This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via 4775d54ba6ebca19dc498fd40d881b6eabd3ecb3 (commit) via 78756496c9f2a3bcf0bc505da046957f5d22f5b9 (commit) via 1f1c2f4364434a11ddaaef3f1778a6c284cf380f (commit) via df1aca40eb6b948854e41387f883c9dd82a7cb05 (commit) via 0786c686ea47543bc4ea3d8005ee9489dc98cb13 (commit) via b0e2dffde97822a772a5c0534263517fecf96a9d (commit) via 650aac182e0d0e7ef035c963780fbadc75aecc88 (commit) via 1a23cf7324ff8497761dc070bbb0186f1d585789 (commit) via 007b99e5402ba5e01845ab858a68aa2c908415f4 (commit) via eb0adc17d6a5486d58539c78a682c14f55bc980f (commit) via 7942ff9875ea42cd8b4619386fc2cd4be4da9b18 (commit) via ee506d5027783757a775e3aad6982d1698719023 (commit) from e557cecbddd021198c01eb1adaa38adb36b27925 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 4775d54ba6ebca19dc498fd40d881b6eabd3ecb3 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Nov 25 11:09:58 2019 +0000
clamav: Allow downloads to take up to 10 minutes
freshclam did not have a receive timeout set and a default of 60s was used. That causes that the large main database cannot be downloaded over a line with a 16 MBit/s downlink.
This patch increases that timeout and should allow a successful download on slower connections, too.
Suggested-by: Tim Fitzgeorge ipfb@tfitzgeorge.me.uk Fixes: #12246 Signed-off-by: Michael Tremer michael.tremer@ipfire.org Reviewed-by: Peter Müller peter.mueller@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 78756496c9f2a3bcf0bc505da046957f5d22f5b9 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Fri Nov 22 19:26:59 2019 +0100
bind: Update to 9.11.13
For details see:
https://downloads.isc.org/isc/bind9/9.11.13/RELEASE-NOTES-bind-9.11.13.html
"Security Fixes
Set a limit on the number of concurrently served pipelined TCP queries. This flaw is disclosed in CVE-2019-6477. [GL #1264]"
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 1f1c2f4364434a11ddaaef3f1778a6c284cf380f Author: Matthias Fischer matthias.fischer@ipfire.org Date: Thu Nov 21 17:57:48 2019 +0100
clamav: Update to 0.102.1
For details see: https://blog.clamav.net/2019/11/clamav-01021-and-01015-patches-have.html
"Fix for the following vulnerability affecting 0.102.0 and 0.101.4 and prior:
CVE-2019-15961: A Denial-of-Service (DoS) vulnerability may occur when scanning a specially crafted email file as a result of excessively long scan times. The issue is resolved by implementing several maximums in parsing MIME messages and by optimizing use of memory allocation.
Build system fixes to build clamav-milter, to correctly link with libxml2 when detected, and to correctly detect fanotify for on-access scanning feature support.
Signature load time is significantly reduced by changing to a more efficient algorithm for loading signature patterns and allocating the AC trie. Patch courtesy of Alberto Wu.
Introduced a new configure option to statically link libjson-c with libclamav. Static linking with libjson is highly recommended to prevent crashes in applications that use libclamav alongside another JSON parsing library.
Null-dereference fix in email parser when using the --gen-json metadata option.
Fixes for Authenticode parsing and certificate signature (.crb database) bugs."
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit df1aca40eb6b948854e41387f883c9dd82a7cb05 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sat Nov 30 09:56:29 2019 +0000
core139: add unbound to updater
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 0786c686ea47543bc4ea3d8005ee9489dc98cb13 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Wed Nov 20 17:24:01 2019 +0100
unbound: Update to 1.9.5
For details see: https://nlnetlabs.nl/pipermail/unbound-users/2019-November/011897.html
"This release is a fix for vulnerability CVE-2019-18934, that can cause shell execution in ipsecmod.
Bug Fixes: - Fix for the reported vulnerability.
