This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, core137 has been created at ff592e1e0764865018330f1bc973f79134d1ab69 (commit)
- Log ----------------------------------------------------------------- commit ff592e1e0764865018330f1bc973f79134d1ab69 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sat Oct 12 15:57:59 2019 +0000
core137: close update
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit fcb0e92decdd9f81189ebacb684d868f3c27a4c6 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sat Oct 12 15:56:40 2019 +0000
core137: restart updated services
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 778dd44789906aebae18c92baafcbbae7b8c044a Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sat Oct 12 13:12:03 2019 +0200
kernel: update to 4.14.149
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 2fabddb44d05ba177ccf59308dc54ab549288a2b Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Oct 9 20:23:05 2019 +0200
rust: update armv5tel rootfile
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 194c7b16e4d42dd27a74cc614c415b8381d18eb9 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Oct 9 18:11:32 2019 +0200
rust: add i586 and aarch64 rootfile
todo: armv5tel is still missing...
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit f947ce9af1bf8c4c270fe8bdf24db5fb1808e0e9 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Oct 9 18:10:23 2019 +0200
sane: add special aarch64 rootfile
libsane-qcam is not available for aarch64 so we need an extra rootfile
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit c67519ac7c398237973a278aa267c574e7f2624d Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Oct 9 18:06:54 2019 +0200
sane: rootfile update
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 3791a79239ca2fba15e202f2a724e99cc6c0ba02 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Oct 9 18:05:50 2019 +0200
tshark: rootfile update
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit e29eb3a6c191f22b3402cccb46380e631628deae Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Oct 9 18:04:30 2019 +0200
speedtest-cli: add rootfile
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 7739cbf456e0094a3f60a103df3e1b5711516cf5 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Oct 9 08:37:23 2019 +0200
sane/stage2: remove sanedloop
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit f2e7d2bf501405f86b9a5038a353e9bd45d8c6cc Author: Arne Fitzenreiter arne_f@ipfire.org Date: Tue Oct 8 19:49:01 2019 +0000
rust: fix typo
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 2228871e3e8d66bf6d4857b11ca438b75c25fad2 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Tue Oct 8 19:44:54 2019 +0000
rust: fix md5 sums for i586 and arm
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 5b87687cb1d37d81dbc701706e40f40f2cb16348 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Mon Oct 7 20:44:05 2019 +0200
suricata: Enable rust support
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 59fe973584a36b06944ad6a6e95bc95de4409eda Author: Stefan Schantl stefan.schantl@ipfire.org Date: Mon Oct 7 20:44:04 2019 +0200
rust: New package.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 5848f7288b216d16f3b6b448c621be01660f64f0 Author: Erik Kapfer ummeegge@ipfire.org Date: Sun Oct 6 09:23:19 2019 +0200
ncat: Update to version 7.80
Several improvements has been added. This update is part of the nmap-7.80 update. For the complete changelog take a look in here --> https://seclists.org/nmap-announce/2019/0 .
Signed-off-by: Erik Kapfer ummeegge@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 692d6e012bfb24ac37dc0cad5fb53f318bd7deb1 Author: Erik Kapfer ummeegge@ipfire.org Date: Sun Oct 6 09:16:57 2019 +0200
nmap: Update to version 7.80
Several improvements, NSE scripts and libraries has been added. The complete changelog can be found in here --> https://seclists.org/nmap-announce/2019/0 .
Signed-off-by: Erik Kapfer ummeegge@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 2513c3bba983b7bac23564eee51752f434430a33 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Tue Oct 8 19:05:50 2019 +0000
core137: ship libpcap
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 64243e995b86eb6dd62a2a755c9d7d1441698873 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Sat Oct 5 09:37:15 2019 +0200
libpcap: Update to 1.9.1
For details see: https://www.tcpdump.org/libpcap-changes.txt
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit a647499b10b989a42ecbafe56fa8a1d430b137fc Author: Arne Fitzenreiter arne_f@ipfire.org Date: Tue Oct 8 19:03:50 2019 +0000
core137: ship unbound
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 146c8a58ab6d0ba95b975283359ef15b6a6f60da Author: Matthias Fischer matthias.fischer@ipfire.org Date: Sat Oct 5 09:09:29 2019 +0200
unbound: Update to 1.9.4
For details see: https://nlnetlabs.nl/pipermail/unbound-users/2019-October/011832.html
"This release is a fix for vulnerability CVE-2019-16866 that causes a failure when a specially crafted query is received."
