ipfire-2.x.git
2 years agocore116: stop apache before extracting updated files v2.19-core116
Arne Fitzenreiter [Fri, 3 Nov 2017 15:40:23 +0000 (16:40 +0100)] 
core116: stop apache before extracting updated files

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2 years agocore116: replace apache restart by stop and start
Arne Fitzenreiter [Fri, 3 Nov 2017 13:28:22 +0000 (14:28 +0100)] 
core116: replace apache restart by stop and start

restart seems not work after replace apache...

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2 years agocore116: ship updated wget
Arne Fitzenreiter [Fri, 3 Nov 2017 13:22:19 +0000 (14:22 +0100)] 
core116: ship updated wget

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2 years agofinish core116
Arne Fitzenreiter [Thu, 2 Nov 2017 21:48:58 +0000 (22:48 +0100)] 
finish core116

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2 years agocore116: set need_reboot flag
Arne Fitzenreiter [Thu, 2 Nov 2017 21:47:59 +0000 (22:47 +0100)] 
core116: set need_reboot flag

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2 years agocore116: ship openssh
Arne Fitzenreiter [Thu, 2 Nov 2017 21:46:47 +0000 (22:46 +0100)] 
core116: ship openssh

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2 years agocore116: fix openssl symlink
Arne Fitzenreiter [Thu, 2 Nov 2017 21:45:25 +0000 (22:45 +0100)] 
core116: fix openssl symlink

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2 years agowget: Update file extension
Michael Tremer [Thu, 2 Nov 2017 15:37:27 +0000 (15:37 +0000)] 
wget: Update file extension

Upstream does not distribute XZ compressed tarballs any more

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoopenssl: Update to 1.0.2m
Michael Tremer [Thu, 2 Nov 2017 15:29:01 +0000 (15:29 +0000)] 
openssl: Update to 1.0.2m

* bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)
* Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735)

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agowget: Update to 1.19.2
Michael Tremer [Sun, 29 Oct 2017 18:33:03 +0000 (18:33 +0000)] 
wget: Update to 1.19.2

Fixes CVE-2017-13089

A stack-based buffer overflow when processing chunked, encoded HTTP
responses was found in wget. By tricking an unsuspecting user into
connecting to a malicious HTTP server, an attacker could exploit
this flaw to potentially execute arbitrary code.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agocore116: Ship updated apache
Michael Tremer [Sat, 28 Oct 2017 12:36:27 +0000 (13:36 +0100)] 
core116: Ship updated apache

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoUpdate to Apache 2.4.29
Wolfgang Apolinarski [Sat, 28 Oct 2017 10:52:03 +0000 (12:52 +0200)] 
Update to Apache 2.4.29

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agocore116: Ship updated proxy.cgi
Michael Tremer [Mon, 23 Oct 2017 15:29:09 +0000 (16:29 +0100)] 
core116: Ship updated proxy.cgi

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoproxy.cgi: Even more cosmetics
Matthias Fischer [Fri, 13 Oct 2017 20:29:20 +0000 (22:29 +0200)] 
proxy.cgi: Even more cosmetics

Another clickable link for 'proxy.cgi', this time for 'Cache Manager Interface' - this one opens in a new window.

And: This time - hopefully - with correct '_blank'-attribute (deleted the backslashes) - based on current 'next'.

Plus: Deleted some "blind" tabs - found by chance.

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agocore116: Ship snort
Michael Tremer [Mon, 23 Oct 2017 15:26:39 +0000 (16:26 +0100)] 
core116: Ship snort

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agosnort: Update to 2.9.11
Matthias Fischer [Fri, 13 Oct 2017 20:23:25 +0000 (22:23 +0200)] 
snort: Update to 2.9.11

For details see:

Release notes:
https://snort.org/downloads/snort/release_notes_2.9.11.txt

Changelog:
https://snort.org/downloads/snort/changelog_2.9.11.txt

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoStart Core Update 116
Michael Tremer [Mon, 23 Oct 2017 15:24:10 +0000 (16:24 +0100)] 
Start Core Update 116

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoxz: Update to 5.2.3
Matthias Fischer [Thu, 19 Oct 2017 19:16:02 +0000 (21:16 +0200)] 
xz: Update to 5.2.3

