This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, core123 has been created at 1e1806adce3e82b500e6ed6aed6508f0c63358d5 (commit)
- Log ----------------------------------------------------------------- commit 1e1806adce3e82b500e6ed6aed6508f0c63358d5 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Aug 15 07:30:53 2018 +0200
core123: set pakfire version
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 06966f3613b32af90619bc5cd0ee6aaadc9a29dd Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Aug 14 20:39:17 2018 +0100
core123: Ship updated backup.pl
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 84578512f52e62bc994b944f88f1785c73b4d96a Author: Matthias Fischer matthias.fischer@ipfire.org Date: Tue Aug 14 21:34:38 2018 +0200
Fixes for 'backup.pl' (Bug #11816)
Hi,
Fixes #11816 (https://bugzilla.ipfire.org/show_bug.cgi?id=11816 and https://bugzilla.ipfire.org/attachment.cgi?id=608):
"[root@ipfire ~]# backupctrl exclude ... tar: The following options were used after any non-optional arguments in archive create or update mode. These options are positional and affect only arguments that follow them. Please, rearrange them properly. tar: --exclude-from '/var/ipfire/backup/exclude.user' has no effect tar: Exiting with failure status due to previous errors"
Please test - I got no errors anymore.
Best, Matthias
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 3045fd1b58758a1df5032cf34f465247ad99266b Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Aug 14 20:37:54 2018 +0100
core123: Ship openssl-compat, too
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 2eed2aaa509c6ae5a8f6d0fe7b6ffeeb52353ba5 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Tue Aug 14 20:29:03 2018 +0200
core123: Ship updated openssl
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit d6d070a07a5394f9d6e4d3cd49884ce78c68db62 Merge: a9e611997 2a3dde52f Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Aug 14 19:14:58 2018 +0100
Merge remote-tracking branch 'ms/aws-cli' into next
commit a9e6119972ea3fa61d830fc0fcd8e029c2aedd20 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Aug 14 19:12:53 2018 +0100
openssl: Update to 1.1.0i and 1.0.2p
Changes between 1.1.0h and 1.1.0i [14 Aug 2018]
*) Client DoS due to large DH parameter
During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack.
This issue was reported to OpenSSL on 5th June 2018 by Guido Vranken (CVE-2018-0732) [Guido Vranken]
*) Cache timing vulnerability in RSA Key Generation
The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key.
This issue was reported to OpenSSL on 4th April 2018 by Alejandro Cabrera Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis Manuel Alvarez Tapia. (CVE-2018-0737) [Billy Brumley]
*) Make EVP_PKEY_asn1_new() a bit stricter about its input. A NULL pem_str parameter is no longer accepted, as it leads to a corrupt table. NULL pem_str is reserved for alias entries only. [Richard Levitte]
*) Revert blinding in ECDSA sign and instead make problematic addition length-invariant. Switch even to fixed-length Montgomery multiplication. [Andy Polyakov]
*) Change generating and checking of primes so that the error rate of not being prime depends on the intended use based on the size of the input. For larger primes this will result in more rounds of Miller-Rabin. The maximal error rate for primes with more than 1080 bits is lowered to 2^-128. [Kurt Roeckx, Annie Yousar]
*) Increase the number of Miller-Rabin rounds for DSA key generating to 64. [Kurt Roeckx]
*) Add blinding to ECDSA and DSA signatures to protect against side channel attacks discovered by Keegan Ryan (NCC Group). [Matt Caswell]
*) When unlocking a pass phrase protected PEM file or PKCS#8 container, we now allow empty (zero character) pass phrases. [Richard Levitte]
*) Certificate time validation (X509_cmp_time) enforces stricter compliance with RFC 5280. Fractional seconds and timezone offsets are no longer allowed. [Emilia Käsper]
*) Fixed a text canonicalisation bug in CMS
Where a CMS detached signature is used with text content the text goes through a canonicalisation process first prior to signing or verifying a signature. This process strips trailing space at the end of lines, converts line terminators to CRLF and removes additional trailing line terminators at the end of a file. A bug in the canonicalisation process meant that some characters, such as form-feed, were incorrectly treated as whitespace and removed. This is contrary to the specification (RFC5485). This fix could mean that detached text data signed with an earlier version of OpenSSL 1.1.0 may fail to verify using the fixed version, or text data signed with a fixed OpenSSL may fail to verify with an earlier version of OpenSSL 1.1.0. A workaround is to only verify the canonicalised text data and use the "-binary" flag (for the "cms" command line application) or set the SMIME_BINARY/PKCS7_BINARY/CMS_BINARY flags (if using CMS_verify()). [Matt Caswell]
Changes between 1.0.2o and 1.0.2p [14 Aug 2018]
*) Client DoS due to large DH parameter
During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack.
