webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-26 10:52:57 +02:00
Code Issues Packages Projects Releases Wiki Activity
11,580 Commits 2 Branches 1 Tag
ef623d3e68fdf97d2f96a5b9d1c22de771e05d49
Commit Graph

3164 Commits

Author SHA1 Message Date
Erik Kapfer
adf3f4f4fe LZ4: New compression library. 
New lossless data compression algorithm.

Signed-off-by: Erik Kapfer <erik.kapfer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-01-23 13:20:58 +00:00
Matthias Fischer
eb03c511fd squid 3.5.27: Patch for SA 2018:2 
As announced, here is the second patch for 'squid 3.5.27'.

For details about this and the previous patch (2018_1) regarding "ESI Response
processing" and "HTTP message processing", see:

http://squid-web-proxy-cache.1019090.n4.nabble.com/squid-announce-ADVISORY-SQUID-2018-1-Denial-of-Service-issue-in-ESI-Response-processing-tp4684618.html

http://squid-web-proxy-cache.1019090.n4.nabble.com/squid-announce-ADVISORY-SQUID-2018-2-Denial-of-Service-issue-in-HTTP-Message-processing-td4684617.html

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-01-23 13:08:19 +00:00
Matthias Fischer
101765c0fd squid 3.5.27: Patch for SA 2018:1 
http://www.squid-cache.org/Versions/v3/3.5/changesets/

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-01-23 13:07:43 +00:00
Michael Tremer
1e7b718cd4 syslogdctrl: Fix compiler error and SEGV 
Fixes #11574

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-01-20 14:51:40 +00:00
Michael Tremer
07e63f6d2a Revert "misc-progs: syslogdctrl: Fix data type of protocol variable" 
This reverts commit b269686f88.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-01-20 14:45:10 +00:00
Jonatan Schlag
2da45fe0e1 dmidecode: update to version 3.1 
The removed patches are included in this version so there is no need
that we apply them.

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-01-20 14:33:52 +00:00
Jonatan Schlag
d404b1dba2 Add Intel microcode updates from Jan 2018 
Add intel microcode to the distribution and configure dracut in a way
that the microcode is loaded early in the boot process.

Fixes #11590

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Acknowledged-by: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-01-14 15:25:08 +00:00
Michael Tremer
ddcd60f7dc mdns-repeater: New package 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-01-09 14:14:37 +00:00
Michael Tremer
333915f5cf Drop owncloud 
We are going to remove PHP and owncloud requires it

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-01-05 13:28:59 +00:00
Michael Tremer
fbcb5b749a Drop mediatomb 
This didn't build and run in ages and has been removed from
the repositories quite a while ago.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-01-05 13:26:33 +00:00
Michael Tremer
a412f472d9 Drop tunctl 
We don't use this at all

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-12-16 12:39:31 +00:00
Michael Tremer
d7dde64550 Drop phpSANE 
The upstream project is dead.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-12-16 12:38:01 +00:00
Michael Tremer
b2d4fa028f Drop cacti 
This package was discontinued upstream and seems to be
a bit more lively again. However, nobody of the team
wants to maintain cacti. Therefore this is being dropped
for now.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-12-16 12:35:12 +00:00
Michael Tremer
f3ddea42c6 Drop openmailadmin package 
This is EOL upstream for over ten years now and therefore
we cannot continue to support this either.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-12-16 12:33:05 +00:00
Michael Tremer
4d86ce7021 Drop nagios 
This is no longer maintained and icinga is available.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-12-16 12:31:47 +00:00
Michael Tremer
f451d465fb Drop nagiosql 
This is no longer maintained any more and therefore being dropped

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-12-14 17:48:24 +00:00
Michael Tremer
ba03193ba7 fireinfo: Update to 2.1.12 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-12-14 17:44:20 +00:00
Michael Tremer
396ff12342 pakfire: Properly check if we have our key with our fingerprint 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-12-12 19:40:01 +00:00
Michael Tremer
73b2988ae4 pakfire: Drop importing CACert's PGP key 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-12-12 19:28:16 +00:00
Matthias Fischer
db9f57143f pakfire - 'functions.pl': fixed typo 
Just read this typo in a forum posting. Couldn't resist...

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-12-05 17:03:36 +00:00
Michael Tremer
b269686f88 misc-progs: syslogdctrl: Fix data type of protocol variable 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-11-30 14:36:28 +00:00
Peter Müller
cbd1f0e719 allow remote syslog via TCP in syslogdctrl.c 
Make syslogctrl.c use TCP as remote logging file if specified so.

Thanks to Michael for reviewing this.