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 6c20eff135f7aa15021aae1a7726b54bd5d01f49 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Sat Oct 5 09:05:25 2019 +0200
tcpdump: Update to 4.9.3
For details see: https://www.tcpdump.org/tcpdump-changes.txt
"Fix buffer overflow/overread vulnerabilities: CVE-2017-16808 (AoE) CVE-2018-14468 (FrameRelay) CVE-2018-14469 (IKEv1) CVE-2018-14470 (BABEL) CVE-2018-14466 (AFS/RX) CVE-2018-14461 (LDP) CVE-2018-14462 (ICMP) CVE-2018-14465 (RSVP) CVE-2018-14881 (BGP) CVE-2018-14464 (LMP) CVE-2018-14463 (VRRP) CVE-2018-14467 (BGP) CVE-2018-10103 (SMB - partially fixed, but SMB printing disabled) CVE-2018-10105 (SMB - too unreliably reproduced, SMB printing disabled) CVE-2018-14880 (OSPF6) CVE-2018-16451 (SMB) CVE-2018-14882 (RPL) CVE-2018-16227 (802.11) CVE-2018-16229 (DCCP) CVE-2018-16301 (was fixed in libpcap) CVE-2018-16230 (BGP) CVE-2018-16452 (SMB) CVE-2018-16300 (BGP) CVE-2018-16228 (HNCP) CVE-2019-15166 (LMP) CVE-2019-15167 (VRRP) Fix for cmdline argument/local issues: CVE-2018-14879 (tcpdump -V)"
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit a92ede24870df2194158569e3b71b3ef082ce6de Author: Matthias Fischer matthias.fischer@ipfire.org Date: Sat Oct 5 08:59:04 2019 +0200
clamav: Update to 0.102.0
For details see: https://blog.clamav.net/2019/10/clamav-01020-has-been-released.html
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit d46c0db060944210cdf73fa4e244ba351f3c3e5f Author: Matthias Fischer matthias.fischer@ipfire.org Date: Sat Oct 5 08:51:15 2019 +0200
nano: Update to 4.5
For details see: https://www.nano-editor.org/news.php
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 1da658398028af57da5167d0bc158b305d2a8242 Author: Erik Kapfer ummeegge@ipfire.org Date: Fri Oct 4 19:26:26 2019 +0200
tshark: Update to version 3.0.5
The jump from 3.0.2 to 3.0.5 includes several bugfixes, updated protocols and new and updated capture support. The complete release notes can be found in here --> https://www.wireshark.org/docs/relnotes/ .
Signed-off-by: Erik Kapfer ummeegge@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 5fe5334daae548907aab65476eeb7b205902d58f Author: Arne Fitzenreiter arne_f@ipfire.org Date: Tue Oct 8 18:56:47 2019 +0000
core137: ship strongwan and vpnmain.cgi
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit d47b2cc28b76ca8273d89a2c821bc5450b861a18 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Oct 2 10:31:54 2019 +0000
IPsec: Add support for Curve448
This is supported since strongswan 5.7.2 and is a good alternative to Curve25519 because Curve448 is almost equally secure but performs faster.
https://en.wikipedia.org/wiki/Curve448
This is enabled by default although we do not expect many other implementations to be able to support this.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 4dde3dd50f7e2416fa523258a1d25e4d7821e5bf Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Oct 2 10:31:53 2019 +0000
strongswan: Update 5.8.1
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 9875e9f2aec86c56ca3da8f5cb6d42aeffe65c29 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Oct 2 08:53:50 2019 +0000
speedtest-cli: New package
This is a CLI implementation to test the speed of an internet connection.