The CVE number for this vulnerability is CVE-2019-18934"
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit b0e2dffde97822a772a5c0534263517fecf96a9d Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sat Nov 30 09:54:14 2019 +0000
core139: add captive.cgi to updater
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 650aac182e0d0e7ef035c963780fbadc75aecc88 Author: Alexander Marx alexander.marx@ipfire.org Date: Wed Nov 20 11:45:18 2019 +0100
BUG12245: captive portal - clients are not automatically removed
With this patch the clients are updated and those who are expired get deleted from the hash. In addition the table of active clients is now sorted.
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 1a23cf7324ff8497761dc070bbb0186f1d585789 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Nov 19 15:28:22 2019 +0000
bird: Fix path of configuration file in backup
The backup did not pack the configuration file due to an incorrect path.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 007b99e5402ba5e01845ab858a68aa2c908415f4 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sat Nov 30 09:49:58 2019 +0000
core139: add pcregrep to updater
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit eb0adc17d6a5486d58539c78a682c14f55bc980f Author: Erik Kapfer ummeegge@ipfire.org Date: Tue Nov 19 08:09:42 2019 +0100
pcre: Add pcregrep to core system
Triggered by --> https://community.ipfire.org/t/pcregrep-on-ipfire/259 .
This patch adds pcregrep only from the actual package not from pcre-compat.
Signed-off-by: Erik Kapfer ummeegge@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 7942ff9875ea42cd8b4619386fc2cd4be4da9b18 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sat Nov 30 09:48:00 2019 +0000
core139: add updated calamaris mkreport
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit ee506d5027783757a775e3aad6982d1698719023 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Thu Nov 14 19:03:46 2019 +0100
calamaris: Bug fix for proxy reports staying empty after Core 136 upgrade
After upgrading to Core 136, 'calamaris' "Proxy reports" stayed empty. GUI always show "No reports available".
Tested manually on console stops and throws an error:
... root@ipfire: ~ # /usr/bin/perl /var/ipfire/proxy/calamaris/bin/mkreport 1 0 2019 8 10 2019 -d 10 -P 30 -t 10 -D 2 -u -r -1 -R 100 -s Can't use 'defined(%hash)' (Maybe you should just omit the defined()?) at /var/ipfire/proxy/calamaris/bin/calamaris line 2609. ...
Line 2609 was changed and reports are built again.
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
-----------------------------------------------------------------------
Summary of changes: config/backup/includes/bird | 2 +- config/clamav/freshclam.conf | 1 + config/rootfiles/common/bind | 12 +++++------ config/rootfiles/common/pcre | 2 +- config/rootfiles/common/unbound | 2 +- config/rootfiles/core/139/filelists/files | 3 +++ .../{oldcore/106 => core/139}/filelists/unbound | 0 html/cgi-bin/captive.cgi | 23 ++++++++++++++++++++-- lfs/bind | 4 ++-- lfs/bird | 2 +- lfs/calamaris | 5 ++++- lfs/clamav | 6 +++--- lfs/unbound | 4 ++-- .../01_calamaris_cant_use_defined_hash.patch | 12 +++++++++++ 14 files changed, 58 insertions(+), 20 deletions(-) copy config/rootfiles/{oldcore/106 => core/139}/filelists/unbound (100%) create mode 100644 src/patches/calamaris/01_calamaris_cant_use_defined_hash.patch
