webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-26 19:00:34 +02:00
Code Issues Packages Projects Releases Wiki Activity
14,097 Commits 2 Branches 1 Tag
c8dcd46537bebe4f59cd7c22d09c45e98bfecb1f
Commit Graph

2415 Commits

Author SHA1 Message Date
Michael Tremer
5d65813aa3 core133: Ship updated wpa_supplicant 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-06-11 07:00:38 +01:00
Peter Müller
8e101c0bda ship language files in Core Update 133 
These were missing in Core Update 132, and some strings
(especially on the "CPU vulnerabilities" page) missed translations.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-06-10 19:44:59 +01:00
Michael Tremer
c0fc25861f core133: Ship updated knot package 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-06-07 11:13:01 +01:00
Michael Tremer
e1f8f870ea core133: Ship snort configuration converter 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-06-05 12:42:53 +01:00
Michael Tremer
a40bcbb02c core133: Ship IPS changes 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-06-05 12:41:37 +01:00
Tim FitzGeorge
a5ba473c15 suricata: correct rule actions in IPS mode 
In IPS mode rule actions need to be have the action 'drop' for the
protection to work, however this is not appropriate for all rules.
Modify the generator for oinkmaster-modify-sids.conf to leave
rules with the action 'alert' here this is appropriate.  Also add
a script to be run on update to correct existing downloaded rules.

Fixes #12086

Signed-off-by: Tim FitzGeorge <ipfr@tfitzgeorge.me.uk>
Tested-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-06-05 12:39:57 +01:00
Michael Tremer
9734a58faf core133: Ship IDS ruleset updater 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-06-05 12:34:44 +01:00
Michael Tremer
dc9ac30c8d core133: Ship updated vpnmain.cgi file and regenerate configuration 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-06-05 05:08:31 +01:00
Michael Tremer
c899be2fd0 core133: Ship updated dhcp.cgi 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-06-05 00:33:36 +01:00
Michael Tremer
0bb25a4f61 SMT: Disable when system is vulnerable to L1TF (Foreshadow) 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-06-04 23:55:17 +01:00
Michael Tremer
d62925de4f core133: Ship updated PAM 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-06-04 23:32:35 +01:00
Michael Tremer
ba329dce8f core133: Ship updated rrdtool 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-06-04 23:31:51 +01:00
Michael Tremer
f748c79450 core133: Ship updated ovpnmain.cgi 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-06-02 22:49:42 +01:00
Michael Tremer
f62f432a27 openssl: Update to 1.1.1c 
Fixes CVE-2019-1543

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-29 13:51:48 +01:00
Michael Tremer
7b6d2972e3 strongswan: Update to 5.8.0 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-28 13:05:50 +01:00
Michael Tremer
992fdd3d07 core133: Ship toolchain changes 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-28 11:44:32 +01:00
Michael Tremer
fe9dbfa124 core133: Ship updated IPS ruleset sources 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-27 15:48:44 +01:00
Michael Tremer
f6104aa1e0 core133: Drop metadata for jansson package 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-27 15:42:50 +01:00
Michael Tremer
86efc510f9 core133: Ship hyperscan 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-27 15:40:31 +01:00
Arne Fitzenreiter
8a104d7f02 core133: readd late core132 changes to core133 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-05-26 17:27:16 +02:00
Michael Tremer
8feb0db430 core133: Ship updated squid 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-24 06:39:37 +01:00
Michael Tremer
53ef2a0ffe core133: Ship updated bind 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-24 06:37:21 +01:00
Michael Tremer
79967ee9c4 Start Core Update 133 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-24 06:35:46 +01:00
Arne Fitzenreiter
6d37280f3e configroot: create main/security settings file 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-05-21 15:03:21 +02:00
Michael Tremer
a087f4f586 core132: Ship vulnerabilities.cgi 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-20 21:55:55 +01:00
Michael Tremer
db3451fe72 suricata: Ship updated rule download script 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-20 19:10:15 +01:00
Michael Tremer
933bfbf305 core132: Ship updated ovpnmain.cgi file 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-20 10:52:16 +01:00
Arne Fitzenreiter
9961167a52 core132: add log.dat to updater 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-05-20 07:14:12 +02:00
Michael Tremer
f809b8d5c7 core132: Ship updated apache configuration 
A reload would be sufficient.