I find this quite useful when there is no access to a client computer on the network and this will give you a rough idea about the connection speed.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit ff599b6767f152ed1fe5b53163cae62e181e1762 Author: Stephan Feddersen sfeddersen@ipfire.org Date: Tue Oct 1 22:07:39 2019 +0200
WIO:Add fr language
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit b64b3c110e9686b4a67a58e13ad1a753d5d8063d Author: Stephan Feddersen sfeddersen@ipfire.org Date: Tue Oct 1 22:01:40 2019 +0200
WIO: Add french translation file
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit f1e1e9072da24ada475c73dd225bc98031a361d1 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Tue Oct 8 18:50:04 2019 +0000
core137: ship updated unbound initskript
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 70cd5c42f003292bd1ecb9e38018782679dbd01e Author: peter.mueller@ipfire.org peter.mueller@ipfire.org Date: Tue Oct 1 15:22:00 2019 +0000
firewall: always allow outgoing DNS traffic to root servers
Allowing outgoing DNS traffic (destination port 53, both TCP and UDP) to the root servers is BCP for some reasons. First, RFC 5011 assumes resolvers are able to fetch new trust ancors from the root servers for a certain time period in order to do key rollovers.
Second, Unbound shows some side effects if it cannot do trust anchor signaling (see RFC 8145) or fetch the current trust anchor, resulting in SERVFAILs for arbitrary requests a few minutes.
There is little security implication of allowing DNS traffic to the root servers: An attacker might abuse this for exfiltrating data via DNS queries, but is unable to infiltrate data unless he gains control over at least one root server instance. If there is no firewall ruleset in place which prohibits any other DNS traffic than to chosen DNS servers, this patch will not have security implications at all.
The second version of this patch does not use unnecessary xargs- call nor changes anything else not related to this issue.
Fixes #12183
Cc: Michael Tremer michael.tremer@ipfire.org Suggested-by: Horace Michael horace.michael@gmx.com Signed-off-by: Peter Müller peter.mueller@ipfire.org Acked-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 974d86532fea2062670c09ae0960e8455c6e8f37 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Oct 1 12:36:16 2019 +0100
unbound: Add option to force using TCP for upstream servers
Some users have problems to reach DNS servers. This change adds an option which allows to force using TCP for upstream name servers.
This is a good workaround for users behind a broken Fritz!Box in modem mode which does not allow resolving any records of the root zone.
The name server tests in the script will also only use TCP.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit f003a07936b81a9c1da5d9f3351d2a3a37523483 Author: Michael Tremer michael.tremer@ipfire.org Date: Sun Sep 29 15:07:58 2019 +0000
shairport-sync: Update to 3.3.2
This version now requires libdaemon and brings various improvements for sound quality and stability.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 1ad45a5a09818bbbf5923b90da44284cb81f758c Author: Michael Tremer michael.tremer@ipfire.org Date: Sun Sep 29 14:50:31 2019 +0000
sane: Update to 1.0.28
This patch updates the package and removes the sanedloop script which was needed to launch saned, but that program can now run in standalone mode.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit c132fed64d91a95d11020a3305e0a3a27e1b2431 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Tue Oct 8 18:38:52 2019 +0000
core137: ship suricata
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit dbf1ae2a10ec4184a48450c5c0cb8f52a2c3b151 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Fri Sep 27 18:08:49 2019 +0200
suricata: Update to 4.1.5
Changelog: "4.1.5 -- 2019-09-24
Feature #3068: protocol parser: vxlan (4.1.x) Bug #2841: False positive alerts firing after upgrade suricata 3.0 -> 4.1.0 (4.1.x) Bug #2966: filestore (v1 and v2): dropping of "unwanted" files (4.1.x) Bug #3008: rust: updated libc crate causes depration warnings (4.1.x) Bug #3044: tftp: missing logs because of broken tx handling (4.1.x) Bug #3067: GeoIP keyword depends on now discontinued legacy GeoIP database (4.1.x) Bug #3094: Fedora rawhide af-packet compilation err (4.1.x) Bug #3123: bypass keyword: Suricata 4.1.x Segmentation Faults (4.1.x) Bug #3129: Fixes warning about size of integers in string formats (4.1.x) Bug #3159: SC_ERR_PCAP_DISPATCH with message "error code -2" upon rule reload completion (4.1.x) Bug #3164: Suricata 4.1.4: NSS Shutdown triggers crashes in test mode Bug #3168: tls: out of bounds read Bug #3170: defrag: out of bounds read Bug #3173: ipv4: ts field decoding oob read Bug #3175: File_data inspection depth while inspecting base64 decoded data (4.1.x) Bug #3184: decode/der: crafted input can lead to resource starvation Bug #3186: Multiple Content-Length headers causes HTP_STREAM_ERROR (4.1.x) Bug #3187: GET/POST HTTP-request with no Content-Length, http_client_body miss (4.1.x)"
