This didn't build and run in ages and has been removed from
the repositories quite a while ago.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This package was discontinued upstream and seems to be
a bit more lively again. However, nobody of the team
wants to maintain cacti. Therefore this is being dropped
for now.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This is EOL upstream for over ten years now and therefore
we cannot continue to support this either.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Make syslogctrl.c use TCP as remote logging file if specified so.
Thanks to Michael for reviewing this.
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This would become a security risk if anyone gets
shell access as any user to copy out the HTTPS keys.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This will allow us to run multiple builds on the same
system at the same time (or at least have them on disk).
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Validate GPG keys by fingerprint and not by 8-bit key-ID.
This makes exploiting bug #11539 harder, but not impossible
and does not affect existing installations.
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
A vulnerability was found in how a number of implementations can be
triggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by
replaying a specific frame that is used to manage the keys. Such
reinstallation of the encryption key can result in two different types
of vulnerabilities: disabling replay protection and significantly
reducing the security of encryption to the point of allowing frames to
be decrypted or some parts of the keys to be determined by an attacker
depending on which cipher is used.
This fixes: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079,
CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086,
CVE-2017-13087, CVE-2017-13088
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Generate ECDSA key (and sign it) in case it does not exist. That way,
httpscert can be ran on existing installations without breaking already
generated (RSA) keys.
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This is not necessary to stop any clients from accessing the
Internet, but if we know that we don't need a line for certain
any more, we can as well remove the firewall rule straight away.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
When loading the initscript of the firewall the neccessary chains for
the captive portalneed to be created.
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
The cleanup script is called every hour and deletes expired clients from
the clients file.
every night the captivectrl warpper runs once to flush the chains and
reload rules for active clients
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