This issue was reported to OpenSSL on 5th June 2018 by Guido Vranken (CVE-2018-0732) [Guido Vranken]
*) Cache timing vulnerability in RSA Key Generation
The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key.
This issue was reported to OpenSSL on 4th April 2018 by Alejandro Cabrera Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis Manuel Alvarez Tapia. (CVE-2018-0737) [Billy Brumley]
*) Make EVP_PKEY_asn1_new() a bit stricter about its input. A NULL pem_str parameter is no longer accepted, as it leads to a corrupt table. NULL pem_str is reserved for alias entries only. [Richard Levitte]
*) Revert blinding in ECDSA sign and instead make problematic addition length-invariant. Switch even to fixed-length Montgomery multiplication. [Andy Polyakov]
*) Change generating and checking of primes so that the error rate of not being prime depends on the intended use based on the size of the input. For larger primes this will result in more rounds of Miller-Rabin. The maximal error rate for primes with more than 1080 bits is lowered to 2^-128. [Kurt Roeckx, Annie Yousar]
*) Increase the number of Miller-Rabin rounds for DSA key generating to 64. [Kurt Roeckx]
*) Add blinding to ECDSA and DSA signatures to protect against side channel attacks discovered by Keegan Ryan (NCC Group). [Matt Caswell]
*) When unlocking a pass phrase protected PEM file or PKCS#8 container, we now allow empty (zero character) pass phrases. [Richard Levitte]
*) Certificate time validation (X509_cmp_time) enforces stricter compliance with RFC 5280. Fractional seconds and timezone offsets are no longer allowed. [Emilia Käsper]
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 2a3dde52f796adfda5e9f0e119c85e4d0ac1becb Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Aug 14 15:13:24 2018 +0100
python3-s3transfer: Fix rootfile
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit faa5472a2e75d69946c8321f09ee5c34f601d73b Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Aug 14 14:52:33 2018 +0100
python3-pyasn1: New package as required by aws-cli
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit d45d524725eb0c9578c71d4fa8353ef44407c780 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Aug 14 14:44:30 2018 +0100
python3-rsa: New package as required by aws-cli
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 953f6f7332be90e69390a88dcb1e41598832e4c3 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Aug 14 14:38:11 2018 +0100
python3-s3transfer: New package as required by aws-cli
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit d2da17a182196d3cb2dad4b887d35fc67f679cb9 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Aug 14 14:19:33 2018 +0100
python3-yaml: New paclage as required by aws-cli
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 041d2116c0551a401322e488c487f7627ce493a2 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Aug 14 14:11:38 2018 +0100
python3-docutils: New package as required by aws-cli
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit a33ca4cc6f055dde3170935d240b217746ad4350 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Aug 14 14:04:03 2018 +0100
python3-colorama: New package as required by aws-cli
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit d48ea6b5a758c592cd157a65ffcd0e2bc4bc1c76 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Aug 14 13:57:02 2018 +0100
python3-jmespath: New package as required by python3-botocore
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 9e25fe5c1b068e6d20cc42108f7431792995c51c Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Aug 14 13:18:00 2018 +0100
python3-six: New package as required by python3-dateutil
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit e0a05a80598530a5d16edcf7ecfc1c70b4487eb5 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Aug 14 13:13:07 2018 +0100
python3-dateutil: New package required by python3-botocore
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 4ab80c5daff0f433ca71529b0b60b691cfbc0e70 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Aug 14 12:54:23 2018 +0100
python3-botocore: Required by aws-cli
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 280ee7e767953cd55ad266405f68c04d84607d6f Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Aug 14 12:45:38 2018 +0100
aws-cli: New package
Needed to communicate with AWS services like EC2, S3, etc...