I could not find why apache needs to be restarted.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-17 20:30:13 +01:00
Michael Tremer
0aa21ad307 Fix version information in backupiso script 
Fixes: #12083
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-17 19:52:27 +01:00
Arne Fitzenreiter
d099196501 kernel: update to 4.14.119 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-05-16 14:26:04 +02:00
Arne Fitzenreiter
29b907c677 intel-microcode: update to 20190514 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-05-15 13:17:26 +02:00
Michael Tremer
fd4cea1e34 core132: Ship changes to unbound 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-11 04:24:29 +01:00
Michael Tremer
76630c4336 core132: Ship updated urlfilter.cgi 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-11 04:18:08 +01:00
Michael Tremer
38d19a50a0 core132: Ship updated hwdata 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-10 04:20:17 +01:00
Michael Tremer
c209eaedb9 core132: Ship updated ca-certificates 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-10 04:19:05 +01:00
Michael Tremer
88e64c23c1 routing: Fix potential authenticated XSS in input processing 
An authenticated Stored XSS (Cross-site Scripting) exists in the
(https://192.168.0.241:444/cgi-bin/routing.cgi) Routing Table Entries
via the "Remark" text box  or "remark" parameter. This is due to a
lack of user input validation in "Remark" text box  or "remark"
parameter. It allows an authenticated WebGUI user with privileges
for the affected page to execute Stored Cross-site Scripting in
the Routing Table Entries (/cgi-bin/routing.cgi), which helps
attacker to redirect the victim to a attacker's phishing page.

The Stored XSS get prompted on the victims page whenever victim
tries to access the Routing Table Entries configuraiton page.

An attacker get access to the victim's session by performing
the CSRF and gather the cookie and session id's or possibly can
change the victims configuration using this Stored XSS.

This attack can possibly spoof the victim's informations.

Fixes: #12072
Reported-by: Dharmesh Baskaran <dharmesh201093@gmail.com>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-10 09:04:54 +01:00
Michael Tremer
f0e0056eef core132: Ship updated captive.cgi 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-09 13:17:16 +01:00
Michael Tremer
939f227e0b core132: Ship VLAN GUI 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-08 12:15:27 +01:00
Michael Tremer
68f2b71778 core132: Ship updated pakfire files 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-07 23:53:43 +01:00
Michael Tremer
673db997cc core132: Ship updated libedit 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-07 23:50:26 +01:00
Michael Tremer
7f07bdb43f core132: Ship updated knot 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-07 23:49:47 +01:00
Michael Tremer
92f4652226 core132: Ship updated bind 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-07 23:48:41 +01:00
Michael Tremer
bc78976cc6 core132: Ship updated dhcpcd 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-07 23:46:36 +01:00
Michael Tremer
b38710a1cd firewall: Allow SNAT rules with RED interface 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-05-07 23:45:17 +01:00
Michael Tremer
5a4617a871 core132: Ship updated firewall rules generator 
This patch also requires a reboot after installing this update
so that the changed ruleset is being applied.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-30 10:58:31 +01:00
Michael Tremer
fabe150953 core132: Ship updated suricata initscript 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-23 20:56:07 +01:00
Michael Tremer
a1cd844f71 core132: Ship updated convert-snort script 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-23 20:55:22 +01:00
Alexander Koch
6088176639 core132: Bugfix for typo in filelist 
Signed-off-by: Alexander Koch <ipfire@starkstromkonsument.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-23 20:53:36 +01:00
Michael Tremer
f27bac491a core132: Ship updated list of mime types 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-04-23 20:20:14 +01:00