bpfire

mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-23 17:32:57 +02:00

Author	SHA1	Message	Date
Michael Tremer	8fad3a5941	tor: Depend on libseccomp Suggested-by: Erik Kapfer <erik.kapfer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-05-26 16:12:48 +02:00
Stefan Schantl	fefb5173cf	ids-functions.pl: Do not delete the whitelist file on rulesdir cleanup. Fixes #12087. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-05-26 16:09:21 +02:00
Arne Fitzenreiter	d0db7550ed	core132: set correct permissions of security settings file. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-05-26 16:05:41 +02:00
Arne Fitzenreiter	29abc2d07c	vulnerabilities.cgi: again change colours red - vulnerable blue - mitigated green - not affected because we not really trust the mitigations so they shound not green. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-05-25 07:39:38 +02:00
Arne Fitzenreiter	e896a9bd3d	vulnerabilities.cgi fix string handling remove lf at the end for correct matching and not strip "Mitigated:" if it was not full working and still vulnerable. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-05-25 06:54:35 +02:00
Michael Tremer	413f84e988	vulnerabilities.cgi: Regard mitigations that only mitigate something still as vulnerable Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-05-25 06:51:53 +02:00
Michael Tremer	a96bcf413a	vulnerabilities.cgi: Simplify regexes We can do the split in one. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-05-25 06:51:06 +02:00
Arne Fitzenreiter	2f34103d47	Merge branch 'master' into next	2019-05-22 12:34:41 +02:00
Arne Fitzenreiter	984a6cabe4	vulnerablities: change to logic colours Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-05-22 12:34:03 +02:00
Arne Fitzenreiter	16e13262d9	Merge branch 'next'	2019-05-22 10:38:02 +02:00
Arne Fitzenreiter	3858a4b5b8	finish: core132 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-05-22 10:33:20 +02:00
Arne Fitzenreiter	b23db9b97b	vulnerablities.cgi: add colours for vuln,smt and unknown output. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-05-22 10:30:08 +02:00
Arne Fitzenreiter	716f00b116	kernel: update to 4.14.121 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-05-21 20:42:51 +02:00
Arne Fitzenreiter	b0d31edbd6	vnstat: fix errormessage at first boot Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-05-21 20:36:16 +02:00
Arne Fitzenreiter	6d37280f3e	configroot: create main/security settings file Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-05-21 15:03:21 +02:00
Arne Fitzenreiter	405f69fc9c	web-user-interface: update rootfile Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-05-21 15:02:54 +02:00
Michael Tremer	a087f4f586	core132: Ship vulnerabilities.cgi Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-05-20 21:55:55 +01:00
Michael Tremer	1cbcd044af	SMT: Show status on vulnerabilities.cgi Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-05-20 21:54:05 +01:00
Michael Tremer	f238e25172	vulnerabilities.cgi: Disable debugging output Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-05-20 21:39:03 +01:00
Michael Tremer	6f626b9ba0	Add the new vulnerabilities CGI file to the System menu Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-05-20 21:38:20 +01:00
Michael Tremer	6a83dbb451	SMT: Apply settings according to configuration SMT can be forced on. By default, all systems that are vulnerable to RIDL/Fallout will have SMT disabled by default. Systems that are not vulnerable to that will keep SMT enabled. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-05-20 21:30:26 +01:00
Michael Tremer	65871d1a0c	Add new CGI file to show CPU vulnerability status This is supposed to help users to have an idea about the status of the used hardware. Additionally, it allows users to enable/disable SMT. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-05-20 21:17:17 +01:00
Michael Tremer	db3451fe72	suricata: Ship updated rule download script Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-05-20 19:10:15 +01:00
Stefan Schantl	84227f7a1c	update-ids-ruleset: Release ids_page_lock when the downloader fails. Fixes #12085. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-05-20 19:09:47 +01:00
Peter Müller	40407aee99	ids.cgi: Fix upstream proxy validation Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Acked-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-05-20 18:50:06 +01:00
Michael Tremer	b06288b74d	spectre-meltdown-checker: Update to 0.41 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-05-20 18:04:49 +01:00
Stéphane Pautrel	e6d721a916	Update French translation Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-05-20 10:59:12 +01:00
Michael Tremer	23b26ce5e3	zoneconf: Reindent with tabs Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-05-20 10:56:13 +01:00
Michael Tremer	4d497f8ea0	Update translations Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-05-20 10:55:02 +01:00