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit f2f0d61fc1ecaff1f13ece1c0f85d2adbe2ba347 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Aug 14 12:01:53 2018 +0200
logs.cgi/ids.dat: Rework linking to external rule documentation.
Check if the sid of a rule belongs to sourcefire and link to the changed URL for gathering more details. If the sid of the rule belongs to emergingthreads now link to the emergingthreads documentation.
Fixes #11806.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 89f634ff9ed358a72c28330f643d5c128bc21b20 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Aug 14 08:36:19 2018 +0100
Rootfile update
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit df74fcbff940c9b92cd51be36a5b7c831f9b5292 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Aug 13 19:50:06 2018 +0100
Revert "usbutils: update to 010"
This reverts commit b07b1bef22eae7038e7d0fcba0bfd53813f85258.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 9d0601917f4f5f34ffca3589ed0d85845d5f4a9c Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Aug 13 19:49:58 2018 +0100
Revert "core123: Ship updated usbutils"
This reverts commit a65d07ec6d36a712882294b608e718db2d56b24e.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit d179a9d0a746ba6f763750b0d7a5889ceee37cd5 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Aug 13 19:49:48 2018 +0100
Revert "usbutils: Update rootfile"
This reverts commit 9aefd1ed07eee7d83e5b274d4a83240811f9e091.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 397d627eab8f6fa3e87996902089237f9acd728f Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Aug 13 18:59:10 2018 +0100
Revert "avahi: Build without dbus"
This reverts commit 5221a852e80526d188306b05202e595616f0c065.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 8defa50e7395714930dd3a813ad4c509711c0b57 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Aug 13 12:14:49 2018 +0100
aws: Execute user-data script while we have networking up
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 3d0e252e35ad404529797b3c52232ca52c378f93 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sat Aug 11 14:45:56 2018 +0200
intel-microcode: update to 20180807
fixes #11590
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 98ce8975201d48754c89fb2c476571d99d9ae109 Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Aug 10 12:20:38 2018 +0100
avahi: Bump package version
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 5221a852e80526d188306b05202e595616f0c065 Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Aug 10 12:20:06 2018 +0100
avahi: Build without dbus
We don't have any services connected to dbus, so what is the point of avahi trying to connect to it?
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 4ec7c2936dc06cf3096134e955f4e6ad779c96ae Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Aug 10 12:18:29 2018 +0100
avahi: Build with -U_FORTIFY_SOURCE
Avahi locks up when built with -D_FORTIFY_SOURCE=2
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 467581b8ab2c9a62a2239a7dcea4fe40fe70093c Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Aug 10 11:19:25 2018 +0100
avahi: Update to 0.7
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 6064cd87ccfdccc02baaf17e75184ca378977d1c Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Aug 10 11:08:09 2018 +0100
Revert "avahi: Drop package"
This reverts commit aa6ee515c59cd42b12d69981329a2438e4d6e933.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit ebbca90d70765fac6a42d8ebcc8ec98c1c38f434 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Aug 9 16:28:14 2018 +0100
openssh: Disable password authentication by default
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 7f841117c5377136b85c878fa7252e9a4458a526 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Aug 8 10:26:38 2018 +0200
kernel: fix build on x86_64
oops i deleted a wrong line...
