This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, core111 has been created at 488c7e7e31d52387609a3ee8b29015158d7ecaf3 (commit)
- Log ----------------------------------------------------------------- commit 488c7e7e31d52387609a3ee8b29015158d7ecaf3 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu May 18 11:55:20 2017 +0100
core111: Ship updated cpio
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 42661bf875f609f13e0757a9838a70d07aa57269 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Apr 25 11:13:04 2017 +0200
cpio: Update to 2.12
FTBFS on aarch64
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 8c31790a2f706ff05471e864ecde7853fec0cb3a Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Apr 13 19:16:25 2017 +0200
ccache: Cleanup makefile
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit b4b62a341450b085fd95b4f5f8ce4da09bec4327 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Apr 13 19:02:21 2017 +0200
make.sh: Set TOOLCHAIN=1 in toolchain stage
This allows better lfs files and fewer ifdefs in toolchain stage.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit e467a2f274cdff830b5d3646ed9c9ac5a117940d Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Apr 13 19:01:28 2017 +0200
make.sh: Adjust toolchain PATH in lfsmake1 instead of globally
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit fdfddd64620ea6fcb109f50633c304f14a354b4d Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Apr 8 12:12:42 2017 +0200
kernel headers: Install correct headers for all architectures
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 70ba2380d3088a4384abd25893d2d93828b627b0 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Apr 12 11:38:42 2017 +0200
fake-environ: Fix typos
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 3f9ecfdc27263ed0c419a3500112411f5c07b08c Author: Michael Tremer michael.tremer@ipfire.org Date: Fri May 5 14:10:36 2017 +0200
make.sh: Show last lines of log when build aborts
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit a0ab2f880e9dd8809b327b9245fb36cd7cb9b67e Author: Michael Tremer michael.tremer@ipfire.org Date: Thu May 18 11:47:07 2017 +0100
Start Core Update 111
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 12b0a9da205108e5ce706913ff4c9553e58284f9 Merge: 844e542 2a77d2a Author: Michael Tremer michael.tremer@ipfire.org Date: Thu May 18 11:24:41 2017 +0100
Merge remote-tracking branch 'origin/master' into next
commit 844e542e60d0f1b01546a1e81d5b35b96ce9eba1 Merge: 59b2133 c335b0c Author: Michael Tremer michael.tremer@ipfire.org Date: Thu May 18 11:22:20 2017 +0100
Merge remote-tracking branch 'ms/wlanclient' into next
commit c335b0cd8edb800795cf1b4422043ef3c24a036b Author: Michael Tremer michael.tremer@ipfire.org Date: Tue May 16 16:02:25 2017 +0200
index.cgi: Show WiFi properties on front page
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 0628d956a7cc1d952b236494de0559cbea52c0ff Author: Michael Tremer michael.tremer@ipfire.org Date: Tue May 16 15:05:25 2017 +0200
WiFi: Show EAP status on wireless client page
This patch adds some status information so that we know what authentication an access point is using.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 59b2133892ca3592da4aaa92e57bb38ba924191b Author: Michael Tremer michael.tremer@ipfire.org Date: Tue May 16 11:33:40 2017 +0100
tor: Update to 0.3.0.7
Fixes various security vulnerabilities of medium severity in the relay component.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit a7f7657c4b2282e3f3f33e1dfb7c4d4a963ad713 Author: Gabriel Rolland rollopack@gmail.com Date: Thu May 4 10:28:35 2017 +0200
Italian translations in it.pl after 110
Missing or incorrect translations.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 5e06cb2778c66096d4b4f2cf443f45e3d126c6bb Author: Matthias Fischer matthias.fischer@ipfire.org Date: Fri May 5 23:22:30 2017 +0200
web-user-interface: Fix for rootfile
Added 'back.png' for Firewall-GUI
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 86282bdc7dc7a45872558866aadbb780fcd12f43 Author: Michael Tremer michael.tremer@ipfire.org Date: Fri May 5 12:02:21 2017 +0100
vpnmain.cgi: Fix typo
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit f2c94780088c6b172e63493705906142dbad0727 Author: Michael Tremer michael.tremer@ipfire.org Date: Fri May 5 11:31:36 2017 +0100
wlan client: Generate wpa_supplicant configuration file for EAP
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 19f0fa5694d9224c128ff362673c42e9b169351c Author: Michael Tremer michael.tremer@ipfire.org Date: Fri May 5 11:17:06 2017 +0100
wlan client: Allow configuration of EAP-PEAP and EAP-TTLS on web user interface
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 415cbcecfae2330a8c4211dc4c17e8a98ee4f64b Author: Matthias Fischer matthias.fischer@ipfire.org Date: Sun Apr 30 12:59:23 2017 +0200
GUI: Some simple FW-Log cosmetics
I altered 'showrequestfromcountry.dat', 'showrequestfromip.dat' and 'showrequestfromport.dat' in the same manner as the 'Loggraphs'-Pages in commit
Each 'Details'-page got a unique title.
