webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 18:45:54 +02:00
Code Issues Packages Projects Releases Wiki Activity
11,119 Commits 2 Branches 1 Tag
fb76fc5144d9b072cace93c008da90aa4ccfcbfa
Commit Graph

11119 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Tremer
fb76fc5144 installer: Fix detection if we have the correct ISO image mounted 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-10-12 15:50:31 +01:00
Michael Tremer
f754146b1e installer: Allow download of ISO images over HTTPS 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-10-12 15:32:21 +01:00
Michael Tremer
7ef43add02 ipfire-netboot: Update to v2.0 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-10-11 21:03:09 +01:00
Matthias Fischer
e735d91f03 unbound: Update to 1.6.7 
For details see:
http://www.unbound.net/download.html

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-10-11 20:06:48 +01:00
Peter Müller
50846453cb also force TLS when requiring user authentication in WebUI 
Force TLS _and_ a valid login when accessing protected directories.

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-10-11 20:06:27 +01:00
Peter Müller
78fa47700d generate ECDSA key on existing installations 
This is required since Apache crashes if any of the key/certificate files
does not exist.

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-10-11 20:05:55 +01:00
Peter Müller
fbc9cfd769 ship changed files for Apache and ECDSA 
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-10-11 20:05:53 +01:00
Peter Müller
73ba228620 enable dual-stack ECDSA and RSA certificates in Apache 
Note: Apache crashes if any of these files does not exist. Thereof it
is necessary to generate missing keys on existing installations.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-10-11 20:05:37 +01:00
Peter Müller
5760f93a74 generate ECDSA key on existing installations 
Generate ECDSA key (and sign it) in case it does not exist. That way,
httpscert can be ran on existing installations without breaking already
generated (RSA) keys.

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-10-11 20:05:34 +01:00
Peter Müller
f227ae4fd2 prefer ECDSA over RSA and remove clutter 
Priorize ECDSA before RSA and remove unused cipher suites.
Remove redundant OpenSSL directives to make SSL configuration more readable.

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-10-11 20:05:16 +01:00
Matthias Fischer
5c6ae344fc web-user-interface: Removed 'dial.cgi' from lfs-file 
'dial.cgi' was removed in

https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=dc6ed83537e1bcc1347ad16bee095ef4d641bc69

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-10-11 20:01:48 +01:00
Michael Tremer
0b289b3af0 netboot: Update to 1.2 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-10-11 19:59:48 +01:00
Michael Tremer
e2bd5a6eb9 captive: Allow editing terms in coupon mode 
Since the terms are always shown when set, we need a way
to edit them in coupon mode as well.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-10-11 14:52:03 +01:00
Michael Tremer
2f27148cbb core115: Ship updated extrahd.pl 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-10-11 12:20:44 +01:00
Matthias Fischer
3c3dfd165e Remove PRINT-line in extrahd.pl 
As shown in https://forum.ipfire.org/viewtopic.php?f=50&t=19563#p111055
PRINT-output somehow garbles bash-prompt.

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-10-11 12:19:58 +01:00
Michael Tremer
ebf697a097 core115: Ship latest OpenVPN changes 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-10-11 11:56:07 +01:00
Erik Kapfer
b66b02ab73 OpenVPN: Fix for '--ns-cert-type server is deprecated' . 
- Added extended key usage based on RFC3280 TLS rules for OpenVPNs OpenSSL configuration,
so '--remote-cert-tls' can be used instead of the old and deprecated '--ns-cert-type'
if the host certificate are newely generated with this options.
Nevertheless both directives (old and new) will work also with old CAs.

- Automatic detection if the host certificate uses the new options.
If it does, '--remote-cert-tls server' will be automatically set into the client
configuration files for Net-to-Net and Roadwarriors connections.

If it does NOT, the old '--ns-cert-type server' directive will be set in the client
configuration file.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-10-11 11:55:16 +01:00
Peter Müller
b0b4d09c56 remove unused dial.cgi directives from Apache vhosts config 
Remove configuration lines in Apache vhosts files which
are not used anymore (old dial.cgi stuff).

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-10-11 11:12:00 +01:00
Peter Müller
dc6ed83537 delete unused dial.cgi file 
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-10-10 12:22:19 +01:00
Michael Tremer
436479a29f core115: No need to reload apache after it has been restarted 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-10-09 14:58:41 +01:00
Michael Tremer
c8e03c7c53 core115: Regenerate IPsec configuration 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-10-09 14:58:26 +01:00
Peter Müller
e34e72b6e1 add missing check for Curve25519 in vpnmain.cgi 
This fixes bug #11501 which causes IPsec connections to crash if
Curve25519 has been enabled.

