This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via cf361ef4b55134254150b5070069f9d25b201bd1 (commit) via fb1eb40f9b84c190c62dec16897fefb552b4f50e (commit) via fcd8ab4c236d434e655866c3aa3cf90c8eefc110 (commit) via 6c6c1e3f043b7c4e99fabb6e92fce226089392af (commit) via bee416e2829a5063819ee97f299482e4f894e9e5 (commit) via a10e6aaefe6cf2127b8b9f51ff45fef175f53e2c (commit) via de5862aaab0e73bffe32162de760b0f000d07d8f (commit) via d5f061e9e7401c2f88483a7bbc48344a412fef3b (commit) from 348ba8e2c54db7608ca9c2584c4c14b3466e6fbb (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit cf361ef4b55134254150b5070069f9d25b201bd1 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Oct 18 21:25:59 2017 +0200
finish core115
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit fb1eb40f9b84c190c62dec16897fefb552b4f50e Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Oct 18 21:24:43 2017 +0200
core115: add extrahd.cgi to updater
this file was missing in early core114 testbuilds so ship it again.
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit fcd8ab4c236d434e655866c3aa3cf90c8eefc110 Merge: 6c6c1e3 bee416e Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Oct 18 21:20:23 2017 +0200
Merge branch 'master' into core115
commit 6c6c1e3f043b7c4e99fabb6e92fce226089392af Author: Peter Müller peter.mueller@link38.eu Date: Tue Oct 17 19:49:07 2017 +0200
redirect to TLS WebUI if authorisation required
Do not allow credentials being submitted in plaintext to Apache. Instead, redirect the user with a 301 to the TLS version of IPFire's web interface.
Signed-off-by: Peter Müller peter.mueller@link38.eu Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit bee416e2829a5063819ee97f299482e4f894e9e5 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Sat Sep 23 01:34:55 2017 +0200
wpa_supplicant: Update to 2.6
For details see: https://w1.fi/cgit/hostap/plain/wpa_supplicant/ChangeLog
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit a10e6aaefe6cf2127b8b9f51ff45fef175f53e2c Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Oct 16 15:49:35 2017 +0100
KRACK attack: Patch wpa_supplicant & hostapd
A vulnerability was found in how a number of implementations can be triggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by replaying a specific frame that is used to manage the keys. Such reinstallation of the encryption key can result in two different types of vulnerabilities: disabling replay protection and significantly reducing the security of encryption to the point of allowing frames to be decrypted or some parts of the keys to be determined by an attacker depending on which cipher is used.
This fixes: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
-----------------------------------------------------------------------
Summary of changes: config/extrahd/extrahd.pl | 2 +- config/httpd/vhosts.d/ipfire-interface.conf | 24 ++++++++---------------- config/rootfiles/core/115/filelists/files | 1 + config/rootfiles/oldcore/114/filelists/files | 1 + html/cgi-bin/extrahd.cgi | 9 +++++++-- make.sh | 2 +- 6 files changed, 19 insertions(+), 20 deletions(-)