For details see:
https://git.tukaani.org/?p=xz.git;a=blob;f=NEWS;hb=HEAD

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agodrop httpscert and merge to apache initskript v2.19-core115
Arne Fitzenreiter [Sun, 22 Oct 2017 13:50:38 +0000 (15:50 +0200)] 
drop httpscert and merge to apache initskript

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2 years agocore115: Add missing parameter to actually generate new certificates
Michael Tremer [Sat, 21 Oct 2017 10:20:02 +0000 (11:20 +0100)] 
core115: Add missing parameter to actually generate new certificates

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agofinish core115
Arne Fitzenreiter [Wed, 18 Oct 2017 19:25:59 +0000 (21:25 +0200)] 
finish core115

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2 years agocore115: add extrahd.cgi to updater
Arne Fitzenreiter [Wed, 18 Oct 2017 19:24:43 +0000 (21:24 +0200)] 
core115: add extrahd.cgi to updater

this file was missing in early core114 testbuilds so ship it again.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2 years agoMerge branch 'master' into core115
Arne Fitzenreiter [Wed, 18 Oct 2017 19:20:23 +0000 (21:20 +0200)] 
Merge branch 'master' into core115

2 years agoredirect to TLS WebUI if authorisation required
Peter Müller [Tue, 17 Oct 2017 17:49:07 +0000 (19:49 +0200)] 
redirect to TLS WebUI if authorisation required

Do not allow credentials being submitted in plaintext to Apache.
Instead, redirect the user with a 301 to the TLS version of IPFire's
web interface.

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoRevert "Use best XZ compression for smaller images and packages"
Michael Tremer [Wed, 18 Oct 2017 11:35:19 +0000 (12:35 +0100)] 
Revert "Use best XZ compression for smaller images and packages"

This reverts commit 5fd54721c2275def506ac54cc2e4e810f57fa491.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoRevert "cdrom: Use -8 as compression parameter"
Michael Tremer [Wed, 18 Oct 2017 11:35:04 +0000 (12:35 +0100)] 
Revert "cdrom: Use -8 as compression parameter"

This reverts commit 77ad762c430761bbf2d4be03bf2836d99685359d.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agocdrom: Use -8 as compression parameter
Michael Tremer [Tue, 17 Oct 2017 20:16:41 +0000 (21:16 +0100)] 
cdrom: Use -8 as compression parameter

This is a better compromise on memory usage and file size

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoUse best XZ compression for smaller images and packages
Michael Tremer [Tue, 17 Oct 2017 14:23:26 +0000 (15:23 +0100)] 
Use best XZ compression for smaller images and packages

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agocdrom: Change format to XZ and compress in parallel
Michael Tremer [Tue, 17 Oct 2017 13:58:52 +0000 (14:58 +0100)] 
cdrom: Change format to XZ and compress in parallel

This allows us to use all processor cores to compress
the image faster.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agopackages: Compress in parallel
Michael Tremer [Tue, 17 Oct 2017 13:58:28 +0000 (14:58 +0100)] 
packages: Compress in parallel

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agocaptive: Fix localisations
Michael Tremer [Tue, 17 Oct 2017 13:11:14 +0000 (15:11 +0200)] 
captive: Fix localisations

Voucher was used instead of coupon in English, and Coupon
was used instead of Gutschein in German.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agocaptive: Simplify coupon time selection
Michael Tremer [Tue, 17 Oct 2017 13:05:53 +0000 (15:05 +0200)] 
captive: Simplify coupon time selection

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agocaptive: Reindent code for better readability
Michael Tremer [Tue, 17 Oct 2017 11:43:42 +0000 (12:43 +0100)] 
captive: Reindent code for better readability

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agocaptive: Localise GREEN/BLUE
Michael Tremer [Tue, 17 Oct 2017 11:41:17 +0000 (12:41 +0100)] 
captive: Localise GREEN/BLUE

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoRootfile update
Michael Tremer [Tue, 17 Oct 2017 11:29:22 +0000 (12:29 +0100)] 
Rootfile update

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agocore115: Ship logrotate
Michael Tremer [Mon, 16 Oct 2017 18:20:20 +0000 (19:20 +0100)] 
core115: Ship logrotate

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agologrotate: Update to 3.13.0
Matthias Fischer [Sat, 14 Oct 2017 09:14:17 +0000 (11:14 +0200)] 
logrotate: Update to 3.13.0

