This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via 11a1a874e9e682fb681e36c776027ea129e3dc67 (commit) via 877e2ef8bb5d492af2be5956249db738a06cee3a (commit) from 95a1679c6ba5c6da6116ed446b489979db312c17 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 11a1a874e9e682fb681e36c776027ea129e3dc67 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Oct 15 19:48:16 2014 +0200
Create Core Update 85
commit 877e2ef8bb5d492af2be5956249db738a06cee3a Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Oct 15 19:19:15 2014 +0200
openssl: Update to version 1.0.1j
OpenSSL Security Advisory [15 Oct 2014] =======================================
SRTP Memory Leak (CVE-2014-3513) ================================
Severity: High
A flaw in the DTLS SRTP extension parsing code allows an attacker, who sends a carefully crafted handshake message, to cause OpenSSL to fail to free up to 64k of memory causing a memory leak. This could be exploited in a Denial Of Service attack. This issue affects OpenSSL 1.0.1 server implementations for both SSL/TLS and DTLS regardless of whether SRTP is used or configured. Implementations of OpenSSL that have been compiled with OPENSSL_NO_SRTP defined are not affected.
OpenSSL 1.0.1 users should upgrade to 1.0.1j.
This issue was reported to OpenSSL on 26th September 2014, based on an original issue and patch developed by the LibreSSL project. Further analysis of the issue was performed by the OpenSSL team.
The fix was developed by the OpenSSL team.
Session Ticket Memory Leak (CVE-2014-3567) ==========================================
Severity: Medium
When an OpenSSL SSL/TLS/DTLS server receives a session ticket the integrity of that ticket is first verified. In the event of a session ticket integrity check failing, OpenSSL will fail to free memory causing a memory leak. By sending a large number of invalid session tickets an attacker could exploit this issue in a Denial Of Service attack.
OpenSSL 1.0.1 users should upgrade to 1.0.1j. OpenSSL 1.0.0 users should upgrade to 1.0.0o. OpenSSL 0.9.8 users should upgrade to 0.9.8zc.
This issue was reported to OpenSSL on 8th October 2014.
The fix was developed by Stephen Henson of the OpenSSL core team.
SSL 3.0 Fallback protection ===========================
Severity: Medium
OpenSSL has added support for TLS_FALLBACK_SCSV to allow applications to block the ability for a MITM attacker to force a protocol downgrade.
Some client applications (such as browsers) will reconnect using a downgraded protocol to work around interoperability bugs in older servers. This could be exploited by an active man-in-the-middle to downgrade connections to SSL 3.0 even if both sides of the connection support higher protocols. SSL 3.0 contains a number of weaknesses including POODLE (CVE-2014-3566).
OpenSSL 1.0.1 users should upgrade to 1.0.1j. OpenSSL 1.0.0 users should upgrade to 1.0.0o. OpenSSL 0.9.8 users should upgrade to 0.9.8zc.
https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00 https://www.openssl.org/~bodo/ssl-poodle.pdf
Support for TLS_FALLBACK_SCSV was developed by Adam Langley and Bodo Moeller.
Build option no-ssl3 is incomplete (CVE-2014-3568) ==================================================
Severity: Low
When OpenSSL is configured with "no-ssl3" as a build option, servers could accept and complete a SSL 3.0 handshake, and clients could be configured to send them.
OpenSSL 1.0.1 users should upgrade to 1.0.1j. OpenSSL 1.0.0 users should upgrade to 1.0.0o. OpenSSL 0.9.8 users should upgrade to 0.9.8zc.
This issue was reported to OpenSSL by Akamai Technologies on 14th October 2014.
The fix was developed by Akamai and the OpenSSL team.
References ==========
URL for this Security Advisory: https://www.openssl.org/news/secadv_20141015.txt
Note: the online version of the advisory may be updated with additional details over time.