Florian Bührle	7478903fb1	Added reboot notice Added a reboot notice and made table rows more distinguishable by alternating their background color. This improves usability. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-05-20 10:54:22 +01:00
Florian Bührle	0ec8e31ade	zoneconf: Switch rows/columns This change is necessary because the table can grow larger than the main container if a user has many NICs on their machine. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-05-20 10:53:50 +01:00
Michael Tremer	145343d56e	Update contributors Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-05-20 10:52:42 +01:00
Michael Tremer	933bfbf305	core132: Ship updated ovpnmain.cgi file Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-05-20 10:52:16 +01:00
Erik Kapfer	1338977702	ovpn_reorganize_encryption: Integrate LZO from global to advanced section Fixes: #11819 - Since the Voracle vulnerability, LZO is better placed under advanced section cause under specific circumstances it is exploitable. - Warning/hint has been added in the option defaults description. Signed-off-by: Erik Kapfer <ummeegge@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-05-20 10:51:26 +01:00
Michael Tremer	88e4e3d3ad	Update translations Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-05-20 10:51:09 +01:00
Erik Kapfer	0c4ffc6919	ovpn_reorganize_encryption: Added tls-auth into global section - Since HMAC selection is already in global section, it makes sense to keep the encryption togehter. - Given tls-auth better understandable name. Signed-off-by: Erik Kapfer <ummeegge@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-05-20 10:50:21 +01:00
Erik Kapfer	86308adb25	ovpn_reorganize_encryption: Integrate HMAC selection to global section Fixes: #12009 and #11824 - Since HMACs will be used in any configuration it is better placed in the global menu. - Adapted global section to advanced and marked sections with a headline for better overview. - Deleted old headline in advanced section cause it is not needed anymore. - Added check if settings do not includes 'DAUTH', if possible SHA512 will be used and written to settings file. Old configurations with SHA1 will be untouched. Signed-off-by: Erik Kapfer <ummeegge@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-05-20 10:49:30 +01:00
Michael Tremer	715a269aa4	tshark: Drop special package scripts We are not doing anything different from the default here, so we do not need an extra copy of them. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-05-20 10:48:25 +01:00
Erik Kapfer	ffcef39d40	tshark: New addon Signed-off-by: Erik Kapfer <ummeegge@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-05-20 10:44:04 +01:00
Oliver Fuhrer	bf2a1c524b	BUG 11696: VPN Subnets missing from wpad.dat This patch fixes the behavior in 11696 and adds IPSEC and OpenVPN n2n subnets to wpad.dat so they don't pass through the proxy. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-05-20 10:38:17 +01:00
Michael Tremer	f8f4cd6660	tor: Bump release version Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-05-20 10:09:26 +01:00
Peter Müller	2df98063a2	Tor: specify correct user for default configuration While being built with user/group set to "tor", the default configuration still contains the old username. This patch adjusts it to the correct value. The issue was caused by insufficient testing, which I apologise for. Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-05-20 10:08:58 +01:00
Arne Fitzenreiter	d12e3fcd1e	make.sh: comment to update backupiso if version change It was to offten forgotten to update the backupiso script that need to download the matching iso from the servers so i added a comment. no functional change Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-05-20 07:24:04 +02:00
Arne Fitzenreiter	9961167a52	core132: add log.dat to updater Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-05-20 07:14:12 +02:00
Erik Kapfer	830dfc978c	suricata: Fixed logs.dat regex for suricata Fixes: #12084 Since the Suricata regex did not match the messages output, Suricata was not displayed in the "System Logs" section in the WUI. Signed-off-by: Erik Kapfer <ummeegge@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-05-20 07:12:42 +02:00
Stefan Schantl	a8387f8d6e	suricata: Limit to a maximum of "16" netfilter queues. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-05-20 07:09:25 +02:00
Michael Tremer	3c6423cd40	Update contributors Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-05-18 09:25:54 +01:00
Michael Tremer	045ea1d013	Update translations Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-05-17 23:36:53 +01:00
Alexander Marx	c96146d01e	BUG11505: Captive Portal: no way to remove an uploaded logo added a delete button Signed-off-by: Alexander Marx <alexander.marx@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-05-17 23:36:32 +01:00
Michael Tremer	f809b8d5c7	core132: Ship updated apache configuration A reload would be sufficient. I could not find why apache needs to be restarted. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2019-05-17 20:30:13 +01:00

1 2 3 4 5 ...

13409 Commits