For details see:
https://github.com/logrotate/logrotate/releases

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoPDF-API2: Add optional dependencies to read TrueType fonts
Michael Tremer [Mon, 16 Oct 2017 16:43:32 +0000 (17:43 +0100)] 
PDF-API2: Add optional dependencies to read TrueType fonts

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoMake perl-PDF-API2 part of the base system
Michael Tremer [Mon, 16 Oct 2017 16:31:51 +0000 (17:31 +0100)] 
Make perl-PDF-API2 part of the base system

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoPDF-API2: Update to 2.033
Michael Tremer [Mon, 16 Oct 2017 16:28:51 +0000 (17:28 +0100)] 
PDF-API2: Update to 2.033

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agowpa_supplicant: Update to 2.6
Matthias Fischer [Fri, 22 Sep 2017 23:34:55 +0000 (01:34 +0200)] 
wpa_supplicant: Update to 2.6

For details see:
https://w1.fi/cgit/hostap/plain/wpa_supplicant/ChangeLog

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoKRACK attack: Patch wpa_supplicant & hostapd
Michael Tremer [Mon, 16 Oct 2017 14:49:35 +0000 (15:49 +0100)] 
KRACK attack: Patch wpa_supplicant & hostapd

A vulnerability was found in how a number of implementations can be
triggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by
replaying a specific frame that is used to manage the keys. Such
reinstallation of the encryption key can result in two different types
of vulnerabilities: disabling replay protection and significantly
reducing the security of encryption to the point of allowing frames to
be decrypted or some parts of the keys to be determined by an attacker
depending on which cipher is used.

This fixes: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079,
  CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086,
  CVE-2017-13087, CVE-2017-13088

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoKRACK attack: Patch wpa_supplicant & hostapd
Michael Tremer [Mon, 16 Oct 2017 14:49:35 +0000 (15:49 +0100)] 
KRACK attack: Patch wpa_supplicant & hostapd

A vulnerability was found in how a number of implementations can be
triggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by
replaying a specific frame that is used to manage the keys. Such
reinstallation of the encryption key can result in two different types
of vulnerabilities: disabling replay protection and significantly
reducing the security of encryption to the point of allowing frames to
be decrypted or some parts of the keys to be determined by an attacker
depending on which cipher is used.

This fixes: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079,
  CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086,
  CVE-2017-13087, CVE-2017-13088

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agocaptive: Allow PDF export of coupons
Michael Tremer [Mon, 16 Oct 2017 14:36:24 +0000 (16:36 +0200)] 
captive: Allow PDF export of coupons

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agocaptive: Add headline to T&C box
Michael Tremer [Mon, 16 Oct 2017 13:03:39 +0000 (15:03 +0200)] 
captive: Add headline to T&C box

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoDownload sources via HTTPS
Michael Tremer [Thu, 12 Oct 2017 14:56:34 +0000 (15:56 +0100)] 
Download sources via HTTPS

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoinstaller: Fix detection if we have the correct ISO image mounted
Michael Tremer [Thu, 12 Oct 2017 14:50:31 +0000 (15:50 +0100)] 
installer: Fix detection if we have the correct ISO image mounted

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoinstaller: Allow download of ISO images over HTTPS
Michael Tremer [Thu, 12 Oct 2017 14:32:21 +0000 (15:32 +0100)] 
installer: Allow download of ISO images over HTTPS

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoipfire-netboot: Update to v2.0
Michael Tremer [Wed, 11 Oct 2017 20:02:44 +0000 (21:02 +0100)] 
ipfire-netboot: Update to v2.0

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agounbound: Update to 1.6.7
Matthias Fischer [Wed, 11 Oct 2017 15:37:23 +0000 (17:37 +0200)] 
unbound: Update to 1.6.7

For details see:
http://www.unbound.net/download.html

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoalso force TLS when requiring user authentication in WebUI
Peter Müller [Wed, 11 Oct 2017 16:30:50 +0000 (18:30 +0200)] 
also force TLS when requiring user authentication in WebUI

Force TLS _and_ a valid login when accessing protected directories.

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agogenerate ECDSA key on existing installations
Peter Müller [Wed, 11 Oct 2017 17:46:35 +0000 (19:46 +0200)] 
generate ECDSA key on existing installations

This is required since Apache crashes if any of the key/certificate files
does not exist.