For details of OpenSSL severity classifications please see: https://www.openssl.org/about/secpolicy.html
-----------------------------------------------------------------------
Summary of changes: config/rootfiles/core/{84 => 85}/exclude | 0 config/rootfiles/{oldcore/60 => core/85}/filelists/files | 1 + config/rootfiles/{oldcore/28 => core/85}/filelists/openssl | 0 config/rootfiles/core/{84 => 85}/meta | 0 config/rootfiles/{oldcore/83 => core/85}/update.sh | 5 +---- config/rootfiles/{core => oldcore}/84/exclude | 0 config/rootfiles/{core => oldcore}/84/filelists/bash | 0 config/rootfiles/{core => oldcore}/84/filelists/dnsmasq | 0 config/rootfiles/{core => oldcore}/84/filelists/files | 0 config/rootfiles/{core => oldcore}/84/filelists/readline | 0 config/rootfiles/{core => oldcore}/84/filelists/squid | 0 config/rootfiles/{core => oldcore}/84/meta | 0 config/rootfiles/{core => oldcore}/84/update.sh | 0 lfs/openssl | 4 ++-- make.sh | 4 ++-- 15 files changed, 6 insertions(+), 8 deletions(-) copy config/rootfiles/core/{84 => 85}/exclude (100%) copy config/rootfiles/{oldcore/60 => core/85}/filelists/files (63%) copy config/rootfiles/{oldcore/28 => core/85}/filelists/openssl (100%) copy config/rootfiles/core/{84 => 85}/meta (100%) copy config/rootfiles/{oldcore/83 => core/85}/update.sh (97%) rename config/rootfiles/{core => oldcore}/84/exclude (100%) rename config/rootfiles/{core => oldcore}/84/filelists/bash (100%) rename config/rootfiles/{core => oldcore}/84/filelists/dnsmasq (100%) rename config/rootfiles/{core => oldcore}/84/filelists/files (100%) rename config/rootfiles/{core => oldcore}/84/filelists/readline (100%) rename config/rootfiles/{core => oldcore}/84/filelists/squid (100%) rename config/rootfiles/{core => oldcore}/84/meta (100%) rename config/rootfiles/{core => oldcore}/84/update.sh (100%)
Difference in files: diff --git a/config/rootfiles/core/84/exclude b/config/rootfiles/core/84/exclude deleted file mode 100644 index 18e9b4d..0000000 --- a/config/rootfiles/core/84/exclude +++ /dev/null @@ -1,20 +0,0 @@ -boot/config.txt -etc/collectd.custom -etc/ipsec.conf -etc/ipsec.secrets -etc/ipsec.user.conf -etc/ipsec.user.secrets -etc/localtime -etc/shadow -etc/ssh/ssh_config -etc/ssh/sshd_config -etc/ssl/openssl.cnf -etc/sudoers -etc/sysconfig/firewall.local -etc/sysconfig/rc.local -etc/udev/rules.d/30-persistent-network.rules -srv/web/ipfire/html/proxy.pac -var/ipfire/ovpn -var/log/cache -var/state/dhcp/dhcpd.leases -var/updatecache diff --git a/config/rootfiles/core/84/filelists/bash b/config/rootfiles/core/84/filelists/bash deleted file mode 120000 index de970cb..0000000 --- a/config/rootfiles/core/84/filelists/bash +++ /dev/null @@ -1 +0,0 @@ -../../../common/bash \ No newline at end of file diff --git a/config/rootfiles/core/84/filelists/dnsmasq b/config/rootfiles/core/84/filelists/dnsmasq deleted file mode 120000 index d469c74..0000000 --- a/config/rootfiles/core/84/filelists/dnsmasq +++ /dev/null @@ -1 +0,0 @@ -../../../common/dnsmasq \ No newline at end of file diff --git a/config/rootfiles/core/84/filelists/files b/config/rootfiles/core/84/filelists/files deleted file mode 100644 index 2cbc242..0000000 --- a/config/rootfiles/core/84/filelists/files +++ /dev/null @@ -1,11 +0,0 @@ -etc/system-release -etc/issue -etc/rc.d/init.d/firewall -etc/rc.d/init.d/network -srv/web/ipfire/cgi-bin/firewall.cgi -srv/web/ipfire/cgi-bin/fwhosts.cgi -srv/web/ipfire/cgi-bin/urlfilter.cgi -usr/lib/firewall/firewall-lib.pl -usr/lib/firewall/rules.pl -usr/local/bin/update-lang-cache -var/ipfire/langs diff --git a/config/rootfiles/core/84/filelists/readline b/config/rootfiles/core/84/filelists/readline deleted file mode 120000 index 84209f1..0000000 --- a/config/rootfiles/core/84/filelists/readline +++ /dev/null @@ -1 +0,0 @@ -../../../common/readline \ No newline at end of file diff --git a/config/rootfiles/core/84/filelists/squid b/config/rootfiles/core/84/filelists/squid deleted file mode 120000 index 2dc8372..0000000 --- a/config/rootfiles/core/84/filelists/squid +++ /dev/null @@ -1 +0,0 @@ -../../../common/squid \ No newline at end of file diff --git a/config/rootfiles/core/84/meta b/config/rootfiles/core/84/meta deleted file mode 100644 index d547fa8..0000000 --- a/config/rootfiles/core/84/meta +++ /dev/null @@ -1 +0,0 @@ -DEPS="" diff --git a/config/rootfiles/core/84/update.sh b/config/rootfiles/core/84/update.sh deleted file mode 100644 index 93a9e20..0000000 --- a/config/rootfiles/core/84/update.sh +++ /dev/null @@ -1,60 +0,0 @@ -#!