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-10-09 14:54:37 +01:00
Michael Tremer
bfa0f1dfc0 core115: Rebuild language cache during update 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-10-09 14:50:29 +01:00
Michael Tremer
2ac90665e8 core115: Ship updated apache 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-10-09 14:49:34 +01:00
Matthias Fischer
e3fc1d0a2b apache: Update to 2.4.28 
http://apache.mirror.digionline.de//httpd/CHANGES_2.4.28

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-10-09 14:46:00 +01:00
Michael Tremer
bef7ad5bbe captive: Fix saving empty terms 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-10-09 14:34:21 +01:00
Michael Tremer
6772cc8035 Download ISO images from https://downloads.ipfire.org 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-10-06 13:03:40 +01:00
Michael Tremer
5e6fcc8844 Pull latest translations for installer & setup from Transifex 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-10-06 12:15:26 +01:00
Michael Tremer
1294c52ca5 core115: Include captive portal in updater 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-10-06 11:48:49 +01:00
Michael Tremer
112a09508e core115: Add captive portal cron jobs to updater 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-10-05 11:38:05 +01:00
Michael Tremer
bbc69f228d captive portal: Correctly initialise an array for 8h timeout 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-10-05 11:11:32 +01:00
Michael Tremer
cb40ff6027 captive portal: Reload firewall rules after cleanup 
This is not necessary to stop any clients from accessing the
Internet, but if we know that we don't need a line for certain
any more, we can as well remove the firewall rule straight away.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-10-05 12:09:58 +02:00
Michael Tremer
9c83954567 captivectrl: Remove unused code 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-10-05 12:06:45 +02:00
Michael Tremer
b1773d1a37 captive portal: Don't remove unlimited access after one hour 
Reported-by: Daniel Weismüller <daniel.weismueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-10-05 12:04:29 +02:00
Michael Tremer
027614d2dc Merge branch 'captive-portal' into next 2017-10-04 16:10:07 +01:00
Michael Tremer
0a219160ac captive portal: Allow sessions to expire after 8 hours 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-10-04 14:21:12 +01:00
Michael Tremer
1f06098ba7 captive-portal: Serve Ubuntu font files locally 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-10-04 12:55:17 +01:00
Michael Tremer
70f6cba43e Add Ubuntu font family package 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-10-04 12:47:28 +01:00
Michael Tremer
e2d934cf2b core115: Ship update for OpenVPN 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-09-30 12:34:37 +01:00
Matthias Fischer
67970637d0 openvpn: Update to 2.3.18 
Fixes CVE-2017-12166: out of bounds write in key-method 1

For details see:

https://community.openvpn.net/openvpn/wiki/CVE-2017-12166

Changelog:
https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.18

Removed an unrecognized 'configure'-option.

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-09-30 12:33:15 +01:00
Matthias Fischer
fc9a434cbc tor: Update to 3.1.7 
Fixes TROVE-2017-008 and CVE-2017-0380 and others....

For details see  https://gitweb.torproject.org/tor.git/plain/ReleaseNotes?id=tor-0.3.1.7
"Tor 0.3.1.7 is the first stable release in the 0.3.1 series."

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-09-30 12:33:11 +01:00
Michael Tremer
36f5d20ef7 core115: Ship cosmetic improvements in proxy.cgi 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-09-24 20:23:06 +01:00
Matthias Fischer
082771c1f4 proxy.cgi: Some cosmetics for the absolutely lazy ones (V2) 
Added clickable links for 'URL filter' and 'Update accelerator' for faster access,
this time without the need to alter the language-files.

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-09-24 20:22:45 +01:00
Arne Fitzenreiter
c42237247a start core115 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2017-09-24 15:51:12 +02:00
Arne Fitzenreiter
d62fd7553d Merge branch 'master' into next 2017-09-24 15:45:04 +02:00
Arne Fitzenreiter
2083519a64 core114: add php to updater 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2017-09-24 13:35:01 +02:00
Matthias Fischer
1b0ff72dad wpa_supplicant: Update to 2.6 
For details see:
https://w1.fi/cgit/hostap/plain/wpa_supplicant/ChangeLog

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-09-23 22:16:14 +01:00
Arne Fitzenreiter
3aa4579f8f Merge remote-tracking branch 'origin/next' 2017-09-23 10:38:18 +02:00
Arne Fitzenreiter
6ec860b8d2 finish core114 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2017-09-23 10:37:02 +02:00
Arne Fitzenreiter
595c6470dd core114: force update addons after core update 
apache needs new vhost configs so all addons must updated to work with new
apache.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2017-09-23 10:34:54 +02:00