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 07664187ac7323af8cbcce166be6fb5e6786fdca Author: Arne Fitzenreiter arne_f@ipfire.org Date: Tue Aug 7 19:05:35 2018 +0200
kernel: fix build on armv5tel
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 7529349754e0f99f626a36c895347806fc6f2dd2 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Aug 5 17:19:52 2018 +0200
kernel: apu2 leds: update string for newer bios
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 28b252145a3240caea81d586d3e63db72c573c87 Merge: b403b04a1 4a5068190 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Aug 5 17:19:36 2018 +0200
Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next
commit b403b04a139c02156829d8d21943bc69b2cf0c53 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Aug 5 13:32:36 2018 +0200
initrd: add early microcode load
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 4a50681905af88adb0c4c19e6bc7dfda3dbe3606 Author: Erik Kapfer erik.kapfer@ipfire.org Date: Sat Aug 4 13:52:32 2018 +0200
tor: Update to version 0.3.3.9
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 351567966d83908eb3de7108f79c4eab7a37e1e0 Author: Erik Kapfer erik.kapfer@ipfire.org Date: Sat Aug 4 13:49:00 2018 +0200
nginx: Update to version 1.15.1
Deleted last slash in --prefix configure option to prevent such --> https://forum.ipfire.org/viewtopic.php?t=19213#p109787 problems.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit b856ad695a29059939b16789d410ef52448c6160 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Sat Aug 4 08:35:05 2018 +0200
rng-tools: Update to 6.3.1
Bugfix release, for details see: https://github.com/nhorman/rng-tools/releases
Best, Matthias
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 1fb7f56e11729f27cab7c5c3349d2c05a8e41a53 Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Aug 4 13:39:00 2018 +0100
make.sh: Add command to update list of contributors
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 79bcc6f769eff10558db6a2c5d7247e5ced508bb Author: Arne Fitzenreiter arne_f@ipfire.org Date: Fri Aug 3 16:13:12 2018 +0200
collectd: fix cpufreq plugin enable
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit f32cbd89d9990b2a1017b7ad19ba98f8d38a5c11 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Jul 31 16:23:07 2018 +0100
backup: Bump release number in ISO download script
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit b5a1294c987be0f81b597ea2abca563b26118927 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Thu Aug 2 21:15:11 2018 +0200
linux-firmware: update to 30.7.2018
include new amd microcodes for Spectre updates
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 0cf70cae66593ce985d22b05d0be95c5b43b0565 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Jul 30 16:54:50 2018 +0100
aws: Disable SSH password authentication by default
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit a580a31c0ff5c596027b4e942869e4e7342f2de6 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Jul 26 14:46:53 2018 +0100
core123: Ship and restart squid and apache
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 51099ddfd7a497d535662a93362e774ba30fe1ca Author: Matthias Fischer matthias.fischer@ipfire.org Date: Tue Jul 17 20:50:41 2018 +0200
squid: Update to 3.5.28
For details see: http://www.squid-cache.org/Versions/v3/3.5/changesets/
Best, Matthias
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 64add19dfe8ecef092679871eac1d56560e2b0f5 Author: Wolfgang Apolinarski wolfgang.apolinarski@ipfire.org Date: Tue Jul 17 20:13:30 2018 +0200
Apache: Update to 2.4.34
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 4e4c122c58349a9cf7e496b1e61ea3f55e070681 Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Jul 20 16:19:46 2018 +0100
aws: Add support for a script that can be executed at first boot
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit ba06294341bffb06c2842128fa52978e79fe972c Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Jul 17 18:05:07 2018 +0100
aws: Always exit the init script cleanly
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 04441d8a3c582aaed2a34f65934dfb7bda28b7e2 Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Jul 20 14:21:36 2018 +0000
asterisk: Don't optimise for builder
Asterisk enables -march=native which renders the code incompatible to most systems.
Fixes: #11793
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
-----------------------------------------------------------------------
hooks/post-receive -- IPFire 2.x development tree