webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-14 13:02:58 +02:00
Code Issues Packages Projects Releases Wiki Activity
11,119 Commits 2 Branches 1 Tag
fb76fc5144d9b072cace93c008da90aa4ccfcbfa
Commit Graph

4881 Commits

Author SHA1 Message Date
Michael Tremer
fb76fc5144 installer: Fix detection if we have the correct ISO image mounted 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-10-12 15:50:31 +01:00
Michael Tremer
7ef43add02 ipfire-netboot: Update to v2.0 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-10-11 21:03:09 +01:00
Matthias Fischer
e735d91f03 unbound: Update to 1.6.7 
For details see:
http://www.unbound.net/download.html

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-10-11 20:06:48 +01:00
Matthias Fischer
5c6ae344fc web-user-interface: Removed 'dial.cgi' from lfs-file 
'dial.cgi' was removed in

https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=dc6ed83537e1bcc1347ad16bee095ef4d641bc69

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-10-11 20:01:48 +01:00
Michael Tremer
0b289b3af0 netboot: Update to 1.2 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-10-11 19:59:48 +01:00
Matthias Fischer
e3fc1d0a2b apache: Update to 2.4.28 
http://apache.mirror.digionline.de//httpd/CHANGES_2.4.28

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-10-09 14:46:00 +01:00
Michael Tremer
027614d2dc Merge branch 'captive-portal' into next 2017-10-04 16:10:07 +01:00
Michael Tremer
1f06098ba7 captive-portal: Serve Ubuntu font files locally 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-10-04 12:55:17 +01:00
Michael Tremer
70f6cba43e Add Ubuntu font family package 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-10-04 12:47:28 +01:00
Matthias Fischer
67970637d0 openvpn: Update to 2.3.18 
Fixes CVE-2017-12166: out of bounds write in key-method 1

For details see:

https://community.openvpn.net/openvpn/wiki/CVE-2017-12166

Changelog:
https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.18

Removed an unrecognized 'configure'-option.

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-09-30 12:33:15 +01:00
Matthias Fischer
fc9a434cbc tor: Update to 3.1.7 
Fixes TROVE-2017-008 and CVE-2017-0380 and others....

For details see  https://gitweb.torproject.org/tor.git/plain/ReleaseNotes?id=tor-0.3.1.7
"Tor 0.3.1.7 is the first stable release in the 0.3.1 series."

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-09-30 12:33:11 +01:00
Arne Fitzenreiter
d62fd7553d Merge branch 'master' into next 2017-09-24 15:45:04 +02:00
Matthias Fischer
1b0ff72dad wpa_supplicant: Update to 2.6 
For details see:
https://w1.fi/cgit/hostap/plain/wpa_supplicant/ChangeLog

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-09-23 22:16:14 +01:00
Arne Fitzenreiter
3aa4579f8f Merge remote-tracking branch 'origin/next' 2017-09-23 10:38:18 +02:00
Michael Tremer
445b43f877 captive: Fix directory permissions 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-09-22 19:00:04 +01:00
Michael Tremer
c91899797b captive: Logo directory no longer exists 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-09-22 19:00:04 +01:00
Michael Tremer
22ce4c3ad6 apache2: Create captive portal logging directory 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-09-22 19:00:04 +01:00
Michael Tremer
6033b27103 Actually build bootstrap 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-09-22 19:00:04 +01:00
Michael Tremer
02de682e21 captive: Link .map files as well 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-09-22 18:56:04 +01:00
Michael Tremer
733de0e4a0 bootstrap: Install map files, too 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-09-22 18:56:04 +01:00
Michael Tremer
48fb1d3b69 captive: Import new design 
This is the new design of the access page of the captive
portal. It is based on the Bootstrap 4 grid system and
reboot but does not use anything else from it.

It is responsive and customisable.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-09-22 18:54:45 +01:00
Michael Tremer
050ce75678 bootstrap: New package 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-09-22 18:54:45 +01:00
Michael Tremer
0a02d9bb0c captive-portal: Move CGI files to CGI directory 
Previously the assets directory has ExecCGI privileges
which is not at all required and potentially dangerous.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-09-22 18:54:45 +01:00
Michael Tremer
43834c4969 captive: Only make CGI script executable in document root 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-09-22 18:54:45 +01:00
Michael Tremer
a79b220c5a captive: Log into default apache log files 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-09-22 18:54:45 +01:00
Alexander Marx
6820454e54 Captive-Portal: Fix folder permissions 
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
 2017-09-22 18:54:45 +01:00
Alexander Marx
83ba0896f6 Captive-portal: Add directory for logo upload 
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
 2017-09-22 18:54:45 +01:00
Alexander Marx
e14adf759a Captive-Portal: SHow always licencebox in config 
Also fix index.cgi to show individual title

Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
 2017-09-22 18:54:03 +01:00
Alexander Marx
c7e78cc62e Captive-Portal: several design changes 
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
 2017-09-22 18:54:03 +01:00
Alexander Marx
1fc9a43056 Captive-Portal: create dir for cative logfiles 
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
 2017-09-22 18:54:03 +01:00
Alexander Marx
5ca163cd82 Captive-Portal: add captive dirs and files to configroot 
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
 2017-09-22 18:54:03 +01:00
Alexander Marx
4d9002279f Captive-Portal: add crontab and cleanup scripts 
The cleanup script is called every hour and deletes expired clients from
the clients file.
every night the captivectrl warpper runs once to flush the chains and
reload rules for active clients

Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
 2017-09-22 18:54:03 +01:00
Michael Tremer
c4791488a2 hostapd: Bump package version for updated wlanap.cgi 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-09-20 22:23:53 +01:00
Matthias Fischer
b76d0433be apache2: Import patch for CVE-2017-9798 ("optionsbleed") 
Imported from:
https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch

For details see:
https://nvd.nist.gov/vuln/detail/CVE-2017-9798

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-09-20 22:01:50 +01:00
Matthias Fischer
fdff464161 unbound: Update to 1.6.6 
For details see:
http://www.unbound.net/download.html

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-09-20 22:00:59 +01:00
Matthias Fischer
77090f6d13 tcpdump: Update to 4.9.2 
Changelog:

"Sunday September 3, 2017 denis@ovsienko.info
  Summary for 4.9.2 tcpdump release
    Do not use getprotobynumber() for protocol name resolution.  Do not do
      any protocol name resolution if -n is specified.
      Improve errors detection in the test scripts.
      Fix a segfault with OpenSSL 1.1 and improve OpenSSL usage.
      Clean up IS-IS printing.
      Fix buffer overflow vulnerabilities:
      CVE-2017-11543 (SLIP)
      CVE-2017-13011 (bittok2str_internal)
      Fix infinite loop vulnerabilities:
      CVE-2017-12989 (RESP)
      CVE-2017-12990 (ISAKMP)
      CVE-2017-12995 (DNS)
      CVE-2017-12997 (LLDP)
      Fix buffer over-read vulnerabilities:
      CVE-2017-11541 (safeputs)
      CVE-2017-11542 (PIMv1)
      CVE-2017-12893 (SMB/CIFS)
      CVE-2017-12894 (lookup_bytestring)
      CVE-2017-12895 (ICMP)
      CVE-2017-12896 (ISAKMP)
      CVE-2017-12897 (ISO CLNS)
      CVE-2017-12898 (NFS)
      CVE-2017-12899 (DECnet)
      CVE-2017-12900 (tok2strbuf)
      CVE-2017-12901 (EIGRP)
      CVE-2017-12902 (Zephyr)
      CVE-2017-12985 (IPv6)
      CVE-2017-12986 (IPv6 routing headers)
      CVE-2017-12987 (IEEE 802.11)
      CVE-2017-12988 (telnet)
      CVE-2017-12991 (BGP)
      CVE-2017-12992 (RIPng)
      CVE-2017-12993 (Juniper)
      CVE-2017-11542 (PIMv1)
      CVE-2017-11541 (safeputs)
      CVE-2017-12994 (BGP)
      CVE-2017-12996 (PIMv2)
      CVE-2017-12998 (ISO IS-IS)
      CVE-2017-12999 (ISO IS-IS)
      CVE-2017-13000 (IEEE 802.15.4)
      CVE-2017-13001 (NFS)
      CVE-2017-13002 (AODV)
      CVE-2017-13003 (LMP)
      CVE-2017-13004 (Juniper)
      CVE-2017-13005 (NFS)
      CVE-2017-13006 (L2TP)
      CVE-2017-13007 (Apple PKTAP)
      CVE-2017-13008 (IEEE 802.11)
      CVE-2017-13009 (IPv6 mobility)
      CVE-2017-13010 (BEEP)
      CVE-2017-13012 (ICMP)
      CVE-2017-13013 (ARP)
      CVE-2017-13014 (White Board)
      CVE-2017-13015 (EAP)
      CVE-2017-11543 (SLIP)
      CVE-2017-13016 (ISO ES-IS)
      CVE-2017-13017 (DHCPv6)
      CVE-2017-13018 (PGM)
      CVE-2017-13019 (PGM)
      CVE-2017-13020 (VTP)
      CVE-2017-13021 (ICMPv6)
      CVE-2017-13022 (IP)
      CVE-2017-13023 (IPv6 mobility)
      CVE-2017-13024 (IPv6 mobility)
      CVE-2017-13025 (IPv6 mobility)
      CVE-2017-13026 (ISO  IS-IS)
      CVE-2017-13027 (LLDP)
      CVE-2017-13028 (BOOTP)
      CVE-2017-13029 (PPP)
      CVE-2017-13030 (PIM)
      CVE-2017-13031 (IPv6 fragmentation header)
      CVE-2017-13032 (RADIUS)
      CVE-2017-13033 (VTP)
      CVE-2017-13034 (PGM)
      CVE-2017-13035 (ISO IS-IS)
      CVE-2017-13036 (OSPFv3)
      CVE-2017-13037 (IP)
      CVE-2017-13038 (PPP)
      CVE-2017-13039 (ISAKMP)
      CVE-2017-13040 (MPTCP)
      CVE-2017-13041 (ICMPv6)
      CVE-2017-13042 (HNCP)
      CVE-2017-13043 (BGP)
      CVE-2017-13044 (HNCP)
      CVE-2017-13045 (VQP)
      CVE-2017-13046 (BGP)
      CVE-2017-13047 (ISO ES-IS)
      CVE-2017-13048 (RSVP)
      CVE-2017-13049 (Rx)
      CVE-2017-13050 (RPKI-Router)
      CVE-2017-13051 (RSVP)
      CVE-2017-13052 (CFM)
      CVE-2017-13053 (BGP)
      CVE-2017-13054 (LLDP)
      CVE-2017-13055 (ISO IS-IS)
      CVE-2017-13687 (Cisco HDLC)
      CVE-2017-13688 (OLSR)
      CVE-2017-13689 (IKEv1)
      CVE-2017-13690 (IKEv2)
      CVE-2017-13725 (IPv6 routing headers)

