This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via da4ff2f6a971ceedeacfd0c929ed1eaf4ecef34f (commit) via bfb19ad7401353ab2ac807ff1c7a0ab6d6a8e9c9 (commit) via 1ad5c1bd26fc6aa2d37ec1a35107f528c344b121 (commit) from b1b1cb344bd5430ec9c9f1eaa5b54d90aa5b6ba8 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit da4ff2f6a971ceedeacfd0c929ed1eaf4ecef34f Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Mar 17 16:45:00 2022 +0000
core166: Ship apache2
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit bfb19ad7401353ab2ac807ff1c7a0ab6d6a8e9c9 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Wed Mar 16 17:09:12 2022 +0100
apache: Update to 2.4.53
For details see: https://dlcdn.apache.org/httpd/CHANGES_2.4.53
Short summary of the most important SECURITY changes:
"Changes with Apache 2.4.53
*) SECURITY: CVE-2022-23943: mod_sed: Read/write beyond bounds (cve.mitre.org) Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions. Credits: Ronald Crane (Zippenhop LLC)
*) SECURITY: CVE-2022-22721: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody (cve.mitre.org) If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. Credits: Anonymous working with Trend Micro Zero Day Initiative
*) SECURITY: CVE-2022-22720: HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier (cve.mitre.org) Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling Credits: James Kettle <james.kettle portswigger.net>
*) SECURITY: CVE-2022-22719: mod_lua Use of uninitialized value of in r:parsebody (cve.mitre.org) A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. Credits: Chamal De Silva ..."
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 1ad5c1bd26fc6aa2d37ec1a35107f528c344b121 Author: Stéphane Pautrel steph78630@gmail.com Date: Thu Mar 17 15:50:16 2022 +0000
fr: Update French translation
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
-----------------------------------------------------------------------
Summary of changes: .../{oldcore/114 => core/166}/filelists/apache2 | 0 config/rootfiles/core/166/update.sh | 1 + doc/language_issues.fr | 25 --------------- doc/language_missings | 22 ------------- langs/fr/cgi-bin/fr.pl | 37 ++++++++++++++++------ lfs/apache2 | 6 ++-- 6 files changed, 32 insertions(+), 59 deletions(-) copy config/rootfiles/{oldcore/114 => core/166}/filelists/apache2 (100%)
Difference in files: diff --git a/config/rootfiles/core/166/filelists/apache2 b/config/rootfiles/core/166/filelists/apache2 new file mode 120000 index 000000000..eef95efa7 --- /dev/null +++ b/config/rootfiles/core/166/filelists/apache2 @@ -0,0 +1 @@ +../../../common/apache2 \ No newline at end of file diff --git a/config/rootfiles/core/166/update.sh b/config/rootfiles/core/166/update.sh index 164f97b8e..d94b20338 100644 --- a/config/rootfiles/core/166/update.sh +++ b/config/rootfiles/core/166/update.sh @@ -60,6 +60,7 @@ perl -e "require '/var/ipfire/ids-functions.pl'; &IDS::oinkmaster();" /etc/init.d/suricata reload
# Start services +/etc/init.d/apache restart /etc/init.d/sshd restart
# This update needs a reboot... diff --git a/doc/language_issues.fr b/doc/language_issues.fr index 63d233018..aff9deb18 100644 --- a/doc/language_issues.fr +++ b/doc/language_issues.fr @@ -327,8 +327,6 @@ WARNING: translation string unused: external access rule removed WARNING: translation string unused: extrahd WARNING: translation string unused: extrahd unable to read WARNING: translation string unused: extrahd unable to write -WARNING: translation string unused: false max bandwith -WARNING: translation string unused: false min bandwith WARNING: translation string unused: filename WARNING: translation string unused: firmware WARNING: translation string unused: firmware upload @@ -500,7 +498,6 @@ WARNING: translation string unused: manage printers WARNING: translation string unused: manual WARNING: translation string unused: manual control and status WARNING: translation string unused: marked -WARNING: translation string unused: max bandwith WARNING: translation string unused: max incoming size WARNING: translation string unused: max outgoing size WARNING: translation string unused: max size @@ -913,24 +910,6 @@ WARNING: translation string unused: zoneconf val vlan amount assignment error WARNING: translation string unused: zoneconf val vlan tag assignment error WARNING: translation string unused: zoneconf val vlan tag range error WARNING: translation string unused: zoneconf val zoneslave amount error -WARNING: untranslated string: cake profile bridged-llcsnap 32 = Bridged LLC SNAP (32 bytes) -WARNING: untranslated string: cake profile bridged-ptm 19 = Bridged PTM (19 bytes) -WARNING: untranslated string: cake profile bridged-vcmux 24 = Bridged VC-MUX (24 bytes) -WARNING: untranslated string: cake profile conservative 48 = Conservative (should work on all connections, 48 bytes) -WARNING: untranslated string: cake profile docsis 18 = DOCSIS (18 bytes) -WARNING: untranslated string: cake profile ethernet 38 = Ethernet (38 bytes) -WARNING: untranslated string: cake profile ethernet vlan 42 = Ethernet with VLAN (42 bytes) -WARNING: untranslated string: cake profile ipoa-llcsnap 16 = IP over ATM LLC SNAP (16 bytes) -WARNING: untranslated string: cake profile ipoa-vcmux 8 = IP over ATM VC-MUX (8 bytes) -WARNING: untranslated string: cake profile pppoa-llc 14 = PPPoA LLC (14 bytes) -WARNING: untranslated string: cake profile pppoa-vcmux 10 = PPPoA VC-MUX (10 bytes) -WARNING: untranslated string: cake profile pppoe-llcsnap 40 = PPPoE LLC SNAP (40 bytes) -WARNING: untranslated string: cake profile pppoe-ptm 27 = PPPoE PTM (27 bytes) -WARNING: untranslated string: cake profile pppoe-vcmux 32 = PPPoE VC-MUX (32 bytes) -WARNING: untranslated string: cake profile raw 0 = Raw (no overhead compensation) -WARNING: untranslated string: eol architecture warning = You are running an architecture of IPFire which reached its end of life. You will not receive updates anymore. This is a security risk. -WARNING: untranslated string: false max bandwidth = Maximum bandwidth is false. -WARNING: untranslated string: false min bandwidth = Minimum bandwidth is false. WARNING: untranslated string: fwhost cust locationgrp = unknown string WARNING: untranslated string: fwhost err hostip = unknown string WARNING: untranslated string: guaranteed bandwidth = Guaranteed bandwidth @@ -963,10 +942,6 @@ WARNING: untranslated string: guardian logtarget_file = unknown string WARNING: untranslated string: guardian logtarget_syslog = unknown string WARNING: untranslated string: guardian no entries = unknown string WARNING: untranslated string: guardian service = unknown string -WARNING: untranslated string: invalid input for subscription code = Invalid input for subscription code -WARNING: untranslated string: link-layer encapsulation = Link-Layer Encapsulation -WARNING: untranslated string: log dropped conntrack invalids = Log dropped packets classified as INVALID by connection tracking -WARNING: untranslated string: max bandwidth = Maximum bandwidth WARNING: untranslated string: pakfire ago = ago. WARNING: untranslated string: route config changed = unknown string WARNING: untranslated string: routing config added = unknown string diff --git a/doc/language_missings b/doc/language_missings index 0019fb227..895800ea0 100644 --- a/doc/language_missings +++ b/doc/language_missings @@ -996,31 +996,9 @@ < ansi t1.483 < bewan adsl pci st < bewan adsl usb -< cake profile bridged-llcsnap 32 -< cake profile bridged-ptm 19 -< cake profile bridged-vcmux 24 -< cake profile conservative 48 -< cake profile docsis 18 -< cake profile ethernet 38 -< cake profile ethernet vlan 42 -< cake profile ipoa-llcsnap 16 -< cake profile ipoa-vcmux 8 -< cake profile pppoa-llc 14 -< cake profile pppoa-vcmux 10 -< cake profile pppoe-llcsnap 40 -< cake profile pppoe-ptm 27 -< cake profile pppoe-vcmux 32 -< cake profile raw 0 -< eol architecture warning -< false max bandwidth -< false min bandwidth < g.dtm < g.lite < guaranteed bandwidth -< invalid input for subscription code -< link-layer