webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-14 21:12:59 +02:00
Code Issues Packages Projects Releases Wiki Activity
10,978 Commits 2 Branches 1 Tag
d62fd7553da8699bd60e3decb6b646d4436d372d
Commit Graph

10978 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Arne Fitzenreiter
d62fd7553d Merge branch 'master' into next 2017-09-24 15:45:04 +02:00
Arne Fitzenreiter
2083519a64 core114: add php to updater 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2017-09-24 13:35:01 +02:00
Matthias Fischer
1b0ff72dad wpa_supplicant: Update to 2.6 
For details see:
https://w1.fi/cgit/hostap/plain/wpa_supplicant/ChangeLog

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-09-23 22:16:14 +01:00
Arne Fitzenreiter
3aa4579f8f Merge remote-tracking branch 'origin/next' 2017-09-23 10:38:18 +02:00
Arne Fitzenreiter
6ec860b8d2 finish core114 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2017-09-23 10:37:02 +02:00
Arne Fitzenreiter
595c6470dd core114: force update addons after core update 
apache needs new vhost configs so all addons must updated to work with new
apache.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2017-09-23 10:34:54 +02:00
Michael Tremer
c4791488a2 hostapd: Bump package version for updated wlanap.cgi 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-09-20 22:23:53 +01:00
Matthias Fischer
5bb906f7a9 Typo in en.pl 
Fixes typo in
http://git.ipfire.org/?p=people/mfischer/ipfire-2.x.git;a=commit;h=15f19ed85ea3e6944c5fea623eca8ef215eae39e

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-09-20 22:23:21 +01:00
Matthias Fischer
d3790c6a0b wlanap.cgi: Some cosmetics... 
- Added missing box heading ('Access Point Configuration') in 'wlanap.cgi'.
- For this to work, added missing string 'wlanap configuration' in translations.
- Changed existing translation strings in 'de.pl' and 'en.pl': 'wlanap' means 'wlan access point', so why is it called
'wlan*ap* access point'?

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-09-20 22:23:19 +01:00
Matthias Fischer
b76d0433be apache2: Import patch for CVE-2017-9798 ("optionsbleed") 
Imported from:
https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch

For details see:
https://nvd.nist.gov/vuln/detail/CVE-2017-9798

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-09-20 22:01:50 +01:00
Matthias Fischer
fdff464161 unbound: Update to 1.6.6 
For details see:
http://www.unbound.net/download.html

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-09-20 22:00:59 +01:00
Matthias Fischer
77090f6d13 tcpdump: Update to 4.9.2 
Changelog:

"Sunday September 3, 2017 denis@ovsienko.info
  Summary for 4.9.2 tcpdump release
    Do not use getprotobynumber() for protocol name resolution.  Do not do
      any protocol name resolution if -n is specified.
      Improve errors detection in the test scripts.
      Fix a segfault with OpenSSL 1.1 and improve OpenSSL usage.
      Clean up IS-IS printing.
      Fix buffer overflow vulnerabilities:
      CVE-2017-11543 (SLIP)
      CVE-2017-13011 (bittok2str_internal)
      Fix infinite loop vulnerabilities:
      CVE-2017-12989 (RESP)
      CVE-2017-12990 (ISAKMP)
      CVE-2017-12995 (DNS)
      CVE-2017-12997 (LLDP)
      Fix buffer over-read vulnerabilities:
      CVE-2017-11541 (safeputs)
      CVE-2017-11542 (PIMv1)
      CVE-2017-12893 (SMB/CIFS)
      CVE-2017-12894 (lookup_bytestring)
      CVE-2017-12895 (ICMP)
      CVE-2017-12896 (ISAKMP)
      CVE-2017-12897 (ISO CLNS)
      CVE-2017-12898 (NFS)
      CVE-2017-12899 (DECnet)
      CVE-2017-12900 (tok2strbuf)
      CVE-2017-12901 (EIGRP)
      CVE-2017-12902 (Zephyr)
      CVE-2017-12985 (IPv6)
      CVE-2017-12986 (IPv6 routing headers)
      CVE-2017-12987 (IEEE 802.11)
      CVE-2017-12988 (telnet)
      CVE-2017-12991 (BGP)
      CVE-2017-12992 (RIPng)
      CVE-2017-12993 (Juniper)
      CVE-2017-11542 (PIMv1)
      CVE-2017-11541 (safeputs)
      CVE-2017-12994 (BGP)
      CVE-2017-12996 (PIMv2)
      CVE-2017-12998 (ISO IS-IS)
      CVE-2017-12999 (ISO IS-IS)
      CVE-2017-13000 (IEEE 802.15.4)
      CVE-2017-13001 (NFS)
      CVE-2017-13002 (AODV)
      CVE-2017-13003 (LMP)
      CVE-2017-13004 (Juniper)
      CVE-2017-13005 (NFS)
      CVE-2017-13006 (L2TP)
      CVE-2017-13007 (Apple PKTAP)
      CVE-2017-13008 (IEEE 802.11)
      CVE-2017-13009 (IPv6 mobility)
      CVE-2017-13010 (BEEP)
      CVE-2017-13012 (ICMP)
      CVE-2017-13013 (ARP)
      CVE-2017-13014 (White Board)
      CVE-2017-13015 (EAP)
      CVE-2017-11543 (SLIP)
      CVE-2017-13016 (ISO ES-IS)
      CVE-2017-13017 (DHCPv6)
      CVE-2017-13018 (PGM)
      CVE-2017-13019 (PGM)
      CVE-2017-13020 (VTP)
      CVE-2017-13021 (ICMPv6)
      CVE-2017-13022 (IP)
      CVE-2017-13023 (IPv6 mobility)
      CVE-2017-13024 (IPv6 mobility)
      CVE-2017-13025 (IPv6 mobility)
      CVE-2017-13026 (ISO  IS-IS)
      CVE-2017-13027 (LLDP)
      CVE-2017-13028 (BOOTP)
      CVE-2017-13029 (PPP)
      CVE-2017-13030 (PIM)
      CVE-2017-13031 (IPv6 fragmentation header)
      CVE-2017-13032 (RADIUS)
      CVE-2017-13033 (VTP)
      CVE-2017-13034 (PGM)
      CVE-2017-13035 (ISO IS-IS)
      CVE-2017-13036 (OSPFv3)
      CVE-2017-13037 (IP)
      CVE-2017-13038 (PPP)
      CVE-2017-13039 (ISAKMP)
      CVE-2017-13040 (MPTCP)
      CVE-2017-13041 (ICMPv6)
      CVE-2017-13042 (HNCP)
      CVE-2017-13043 (BGP)
      CVE-2017-13044 (HNCP)
      CVE-2017-13045 (VQP)
      CVE-2017-13046 (BGP)
      CVE-2017-13047 (ISO ES-IS)
      CVE-2017-13048 (RSVP)
      CVE-2017-13049 (Rx)
      CVE-2017-13050 (RPKI-Router)
      CVE-2017-13051 (RSVP)
      CVE-2017-13052 (CFM)
      CVE-2017-13053 (BGP)
      CVE-2017-13054 (LLDP)
      CVE-2017-13055 (ISO IS-IS)
      CVE-2017-13687 (Cisco HDLC)
      CVE-2017-13688 (OLSR)
      CVE-2017-13689 (IKEv1)
      CVE-2017-13690 (IKEv2)
      CVE-2017-13725 (IPv6 routing headers)