Difference in files: diff --git a/config/backup/includes/bird b/config/backup/includes/bird index 377010bed..b5e25ff87 100644 --- a/config/backup/includes/bird +++ b/config/backup/includes/bird @@ -1 +1 @@ -etc/bird.conf +/etc/bird.conf diff --git a/config/clamav/freshclam.conf b/config/clamav/freshclam.conf index d4131e574..28be8fec1 100644 --- a/config/clamav/freshclam.conf +++ b/config/clamav/freshclam.conf @@ -7,6 +7,7 @@ LogSyslog yes PidFile /var/run/clamav/freshclam.pid
DatabaseMirror database.clamav.net +ReceiveTimeout 600
ScriptedUpdates yes
diff --git a/config/rootfiles/common/bind b/config/rootfiles/common/bind index ff44473aa..df6bbf4b6 100644 --- a/config/rootfiles/common/bind +++ b/config/rootfiles/common/bind @@ -268,15 +268,15 @@ usr/bin/nsupdate #usr/lib/libbind9.la #usr/lib/libbind9.so usr/lib/libbind9.so.161 -usr/lib/libbind9.so.161.0.3 +usr/lib/libbind9.so.161.0.4 #usr/lib/libdns.la #usr/lib/libdns.so usr/lib/libdns.so.1107 -usr/lib/libdns.so.1107.0.2 +usr/lib/libdns.so.1107.1.0 #usr/lib/libisc.la #usr/lib/libisc.so -usr/lib/libisc.so.1100 -usr/lib/libisc.so.1100.3.2 +usr/lib/libisc.so.1104 +usr/lib/libisc.so.1104.0.0 #usr/lib/libisccc.la #usr/lib/libisccc.so usr/lib/libisccc.so.161 @@ -284,11 +284,11 @@ usr/lib/libisccc.so.161.0.1 #usr/lib/libisccfg.la #usr/lib/libisccfg.so usr/lib/libisccfg.so.163 -usr/lib/libisccfg.so.163.0.3 +usr/lib/libisccfg.so.163.0.4 #usr/lib/liblwres.la #usr/lib/liblwres.so usr/lib/liblwres.so.161 -usr/lib/liblwres.so.161.0.2 +usr/lib/liblwres.so.161.0.3 #usr/share/man/man1/dig.1 #usr/share/man/man1/host.1 #usr/share/man/man1/nslookup.1 diff --git a/config/rootfiles/common/pcre b/config/rootfiles/common/pcre index 6db5724fa..79779fb94 100644 --- a/config/rootfiles/common/pcre +++ b/config/rootfiles/common/pcre @@ -1,5 +1,5 @@ #usr/bin/pcre-config -#usr/bin/pcregrep +usr/bin/pcregrep #usr/bin/pcretest #usr/include/pcre.h #usr/include/pcre_scanner.h diff --git a/config/rootfiles/common/unbound b/config/rootfiles/common/unbound index 58c520ab0..2cde9f424 100644 --- a/config/rootfiles/common/unbound +++ b/config/rootfiles/common/unbound @@ -11,7 +11,7 @@ etc/unbound/unbound.conf #usr/lib/libunbound.la #usr/lib/libunbound.so usr/lib/libunbound.so.8 -usr/lib/libunbound.so.8.1.4 +usr/lib/libunbound.so.8.1.5 #usr/lib/pkgconfig/libunbound.pc usr/sbin/unbound usr/sbin/unbound-anchor diff --git a/config/rootfiles/core/139/filelists/files b/config/rootfiles/core/139/filelists/files index d22fb8314..3a68e3116 100644 --- a/config/rootfiles/core/139/filelists/files +++ b/config/rootfiles/core/139/filelists/files @@ -8,9 +8,12 @@ etc/rc.d/init.d/functions etc/rc.d/init.d/networking/red.up/23-suricata etc/rc.d/init.d/unbound etc/suricata/suricata.yaml +srv/web/ipfire/cgi-bin/captive.cgi srv/web/ipfire/cgi-bin/ids.cgi srv/web/ipfire/cgi-bin/mail.cgi srv/web/ipfire/cgi-bin/ovpnmain.cgi +usr/bin/pcregrep usr/sbin/convert-snort usr/lib/firewall/firewall-lib.pl var/ipfire/ids-functions.pl +var/ipfire/proxy/calamaris/bin/mkreport diff --git a/config/rootfiles/core/139/filelists/unbound b/config/rootfiles/core/139/filelists/unbound new file mode 120000 index 000000000..66adf0924 --- /dev/null +++ b/config/rootfiles/core/139/filelists/unbound @@ -0,0 +1 @@ +../../../common/unbound \ No newline at end of file diff --git a/html/cgi-bin/captive.cgi b/html/cgi-bin/captive.cgi index b33287dd4..8204eb7b3 100755 --- a/html/cgi-bin/captive.cgi +++ b/html/cgi-bin/captive.cgi @@ -514,6 +514,25 @@ END } }