Furthermore, I added a 'Back'-Button to go back to the previous page. For this, I used 'back.png' from 'wio' (thanks Stephan! ;-) ) since I found no other appropriate image.
'ipinfo.cgi' got a centered 'Back'-Button, too.
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 057aaf42b6c6f82eb14808b5167eec703bcc4989 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Fri Apr 28 21:29:58 2017 +0200
BUG 11305: Suggested fix for '/var/log/btmp' permissions
Fixes BUG 11305, for details see: https://bugzilla.ipfire.org/show_bug.cgi?id=11305
Best, Matthias
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 094a27c8f9bf39b5b5b6df1a28d976d9f52e776f Author: Michael Tremer michael.tremer@ipfire.org Date: Sun Apr 30 13:09:51 2017 +0100
unbound: Update dnssec-status file
The status file was not updated when DNSSEC was disabled before and has been enabled after which always caused the webif to show that DNSSEC was disabled.
Fixes #11315
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit b5fe050fce03a7ee2547a1162452c8211d2eea8d Author: Matthias Fischer matthias.fischer@ipfire.org Date: Mon Apr 24 20:56:29 2017 +0200
unbound: Update to 1.6.2
For details see: http://www.unbound.net/download.html
Best, Matthias
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 07002f2bca7efd49d8baea0dadf193a29f27604b Author: Matthias Fischer matthias.fischer@ipfire.org Date: Tue Apr 25 21:08:32 2017 +0200
bind: Update to 9.11.1
For details see: https://ftp.isc.org/isc/bind9/9.11.1/RELEASE-NOTES-bind-9.11.1.html
"Security Fixes
rndc "" could trigger an assertion failure in named. This flaw is disclosed in (CVE-2017-3138). [RT #44924]
Some chaining (i.e., type CNAME or DNAME) responses to upstream queries could trigger assertion failures. This flaw is disclosed in CVE-2017-3137. [RT #44734]
dns64 with break-dnssec yes; can result in an assertion failure. This flaw is disclosed in CVE-2017-3136. [RT #44653]
If a server is configured with a response policy zone (RPZ) that rewrites an answer with local data, and is also configured for DNS64 address mapping, a NULL pointer can be read triggering a server crash. This flaw is disclosed in CVE-2017-3135. [RT #44434]
A coding error in the nxdomain-redirect feature could lead to an assertion failure if the redirection namespace was served from a local authoritative data source such as a local zone or a DLZ instead of via recursive lookup. This flaw is disclosed in CVE-2016-9778. [RT #43837]
named could mishandle authority sections with missing RRSIGs, triggering an assertion failure. This flaw is disclosed in CVE-2016-9444. [RT #43632]
named mishandled some responses where covering RRSIG records were returned without the requested data, resulting in an assertion failure. This flaw is disclosed in CVE-2016-9147. [RT #43548]
named incorrectly tried to cache TKEY records which could trigger an assertion failure when there was a class mismatch. This flaw is disclosed in CVE-2016-9131. [RT #43522]
It was possible to trigger assertions when processing responses containing answers of type DNAME. This flaw is disclosed in CVE-2016-8864. [RT #43465]
Added the ability to specify the maximum number of records permitted in a zone (max-records #;). This provides a mechanism to block overly large zone transfers, which is a potential risk with slave zones from other parties, as described in CVE-2016-6170. [RT #42143]
Bug Fixes
A synthesized CNAME record appearing in a response before the associated DNAME could be cached, when it should not have been. This was a regression introduced while addressing CVE-2016-8864. [RT #44318]
named could deadlock if multiple changes to NSEC/NSEC3 parameters for the same zone were being processed at the same time. [RT #42770]
named could trigger an assertion when sending NOTIFY messages. [RT #44019]
Referencing a nonexistent zone in a response-policy statement could cause an assertion failure during configuration. [RT #43787]