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoship changed files for Apache and ECDSA
Peter Müller [Wed, 11 Oct 2017 17:47:19 +0000 (19:47 +0200)] 
ship changed files for Apache and ECDSA

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoenable dual-stack ECDSA and RSA certificates in Apache
Peter Müller [Wed, 11 Oct 2017 17:45:19 +0000 (19:45 +0200)] 
enable dual-stack ECDSA and RSA certificates in Apache

Note: Apache crashes if any of these files does not exist. Thereof it
is necessary to generate missing keys on existing installations.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agogenerate ECDSA key on existing installations
Peter Müller [Wed, 11 Oct 2017 17:45:33 +0000 (19:45 +0200)] 
generate ECDSA key on existing installations

Generate ECDSA key (and sign it) in case it does not exist. That way,
httpscert can be ran on existing installations without breaking already
generated (RSA) keys.

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoprefer ECDSA over RSA and remove clutter
Peter Müller [Wed, 11 Oct 2017 17:24:10 +0000 (19:24 +0200)] 
prefer ECDSA over RSA and remove clutter

Priorize ECDSA before RSA and remove unused cipher suites.
Remove redundant OpenSSL directives to make SSL configuration more readable.

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoweb-user-interface: Removed 'dial.cgi' from lfs-file
Matthias Fischer [Wed, 11 Oct 2017 16:08:30 +0000 (18:08 +0200)] 
web-user-interface: Removed 'dial.cgi' from lfs-file

'dial.cgi' was removed in

https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=dc6ed83537e1bcc1347ad16bee095ef4d641bc69

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agonetboot: Update to 1.2
Michael Tremer [Wed, 11 Oct 2017 18:59:48 +0000 (19:59 +0100)] 
netboot: Update to 1.2

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agocaptive: Allow editing terms in coupon mode
Michael Tremer [Wed, 11 Oct 2017 13:52:03 +0000 (14:52 +0100)] 
captive: Allow editing terms in coupon mode

Since the terms are always shown when set, we need a way
to edit them in coupon mode as well.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agocore115: Ship updated extrahd.pl
Michael Tremer [Wed, 11 Oct 2017 11:20:44 +0000 (12:20 +0100)] 
core115: Ship updated extrahd.pl

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoRemove PRINT-line in extrahd.pl
Matthias Fischer [Tue, 3 Oct 2017 13:40:25 +0000 (15:40 +0200)] 
Remove PRINT-line in extrahd.pl

As shown in https://forum.ipfire.org/viewtopic.php?f=50&t=19563#p111055
PRINT-output somehow garbles bash-prompt.

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agocore115: Ship latest OpenVPN changes
Michael Tremer [Wed, 11 Oct 2017 10:56:07 +0000 (11:56 +0100)] 
core115: Ship latest OpenVPN changes

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoOpenVPN: Fix for '--ns-cert-type server is deprecated' .
Erik Kapfer [Fri, 6 Oct 2017 13:14:48 +0000 (15:14 +0200)] 
OpenVPN: Fix for '--ns-cert-type server is deprecated' .

- Added extended key usage based on RFC3280 TLS rules for OpenVPNs OpenSSL configuration,
so '--remote-cert-tls' can be used instead of the old and deprecated '--ns-cert-type'
if the host certificate are newely generated with this options.
Nevertheless both directives (old and new) will work also with old CAs.

- Automatic detection if the host certificate uses the new options.
If it does, '--remote-cert-tls server' will be automatically set into the client
configuration files for Net-to-Net and Roadwarriors connections.

If it does NOT, the old '--ns-cert-type server' directive will be set in the client
configuration file.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoremove unused dial.cgi directives from Apache vhosts config
Peter Müller [Tue, 10 Oct 2017 13:31:07 +0000 (15:31 +0200)] 
remove unused dial.cgi directives from Apache vhosts config

Remove configuration lines in Apache vhosts files which
are not used anymore (old dial.cgi stuff).

