webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-19 23:43:00 +02:00
Code Issues Packages Projects Releases Wiki Activity
13,443 Commits 2 Branches 1 Tag
83809af1fb7bb648851547b7589171d326766eaa
Commit Graph

13443 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Arne Fitzenreiter
83809af1fb Merge branch 'master' into next 2019-05-26 17:23:54 +02:00
Arne Fitzenreiter
637885839b core132: security conf should not executable 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-05-26 16:17:04 +02:00
Michael Tremer
8fad3a5941 tor: Depend on libseccomp 
Suggested-by: Erik Kapfer <erik.kapfer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-26 16:12:48 +02:00
Stefan Schantl
fefb5173cf ids-functions.pl: Do not delete the whitelist file on rulesdir cleanup. 
Fixes #12087.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-05-26 16:09:21 +02:00
Arne Fitzenreiter
d0db7550ed core132: set correct permissions of security settings file. 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-05-26 16:05:41 +02:00
Arne Fitzenreiter
29abc2d07c vulnerabilities.cgi: again change colours 
red - vulnerable
blue - mitigated
green - not affected

because we not really trust the mitigations so they shound not green.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-05-25 07:39:38 +02:00
Arne Fitzenreiter
e896a9bd3d vulnerabilities.cgi fix string handling 
remove lf at the end for correct matching
and not strip "Mitigated:" if it was not full working and still
vulnerable.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-05-25 06:54:35 +02:00
Michael Tremer
413f84e988 vulnerabilities.cgi: Regard mitigations that only mitigate something still as vulnerable 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-25 06:51:53 +02:00
Michael Tremer
a96bcf413a vulnerabilities.cgi: Simplify regexes 
We can do the split in one.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-25 06:51:06 +02:00
Michael Tremer
333125abf8 Merge branch 'toolchain' into next 2019-05-24 06:55:03 +01:00
Michael Tremer
9f0295a512 Merge remote-tracking branch 'ms/faster-build' into next 2019-05-24 06:54:16 +01:00
Michael Tremer
8feb0db430 core133: Ship updated squid 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-24 06:39:37 +01:00
Matthias Fischer
d2b5f03631 squid: Update to 4.7 
For details see:

http://www.squid-cache.org/Versions/v4/changesets/

Fixes among other things the old 'filedescriptors' problem, so this patch was deleted.

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-24 06:37:50 +01:00
Michael Tremer
53ef2a0ffe core133: Ship updated bind 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-24 06:37:21 +01:00
Matthias Fischer
f225f3ee29 bind: Update to 9.11.7 
For details see:
http://ftp.isc.org/isc/bind9/9.11.7/RELEASE-NOTES-bind-9.11.7.html

"Security Fixes

  The TCP client quota set using the tcp-clients option could be exceeded in some cases.
  This could lead to exhaustion of file descriptors.
  This flaw is disclosed in CVE-2018-5743. [GL #615]"

