This file has moved and the touch command created an empty version
of the file which caused that builds depending on that did not
complete.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This is a feature that will filter adult content from search
engine's results.
The old method of rewriting the HTTP request no longer works.
This method changes the DNS response for supported search engines
which violates our belief in DNSSEC and won't allow these search
engines to ever enable DNSSEC.
However, there is no better solution available to this and this
an optional feature, too.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
This is not working for quite some time now because all search
engines have moved over to HTTPS. Therefore we no longer can
manipulate the URL query string.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This updates the package to its latest upstream version and should
be able to support IGMPv3.
Fixes: #12074
Suggested-by: Marc Roland <marc.roland@outlook.com>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This is necessary so that we can clean up /usr/src after
each build and do not waste any space on the massive kernel
source.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
The layer7 filter header files were not installed into /usr/include
and therefore we needed to keep the whole kernel source tree.
This is just a waste of space and this patch fixes this.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This patch enables that /usr/src is a ramdisk which should
give us fewer I/O operations when extracting tarballs or
writing small intermediate files by the compiler.
In some virtualised environments this should bring a good
performance boost.
There is no persistent data stored in this directory and
some persistent directories are mounted over it.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Exporting XZ_OPT caused that every time xz was called, it automatically
enabled parallelism. The make systemm also launches multiple processes
at the same time to use more processor cores at the same time.
The combination of this causes memory exhaustion even on large systems
and has no performance gain. Therefore this is disabled by default
and only enabled where we need it which is already the case.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Fix a bug that allows users to add multiple NICs to non-bridged zones.
This fix includes a new error message.
Unused zones are now invisible instead of grey.
An authenticated Stored XSS (Cross-site Scripting) exists in the
(https://192.168.0.241:444/cgi-bin/routing.cgi) Routing Table Entries
via the "Remark" text box or "remark" parameter. This is due to a
lack of user input validation in "Remark" text box or "remark"
parameter. It allows an authenticated WebGUI user with privileges
for the affected page to execute Stored Cross-site Scripting in
the Routing Table Entries (/cgi-bin/routing.cgi), which helps
attacker to redirect the victim to a attacker's phishing page.
The Stored XSS get prompted on the victims page whenever victim
tries to access the Routing Table Entries configuraiton page.
An attacker get access to the victim's session by performing
the CSRF and gather the cookie and session id's or possibly can
change the victims configuration using this Stored XSS.
This attack can possibly spoof the victim's informations.
Fixes: #12072
Reported-by: Dharmesh Baskaran <dharmesh201093@gmail.com>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This is a bit shouty and there are various places where we do not
warn about this problem, so this patch makes it more consistent.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This patch mainly changes "Macvtap" to the branded spelling and removes
short forms as well as hyphenation in German compound nouns.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
An authenticated Stored XSS (Cross-site Scripting) exists in the
(https://localhost:444/cgi-bin/captive.cgi) Captive Portal via the
"Title of Login Page" text box or "TITLE" parameter. This is due to
a lack of user input validation in "Title of Login Page" text box
or "TITLE" parameter. It allows an authenticated WebGUI user with
privileges for the affected page to execute Stored Cross-site
Scripting in the Captive Portal page (/cgi-bin/captive.cgi), which
helps attacker to redirect the victim to a attacker's page.
The Stored XSS get prompted on the victims page whenever victim
tries to access the Captive Portal page.
An attacker get access to the victim's session by performing the
CSRF and gather the cookie and session id's or possibly can
change the victims configuration using this Stored XSS.
This attack can possibly spoof the victim's informations.
Fixes: #12071
Reported-by: Dharmesh Baskaran <dharmesh201093@gmail.com>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
IPFire has moved to suricata as IDS/IPS system, therefore all snort related
options has become obsolete.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
This patch adds a new CGI file which allows users to edit the
VLAN configuration as well as configuring zones as bridges.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This allows us to create VLAN interfaces even when the
name of the parent interface might vary.
This patch also appends the VLAN tag to interfaces
when the zone is in bridge mode.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
IPFire has moved to suricata as IDS/IPS system, therefore all snort related
options has become obsolete.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
This package failed to build on ARM because atomic functions
are being emulated on ARM32 and the required library was not
linked.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Ship the UserParameter for monitoring the status of pakfire for keeping track of available updates etc.
Signed-off-by: Alexander Koch <ipfire@starkstromkonsument.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This enables Pakfire to return a Status-Summary for the Current Core-Update-Level, time since last updates, the availability of a core-/packet-update and if a reboot is required to complete an update. This can be used by monitoring agents (e.g. zabbix_agentd) to monitor the update status of the IPFire device.
Signed-off-by: Alexander Koch <ipfire@starkstromkonsument.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