encapsulation -< log dropped conntrack invalids -< max bandwidth < upload fcdsl.o ############################################################################ # Checking cgi-bin translations for language: it # diff --git a/langs/fr/cgi-bin/fr.pl b/langs/fr/cgi-bin/fr.pl index 1b3da02ab..60ea0dcc5 100644 --- a/langs/fr/cgi-bin/fr.pl +++ b/langs/fr/cgi-bin/fr.pl @@ -331,8 +331,8 @@ 'advproxy errmsg wpad invalid ip or mask' => 'WPAD : IP ou sous-réseau invalide pour le sous-réseau IP exclu', 'advproxy error design' => 'Construction messages erronés ', 'advproxy error language' => 'Langage des messages erronés ', -'advproxy fastflux detection' => 'Refuser l'accès aux destinations hébergées sur les configurations de flux rapide', -'advproxy fastflux detection threshold' => 'Seuil', +'advproxy fastflux detection' => 'Refuser l'accès aux destinations hébergées sur les configurations de flux rapide ', +'advproxy fastflux detection threshold' => 'Seuil ', 'advproxy fastflux no threshold given' => 'Aucun seuil n'a été fourni pour la détection de flux rapide', 'advproxy fastflux threshold invalid' => 'Le seuil de détection de flux rapide fourni n'est pas valide', 'advproxy fastflux threshold out of bounds' => 'Le seuil de détection de flux rapide fourni est hors limites', @@ -372,7 +372,7 @@ 'advproxy reset' => 'Relancer', 'advproxy saturday' => 'Sam', 'advproxy save and restart' => 'Sauvegarder et redémarrer', -'advproxy selectively announcements detection' => 'Refuser l'accès aux destinations hébergées sur des réseaux annoncés de manière sélective', +'advproxy selectively announcements detection' => 'Refuser l'accès aux destinations hébergées sur des réseaux annoncés de manière sélective ', 'advproxy squid version' => 'Version Squid Cache ', 'advproxy squidclamav' => 'SquidClamav', 'advproxy ssadvanced proxy' => 'Proxy avancé', @@ -503,7 +503,7 @@ 'bad destination range' => 'La plage des ports de destination à une première valeur supérieure ou égale à la deuxième valeur.', 'bad ignore filter' => 'Mauvais filtre ignoré :', 'bad return code' => 'Le programme d'aide retourne un code d'erreur', -'bad source range' => 'La plage des ports source à une première valeur supérieure ou égale à la deuxième valeur.', +'bad source range' => 'La plage des ports source contient une première valeur supérieure ou égale à la deuxième valeur.', 'bandwidth usage' => 'utilisation de la bande passante (externe)', 'bandwidtherror' => 'Vous ne pouvez pas changer les réglages de la bande passante tant que la Qos est démarrée. Arrêtez d'abord la Qos.<p>', 'bandwidthsettings' => 'Réglages de la bande passante', @@ -534,6 +534,21 @@ 'cached' => 'en cache', 'cached memory' => 'Mémoire tampon ', 'cached swap' => 'Swap tampon', +'cake profile bridged-llcsnap 32' => 'Bridged LLC SNAP (32 octets)', +'cake profile bridged-ptm 19' => 'Bridged PTM (19 octets)', +'cake profile bridged-vcmux 24' => 'Bridged VC-MUX (24 octets)', +'cake profile conservative 48' => 'Conservateur (devrait fonctionner sur toutes les connexions, 48 octets)', +'cake profile docsis 18' => 'DOCSIS (18 octets)', +'cake profile ethernet 38' => 'Ethernet (38 octets)', +'cake profile ethernet vlan 42' => 'Ethernet avec VLAN (42 octets)', +'cake profile ipoa-llcsnap 16' => 'IP over ATM LLC SNAP (16 octets)', +'cake profile ipoa-vcmux 8' => 'IP over ATM VC-MUX (8 octets)', +'cake profile pppoa-llc 14' => 'PPPoA LLC (14 octets)', +'cake profile pppoa-vcmux 10' => 'PPPoA VC-MUX (10 octets)', +'cake profile pppoe-llcsnap 40' => 'PPPoE LLC SNAP (40 octets)', +'cake profile pppoe-ptm 27' => 'PPPoE PTM (27 octets)', +'cake profile pppoe-vcmux 32' => 'PPPoE VC-MUX (32 octets)', +'cake profile raw 0' => 'Brut (no overhead compensation)', 'calamaris available reports' => 'Rapports disponibles ', 'calamaris byte unit' => 'Unité (octets) ', 'calamaris create report' => 'Créer un rapport', @@ -1023,6 +1038,7 @@ 'enter data' => 'Saisissez vos réglages <br /> et cliquez sur <i>Sauvegarder</i>.', 'entropy' => 'Courbe d'efficacité (entropie)', 