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agodelete unused dial.cgi file
Peter Müller [Mon, 9 Oct 2017 20:06:33 +0000 (22:06 +0200)] 
delete unused dial.cgi file

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agocore115: No need to reload apache after it has been restarted
Michael Tremer [Mon, 9 Oct 2017 13:58:41 +0000 (14:58 +0100)] 
core115: No need to reload apache after it has been restarted

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agocore115: Regenerate IPsec configuration
Michael Tremer [Mon, 9 Oct 2017 13:58:26 +0000 (14:58 +0100)] 
core115: Regenerate IPsec configuration

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoadd missing check for Curve25519 in vpnmain.cgi
Peter Müller [Sun, 8 Oct 2017 18:41:10 +0000 (20:41 +0200)] 
add missing check for Curve25519 in vpnmain.cgi

This fixes bug #11501 which causes IPsec connections to crash if
Curve25519 has been enabled.

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agocore115: Rebuild language cache during update
Michael Tremer [Mon, 9 Oct 2017 13:50:29 +0000 (14:50 +0100)] 
core115: Rebuild language cache during update

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agocore115: Ship updated apache
Michael Tremer [Mon, 9 Oct 2017 13:49:34 +0000 (14:49 +0100)] 
core115: Ship updated apache

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoapache: Update to 2.4.28
Matthias Fischer [Sun, 8 Oct 2017 14:37:21 +0000 (16:37 +0200)] 
apache: Update to 2.4.28

http://apache.mirror.digionline.de//httpd/CHANGES_2.4.28

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agocaptive: Fix saving empty terms
Michael Tremer [Mon, 9 Oct 2017 13:34:21 +0000 (14:34 +0100)] 
captive: Fix saving empty terms

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoDownload ISO images from https://downloads.ipfire.org
Michael Tremer [Fri, 6 Oct 2017 12:03:40 +0000 (13:03 +0100)] 
Download ISO images from https://downloads.ipfire.org

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoPull latest translations for installer & setup from Transifex
Michael Tremer [Fri, 6 Oct 2017 11:15:26 +0000 (12:15 +0100)] 
Pull latest translations for installer & setup from Transifex

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agocore115: Include captive portal in updater
Michael Tremer [Fri, 6 Oct 2017 10:48:49 +0000 (11:48 +0100)] 
core115: Include captive portal in updater

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agocore115: Add captive portal cron jobs to updater
Michael Tremer [Thu, 5 Oct 2017 10:38:05 +0000 (11:38 +0100)] 
core115: Add captive portal cron jobs to updater

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agocaptive portal: Correctly initialise an array for 8h timeout
Michael Tremer [Thu, 5 Oct 2017 09:42:04 +0000 (10:42 +0100)] 
captive portal: Correctly initialise an array for 8h timeout

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agocaptive portal: Reload firewall rules after cleanup
Michael Tremer [Thu, 5 Oct 2017 10:09:58 +0000 (12:09 +0200)] 
captive portal: Reload firewall rules after cleanup

This is not necessary to stop any clients from accessing the
Internet, but if we know that we don't need a line for certain
any more, we can as well remove the firewall rule straight away.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agocaptivectrl: Remove unused code
Michael Tremer [Thu, 5 Oct 2017 10:06:45 +0000 (12:06 +0200)] 
captivectrl: Remove unused code

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agocaptive portal: Don't remove unlimited access after one hour
Michael Tremer [Thu, 5 Oct 2017 10:04:29 +0000 (12:04 +0200)] 
captive portal: Don't remove unlimited access after one hour

Reported-by: Daniel Weismüller <daniel.weismueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoMerge branch 'captive-portal' into next
Michael Tremer [Wed, 4 Oct 2017 15:10:07 +0000 (16:10 +0100)] 
Merge branch 'captive-portal' into next

2 years agocaptive portal: Allow sessions to expire after 8 hours
Michael Tremer [Wed, 4 Oct 2017 13:21:12 +0000 (14:21 +0100)] 
captive portal: Allow sessions to expire after 8 hours

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agocaptive-portal: Serve Ubuntu font files locally
Michael Tremer [Wed, 4 Oct 2017 11:55:17 +0000 (12:55 +0100)] 
captive-portal: Serve Ubuntu font files locally

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoAdd Ubuntu font family package
Michael Tremer [Wed, 4 Oct 2017 11:47:28 +0000 (12:47 +0100)] 
Add Ubuntu font family package

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agocore114: Ship extrahd.cgi core114
Michael Tremer [Mon, 2 Oct 2017 18:28:59 +0000 (19:28 +0100)] 
core114: Ship extrahd.cgi

