webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-23 09:22:59 +02:00
Code Issues Packages Projects Releases Wiki Activity
13,456 Commits 2 Branches 1 Tag
79af9f69386f3ded294a802a74cc2cd9b82fcdc4
Commit Graph

5215 Commits

Author SHA1 Message Date
Michael Tremer
f6104aa1e0 core133: Drop metadata for jansson package 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-27 15:42:50 +01:00
Michael Tremer
86efc510f9 core133: Ship hyperscan 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-27 15:40:31 +01:00
Michael Tremer
81544f8884 hyperscan: Move rootfiles to arch directories 
This package is only compiled on x86_64 and i586 and cannot
be packaged in any of the other architectures.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-27 15:38:42 +01:00
Stefan Schantl
52ebc66bba hyperscan: New package 
This package adds hyperscan support to suricata

Fixes #12053.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-27 14:40:14 +01:00
Stefan Schantl
2348cfffcf ragel: New package 
This is a build dependency of hyperscan

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-27 14:40:03 +01:00
Stefan Schantl
1a5f064916 colm: New package 
This is a build dependency of ragel, which is a build dependency of
hyperscan.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-27 14:39:32 +01:00
Stefan Schantl
616395f37c jansson: Move to core system and update to 2.12 
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-27 14:39:00 +01:00
Michael Tremer
f6e18df542 Rootfile update 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-27 14:37:23 +01:00
Arne Fitzenreiter
8a104d7f02 core133: readd late core132 changes to core133 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-05-26 17:27:16 +02:00
Arne Fitzenreiter
83809af1fb Merge branch 'master' into next 2019-05-26 17:23:54 +02:00
Arne Fitzenreiter
637885839b core132: security conf should not executable 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-05-26 16:17:04 +02:00
Arne Fitzenreiter
d0db7550ed core132: set correct permissions of security settings file. 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-05-26 16:05:41 +02:00
Michael Tremer
333125abf8 Merge branch 'toolchain' into next 2019-05-24 06:55:03 +01:00
Michael Tremer
9f0295a512 Merge remote-tracking branch 'ms/faster-build' into next 2019-05-24 06:54:16 +01:00
Michael Tremer
8feb0db430 core133: Ship updated squid 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-24 06:39:37 +01:00
Michael Tremer
53ef2a0ffe core133: Ship updated bind 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-24 06:37:21 +01:00
Matthias Fischer
f225f3ee29 bind: Update to 9.11.7 
For details see:
http://ftp.isc.org/isc/bind9/9.11.7/RELEASE-NOTES-bind-9.11.7.html

"Security Fixes

  The TCP client quota set using the tcp-clients option could be exceeded in some cases.
  This could lead to exhaustion of file descriptors.
  This flaw is disclosed in CVE-2018-5743. [GL #615]"

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-24 06:36:55 +01:00
Michael Tremer
79967ee9c4 Start Core Update 133 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-24 06:35:46 +01:00
Arne Fitzenreiter
b0d31edbd6 vnstat: fix errormessage at first boot 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-05-21 20:36:16 +02:00
Arne Fitzenreiter
6d37280f3e configroot: create main/security settings file 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-05-21 15:03:21 +02:00
Arne Fitzenreiter
405f69fc9c web-user-interface: update rootfile 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-05-21 15:02:54 +02:00
Michael Tremer
a087f4f586 core132: Ship vulnerabilities.cgi 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-20 21:55:55 +01:00
Michael Tremer
6a83dbb451 SMT: Apply settings according to configuration 
SMT can be forced on.

By default, all systems that are vulnerable to RIDL/Fallout
will have SMT disabled by default.

Systems that are not vulnerable to that will keep SMT enabled.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-20 21:30:26 +01:00
Michael Tremer
db3451fe72 suricata: Ship updated rule download script 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-20 19:10:15 +01:00
Michael Tremer
933bfbf305 core132: Ship updated ovpnmain.cgi file 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-20 10:52:16 +01:00
Erik Kapfer
ffcef39d40 tshark: New addon 
Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-20 10:44:04 +01:00
Arne Fitzenreiter
9961167a52 core132: add log.dat to updater 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-05-20 07:14:12 +02:00
Michael Tremer
f809b8d5c7 core132: Ship updated apache configuration 
A reload would be sufficient.