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Reviewed-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 80d5bb76dda19a338bd4635d5e4be0737a1abe8c Author: Matthias Fischer matthias.fischer@ipfire.org Date: Thu Sep 26 19:44:11 2019 +0200
iproute2: Update to 5.3.0
For details see: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/log/?h=v5.3.0
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 563ac9b13ebc00d7ec4eeca117bc9e74b42216f1 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Tue Oct 8 18:36:24 2019 +0000
core137: ship knot
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 5725768496933fef728161a7159d3bf7adae1792 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Thu Sep 26 19:40:31 2019 +0200
knot: Update to 2.8.4
For details see: https://www.knot-dns.cz/2019-09-24-version-284.html
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit b9921169b13f219e30f0e3bb6050e226bf277c17 Author: peter.mueller@ipfire.org peter.mueller@ipfire.org Date: Wed Sep 25 19:05:00 2019 +0000
mtr: update to 0.93
Signed-off-by: Peter Müller peter.mueller@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 65c295e923e9d78787ec65545b55485a98169955 Author: peter.mueller@ipfire.org peter.mueller@ipfire.org Date: Wed Sep 25 15:15:00 2019 +0000
Tor: update to 0.4.1.6
Please refer to https://blog.torproject.org/new-release-tor-0416 for release notes. This patch has to be applied after applying 9fb607ef6 (https://patchwork.ipfire.org/patch/2407/), which was not merged at the time of writing.
Signed-off-by: Peter Müller peter.mueller@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit a85a7a60fc451a1aec4563e110587b3de976a99c Author: peter.mueller@ipfire.org peter.mueller@ipfire.org Date: Wed Sep 25 15:06:00 2019 +0000
firewall: raise log rate limit for user generated rules, too
Having raised the overall log rate limit to 10 packet per second in Core Update 136, this did not affected rules generated by the user. In order to stay consistent, this patch also raises log rate limit for these.
In order to avoid side effects on firewalls with slow disks, it was probably better touch these categories separately, so testing users won't be DoSsed instantly. :-)
Signed-off-by: Peter Müller peter.mueller@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit e60dde5f53e12a959232b99870eef55ae65c53da Author: Arne Fitzenreiter arne_f@ipfire.org Date: Tue Oct 8 18:26:22 2019 +0000
core137: ship Net_SSLeay
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 24f9c830eb2fa3e602a7f3ef8286263a339e1369 Author: Erik Kapfer ummeegge@ipfire.org Date: Wed Sep 25 12:05:52 2019 +0200
Net-SSLeay: Update to version 1.88
Signed-off-by: Erik Kapfer ummeegge@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 3ec5d6c0628557b2db457771e3cf273db70ef006 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Tue Sep 24 19:24:44 2019 +0200
nano: Update to 4.4
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 0e081a25f7f19592eecfaf8bf3a7b16ebd6c58da Author: Arne Fitzenreiter arne_f@ipfire.org Date: Tue Oct 8 18:21:17 2019 +0000
core137: ship libssh
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 95180fe563ccaaa5c5d9018623ede57cf090f206 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Sep 23 15:01:47 2019 +0000
bird: Update to 2.0.6
Minor update which will enable support for RPKI because libssh is now present.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 1df47cc9eec46ac2deaee8a1314555bc08026368 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Sep 23 15:01:46 2019 +0000
libssh: New package
This is required by Bird to support RPKI.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit dcf1a61f5b83cc6f845f4eaf3c7de5f031b6fdc6 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Tue Oct 8 18:17:44 2019 +0000
core137: ship updated logrotate.conf
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 686ada315806e3d2731ca98bf9d050582b393471 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Sun Sep 22 09:02:48 2019 +0200
Added Mail log file to '/etc/logrotate.conf'
Fixes Bug #12155: logrotate wasn't set up to rotate this file.
