bpfire

mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-22 00:42:59 +02:00

Author	SHA1	Message	Date
Michael Tremer	beb256e0a0	core117: Reload apache for change of configuration Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-11-20 15:46:53 +00:00
Peter Müller	a57f4a9f5d	disable SSL compression and session tickets in Apache Ensure that Apache never uses SSL compression, which is vulnerable, and turn off session tickets since the might cause impact to PFS. Based against next, supersedes first version. Reported-by: Wolfgang Apolinarski <wolfgang.apolinarski@ipfire.org> Signed-off-by: Peter Müller <peter.mueller@link38.eu> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-11-20 15:45:52 +00:00
Michael Tremer	f574f9ea02	Retire the IPFire CA Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-11-13 23:18:55 +00:00
Michael Tremer	82e295c23e	core117: Ship updated CA bundle Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-11-13 23:18:00 +00:00
Peter Müller	2d735404b6	update ca-certificate CA bundle Update the CA certificate list to what Mozilla NSS ships currently. Signed-off-by: Peter Müller <peter.mueller@link38.eu> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-11-13 23:14:59 +00:00
Michael Tremer	0a38f7938a	core117: Ship changes in pakfire Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-11-13 22:41:58 +00:00
Michael Tremer	b7a5076ca0	core117: Ship latest GeoIP changes Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-11-13 22:39:36 +00:00
Michael Tremer	00793c27c9	GeoIP: Add lookup function for convenience Instead of opening the database again for each lookup, we will read it into memory on first use and every lookup after that will be coming from cache. Reviewed-by: Peter Müller <peter.mueller@link38.eu> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-11-13 22:37:19 +00:00
Michael Tremer	b1ad5b8b6c	geoip-functions.pl: Fix typos and formatting Reviewed-by: Peter Müller <peter.mueller@link38.eu> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-11-13 22:37:03 +00:00
Michael Tremer	9bb4055367	captive portal: Require authorization before redirecting to proxy Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-11-11 12:48:54 +00:00
Michael Tremer	81f6550cfb	core117: Ship updated routing.cgi Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-11-07 16:20:53 +00:00
Alexander Marx	3f3974b711	Network-functions: add check if variables are defined in function network_equal and network2bin a check for undefined variables were missing. added them. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-11-07 16:19:23 +00:00
Michael Tremer	d6b92a118e	core117: Ship updated network-functions.pl Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-11-07 16:16:50 +00:00
Alexander Marx	1047805dba	BUG11466: Fix network_equal function The network_equal function only tested the subnet addresses of two given networks which lead to errormessages saying "This is the green network" The fix tests netwok and subnet IP's to fix this Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-11-07 16:16:18 +00:00
Michael Tremer	b3d2f86b87	core117: Ship changed files of the webUI Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-11-07 16:14:36 +00:00
Michael Tremer	bb3272dad3	Start Core Update 117 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-11-07 16:14:36 +00:00
Arne Fitzenreiter	5c8acc789b	core116: stop apache before extracting updated files Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2017-11-03 16:40:23 +01:00
Arne Fitzenreiter	9843bb7b5a	core116: replace apache restart by stop and start restart seems not work after replace apache... Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2017-11-03 14:28:22 +01:00
Arne Fitzenreiter	ae8e242bc1	core116: ship updated wget Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2017-11-03 14:22:19 +01:00
Arne Fitzenreiter	578171927d	core116: set need_reboot flag Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2017-11-02 22:48:43 +01:00
Arne Fitzenreiter	ee328f16bf	core116: ship openssh Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2017-11-02 22:46:47 +01:00
Arne Fitzenreiter	6744cd4d68	core116: fix openssl symlink Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2017-11-02 22:45:25 +01:00
Michael Tremer	4a510319ca	openssl: Update to 1.0.2m * bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736) * Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735) Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-11-02 15:31:04 +00:00
Michael Tremer	7dadc13829	core116: Ship updated apache Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-10-28 13:36:27 +01:00
Wolfgang Apolinarski	bf24eeec20	Update to Apache 2.4.29 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-10-28 13:35:43 +01:00