rndc addzone could cause a crash when attempting to add a zone with a type other than master or slave. Such zones are now rejected. [RT #43665]
named could hang when encountering log file names with large apparent gaps in version number (for example, when files exist called "logfile.0", "logfile.1", and "logfile.1482954169"). This is now handled correctly. [RT #38688]
If a zone was updated while named was processing a query for nonexistent data, it could return out-of-sync NSEC3 records causing potential DNSSEC validation failure. [RT #43247]"
Best, Matthias
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit abd12bd073dd0be74d97e2f204027f2a4346549a Author: Matthias Fischer matthias.fischer@ipfire.org Date: Tue Apr 25 21:13:17 2017 +0200
nano: Update to 2.8.1
For details see: https://www.nano-editor.org/news.php
Best, Matthias
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 3d5c499e0ca73c9a787815b8894d6cfcb0416a1b Author: Matthias Fischer matthias.fischer@ipfire.org Date: Fri Apr 28 08:17:33 2017 +0200
logrotate: Update to 3.12.1
For details see: https://github.com/logrotate/logrotate/blob/master/ChangeLog.md
Best, Matthias
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit f3dfb261c8c78f7806bcf215646f9d3618d151f5 Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Apr 28 13:03:46 2017 +0100
OpenVPN: Mark SHA1 as weak
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 7090074557516deaaff9b1a84f4f8beec6c4dadd Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Apr 28 13:01:41 2017 +0100
OpenVPN: Use SHA512 by default
This will break compatibility with old clients like Windows XP, but these are too old now to be supported.
SHA1 is considered to be weak and should not be used any more
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 0e8f275e80d8ad517019f7c0f8349a5a16ea9f1b Author: Matthias Fischer matthias.fischer@ipfire.org Date: Sat Apr 22 18:17:27 2017 +0200
vnstat: Update to 1.17
For details see: http://humdi.net/vnstat/CHANGES
Please note - this commit is based on: http://git.ipfire.org/?p=people/mfischer/ipfire-2.x.git;a=commit;h=f92c3ef6b...
1.15 was running here since then, upgrading to 1.17 showed no problems so far.
Best, Matthias
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit d55d05b6cb6bb3ddb7fde20d975cf4f9546afedf Author: Matthias Fischer matthias.fischer@ipfire.org Date: Tue Jul 12 12:56:42 2016 +0200
vnstat: Update to 1.15
Changelog: http://humdi.net/vnstat/CHANGES
I had to add some 'configure'-lines to build this - nevertheless: its working. ;-)
'vnstat.conf' needed some additional 'sed'-lines, too.
Please review, test and confirm.
Best, Matthias
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 1bea8be2ce2ce0c4ee2a07bcffb978f4ea07ab89 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Fri Apr 21 22:37:28 2017 +0200
GUI: Some simple FW-Log cosmetics
Fixed the 'details'-Button in 'firewalllogcountry.dat' by adding missing translation string.
Each 'Loggraphs'-Page got a unique title and a new heading for the corresponding diagram.
Just cosmetics...
Best, Matthias
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 723d1d911ff717ac43c24738960e76fca11c4cbd Author: Matthias Fischer matthias.fischer@ipfire.org Date: Fri Apr 21 19:00:21 2017 +0200
unbound 1.6.1: Linking against libevent2
Hi,
this was triggered by unbound-users@unbound.net - it seems that the 'configure'-option '--with-libevent-support' is not enough:
***SNIP*** ... When building unbound with --with-libevent support, the make install phase should also call make unbound-event-install or else unbound-event.h does not get installed and the header file for using the unbound event functionality is not available. ... This install is triggered by the option --enable-event-api. Just enabling --with-libevent does not trigger the install by itself.
Best regards, Wouter ... ***SNAP***
I built 'unbound' this way - its running without any problems so far.
