webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-20 16:02:59 +02:00
Code Issues Packages Projects Releases Wiki Activity
13,341 Commits 2 Branches 1 Tag
c209eaedb984e2514eb237220e7ca3f7ec2f43b2
Commit Graph

5173 Commits

Author SHA1 Message Date
Michael Tremer
c209eaedb9 core132: Ship updated ca-certificates 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-10 04:19:05 +01:00
Michael Tremer
88e64c23c1 routing: Fix potential authenticated XSS in input processing 
An authenticated Stored XSS (Cross-site Scripting) exists in the
(https://192.168.0.241:444/cgi-bin/routing.cgi) Routing Table Entries
via the "Remark" text box  or "remark" parameter. This is due to a
lack of user input validation in "Remark" text box  or "remark"
parameter. It allows an authenticated WebGUI user with privileges
for the affected page to execute Stored Cross-site Scripting in
the Routing Table Entries (/cgi-bin/routing.cgi), which helps
attacker to redirect the victim to a attacker's phishing page.

The Stored XSS get prompted on the victims page whenever victim
tries to access the Routing Table Entries configuraiton page.

An attacker get access to the victim's session by performing
the CSRF and gather the cookie and session id's or possibly can
change the victims configuration using this Stored XSS.

This attack can possibly spoof the victim's informations.

Fixes: #12072
Reported-by: Dharmesh Baskaran <dharmesh201093@gmail.com>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-10 09:04:54 +01:00
Michael Tremer
d04ab223c7 web-user-interface: Ship new zoneconf.cgi file 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-09 15:47:42 +01:00
Michael Tremer
f0e0056eef core132: Ship updated captive.cgi 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-09 13:17:16 +01:00
Michael Tremer
939f227e0b core132: Ship VLAN GUI 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-08 12:15:27 +01:00
Michael Tremer
68f2b71778 core132: Ship updated pakfire files 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-07 23:53:43 +01:00
Alexander Koch
5737a22cf2 zabbix_agentd: Add UserParameter for Pakfire Status 
Ship the UserParameter for monitoring the status of pakfire for keeping track of available updates etc.

Signed-off-by: Alexander Koch <ipfire@starkstromkonsument.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-07 23:51:41 +01:00
Michael Tremer
673db997cc core132: Ship updated libedit 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-07 23:50:26 +01:00
Matthias Fischer
f302e31ae2 libedit: Update to 20190324-3.1 
For details see:
https://thrysoee.dk/editline/

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-07 23:50:03 +01:00
Michael Tremer
7f07bdb43f core132: Ship updated knot 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-07 23:49:47 +01:00
Michael Tremer
92f4652226 core132: Ship updated bind 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-07 23:48:41 +01:00
Matthias Fischer
9177b69830 bind: Update to 9.11.6-P1 
For details see:
http://ftp.isc.org/isc/bind9/9.11.6-P1/RELEASE-NOTES-bind-9.11.6-P1.html

"Security Fixes

 The TCP client quota set using the tcp-clients option could be exceeded in some cases.
 This could lead to exhaustion of file descriptors. This flaw is disclosed in CVE-2018-5743.
 [GL #615]"

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-07 23:48:24 +01:00
Michael Tremer
bc78976cc6 core132: Ship updated dhcpcd 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-07 23:46:36 +01:00
Michael Tremer
b38710a1cd firewall: Allow SNAT rules with RED interface 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-07 23:45:17 +01:00
Michael Tremer
5a4617a871 core132: Ship updated firewall rules generator 
This patch also requires a reboot after installing this update
so that the changed ruleset is being applied.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-30 10:58:31 +01:00
Michael Tremer
68e0cf6714 grub: Update rootfile on i586 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-30 10:45:02 +01:00
Michael Tremer
a7e185c590 grub: Fix rootfile 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-28 09:43:48 +01:00
Arne Fitzenreiter
20c7552e0d Merge branch 'master' into next 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-04-26 19:39:55 +02:00
Michael Tremer
452d2b6eaa grub: Disable efiemu on PC builds 
This won't compile with GCC 8 and we do not need it