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoApache 2.4.27 breaks ExtraHD-GUI
Matthias Fischer [Sun, 1 Oct 2017 18:43:16 +0000 (20:43 +0200)] 
Apache 2.4.27 breaks ExtraHD-GUI

Opening 'extrahd.cgi' led to:
"Response header name 'scanhd idescanhd partitionsCache-control' contains
invalid characters, aborting request".

https://forum.ipfire.org/viewtopic.php?f=27&t=19550#p111030
https://forum.ipfire.org/viewtopic.php?f=50&t=19563&sid=575337ac1caf1df492fced01ca6243de#p111048
https://forum.ipfire.org/viewtopic.php?f=22&t=19563#p111052

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agocore115: Ship update for OpenVPN
Michael Tremer [Sat, 30 Sep 2017 11:34:37 +0000 (12:34 +0100)] 
core115: Ship update for OpenVPN

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoopenvpn: Update to 2.3.18
Matthias Fischer [Sat, 30 Sep 2017 05:41:56 +0000 (07:41 +0200)] 
openvpn: Update to 2.3.18

Fixes CVE-2017-12166: out of bounds write in key-method 1

For details see:

https://community.openvpn.net/openvpn/wiki/CVE-2017-12166

Changelog:
https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.18

Removed an unrecognized 'configure'-option.

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agotor: Update to 3.1.7
Matthias Fischer [Fri, 29 Sep 2017 18:42:31 +0000 (20:42 +0200)] 
tor: Update to 3.1.7

Fixes TROVE-2017-008 and CVE-2017-0380 and others....

For details see  https://gitweb.torproject.org/tor.git/plain/ReleaseNotes?id=tor-0.3.1.7
"Tor 0.3.1.7 is the first stable release in the 0.3.1 series."

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agocore115: Ship cosmetic improvements in proxy.cgi
Michael Tremer [Sun, 24 Sep 2017 19:23:06 +0000 (20:23 +0100)] 
core115: Ship cosmetic improvements in proxy.cgi

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoproxy.cgi: Some cosmetics for the absolutely lazy ones (V2)
Matthias Fischer [Wed, 20 Sep 2017 23:46:27 +0000 (01:46 +0200)] 
proxy.cgi: Some cosmetics for the absolutely lazy ones (V2)

Added clickable links for 'URL filter' and 'Update accelerator' for faster access,
this time without the need to alter the language-files.

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agostart core115
Arne Fitzenreiter [Sun, 24 Sep 2017 13:51:12 +0000 (15:51 +0200)] 
start core115

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2 years agoMerge branch 'master' into next
Arne Fitzenreiter [Sun, 24 Sep 2017 13:45:04 +0000 (15:45 +0200)] 
Merge branch 'master' into next

2 years agocore114: add php to updater v2.19-core114
Arne Fitzenreiter [Sun, 24 Sep 2017 11:35:01 +0000 (13:35 +0200)] 
core114: add php to updater

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2 years agowpa_supplicant: Update to 2.6
Matthias Fischer [Fri, 22 Sep 2017 23:34:55 +0000 (01:34 +0200)] 
wpa_supplicant: Update to 2.6

For details see:
https://w1.fi/cgit/hostap/plain/wpa_supplicant/ChangeLog

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoMerge remote-tracking branch 'origin/next'
Arne Fitzenreiter [Sat, 23 Sep 2017 08:38:18 +0000 (10:38 +0200)] 
Merge remote-tracking branch 'origin/next'

2 years agofinish core114
Arne Fitzenreiter [Sat, 23 Sep 2017 08:37:02 +0000 (10:37 +0200)] 
finish core114

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2 years agocore114: force update addons after core update
Arne Fitzenreiter [Sat, 23 Sep 2017 08:34:54 +0000 (10:34 +0200)] 
core114: force update addons after core update

apache needs new vhost configs so all addons must updated to work with new
apache.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2 years agocaptive: Update configuration for Apache 2.4
Michael Tremer [Fri, 22 Sep 2017 18:34:29 +0000 (19:34 +0100)] 
captive: Update configuration for Apache 2.4

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoRootfile update
Michael Tremer [Fri, 5 May 2017 10:48:03 +0000 (11:48 +0100)] 
Rootfile update

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>