For details see: https://bugzilla.ipfire.org/show_bug.cgi?id=12155
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Acked-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit dbcb1c99d2ac1dabc8783841b18ff0a403e126f0 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Tue Oct 8 18:14:43 2019 +0000
core137: ship tzdata
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 71adb8b98fb3c4cc6cf6a929ec358a63f030c56b Author: Matthias Fischer matthias.fischer@ipfire.org Date: Sun Sep 22 08:49:48 2019 +0200
tzcode / tzdata: Update to 2019c
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit c9ef22a019b52b89dfe2289b9a087f5290103abf Author: Arne Fitzenreiter arne_f@ipfire.org Date: Tue Oct 8 18:10:23 2019 +0000
core137: ship wpa_supplicant
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 2fc8d419150ec9e665ac6e1e0bd5dc1bdf762b8c Author: Matthias Fischer matthias.fischer@ipfire.org Date: Fri Sep 20 20:51:36 2019 +0200
hostapd: Update to 2.9
For details see: https://w1.fi/cgit/hostap/plain/hostapd/ChangeLog
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 19addaa5aa4cf66a37336e2b0ca63746dcf42053 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Fri Sep 20 20:51:35 2019 +0200
wpa_supplicant: Update to 2.9
For details see: https://w1.fi/cgit/hostap/plain/wpa_supplicant/ChangeLog
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 6499bd0d50c69e9230f6063afcef32283ba07554 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Tue Oct 8 18:08:04 2019 +0000
core137: ship bind
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 5121f35be3b4c5ade223f8509eaddb746ab143e9 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Fri Sep 20 20:43:19 2019 +0200
bind: Update to 9.11.11
For details see: https://downloads.isc.org/isc/bind9/9.11.11/RELEASE-NOTES-bind-9.11.11.html
"Security Fixes
A race condition could trigger an assertion failure when a large number of incoming packets were being rejected. This flaw is disclosed in CVE-2019-6471. [GL #942]
...
Bug Fixes
Glue address records were not being returned in responses to root priming queries; this has been corrected. [GL #1092]
Interaction between DNS64 and RPZ No Data rule (CNAME *.) could cause unexpected results; this has been fixed. [GL #1106]
named-checkconf now checks DNS64 prefixes to ensure bits 64-71 are zero. [GL #1159]
named-checkconf could crash during configuration if configured to use "geoip continent" ACLs with legacy GeoIP. [GL #1163]
named-checkconf now correctly reports missing dnstap-output option when dnstap is set. [GL #1136]
Handle ETIMEDOUT error on connect() with a non-blocking socket. [GL #1133]"
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 2a0edc08bf4bd5196bea1a4668e0429ee2eeedc9 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Tue Oct 8 18:06:13 2019 +0000
core137: ship changed ovpnmain.cgi
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit b21a6319cd89534a7ba45bd327d297d4ee76a90d Author: Erik Kapfer ummeegge@ipfire.org Date: Wed Sep 18 07:03:34 2019 +0200
ovpn: Add ta.key check to main settings
Since Core 132 the 'TLS Channel Protection' is part of the global settings, the ta.key generation check should also be in the main section otherwise it won´t be created if not present.
Signed-off-by: Erik Kapfer ummeegge@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit ae04d0a3110f6d9d9f9ac96312ca7ce130be0ffd Author: Erik Kapfer ummeegge@ipfire.org Date: Wed Sep 18 07:03:33 2019 +0200
ovpn: Generate ta.key before dh-parameter
Fixes: #11964 and #12157
If slow boards or/and boards with low entropy needs too long to generate the DH-parameter, ovpnmain.cgi can get into a "Script timed out before returning headers" and no further OpenSSl commands will be executed after dhparam is finished. Since the ta.key are created after the DH-parameter, it won´t be produced in that case. To prevent this, the DH-parameter will now be generated at the end.