'entropy graphs' => 'Graphs entropie', +'eol architecture warning' => 'Vous exécutez une architecture d'IPFire qui a atteint sa fin de vie. Vous ne recevrez plus de mises à jour. Il s'agit d'un risque de sécurité.', 'err bk 1' => 'Erreur lors de la création de l'archive', 'err bk 10 password' => 'Erreur avec le mot de passe de sauvegarde', 'err bk 2 key' => 'Erreur lors de la création du fichier clef', @@ -1070,8 +1086,8 @@ 'extrahd you cant mount' => 'Vous ne pouvez pas monter', 'fallout zombieload ridl' => 'Fallout / ZombieLoad / RIDL', 'false classnumber' => 'Le numéro de classe ne correspond pas à l'interface.', -'false max bandwith' => 'La bande passante maximum est fausse.', -'false min bandwith' => 'La bande passante minimum est fausse.', +'false max bandwidth' => 'La bande passante maximum est fausse.', +'false min bandwidth' => 'La bande passante minimum est fausse.', 'february' => 'Février', 'fetch ip from' => 'Deviner la véritable IP publique à l'aide d'un serveur externe', 'fifteen minutes' => '15 minutes', @@ -1522,6 +1538,7 @@ 'invalid input for organization' => 'Organisation non valide', 'invalid input for remote host/ip' => 'hôte/IP distant(e) non valide.', 'invalid input for state or province' => 'Région ou département non valide.', +'invalid input for subscription code' => 'Entrée invalide pour le code d'abonnement', 'invalid input for valid till days' => 'Entrée invalide pour Valide jusqu\à (jours).', 'invalid ip' => 'IP Adresse non valide', 'invalid ip or hostname' => 'Adresse IP ou nom d'hôte invalide', @@ -1599,7 +1616,7 @@ 'july' => 'Juillet', 'june' => 'Juin', 'kernel' => 'Noyau', -'kernel logging server' => 'Serveur de logs du noyau', +'kernel logging server' => 'Serveur de journaux du noyau', 'kernel version' => 'Version du noyau :', 'key stuff' => '2. Clefs et certificats', 'keyreset' => 'Rétablir les clefs', @@ -1610,13 +1627,14 @@ 'last' => 'Dernier', 'last activity' => 'Dernière activité', 'lateprompting' => 'Dernière action', -'lease expires' => 'Bail expiré', +'lease expires' => 'Expiration bail', 'least preferred' => 'le moins souhaité', 'legacy architecture warning' => 'Vous exécutez IPFire sur une architecture héritée et il est recommandé de mettre à niveau', 'legend' => 'Légende ', 'length' => 'Longueur', 'lifetime' => 'Durée de vie :', 'line' => 'Ligne', +'link-layer encapsulation' => 'Encapsulation de la couche de liaison', 'linkq' => 'Qualité du lien', 'load printer' => 'Charger imprimante', 'loaded modules' => 'Modules chargés :', @@ -1640,6 +1658,7 @@ 'locationblock enable feature' => 'Activer le blocage par localisation :', 'locationblock flag' => 'Drap.', 'log' => 'Rapport :', +'log dropped conntrack invalids' => 'Journaliser les paquets abandonnés classés comme INVALIDES par le suivi de connexion', 'log enabled' => 'Journal activé', 'log level' => 'Niveau de rapport', 'log lines per page' => 'Nb de lignes par page ', @@ -1707,7 +1726,7 @@ 'masquerading' => 'Masquage (une seule IP pour plusieurs machines en sortie du réseau interne)', 'masquerading disabled' => 'Masquage désactivé', 'masquerading enabled' => 'Masquage activé', -'max bandwith' => 'Bande passante maximum', +'max bandwidth' => 'Bande passante maximum', 'max incoming size' => 'Taille maximum des téléchargement (Ko) :', 'max lease time' => 'Durée maximum du bail (minutes) :', 'max outgoing size' => 'Taille maximum des envois (Ko) :', diff --git a/lfs/apache2 b/lfs/apache2 index 226058a22..6771ff903 100644 --- a/lfs/apache2 +++ b/lfs/apache2 @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2021 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2022 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -25,7 +25,7 @@
include Config
-VER = 2.4.52 +VER = 2.4.53
THISAPP = httpd-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -45,7 +45,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = a94ae42b84309d5ef6e613ae825b92fa +$(DL_FILE)_MD5 = f594f137137b5bdff3998dc17e3e9526
install : $(TARGET)
hooks/post-receive -- IPFire 2.x development tree