgi Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-09-24 20:23:06 +01:00

1 2 3 4 5 ...

11127 Commits