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-26 16:19:42 +01:00
Michael Tremer
95028c1ce2 elfutils: Update to 0.176 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-26 16:18:46 +01:00
Michael Tremer
fabe150953 core132: Ship updated suricata initscript 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-23 20:56:07 +01:00
Michael Tremer
a1cd844f71 core132: Ship updated convert-snort script 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-23 20:55:22 +01:00
Alexander Koch
6088176639 core132: Bugfix for typo in filelist 
Signed-off-by: Alexander Koch <ipfire@starkstromkonsument.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-23 20:53:36 +01:00
Michael Tremer
f27bac491a core132: Ship updated list of mime types 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-23 20:20:14 +01:00
Michael Tremer
2dd5e64592 suricata: Do not always convert rules to be bi-directional 
This creates some overhead that we do not need and rules need to
be adjusted to match any direction they are supposed to match.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-23 20:18:07 +01:00
Arne Fitzenreiter
7b0c8a80af core131: add services.cgi to update 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-04-23 19:21:30 +02:00
Michael Tremer
e967871e8f Update contributors 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-20 14:21:46 +01:00
Michael Tremer
08caa596fa core132: Ship WPAD/proxy changes 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-20 14:20:06 +01:00
Jonatan Schlag
43c3a386d1 Add new package libseccomp 
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-20 14:12:50 +01:00
Michael Tremer
75faf7ac4f core132: Ship changed suricata configuration 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-20 14:10:47 +01:00
Michael Tremer
7af7ced6fc Start Core Update 132 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-20 14:07:43 +01:00
Arne Fitzenreiter
5fa063f859 kernel: update to 4.14.112 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-04-17 22:30:19 +02:00
Arne Fitzenreiter
e91c83490b wireless-regdb: update to 2019.03.01 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-04-16 18:05:18 +02:00
Michael Tremer
e8b389e0f0 core131: Ship PTR changes in hosts.cgi 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-11 23:02:57 +01:00
Michael Tremer
32e7b93c28 udev: Rename interfaces when MACs are uppercase 
The script relied on the configuration being in lowercase.

If people manually editied their configuration file they might
not have paid attention to this and therefore this script now
also accepts uppercase MAC addresses.

Fixes: #12047
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-11 21:59:41 +01:00
Michael Tremer
2c44da1382 core131: Ship updated setup 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-11 10:29:56 +01:00
Alexander Koch
41b7369f80 zabbix_agentd: Bugfix for /etc/sudoers.d/zabbix.user 
Files containing an '~' or '.' are ignored by sudo when placed in the includedir /etc/sudoers.d This makes the file useless. The file is renamed to "zabbix" instead of "zabbix.user" to fix this.

See: https://www.sudo.ws/man/1.8.13/sudoers.man.html#Including_other_files_from_within_sudoers

Signed-off-by: Alexander Koch <ipfire@starkstromkonsument.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-11 07:55:10 +01:00
Arne Fitzenreiter
d27675b081 Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next 2019-04-11 07:31:11 +02:00
Arne Fitzenreiter
a2907cdd9f Merge remote-tracking branch 'origin/master' into next 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-04-11 07:30:26 +02:00
Michael Tremer
af9aa1556e core130: Ship updated apache 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-04-09 12:33:50 +02:00
Matthias Fischer
0971726e13 apache: Update to 2.4.39 
For details see:
http://mirror.checkdomain.de/apache//httpd/CHANGES_2.4.39

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-09 12:29:41 +02:00
Arne Fitzenreiter
6fc3f2e685 core130: insert a core update for urgent fixes. 
the bigger changes for suricata and kernel need longer time for test
so we insert a core with smaller but important fixes.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-04-09 07:31:23 +02:00
Arne Fitzenreiter
e7dafc3e3e core130: ship strongswan 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-04-09 07:30:26 +02:00
Michael Tremer
f0ce8b2c88 core130: Ship perl-Net-SSLeay 
This was still using the old version of OpenSSL.

Instead of linking the module (which we should have found earlier)
the module uses dlopen :(

Fixes: #12044
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-09 07:24:17 +02:00
Michael Tremer
49ce16f9be core130: Ship updated wget 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-09 07:21:15 +02:00
Matthias Fischer
bfd5cfa9c6 clamav: Update to 0.101.2 
For details see:
https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html

"ClamAV 0.101.2 is a patch release to address a handful of security related bugs."

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-09 07:19:34 +02:00
Michael Tremer
a485606c27 ipsec-interfaces: Apply static routes (again) after creating IPsec interfaces 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-04-09 07:18:42 +02:00
Michael Tremer
ee53381ab1 core130: Ship SSH Agent Forwarding changes 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-08 21:15:35 +01:00
Arne Fitzenreiter
4f30ce49b3 rename core130 -> core131 
we need to insert a core update to fix urgent bugs

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-04-08 21:49:20 +02:00
Arne Fitzenreiter
47204d12f1 Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-04-08 21:47:12 +02:00