/bin/bash -############################################################################ -# # -# This file is part of the IPFire Firewall. # -# # -# IPFire is free software; you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation; either version 3 of the License, or # -# (at your option) any later version. # -# # -# IPFire is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with IPFire; if not, write to the Free Software # -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # -# # -# Copyright (C) 2014 IPFire-Team info@ipfire.org. # -# # -############################################################################ -# -. /opt/pakfire/lib/functions.sh -/usr/local/bin/backupctrl exclude >/dev/null 2>&1 - -# Remove old core updates from pakfire cache to save space... -core=84 -for (( i=1; i<=$core; i++ )) -do - rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire -done - -# Stop services -/etc/init.d/squid stop -/etc/init.d/dnsmasq stop - -# Remove old files - -# Extract files -extract_files - -# Start services -/etc/init.d/dnsmasq start -/etc/init.d/squid start - -# Update Language cache -perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang" - -sync - -# This update need a reboot... -touch /var/run/need_reboot - -# Finish -/etc/init.d/fireinfo start -sendprofile - -# Don't report the exitcode last command -exit 0 diff --git a/config/rootfiles/core/85/exclude b/config/rootfiles/core/85/exclude new file mode 100644 index 0000000..18e9b4d --- /dev/null +++ b/config/rootfiles/core/85/exclude @@ -0,0 +1,20 @@ +boot/config.txt +etc/collectd.custom +etc/ipsec.conf +etc/ipsec.secrets +etc/ipsec.user.conf +etc/ipsec.user.secrets +etc/localtime +etc/shadow +etc/ssh/ssh_config +etc/ssh/sshd_config +etc/ssl/openssl.cnf +etc/sudoers +etc/sysconfig/firewall.local +etc/sysconfig/rc.local +etc/udev/rules.d/30-persistent-network.rules +srv/web/ipfire/html/proxy.pac +var/ipfire/ovpn +var/log/cache +var/state/dhcp/dhcpd.leases +var/updatecache diff --git a/config/rootfiles/core/85/filelists/files b/config/rootfiles/core/85/filelists/files new file mode 100644 index 0000000..168c7d1 --- /dev/null +++ b/config/rootfiles/core/85/filelists/files @@ -0,0 +1,3 @@ +etc/system-release +etc/issue +var/ipfire/langs diff --git a/config/rootfiles/core/85/filelists/openssl b/config/rootfiles/core/85/filelists/openssl new file mode 120000 index 0000000..e011a92 --- /dev/null +++ b/config/rootfiles/core/85/filelists/openssl @@ -0,0 +1 @@ +../../../common/openssl \ No newline at end of file diff --git a/config/rootfiles/core/85/meta b/config/rootfiles/core/85/meta new file mode 100644 index 0000000..d547fa8 --- /dev/null +++ b/config/rootfiles/core/85/meta @@ -0,0 +1 @@ +DEPS="" diff --git a/config/rootfiles/core/85/update.sh b/config/rootfiles/core/85/update.sh new file mode 100644 index 0000000..ec9ac63 --- /dev/null +++ b/config/rootfiles/core/85/update.sh @@ -0,0 +1,56 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 3 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2014 IPFire-Team info@ipfire.org. # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh +/usr/local/bin/backupctrl exclude >/dev/null 2>&1 + +# Remove old core updates from pakfire cache to save space... +core=85 +for (( i=1; i<=$core; i++ )) +do + rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire +done + +# Stop services + +# Remove old files + +# Extract files +extract_files + +# Start services + +# Update Language cache +perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang" + +sync + +# This update need a reboot... +touch /var/run/need_reboot + +# Finish +/etc/init.d/fireinfo start +sendprofile + +# Don't report the exitcode last command +exit 0 diff --git a/config/rootfiles/oldcore/84/exclude b/config/rootfiles/oldcore/84/exclude new file mode 100644 index 0000000..18e9b4d --- /dev/null +++ b/config/rootfiles/oldcore/84/exclude @@ -0,0 +1,20 @@ +boot/config.txt +etc/collectd.custom +etc/ipsec.conf +etc/ipsec.secrets +etc/ipsec.user.conf +etc/ipsec.user.secrets +etc/localtime +etc/shadow +etc/ssh/ssh_config +etc/ssh/sshd_config +etc/ssl/openssl.cnf +etc/sudoers +etc/sysconfig/firewall.local +etc/sysconfig/rc.local +etc/udev/rules.d/30-persistent-network.rules +srv/web/ipfire/html/proxy.pac +var/ipfire/ovpn +var/log/cache +var/state/dhcp/dhcpd.leases +var/updatecache diff --git a/config/rootfiles/oldcore/84/filelists/bash b/config/rootfiles/oldcore/84/filelists/bash new file mode 120000 index 0000000..de970cb --- /dev/null +++ b/config/rootfiles/oldcore/84/filelists/bash @@ -0,0 +1 @@ +../../../common/bash \ No newline at end of file diff --git a/config/rootfiles/oldcore/84/filelists/dnsmasq b/config/rootfiles/oldcore/84/filelists/dnsmasq new file mode 120000 index 0000000..d469c74 --- /dev/null +++ b/config/rootfiles/oldcore/84/filelists/dnsmasq @@ -0,0 +1 @@ +../../../common/dnsmasq \ No newline at end of file diff --git a/config/rootfiles/oldcore/84/filelists/files b/config/rootfiles/oldcore/84/filelists/files new file mode 100644 index 0000000..2cbc242 --- /dev/null +++ b/config/rootfiles/oldcore/84/filelists/files @@ -0,0 +1,11 @@ +etc/system-release +etc/issue +etc/rc.d/init.d/firewall +etc/rc.d/init.d/network +srv/web/ipfire/cgi-bin/firewall.cgi +srv/web/ipfire/cgi-bin/fwhosts.cgi +srv/web/ipfire/cgi-bin/urlfilter.cgi +usr/lib/firewall/firewall-lib.pl +usr/lib/firewall/rules.pl +usr/local/bin/update-lang-cache +var/ipfire/langs diff --git a/config/rootfiles/oldcore/84/filelists/readline b/config/rootfiles/oldcore/84/filelists/readline new file mode 120000 index 0000000..84209f1 --- /dev/null +++ b/config/rootfiles/oldcore/84/filelists/readline @@ -0,0 +1 @@ +../../../common/readline \ No newline at end of file diff --git a/config/rootfiles/oldcore/84/filelists/squid b/config/rootfiles/oldcore/84/filelists/squid new file mode 120000 index 0000000..2dc8372 --- /dev/null +++ b/config/rootfiles/oldcore/84/filelists/squid @@ -0,0 +1 @@ +../../../common/squid \ No newline at end of file diff --git a/config/rootfiles/oldcore/84/meta b/config/rootfiles/oldcore/84/meta new file mode 100644 index 0000000..d547fa8 --- /dev/null +++ b/config/rootfiles/oldcore/84/meta @@ -0,0 +1 @@ +DEPS="" diff --git a/config/rootfiles/oldcore/84/update.sh b/config/rootfiles/oldcore/84/update.sh new file mode 100644 index 0000000..93a9e20 --- /dev/null +++ b/config/rootfiles/oldcore/84/update.sh @@ -0,0 +1,60 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 3 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2014 IPFire-Team info@ipfire.org. # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh +/usr/local/bin/backupctrl exclude >/dev/null 2>&1 + +# Remove old core updates from pakfire cache to save space... +core=84 +for (( i=1; i<=$core; i++ )) +do + rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire +done + +# Stop services +/etc/init.d/squid stop +/etc/init.d/dnsmasq stop + +# Remove old files + +# Extract files +extract_files + +# Start services +/etc/init.d/dnsmasq start +/etc/init.d/squid start + +# Update Language cache +perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang" + +sync + +# This update need a reboot... +touch /var/run/need_reboot + +# Finish +/etc/init.d/fireinfo start +sendprofile + +# Don't report the exitcode last command +exit 0 diff --git a/lfs/openssl b/lfs/openssl index 0f0b823..186ea6c 100644 --- a/lfs/openssl +++ b/lfs/openssl @@ -24,7 +24,7 @@
include Config
-VER = 1.0.1i +VER = 1.0.1j
THISAPP = openssl-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -51,7 +51,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = c8dc151a671b9b92ff3e4c118b174972 +$(DL_FILE)_MD5 = f7175c9cd3c39bb1907ac8bba9df8ed3
install : $(TARGET)
diff --git a/make.sh b/make.sh index 23ef2b6..d942711 100755 --- a/make.sh +++ b/make.sh @@ -25,8 +25,8 @@ NAME="IPFire" # Software name SNAME="ipfire" # Short name VERSION="2.15" # Version number -CORE="84" # Core Level (Filename) -PAKFIRE_CORE="83" # Core Level (PAKFIRE) +CORE="85" # Core Level (Filename) +PAKFIRE_CORE="84" # Core Level (PAKFIRE) GIT_BRANCH=`git rev-parse --abbrev-ref HEAD` # Git Branch SLOGAN="www.ipfire.org" # Software slogan CONFIG_ROOT=/var/ipfire # Configuration rootdir
hooks/post-receive -- IPFire 2.x development tree