I could not find why apache needs to be restarted.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-17 20:30:13 +01:00
Michael Tremer
0aa21ad307 Fix version information in backupiso script 
Fixes: #12083
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-17 19:52:27 +01:00
Arne Fitzenreiter
d099196501 kernel: update to 4.14.119 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-05-16 14:26:04 +02:00
Arne Fitzenreiter
29b907c677 intel-microcode: update to 20190514 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-05-15 13:17:26 +02:00
Michael Tremer
54fc710b99 Update kernel rootfiles for armv5tel 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-14 10:02:03 +01:00
Michael Tremer
da636bd8b7 Update kernel rootfiles for aarch64 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-13 16:31:14 +01:00
Michael Tremer
fd4cea1e34 core132: Ship changes to unbound 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-11 04:24:29 +01:00
Michael Tremer
76630c4336 core132: Ship updated urlfilter.cgi 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-11 04:18:08 +01:00
Michael Tremer
38d19a50a0 core132: Ship updated hwdata 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-10 04:20:17 +01:00
Michael Tremer
c209eaedb9 core132: Ship updated ca-certificates 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-10 04:19:05 +01:00
Michael Tremer
88e64c23c1 routing: Fix potential authenticated XSS in input processing 
An authenticated Stored XSS (Cross-site Scripting) exists in the
(https://192.168.0.241:444/cgi-bin/routing.cgi) Routing Table Entries
via the "Remark" text box  or "remark" parameter. This is due to a
lack of user input validation in "Remark" text box  or "remark"
parameter. It allows an authenticated WebGUI user with privileges
for the affected page to execute Stored Cross-site Scripting in
the Routing Table Entries (/cgi-bin/routing.cgi), which helps
attacker to redirect the victim to a attacker's phishing page.

The Stored XSS get prompted on the victims page whenever victim
tries to access the Routing Table Entries configuraiton page.

An attacker get access to the victim's session by performing
the CSRF and gather the cookie and session id's or possibly can
change the victims configuration using this Stored XSS.

This attack can possibly spoof the victim's informations.

Fixes: #12072
Reported-by: Dharmesh Baskaran <dharmesh201093@gmail.com>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-10 09:04:54 +01:00
Michael Tremer
d04ab223c7 web-user-interface: Ship new zoneconf.cgi file 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-09 15:47:42 +01:00
Michael Tremer
f0e0056eef core132: Ship updated captive.cgi 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-09 13:17:16 +01:00
Michael Tremer
939f227e0b core132: Ship VLAN GUI 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-08 12:15:27 +01:00
Michael Tremer
68f2b71778 core132: Ship updated pakfire files 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-07 23:53:43 +01:00
Alexander Koch
5737a22cf2 zabbix_agentd: Add UserParameter for Pakfire Status 
Ship the UserParameter for monitoring the status of pakfire for keeping track of available updates etc.

Signed-off-by: Alexander Koch <ipfire@starkstromkonsument.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-07 23:51:41 +01:00
Michael Tremer
673db997cc core132: Ship updated libedit 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-07 23:50:26 +01:00
Matthias Fischer
f302e31ae2 libedit: Update to 20190324-3.1 
For details see:
https://thrysoee.dk/editline/

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-07 23:50:03 +01:00
Michael Tremer
7f07bdb43f core132: Ship updated knot 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-07 23:49:47 +01:00
Michael Tremer
92f4652226 core132: Ship updated bind 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-07 23:48:41 +01:00
Matthias Fischer
9177b69830 bind: Update to 9.11.6-P1 
For details see:
http://ftp.isc.org/isc/bind9/9.11.6-P1/RELEASE-NOTES-bind-9.11.6-P1.html

"Security Fixes

 The TCP client quota set using the tcp-clients option could be exceeded in some cases.
 This could lead to exhaustion of file descriptors. This flaw is disclosed in CVE-2018-5743.
 [GL #615]"

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-07 23:48:24 +01:00
Michael Tremer
bc78976cc6 core132: Ship updated dhcpcd 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-07 23:46:36 +01:00
Michael Tremer
b38710a1cd firewall: Allow SNAT rules with RED interface 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-07 23:45:17 +01:00