+sub cleanup_expired_coupons +{ + my $acttime=time(); + &General::readhasharray($clients, %clientshash) if (-e $clients); + foreach my $key (keys %clientshash) { + + #calculate endtime from clientshash + my $endtime; + if ($clientshash{$key}[3] > '0'){ + $endtime = $clientshash{$key}[2]+$clientshash{$key}[3]; + if ($acttime > $endtime) { + delete $clientshash{$key}; + } + } + } + #write back hash + &General::writehasharray("$clients", %clientshash); +} + sub show_coupons() { &General::readhasharray($coupons, %couponhash) if (-e $coupons);
@@ -601,9 +620,9 @@ sub show_clients() { <th align='center' width='5%'>$Lang::tr{'delete'}</th> </tr> END - + &cleanup_expired_coupons(); &General::readhasharray($clients, %clientshash) if (-e $clients); - foreach my $key (keys %clientshash) { + foreach my $key (sort {$clientshash{$a}[2] <=> $clientshash{$b}[2]} keys %clientshash) { #calculate time from clientshash (starttime) my $starttime = sub{sprintf '%02d.%02d.%04d %02d:%02d', $_[3], $_[4]+1, $_[5]+1900, $_[2], $_[1] }->(localtime($clientshash{$key}[2]));
diff --git a/lfs/bind b/lfs/bind index edc3014f6..6bb23a143 100644 --- a/lfs/bind +++ b/lfs/bind @@ -25,7 +25,7 @@
include Config
-VER = 9.11.12 +VER = 9.11.13
THISAPP = bind-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -43,7 +43,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = e6a55dcacc852bad9c5970c405383ea0 +$(DL_FILE)_MD5 = 17de0d024ab1eac377f1c2854dc25057
install : $(TARGET)
diff --git a/lfs/bird b/lfs/bird index 7a2763b23..191f2ac04 100644 --- a/lfs/bird +++ b/lfs/bird @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = bird -PAK_VER = 5 +PAK_VER = 6
DEPS = ""
diff --git a/lfs/calamaris b/lfs/calamaris index 2022f84f8..32858526a 100644 --- a/lfs/calamaris +++ b/lfs/calamaris @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2019 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -70,6 +70,9 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) + + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/calamaris/01_calamaris_cant_use_defined_hash.patch + cd $(DIR_APP) && cp -f calamaris $(DIR_SRC)/config/calamaris/mkreport \ /var/ipfire/proxy/calamaris/bin/ chmod 755 /var/ipfire/proxy/calamaris/bin/{calamaris,mkreport} diff --git a/lfs/clamav b/lfs/clamav index 949117bf0..9c0aab55f 100644 --- a/lfs/clamav +++ b/lfs/clamav @@ -24,7 +24,7 @@
include Config
-VER = 0.102.0 +VER = 0.102.1
THISAPP = clamav-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = clamav -PAK_VER = 47 +PAK_VER = 48
DEPS = ""
@@ -50,7 +50,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 51e1dff512350284b4b11c3dc2d00da0 +$(DL_FILE)_MD5 = 3d5f5f10a1bea212823050286c8c5b96
install : $(TARGET)
diff --git a/lfs/unbound b/lfs/unbound index 5cff54d2b..126cc154d 100644 --- a/lfs/unbound +++ b/lfs/unbound @@ -24,7 +24,7 @@
include Config
-VER = 1.9.4 +VER = 1.9.5
THISAPP = unbound-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = c4d6305f6187deca9e579d4cc5abeaea +$(DL_FILE)_MD5 = deb7a3c52fec66323b508c0be4be4849
install : $(TARGET)
diff --git a/src/patches/calamaris/01_calamaris_cant_use_defined_hash.patch b/src/patches/calamaris/01_calamaris_cant_use_defined_hash.patch new file mode 100644 index 000000000..64d66276c --- /dev/null +++ b/src/patches/calamaris/01_calamaris_cant_use_defined_hash.patch @@ -0,0 +1,12 @@ +diff U3 a/calamaris b/calamaris +--- a/calamaris Sun Jun 6 18:26:14 2004 ++++ b/calamaris Wed Nov 13 19:59:15 2019 +@@ -2606,7 +2606,7 @@ + 100, 100 * $tcp_hit / $tcp ); + } + outstop(10); +- if ( defined(%tcp_content) ) { ++ if (%tcp_content) { + outstart(11); + if ( $tcp == 0 ) { + outline( 11, 'no matching requests' );
hooks/post-receive -- IPFire 2.x development tree