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-24 06:36:55 +01:00
Michael Tremer
79967ee9c4 Start Core Update 133 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-24 06:35:46 +01:00
Michael Tremer
90194d7f7b .gitignore: Ignore some backup files 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-24 06:30:46 +01:00
Michael Tremer
f8c23b43b7 tor: Depend on libseccomp 
Suggested-by: Erik Kapfer <erik.kapfer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-23 01:50:29 +01:00
Michael Tremer
f617fd912b unbound: Safe Search: Enable Restrict-Moderate for YouTube 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-22 15:29:32 +01:00
Michael Tremer
6d653734fb Update German translations 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-22 15:18:31 +01:00
Michael Tremer
61498b76b6 vulnerabilities.cgi: Regard mitigations that only mitigate something still as vulnerable 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-22 15:18:31 +01:00
Michael Tremer
144ff7605d vulnerabilities.cgi: Simplify regexes 
We can do the split in one.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-22 15:17:59 +01:00
Arne Fitzenreiter
2f34103d47 Merge branch 'master' into next 2019-05-22 12:34:41 +02:00
Arne Fitzenreiter
984a6cabe4 vulnerablities: change to logic colours 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-05-22 12:34:03 +02:00
Arne Fitzenreiter
16e13262d9 Merge branch 'next' 2019-05-22 10:38:02 +02:00
Arne Fitzenreiter
3858a4b5b8 finish: core132 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-05-22 10:33:20 +02:00
Arne Fitzenreiter
b23db9b97b vulnerablities.cgi: add colours for vuln,smt and unknown output. 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-05-22 10:30:08 +02:00
Arne Fitzenreiter
716f00b116 kernel: update to 4.14.121 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-05-21 20:42:51 +02:00
Arne Fitzenreiter
b0d31edbd6 vnstat: fix errormessage at first boot 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-05-21 20:36:16 +02:00
Arne Fitzenreiter
6d37280f3e configroot: create main/security settings file 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-05-21 15:03:21 +02:00
Arne Fitzenreiter
405f69fc9c web-user-interface: update rootfile 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-05-21 15:02:54 +02:00
Michael Tremer
a087f4f586 core132: Ship vulnerabilities.cgi 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-20 21:55:55 +01:00
Michael Tremer
1cbcd044af SMT: Show status on vulnerabilities.cgi 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-20 21:54:05 +01:00
Michael Tremer
f238e25172 vulnerabilities.cgi: Disable debugging output 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-20 21:39:03 +01:00
Michael Tremer
6f626b9ba0 Add the new vulnerabilities CGI file to the System menu 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-20 21:38:20 +01:00
Michael Tremer
6a83dbb451 SMT: Apply settings according to configuration 
SMT can be forced on.

By default, all systems that are vulnerable to RIDL/Fallout
will have SMT disabled by default.

Systems that are not vulnerable to that will keep SMT enabled.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-20 21:30:26 +01:00
Michael Tremer
65871d1a0c Add new CGI file to show CPU vulnerability status 
This is supposed to help users to have an idea about
the status of the used hardware.

Additionally, it allows users to enable/disable SMT.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-20 21:17:17 +01:00
Michael Tremer
db3451fe72 suricata: Ship updated rule download script 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-20 19:10:15 +01:00
Stefan Schantl
84227f7a1c update-ids-ruleset: Release ids_page_lock when the downloader fails. 
Fixes #12085.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-20 19:09:47 +01:00
Peter Müller
40407aee99 ids.cgi: Fix upstream proxy validation 
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-20 18:50:06 +01:00
Michael Tremer
b06288b74d spectre-meltdown-checker: Update to 0.41 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-20 18:04:49 +01:00
Stéphane Pautrel
e6d721a916 Update French translation 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-20 10:59:12 +01:00
Michael Tremer
23b26ce5e3 zoneconf: Reindent with tabs 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-20 10:56:13 +01:00
Michael Tremer
4d497f8ea0 Update translations 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-20 10:55:02 +01:00
Florian Bührle
7478903fb1 Added reboot notice 
Added a reboot notice and made table rows more distinguishable by
alternating their background color. This improves usability.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-20 10:54:22 +01:00
Florian Bührle
0ec8e31ade zoneconf: Switch rows/columns 
This change is necessary because the table can grow larger than the main
container if a user has many NICs on their machine.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-20 10:53:50 +01:00
Michael Tremer
145343d56e Update contributors 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-20 10:52:42 +01:00
Michael Tremer
933bfbf305 core132: Ship updated ovpnmain.cgi file 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-20 10:52:16 +01:00
Erik Kapfer
1338977702 ovpn_reorganize_encryption: Integrate LZO from global to advanced section 
Fixes: #11819

- Since the Voracle vulnerability, LZO is better placed under advanced section cause under specific circumstances it is exploitable.
- Warning/hint has been added in the option defaults description.

Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-20 10:51:26 +01:00
Michael Tremer
88e4e3d3ad Update translations 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-20 10:51:09 +01:00