Best, Matthias
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 1fab4edfa690b410a255b9dd1d896178512e03d5 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Apr 20 13:00:42 2017 +0100
IPsec: Show status in WUI when VPN is connecting
This is helpful when debugging on-demand connections when you can see if strongswan tries to connect or is still idle.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit c94d1976d3bf2fd760834a0093eeb286a90c8fdd Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Apr 20 12:53:53 2017 +0100
IPsec: Mark MODP<=1024 and MD5 as broken and SHA1 as weak
Since we somehow have to support these algorithms this patch adds some information for the user that it is very strongly discouraged to use them in production.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 2c2cf3918bee850ede133562ae1c42bf8c73ef68 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Apr 20 12:44:27 2017 +0100
IPsec: Allow using MODP-768 in proposal
MODP-768 is broken but some systems out there (for example old Cisco ASAs) do not support anything better. Hence it is better to allow this instead of using no VPN at all.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 1e645047b23939036c5aa4c86c0709c8b128a906 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Mon Apr 10 00:35:50 2017 +0200
libevent2: Update to 2.1.8-stable
Contains lots of build- and bugfixes since 2.0.22 - for details see: https://raw.githubusercontent.com/libevent/libevent/release-2.1.8-stable/Cha...
Best, Matthias
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 4d376982163c134907415d44778af2a1f03b1485 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Wed Apr 19 15:26:06 2017 +0200
Revert "gdbm: update to 1.13"
This reverts commit dc539daf8823ef97c931f12b514453c25e867c45.
With "gdbm-Update to 1.13", 'php 5.3.27' failed to build.
Best, Matthias
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit b7d071af817c11b6daf54abfeea82360185208f3 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Wed Apr 19 10:10:05 2017 +0200
php 5.3.27: Source format improvements
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 4c6b2034921fcfbff5fc92ab567c56c47fe99137 Author: Marcel Lorenz marcel.lorenz@ipfire.org Date: Tue Apr 18 14:56:05 2017 +0200
git: update to 2.12.1
Signed-off-by: Marcel Lorenz marcel.lorenz@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 77cdccf4c0a2b1c0a2b8d6e4aab86fbcbd5439b9 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Sun Apr 16 23:01:33 2017 +0200
BUG 11318: Fix deletion of temporary files from IPTables-GUI
For details see: https://bugzilla.ipfire.org/show_bug.cgi?id=11318
Temporary files for 'iptables', 'iptablesmangle' and 'iptablesnat' created by 'iptables.cgi' were not deleted after use but stayed in '/srv/weg/ipfire/html/'.
As a workaround I changed 'getipstat.c' to create these files in '/var/tmp' and the "open (file..." and "rm" commands in 'iptables.cgi'.
Works here.
Best, Matthias
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit ac69a292a8b41224b31e7dd8c0335e3d9b604129 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Mon Apr 17 14:25:59 2017 +0200
libevent2-compat: newpackage
Keeps older packages that have been linked against this version of libevent2 working.
Best, Matthias
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit d68ead3decfdcc4ca4a1413e33f3c47270799836 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Mon Apr 17 00:16:02 2017 +0200
Fix for guardian-CGI: As a result of fixing BUG11318
This is necessary because commit bf1985fae5baca327fcded31264f45638442f02e changes the place where temporary files from 'iptables' are stored.
Some typos where fixed, too.
Best, Matthias
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 935f05065e79ec06b529a44631ffcf50199d8cf0 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Apr 17 12:36:49 2017 +0100
Rootfile update
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 52883a8e9efd1a9949fc1d4419800f4728cd5466 Author: Jonatan Schlag jonatan.schlag@ipfire.org Date: Sun Apr 16 19:36:22 2017 +0200
Build python3-libvirt only on i586 and x86_64
Libvirt is build only on these arches and the bindings make only with libvirt sense so we should build them only on these two arches too.
Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit fd15f250e8e7d372cc767ec4482fe3b64a23dc39 Author: Jonatan Schlag jonatan.schlag@ipfire.org Date: Sat Apr 15 15:56:22 2017 +0200
Add package python3-libvirt
This new package provides the python3 bindings for libvirt.
Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit dc539daf8823ef97c931f12b514453c25e867c45 Author: Marcel Lorenz marcel.lorenz@ipfire.org Date: Sun Apr 16 19:35:50 2017 +0200
gdbm: update to 1.13
Signed-off-by: Marcel Lorenz marcel.lorenz@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit ae3b38d473ae6929fd61b42513f4e636cabe55f0 Author: Jonatan Schlag jonatan.schlag@ipfire.org Date: Sat Apr 15 15:48:54 2017 +0200
Update python3 to 3.6.1
Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 6db46712114eb663688d7ddb988afec47677a90e Author: Matthias Fischer matthias.fischer@ipfire.org Date: Sun Apr 16 14:13:33 2017 +0200
ipset: Update to 6.32
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit e1fb40529c3b843ba97868c0928c23db715f9db9 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Sun Apr 16 14:38:46 2017 +0200
coreutils: Update to 8.27
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 8e5116af265d59d09808ea5a6e77fbfb19646f73 Author: Jonatan Schlag jonatan.schlag@ipfire.org Date: Sat Apr 15 14:01:30 2017 +0200
Update libvirt to 3.1.0
This patch update the libvirt library to version 3.1.0 We can not update to the latest version in the moment because version 3.2.0 has a annoying bug.
Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 91c35e4838b4e059c67240bb54cd32eefd105da3 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Sun Apr 16 14:11:10 2017 +0200
bind: Update to 9.11.0-P5
For details see: https://ftp.isc.org/isc/bind9/9.11.0-P5/RELEASE-NOTES-bind-9.11.0-P5.html
"BIND 9.11.0-P5 addresses the security issues described in CVE-2017-3136, CVE-2017-3137, and CVE-2017-3138, and updates the built-in trusted keys for the root zone.
Security Fixes
rndc "" could trigger an assertion failure in named. This flaw is disclosed in (CVE-2017-3138). [RT #44924]
Some chaining (i.e., type CNAME or DNAME) responses to upstream queries could trigger assertion failures. This flaw is disclosed in CVE-2017-3137. [RT #44734]
dns64 with break-dnssec yes; can result in an assertion failure. This flaw is disclosed in CVE-2017-3136. [RT #44653]
If a server is configured with a response policy zone (RPZ) that rewrites an answer with local data, and is also configured for DNS64 address mapping, a NULL pointer can be read triggering a server crash. This flaw is disclosed in CVE-2017-3135. [RT #44434]
A coding error in the nxdomain-redirect feature could lead to an assertion failure if the redirection namespace was served from a local authoritative data source such as a local zone or a DLZ instead of via recursive lookup. This flaw is disclosed in CVE-2016-9778. [RT #43837]
named could mishandle authority sections with missing RRSIGs, triggering an assertion failure. This flaw is disclosed in CVE-2016-9444. [RT #43632]
named mishandled some responses where covering RRSIG records were returned without the requested data, resulting in an assertion failure. This flaw is disclosed in CVE-2016-9147. [RT #43548]
named incorrectly tried to cache TKEY records which could trigger an assertion failure when there was a class mismatch. This flaw is disclosed in CVE-2016-9131. [RT #43522]
It was possible to trigger assertions when processing responses containing answers of type DNAME. This flaw is disclosed in CVE-2016-8864. [RT #43465]
Bug Fixes
A synthesized CNAME record appearing in a response before the associated DNAME could be cached, when it should not have been. This was a regression introduced while addressing CVE-2016-8864. [RT #44318]
Best, Matthias
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 4d8d78169fd108b526aa85a204dee080f277228a Author: Matthias Fischer matthias.fischer@ipfire.org Date: Thu Apr 13 09:08:21 2017 +0200
cups-filters: Fix for lfs-file (dropped avahi package)
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 076ad71576609f66f9a99cf4c14c75dbcd1a8220 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Apr 12 17:35:43 2017 +0100
avahi: Drop package
The daemon locks up when starting up in avahi_log_info() and probably the other logging functions, too.