Sunday July 23, 2017 denis@ovsienko.info
  Summary for 4.9.1 tcpdump release
    CVE-2017-11108/Fix bounds checking for STP.
    Make assorted documentation updates and fix a few typos in tcpdump output.
    Fixup -C for file size >2GB (GH #488).
    Show AddressSanitizer presence in version output.
    Fix a bug in test scripts (exposed in GH #613).
    On FreeBSD adjust Capsicum capabilities for netmap.
    On Linux fix a use-after-free when the requested interface does not exist."

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-09-11 21:13:44 +01:00
Michael Tremer
b9863c8845 apache2: Import patch for PR61382 
We usually do not download patches, but rather ship them with
our source.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-09-07 12:27:43 +01:00
Wolfgang Apolinarski
ab2eb13784 Fixup for apache and aprutil, do not include whole directory 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-09-07 12:21:50 +01:00
Michael Tremer
a041054941 core114: Update apache configuration of all add-ons that have one 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-09-04 13:09:43 +01:00
Michael Tremer
5f7487f676 core114: Ship updated apache2 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-09-04 13:02:43 +01:00
Michael Tremer
051884986d apache2: Download source from IPFire servers 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-09-04 12:56:42 +01:00
Wolfgang Apolinarski
d41fe99f74 Update to apache 2.4.27 
- Updated to apache 2.4
- Updated the htpasswd generation to use the more secure bcrypt algorithm

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-09-04 12:40:20 +01:00
Wolfgang Apolinarski
c8e9a7a85e apr and aprutil: Added as requirement for apache 2.4 
- APR 1.6.2 is a requirement for building apache httpd 2.4
- APR-Util 1.6.0 is a requirement for building apache httpd 2.4

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-09-04 12:37:56 +01:00
Peter Müller
0effbb3569 fix WebUI system information leak 
Disable unauthenticated access to cgi-bin/credits.cgi. The page
leaks the currently installed version of IPFire and the hardware
architecture.

Both information might make a successful attack much easier.

This issue can be reproduced by accessing https://[IPFire-IP]:444/cgi-bin/credits.cgi
and accepting a SSL certificate warning (if any).

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-09-04 12:25:23 +01:00
Peter Müller
3dcf1822e6 update german translations 
- Unify translations of various terms.
- Unify translations of week days.
- Correct some typos and grammar errors.
- Modify some phrases which were not fully translated.