Signed-off-by: Erik Kapfer ummeegge@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit a4ec2a4e4f324dcf6d6572b0a3a9cf081f5fa49f Author: peter.mueller@ipfire.org peter.mueller@ipfire.org Date: Tue Sep 17 17:25:00 2019 +0000
Tor: update to 0.4.1.5
Signed-off-by: Peter Müller peter.mueller@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 5907bc5d5ecca6a29114a16ff2628caa8d35698b Author: Arne Fitzenreiter arne_f@ipfire.org Date: Tue Oct 8 18:02:23 2019 +0000
core137: add pcre
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 57354c81878ceb9c0c5e1949aea87ca45b07e99d Author: Matthias Fischer matthias.fischer@ipfire.org Date: Sun Sep 15 18:23:21 2019 +0200
pcre: Update to 8.43
For details see: http://www.pcre.org/original/changelog.txt
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit c0fe5525cea5577c24b643fda4837e7253158873 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Tue Oct 8 17:59:39 2019 +0000
core137: add dhcpcd
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit a4bb11243f0d43b7e95ec0195879aa0dd6a94b9e Author: Matthias Fischer matthias.fischer@ipfire.org Date: Sat Sep 14 18:02:33 2019 +0200
dhcpcd: Update to 8.0.6
For details see: https://roy.marples.name/blog/dhcpcd-8-0-6-released
"inet6: Fix default route not being installed DHCP: If root fs is network mounted, enable last lease extend man: Fix lint errors. BSD: avoid RTF_WASCLONED routes DHCP: Give a better message when packet validation fails DHCP: Ensure we have enough data to checksum IP and UDP
The last change fixes a potential DoS attack introduced in dhcpcd-8.0.3 when the checksuming code was changed to accomodate variable length IP headers. The commit says since 7.2.0, but I've now decided that's not the case."
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 6c84c53803c1fcf5710bea867e29b02da8adf5e8 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Tue Oct 8 17:57:32 2019 +0000
core137: add iproute2
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 5551237b1a3f61ffce60aaaaa1a3ff9d42869994 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Wed Sep 11 18:07:47 2019 +0200
iproute2: Update to 5.2.0
For details see: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/log/
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 6bc008fc8f0e7b75602cbc8c294f96d0c462dfea Author: Arne Fitzenreiter arne_f@ipfire.org Date: Tue Oct 8 17:53:36 2019 +0000
core137: add iptables and collectd
collectd is linked to libip4tc so we need to ship this also
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 7a03d4b08a17631ca0fa14bbcfb6562c1187b90b Author: Matthias Fischer matthias.fischer@ipfire.org Date: Wed Sep 11 18:03:27 2019 +0200
iptables: Update to 1.8.3
For details see: https://www.netfilter.org/projects/iptables/files/changes-iptables-1.8.3.txt
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 4e6c66b5258abcb94dae2759130796145b36d1dd Author: Arne Fitzenreiter arne_f@ipfire.org Date: Tue Oct 8 17:49:09 2019 +0000
core137: add libnetfilter_queue
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit deb594c1b63914ae9c977438aaccdea564408a0c Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Sep 8 19:38:49 2019 +0200
libnetfilter_queue: Update to 1.0.4
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 968af91f621d7354ad81976eee3d681983eccd9a Author: Arne Fitzenreiter arne_f@ipfire.org Date: Tue Oct 8 17:46:29 2019 +0000
core137: add libhtp
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit db946ccc1c917287fa3a6398f93ece28be289a5b Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Sep 6 14:52:51 2019 +0200
libhtp: Update to 0.5.30
Fixes #12170
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org Reviewed-by: Peter Müller peter.mueller@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 73659e8cf9a2e1a453d7acb4b981911ba2d1cf6a Author: Arne Fitzenreiter arne_f@ipfire.org Date: Mon Oct 7 23:37:56 2019 +0200
kernel: update to 4.14.148
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit a75eebc86a52d9f3b3c520c52389c45bc47e6b50 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sat Oct 5 14:42:09 2019 +0200
kernel: update to 4.14.147
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 69cf4f306514d633843f510f4f80e9abaefd977f Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sat Sep 21 20:44:52 2019 +0200
kernel: update to 4.14.146
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 415969cc1b8edd06ee84375614c4eb06cf182d36 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Sep 20 20:33:05 2019 +0200
kernel: Backport patch to fix a netfilter contrack related issue.
This fixes the packet drop issue when using suricata on IPFire.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 593a9326d8f309c78ff87d43793210cd92e42d14 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sat Sep 21 09:52:02 2019 +0000
start core137 and add kernel and IO-Socket-SSL to updater
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
-----------------------------------------------------------------------
hooks/post-receive -- IPFire 2.x development tree