Sunday July 23, 2017 denis@ovsienko.info
  Summary for 4.9.1 tcpdump release
    CVE-2017-11108/Fix bounds checking for STP.
    Make assorted documentation updates and fix a few typos in tcpdump output.
    Fixup -C for file size >2GB (GH #488).
    Show AddressSanitizer presence in version output.
    Fix a bug in test scripts (exposed in GH #613).
    On FreeBSD adjust Capsicum capabilities for netmap.
    On Linux fix a use-after-free when the requested interface does not exist."

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-09-11 21:13:44 +01:00
Michael Tremer
b9863c8845 apache2: Import patch for PR61382 
We usually do not download patches, but rather ship them with
our source.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-09-07 12:27:43 +01:00
Michael Tremer
a041054941 core114: Update apache configuration of all add-ons that have one 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-09-04 13:09:43 +01:00
Michael Tremer
051884986d apache2: Download source from IPFire servers 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-09-04 12:56:42 +01:00
Wolfgang Apolinarski
d41fe99f74 Update to apache 2.4.27 
- Updated to apache 2.4
- Updated the htpasswd generation to use the more secure bcrypt algorithm

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-09-04 12:40:20 +01:00
Wolfgang Apolinarski
c8e9a7a85e apr and aprutil: Added as requirement for apache 2.4 
- APR 1.6.2 is a requirement for building apache httpd 2.4
- APR-Util 1.6.0 is a requirement for building apache httpd 2.4

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-09-04 12:37:56 +01:00
Stephan Feddersen
fe6f676b35 WIO: fix the bugs reported in the forum 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-08-29 14:37:30 +01:00
Michael Tremer
0c55ec5a49 strongswan: Update to 5.6.0 
Fixes CVE-2017-11185:

Fixed a DoS vulnerability in the gmp plugin that was caused by insufficient input validation
when verifying RSA signatures, which requires decryption with the operation m^e mod n,
where m is the signature, and e and n are the exponent and modulus of the public key.
The value m is an integer between 0 and n-1, however, the gmp plugin did not verify this.
So if m equals n the calculation results in 0, in which case mpz_export() returns NULL.
This result wasn't handled properly causing a null-pointer dereference.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-08-23 20:03:21 +01:00
Matthias Fischer
c60ad61a14 squid: Update to 3.5.27 
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-08-23 11:32:33 +01:00
Matthias Fischer
3fdddd37ab gnutls: Update to 3.5.15 
For details see:
https://lists.gnupg.org/pipermail/gnutls-devel/2017-August/008483.html

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-08-23 11:31:39 +01:00
Matthias Fischer
7fe22fdc0c unbound: Update to 1.6.5 
Changelog:

"21 Aug 2017: Wouter
	- Fix install of trust anchor when two anchors are present, makes both
	  valid.  Checks hash of DS but not signature of new key.  This fixes installs between
	  sep11 and oct11 2017."

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-08-23 11:28:43 +01:00
Matthias Fischer
853a95b215 hdparm: Update to 9.52 
Changes from 9.50 to 9.52:
- add support for Jmicron USB-SATA bridges, courtesy Jan Friesse <jfriesse@gmail.com>.
- New --security-prompt-for-password flag for use with the various --security- actions.
- Makefile tweak from Mike Frysinger.
- fix spelling/typos in man page and "removable", courtesy of Alex Mestiashvili.
- fix spelling/typos in --sanitize-crypto-scramble, courtesy of Tom Yan.
- fix NULL password handling in --security-unlock, courtesy of Tom Yan.

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-08-21 12:15:07 +01:00
Stephan Feddersen
1bee37ba2c WIO: wio.cgi edit how to get the ips for the networks 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-08-15 14:24:34 +01:00
Michael Tremer
4f4f5bbbfd logrotate: Fix source tarball checksum 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-08-15 12:02:12 +01:00
Erik Kapfer
a3fe88a540 iftop: This is an Update release to ver. 1.0pre4 
Signed-off-by: Erik Kapfer <erik.kapfer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-08-15 11:55:31 +01:00