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-09-04 12:25:01 +01:00
Arne Fitzenreiter
d57f8d886f strongswan: rootfile update 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2017-08-30 19:03:25 +02:00
Arne Fitzenreiter
a51ce2defa core114: add unbound initskript to updater. 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2017-08-30 19:03:15 +02:00
Arne Fitzenreiter
391e3390ef unbound: flush negative and bogus at update forwarders 
this resolves problems that negative answers from
a forwarder was still used after setting new servers.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2017-08-30 19:00:40 +02:00
Arne Fitzenreiter
68fac98a5b unbound: run time fix also after update forwarder 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2017-08-30 10:32:44 +02:00
Stephan Feddersen
fe6f676b35 WIO: fix the bugs reported in the forum 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-08-29 14:37:30 +01:00
Michael Tremer
0c55ec5a49 strongswan: Update to 5.6.0 
Fixes CVE-2017-11185:

Fixed a DoS vulnerability in the gmp plugin that was caused by insufficient input validation
when verifying RSA signatures, which requires decryption with the operation m^e mod n,
where m is the signature, and e and n are the exponent and modulus of the public key.
The value m is an integer between 0 and n-1, however, the gmp plugin did not verify this.
So if m equals n the calculation results in 0, in which case mpz_export() returns NULL.
This result wasn't handled properly causing a null-pointer dereference.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-08-23 20:03:21 +01:00
Michael Tremer
455f261b15 core114: Ship updated squid 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-08-23 11:33:41 +01:00
Matthias Fischer
c60ad61a14 squid: Update to 3.5.27 
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-08-23 11:32:33 +01:00
Michael Tremer
fa9c7bd047 core114: Ship updated gnutls 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-08-23 11:31:56 +01:00
Matthias Fischer
3fdddd37ab gnutls: Update to 3.5.15 
For details see:
https://lists.gnupg.org/pipermail/gnutls-devel/2017-August/008483.html

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-08-23 11:31:39 +01:00
Michael Tremer
38b95ad5d9 core114: Ship updated unbound 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-08-23 11:29:55 +01:00
Matthias Fischer
7fe22fdc0c unbound: Update to 1.6.5 
Changelog:

"21 Aug 2017: Wouter
	- Fix install of trust anchor when two anchors are present, makes both
	  valid.  Checks hash of DS but not signature of new key.  This fixes installs between
	  sep11 and oct11 2017."

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-08-23 11:28:43 +01:00
Michael Tremer
1d7d4460d6 core114: Ship updated hdparm 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-08-21 12:21:45 +01:00
Michael Tremer
05e7808cd6 Start Core Update 114 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-08-21 12:21:14 +01:00
Matthias Fischer
853a95b215 hdparm: Update to 9.52 
Changes from 9.50 to 9.52:
- add support for Jmicron USB-SATA bridges, courtesy Jan Friesse <jfriesse@gmail.com>.
- New --security-prompt-for-password flag for use with the various --security- actions.
- Makefile tweak from Mike Frysinger.
- fix spelling/typos in man page and "removable", courtesy of Alex Mestiashvili.
- fix spelling/typos in --sanitize-crypto-scramble, courtesy of Tom Yan.
- fix NULL password handling in --security-unlock, courtesy of Tom Yan.

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-08-21 12:15:07 +01:00
Arne Fitzenreiter
62492f4106 close core113 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2017-08-18 00:28:47 +02:00
Arne Fitzenreiter
d1043adde9 Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next 2017-08-17 15:00:38 +02:00
Arne Fitzenreiter
40c81f6929 unbound: update dns hints and keys 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2017-08-17 14:25:42 +02:00
Michael Tremer
3bee566f45 core113: Ship openvpn which has been missing in core112 updater 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-08-17 13:15:27 +01:00
Arne Fitzenreiter
16388774a4 rootfile updates: nano, misc-progs 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2017-08-17 10:18:44 +02:00
Arne Fitzenreiter
e4837ceffe core113: add strongswan-padlock to updater 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2017-08-16 20:12:45 +02:00
Michael Tremer
773caa6600 make.sh: Actually build iftop 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-08-16 13:47:33 +01:00
Michael Tremer
0e7d340f2b core113: Ship packages that have not been shipped with 112 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-08-16 11:32:43 +01:00
Michael Tremer
4d417ab022 libgcrypt: Rootfile update 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-08-15 20:23:46 +01:00
Arne Fitzenreiter
05478072cd unbound/ntp: move not working DNS fallback from ntp to unbound initskript 
the ntp initskript will only run at first connection try. If this fails
and the connection can established later DNS will not work if the clock
is too far away.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2017-08-15 20:20:16 +02:00
Arne Fitzenreiter
874eabd6f5 serial-console: remove baudrate from inittab 
new versions of agetty missinterpretes the baudrate and set it as TERM
without the parameter agetty use the previous rate that was set by the
kernel via console=XXX,Baudrate parameter.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2017-08-15 20:08:22 +02:00
Stephan Feddersen
1bee37ba2c WIO: wio.cgi edit how to get the ips for the networks 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-08-15 14:24:34 +01:00
Michael Tremer
4f4f5bbbfd logrotate: Fix source tarball checksum 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-08-15 12:02:12 +01:00
Michael Tremer
5564841b10 core113: Add latest packages 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-08-15 11:58:38 +01:00