Michael Tremer	63420a96b6	core116: Ship updated proxy.cgi Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-10-23 16:29:09 +01:00
Michael Tremer	b47d4bc1ea	core116: Ship snort Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-10-23 16:26:39 +01:00
Matthias Fischer	49f7ee5d72	snort: Update to 2.9.11 For details see: Release notes: https://snort.org/downloads/snort/release_notes_2.9.11.txt Changelog: https://snort.org/downloads/snort/changelog_2.9.11.txt Best, Matthias Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-10-23 16:24:46 +01:00
Michael Tremer	cd8a7fc1eb	Start Core Update 116 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-10-23 16:24:10 +01:00
Matthias Fischer	a809d7fa68	xz: Update to 5.2.3 For details see: https://git.tukaani.org/?p=xz.git;a=blob;f=NEWS;hb=HEAD Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-10-23 13:22:01 +01:00
Arne Fitzenreiter	9064ba72fe	drop httpscert and merge to apache initskript Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2017-10-22 15:50:38 +02:00
Michael Tremer	0d6b6a219f	core115: Add missing parameter to actually generate new certificates Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-10-21 11:20:02 +01:00
Arne Fitzenreiter	fb1eb40f9b	core115: add extrahd.cgi to updater this file was missing in early core114 testbuilds so ship it again. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2017-10-18 21:25:45 +02:00
Arne Fitzenreiter	fcd8ab4c23	Merge branch 'master' into core115	2017-10-18 21:20:23 +02:00
Peter Müller	6c6c1e3f04	redirect to TLS WebUI if authorisation required Do not allow credentials being submitted in plaintext to Apache. Instead, redirect the user with a 301 to the TLS version of IPFire's web interface. Signed-off-by: Peter Müller <peter.mueller@link38.eu> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-10-18 15:57:57 +01:00
Michael Tremer	440cd2cbfd	Rootfile update Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-10-17 12:29:22 +01:00
Michael Tremer	7207d80c4e	core115: Ship logrotate Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-10-16 19:20:20 +01:00
Michael Tremer	b62c826fd8	PDF-API2: Add optional dependencies to read TrueType fonts Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-10-16 17:43:32 +01:00
Michael Tremer	e3c3625c34	Make perl-PDF-API2 part of the base system Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-10-16 17:31:51 +01:00
Michael Tremer	30b0e0ca1b	PDF-API2: Update to 2.033 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-10-16 17:28:51 +01:00
Michael Tremer	c484679bb3	Download sources via HTTPS Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-10-12 15:56:34 +01:00
Matthias Fischer	e735d91f03	unbound: Update to 1.6.7 For details see: http://www.unbound.net/download.html Best, Matthias Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-10-11 20:06:48 +01:00
Peter Müller	50846453cb	also force TLS when requiring user authentication in WebUI Force TLS _and_ a valid login when accessing protected directories. Signed-off-by: Peter Müller <peter.mueller@link38.eu> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-10-11 20:06:27 +01:00
Peter Müller	78fa47700d	generate ECDSA key on existing installations This is required since Apache crashes if any of the key/certificate files does not exist. Signed-off-by: Peter Müller <peter.mueller@link38.eu> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-10-11 20:05:55 +01:00
Peter Müller	fbc9cfd769	ship changed files for Apache and ECDSA Signed-off-by: Peter Müller <peter.mueller@link38.eu> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-10-11 20:05:53 +01:00
Peter Müller	73ba228620	enable dual-stack ECDSA and RSA certificates in Apache Note: Apache crashes if any of these files does not exist. Thereof it is necessary to generate missing keys on existing installations. Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-10-11 20:05:37 +01:00
Peter Müller	f227ae4fd2	prefer ECDSA over RSA and remove clutter Priorize ECDSA before RSA and remove unused cipher suites. Remove redundant OpenSSL directives to make SSL configuration more readable. Signed-off-by: Peter Müller <peter.mueller@link38.eu> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-10-11 20:05:16 +01:00
Michael Tremer	2f27148cbb	core115: Ship updated extrahd.pl Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-10-11 12:20:44 +01:00
Matthias Fischer	3c3dfd165e	Remove PRINT-line in extrahd.pl As shown in https://forum.ipfire.org/viewtopic.php?f=50&t=19563#p111055 PRINT-output somehow garbles bash-prompt. Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-10-11 12:19:58 +01:00
Michael Tremer	ebf697a097	core115: Ship latest OpenVPN changes Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-10-11 11:56:07 +01:00

1 2 3 4 5 ...

5603 Commits