Difference in files: diff --git a/config/extrahd/extrahd.pl b/config/extrahd/extrahd.pl index 6c3c99c..3b57e92 100644 --- a/config/extrahd/extrahd.pl +++ b/config/extrahd/extrahd.pl @@ -75,7 +75,7 @@ if ( "$ARGV[0]" eq "mount" ) { if ( ! `/bin/mount | /bin/fgrep $ARGV[1]` ) { system("/bin/cp -f /etc/fstab $fstab"); system("/bin/fgrep -v $ARGV[1] <$fstab >/etc/fstab"); - print "Succesfully umounted $ARGV[1].\n"; + print "Successfully umounted $ARGV[1].\n"; exit(0); } else { print "Can't umount $ARGV[1].\n"; diff --git a/config/httpd/vhosts.d/ipfire-interface.conf b/config/httpd/vhosts.d/ipfire-interface.conf index 27fd25a..be15cd0 100644 --- a/config/httpd/vhosts.d/ipfire-interface.conf +++ b/config/httpd/vhosts.d/ipfire-interface.conf @@ -12,25 +12,17 @@ Require all granted </Directory> <DirectoryMatch "/srv/web/ipfire/html/(graphs|sgraph)"> - AuthName "IPFire - Restricted" - AuthType Basic - AuthUserFile /var/ipfire/auth/users - Require user admin + Options SymLinksIfOwnerMatch + RewriteEngine on + RewriteCond %{HTTPS} off + RewriteRule (.*) https://%%7BSERVER_NAME%7D:444/$1 [R=301,L] </DirectoryMatch> ScriptAlias /cgi-bin/ /srv/web/ipfire/cgi-bin/ <Directory /srv/web/ipfire/cgi-bin> - AllowOverride None - Options None - AuthName "IPFire - Restricted" - AuthType Basic - AuthUserFile /var/ipfire/auth/users - Require user admin - <Files chpasswd.cgi> - Require all granted - </Files> - <Files webaccess.cgi> - Require all granted - </Files> + Options SymLinksIfOwnerMatch + RewriteEngine on + RewriteCond %{HTTPS} off + RewriteRule (.*) https://%%7BSERVER_NAME%7D:444/$1 [R=301,L] </Directory> Alias /updatecache/ /var/updatecache/ <Directory /var/updatecache> diff --git a/config/rootfiles/core/115/filelists/files b/config/rootfiles/core/115/filelists/files index 4cf39b0..72c5e5f 100644 --- a/config/rootfiles/core/115/filelists/files +++ b/config/rootfiles/core/115/filelists/files @@ -8,6 +8,7 @@ srv/web/ipfire/cgi-bin/captive/index.cgi srv/web/ipfire/cgi-bin/captive/logo.cgi srv/web/ipfire/cgi-bin/captive/redirect.cgi srv/web/ipfire/cgi-bin/captive.cgi +srv/web/ipfire/cgi-bin/extrahd.cgi srv/web/ipfire/cgi-bin/ovpnmain.cgi srv/web/ipfire/cgi-bin/proxy.cgi srv/web/ipfire/cgi-bin/vpnmain.cgi diff --git a/config/rootfiles/oldcore/114/filelists/files b/config/rootfiles/oldcore/114/filelists/files index ca8087f..3d0cd04 100644 --- a/config/rootfiles/oldcore/114/filelists/files +++ b/config/rootfiles/oldcore/114/filelists/files @@ -1,4 +1,5 @@ etc/system-release etc/issue etc/rc.d/init.d/unbound +srv/web/ipfire/cgi-bin/extrahd.cgi var/ipfire/langs diff --git a/html/cgi-bin/extrahd.cgi b/html/cgi-bin/extrahd.cgi index 5a6fbce..da1efb2 100644 --- a/html/cgi-bin/extrahd.cgi +++ b/html/cgi-bin/extrahd.cgi @@ -48,8 +48,13 @@ my $partitionentry = ""; my $devicefile = "/var/ipfire/extrahd/devices"; my $scanfile = "/var/ipfire/extrahd/scan"; my $partitionsfile = "/var/ipfire/extrahd/partitions"; -system("/usr/local/bin/extrahdctrl scanhd ide"); -system("/usr/local/bin/extrahdctrl scanhd partitions"); + +#workaround to suppress a warning when a variable is used only once +my @dummy = ( ${Header::colourgreen}, ${Header::colourred} ); +undef (@dummy); + +system("/usr/local/bin/extrahdctrl scanhd ide >/dev/null"); +system("/usr/local/bin/extrahdctrl scanhd partitions >/dev/null");
&Header::showhttpheaders();
diff --git a/make.sh b/make.sh index 5843527..f4a651a 100755 --- a/make.sh +++ b/make.sh @@ -26,7 +26,7 @@ NAME="IPFire" # Software name SNAME="ipfire" # Short name VERSION="2.19" # Version number CORE="115" # Core Level (Filename) -PAKFIRE_CORE="114" # Core Level (PAKFIRE) +PAKFIRE_CORE="115" # Core Level (PAKFIRE) GIT_BRANCH=`git rev-parse --abbrev-ref HEAD` # Git Branch SLOGAN="www.ipfire.org" # Software slogan CONFIG_ROOT=/var/ipfire # Configuration rootdir
hooks/post-receive -- IPFire 2.x development tree