Since avahi is not really used a lot in the distribution, has been in testing for four years and has virtually no users I am going to drop it instead of wasting time on fixing this.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 7cbdd31d6e3e15be0b6856ab792b4edf7678cbb5 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Apr 11 14:26:57 2017 +0100
graphs.pl: Fix HTML syntax error
The missing ' caused that a different URL was called
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 30b980a84dd89aea8d49ad5d93b2b033c38f48e8 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Mon Apr 10 14:10:28 2017 +0200
kbd 1.12: Update for rootfile
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit a696f575104e9bca3ae6df6d36f01b9a63c6c70c Author: Matthias Fischer matthias.fischer@ipfire.org Date: Sun Apr 9 18:19:49 2017 +0200
rrdtool 1.6.0: fix for rootfile
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit f0c71e72b0f84400127d7ebc9e34f2805ebbec81 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Apr 11 14:11:16 2017 +0100
ltrace: New package
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit c4f3b29a9de4ced24110c39f818afd59c977d296 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Apr 11 14:10:53 2017 +0100
elfutils: Update rootfile
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 015640d67161b27e729e6bc31b32eb838afd5060 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Apr 11 13:05:53 2017 +0100
elfutils: New package
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 778979f630b0157f7bcee40087a80dae6076c4b4 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Apr 11 13:05:22 2017 +0100
dbus: Update to 1.11.12
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit a0168f9fca199e78bf88ab263deaec3a2c8e977e Author: Timo Eissler timo.eissler@ipfire.org Date: Fri Apr 7 21:59:40 2017 +0200
nmap: remove uninstall_ndiff from rootfile
Signed-off-by: Timo Eissler timo.eissler@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit b3ee263b07d24c115614e2d5ceb909f1afe10c80 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Apr 6 19:12:06 2017 +0100
QoS: Enable IMQ multi queueing
This increases throughput when QoS is activated since now all available CPU cores will be used
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit d0755f4cb2e8d1d1332f6624b6d8d7adf0db9192 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Apr 6 19:00:45 2017 +0100
Rootfile update
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit e4d7dc1ea473e655adf0b72c6c7bb9eea91b50aa Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Apr 6 12:52:10 2017 +0100
dhcp: Fix extracting bundled BIND package
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 4a3940a15fcec5977955be1aadd2f46075b401b4 Author: Marcel Lorenz marcel.lorenz@ipfire.org Date: Fri Mar 17 15:50:03 2017 +0100
gcc: update to 4.9.4
This is only a bugfix release https://gcc.gnu.org/gcc-4.9/changes.html
Signed-off-by: Marcel Lorenz marcel.lorenz@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit a8c2aae946a5184f89baec9f5fd4f68bd3e9ddd4 Author: Marcel Lorenz marcel.lorenz@ipfire.org Date: Fri Mar 17 16:00:04 2017 +0100
mpfr: update to 3.1.5
Signed-off-by: Marcel Lorenz marcel.lorenz@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit fcab4e5f187a370f5e72be0226560f83b50a5b65 Author: Marcel Lorenz marcel.lorenz@ipfire.org Date: Fri Mar 17 15:26:06 2017 +0100
gmp: update to 6.1.2
Signed-off-by: Marcel Lorenz marcel.lorenz@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit a309f3b5c387a436df4c44ef4e7bf48d832a279a Author: Marcel Lorenz marcel.lorenz@ipfire.org Date: Fri Mar 17 15:20:07 2017 +0100
pcre: update to 8.40
Signed-off-by: Marcel Lorenz marcel.lorenz@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 85ca3a529baffa6ce20c27eca31a4877d2d52b69 Author: Marcel Lorenz marcel.lorenz@ipfire.org Date: Fri Mar 17 15:11:12 2017 +0100
rrdtool: update to 1.6.0
Signed-off-by: Marcel Lorenz marcel.lorenz@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit e9dae64ea1788d181ea482315642cc196576d21a Author: Marcel Lorenz marcel.lorenz@ipfire.org Date: Fri Mar 17 16:11:36 2017 +0100
pkg-config: update to 0.29.1
Signed-off-by: Marcel Lorenz marcel.lorenz@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit f4574da97a680b7467506fec52fe7954a00bcb48 Author: Marcel Lorenz marcel.lorenz@ipfire.org Date: Fri Mar 17 16:16:57 2017 +0100
nmap: update to 7.40
Signed-off-by: Marcel Lorenz marcel.lorenz@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit f155baa6f034f8935337578afd33cdc30fd37760 Author: Marcel Lorenz marcel.lorenz@ipfire.org Date: Fri Mar 17 16:23:13 2017 +0100
m4: update to 1.4.18