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-11-28 17:45:52 +00:00
Michael Tremer
56720befc7 Drop vsftpd which isn't actively maintained any more 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-11-28 17:30:08 +00:00
Michael Tremer
d38edcf8b4 pound: Drop package which isn't very actively maintained any more 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-11-28 17:29:55 +00:00
Michael Tremer
11e900e0b4 apache: Wait until apache has stopped when we want to stop it 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-11-28 14:14:16 +00:00
Michael Tremer
d409286074 apache: Ensure that not everyone can read the keys 
This would become a security risk if anyone gets
shell access as any user to copy out the HTTPS keys.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-11-28 14:11:49 +00:00
Arne Fitzenreiter
0476a6570d samba: import security updates from redhead 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2017-11-27 18:20:59 +01:00
Michael Tremer
6c4cc7ea1b Move toolchain from /tools to /tools_${arch} 
This will allow us to run multiple builds on the same
system at the same time (or at least have them on disk).

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-11-23 15:57:28 +00:00
Peter Müller
bb6481a820 validate GPG keys by fingerprint 
Validate GPG keys by fingerprint and not by 8-bit key-ID.

This makes exploiting bug #11539 harder, but not impossible
and does not affect existing installations.

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-11-13 22:41:21 +00:00
Michael Tremer
9bb4055367 captive portal: Require authorization before redirecting to proxy 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-11-11 12:48:54 +00:00
Michael Tremer
682a6b2dc8 unbound: Silence error when upstream name servers cannot be read 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-11-07 16:02:28 +01:00
Arne Fitzenreiter
9064ba72fe drop httpscert and merge to apache initskript 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2017-10-22 15:50:38 +02:00
Michael Tremer
c061d66fca cdrom: Change format to XZ and compress in parallel 
This allows us to use all processor cores to compress
the image faster.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-10-17 14:58:52 +01:00
Michael Tremer
d7d5774529 KRACK attack: Patch wpa_supplicant & hostapd 
A vulnerability was found in how a number of implementations can be
triggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by
replaying a specific frame that is used to manage the keys. Such
reinstallation of the encryption key can result in two different types
of vulnerabilities: disabling replay protection and significantly
reducing the security of encryption to the point of allowing frames to
be decrypted or some parts of the keys to be determined by an attacker
depending on which cipher is used.

This fixes: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079,
  CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086,
  CVE-2017-13087, CVE-2017-13088

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-10-16 15:49:35 +01:00
Michael Tremer
fb76fc5144 installer: Fix detection if we have the correct ISO image mounted 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-10-12 15:50:31 +01:00
Michael Tremer
f754146b1e installer: Allow download of ISO images over HTTPS 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-10-12 15:32:21 +01:00
Peter Müller
5760f93a74 generate ECDSA key on existing installations 
Generate ECDSA key (and sign it) in case it does not exist. That way,
httpscert can be ran on existing installations without breaking already
generated (RSA) keys.

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-10-11 20:05:34 +01:00
Matthias Fischer
e3fc1d0a2b apache: Update to 2.4.28 
http://apache.mirror.digionline.de//httpd/CHANGES_2.4.28

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-10-09 14:46:00 +01:00
Michael Tremer
6772cc8035 Download ISO images from https://downloads.ipfire.org 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-10-06 13:03:40 +01:00
Michael Tremer
5e6fcc8844 Pull latest translations for installer & setup from Transifex 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-10-06 12:15:26 +01:00
Michael Tremer
cb40ff6027 captive portal: Reload firewall rules after cleanup 
This is not necessary to stop any clients from accessing the
Internet, but if we know that we don't need a line for certain
any more, we can as well remove the firewall rule straight away.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-10-05 12:09:58 +02:00
Michael Tremer
9c83954567 captivectrl: Remove unused code 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-10-05 12:06:45 +02:00
Michael Tremer
b1773d1a37 captive portal: Don't remove unlimited access after one hour 
Reported-by: Daniel Weismüller <daniel.weismueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-10-05 12:04:29 +02:00
Michael Tremer
027614d2dc Merge branch 'captive-portal' into next 2017-10-04 16:10:07 +01:00
Arne Fitzenreiter
3aa4579f8f Merge remote-tracking branch 'origin/next' 2017-09-23 10:38:18 +02:00
Michael Tremer
5511fa319a captive: Fix another typo in captivectrl 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-09-22 19:00:04 +01:00
Michael Tremer
abc41f02dd captive: Do not generally allow access to TCP/1013 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-09-22 18:54:45 +01:00
Michael Tremer
fb1d26d1bc captivectrl: Add protection against DNS tunnels 
Limit the amount of DNS traffic for each client that
has not registered, yet.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-09-22 18:54:45 +01:00
Michael Tremer
76ece32362 captivectrl: Skip all lines that start with # 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-09-22 18:54:45 +01:00
Alexander Marx
07d56062a9 Captive-Portal: fix cleanup script 
The cleanup-script did not write back the hash after the expired voucher
was delted

Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
 2017-09-22 18:54:45 +01:00