Signed-off-by: Marcel Lorenz marcel.lorenz@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit e0e3f3a3e7520a4fdfacf543698c4a96871aed9e Author: Marcel Lorenz marcel.lorenz@ipfire.org Date: Sat Mar 18 11:16:16 2017 +0100
acpid: update to 2.0.28
Signed-off-by: Marcel Lorenz marcel.lorenz@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 6c96150b453b7ad81d329c5fbaedb39afbed6715 Author: Marcel Lorenz marcel.lorenz@ipfire.org Date: Sat Mar 18 11:25:05 2017 +0100
unzip: update to 60
Signed-off-by: Marcel Lorenz marcel.lorenz@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 49e3621c32f02b90e69c1249778dd8a818566e53 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Apr 6 10:04:34 2017 +0100
gzip: Drop patch that is no longer applied
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 3b7a290523569bf7d083ae988060a527b7fa5998 Author: Marcel Lorenz marcel.lorenz@ipfire.org Date: Sat Mar 18 11:30:31 2017 +0100
gzip: update to 1.8
Signed-off-by: Marcel Lorenz marcel.lorenz@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 361cc1bd0c102d2a0ec79943b0bad0ef106412ce Author: Marcel Lorenz marcel.lorenz@ipfire.org Date: Wed Mar 22 12:41:55 2017 +0100
file: update to 5.30
Signed-off-by: Marcel Lorenz marcel.lorenz@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 176ba83d49b7fa1ce4c5989ed64778cd91e2d9e6 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Wed Apr 5 17:44:55 2017 +0200
logwatch 7.4.3: next fix, output for 'lm_sensors' was missing
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit cd31b51ea57d49fc406db3ce2a0e906454c8c48d Author: Matthias Fischer matthias.fischer@ipfire.org Date: Wed Apr 5 13:42:14 2017 +0200
logwatch 7.4.3: some more fixes for rootfile
Hi,
'eximstats', 'zz-sys' and 'resolver'-files were missing.
Best, Matthias
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 2dbfc4020d18e65b525104b13891921411cb6322 Author: Daniel Weismüller daniel.weismueller@ipfire.org Date: Wed Apr 5 12:25:16 2017 +0200
netsnmpd: added lmsensors and some other mibs
Signed-off-by: Daniel Weismüller daniel.weismueller@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 9bc2e596d0805171e5a25e1be33fdcd9c114066d Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Apr 5 12:16:52 2017 +0100
IPsec: Include Curve 25519 in default proposal
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 64056cae466b49993af8fe831731d2eed77f683a Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Apr 5 12:15:20 2017 +0100
IPsec: Allow selecting Curve 25519 as group type
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 1ef80c435225c6bd35df4d510b728ea6bfad772a Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Apr 5 12:08:39 2017 +0100
strongswan: Update to version 5.5.2
Introduces support for Curve25519 for IKE as defined by RFC8031.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 570d54fd84ead452753ac7fd498c7ee760caa3ff Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Apr 5 11:42:55 2017 +0100
IPsec: Drop SHA1 and MODP<=1536 from proposed ciphers
IPsec is still proposing to use SHA1 and MODP-1536 or MODP-1024 when initiating a connection. These are considered weak although many off-the-shelf hardware is still using this as defaults.
This patch disables those algorithms and additionally changes default behaviour to only accept the configured cipher suites.
This might create some interoperability issues, but increases security of IPFire-to-IPFire IPsec connections.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 4f6790a7e48c1c5bf52ad53c060ef6f3274bd5a1 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Apr 5 10:33:49 2017 +0100
ipsecctrl: Reload IPsec block rules after connection is deleted
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 3fa1cb5f35dd59fed503211898662c5cf22c3c97 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Tue Apr 4 12:45:12 2017 +0200
logwatch: Update to 7.4.3
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 9d8574996e7833f8a009cc4012990c2fcc8113cc Author: Matthias Fischer matthias.fischer@ipfire.org Date: Tue Apr 4 12:38:33 2017 +0200
logwatch 7.4.1: another fix for rootfile
Hi,
similar to:
http://git.ipfire.org/?p=people/mfischer/ipfire-2.x.git;a=commit;h=9f46e637a...
A missing '#' for "usr/share/logwatch/default.conf/services" in rootfile.
Best, Matthias
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 31b34f950912478f8594f41cdf20dc715b15bc34 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Tue Apr 4 00:46:38 2017 +0200
logwatch 7.4.1: fix for rootfile
Hi,
One missing '#' and all underlying 'services' in 'usr/share/logwatch/scripts/services' are installed. 147 files are active, but it should be only 33.
Best, Matthias
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
-----------------------------------------------------------------------
hooks/post-receive -- IPFire 2.x development tree