This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, core139 has been created at a15dbe44971a47d8749497d75cbfd829ba09e9a3 (commit)
- Log ----------------------------------------------------------------- commit a15dbe44971a47d8749497d75cbfd829ba09e9a3 Merge: 699381b69 f23b944ec Author: Arne Fitzenreiter arne_f@ipfire.org Date: Mon Dec 9 18:03:14 2019 +0000
Merge branch 'next'
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit f23b944ecbdbcea349129f90850f961264fc1873 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Mon Dec 9 18:48:07 2019 +0100
core139: finish
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit dd12d8c54c4ae52a8e334440c579bbf053429ce4 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Dec 8 22:55:26 2019 +0100
leds: use new APUx ACPI Bios leds if exist.
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 6a9d9ff4af5069314e5c49e799505dfef6380c4e Author: Erik Kapfer ummeegge@ipfire.org Date: Fri Dec 6 07:08:33 2019 +0100
ovpn: Fix LZO checkbox restore
Triggered by --> https://community.ipfire.org/t/openvpn-is-lzo-compression-now-effectively-di... .
Signed-off-by: Erik Kapfer ummeegge@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 898dc600e63766d8ebc6b19a2e0e52327992c2b2 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Fri Dec 6 03:18:09 2019 +0100
pcengines-firmware: fix rootfile
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit f7c8d150893a6091727250922f20db3564450acc Author: Peter Müller peter.mueller@ipfire.org Date: Wed Dec 4 16:32:00 2019 +0000
Core Update 139: ship updated OpenSSH
Signed-off-by: Peter Müller peter.mueller@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 81502fe6f3edb6b7b2554b2ea3010435665eb7ce Author: Peter Müller peter.mueller@ipfire.org Date: Wed Dec 4 16:30:00 2019 +0000
OpenSSH: update to 8.1p1
Please refer to https://www.openssh.com/txt/release-8.1 for release notes.
Signed-off-by: Peter Müller peter.mueller@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 43fa700e11020261935ab9c1cb395eb3d9f4f4b3 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Thu Dec 5 18:53:16 2019 +0100
pcengines-firmware: update to 4.10.0.3
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 6fb7936c1650ea18b4690ec2f60be8b7640022a2 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Thu Dec 5 12:48:13 2019 +0100
intel-microcode: update to 20191115
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 0894092e2c5227c98ae19c373cb4021dbcbcf9c2 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Thu Dec 5 12:44:45 2019 +0100
linux-firmware: update to 20191022
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 7ff42686ecd746f8cc306832745e695ba1854d8c Author: Arne Fitzenreiter arne_f@ipfire.org Date: Mon Dec 2 17:11:30 2019 +0000
core139: add cpio to updater
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 01493f7a44322a93f868347c265610621f9eb908 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Sat Nov 30 17:03:47 2019 +0100
cpio: Update to 2.13
For details see: https://www.gnu.org/software/cpio/
Fix CVE-2015-1197 Fix CVE-2016-2037 Fix CVE-2019-14866
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 9d6e22e3fcbbac6a082ba11d1720718a58101f69 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Sat Nov 30 16:57:46 2019 +0100
nano: Update to 4.6
For details see: https://www.nano-editor.org/news.php
... and a long list of other changes in https://www.nano-editor.org/dist/latest/ChangeLog ...
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 18f1b46e1a28d141418631e79c43ee7cf9e949a9 Author: Peter Müller peter.mueller@ipfire.org Date: Thu Nov 28 21:43:00 2019 +0000
spectre-meltdown-checker: update to 0.42
See https://github.com/speed47/spectre-meltdown-checker/releases/tag/v0.42 for release announcements.
Signed-off-by: Peter Müller peter.mueller@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 6d0a2f8b1e54d047e3b46c64bfb2638de09e92c6 Author: Peter Müller peter.mueller@ipfire.org Date: Thu Nov 28 21:14:00 2019 +0000
Postfix: update to 3.4.8
See http://www.postfix.org/announcements/postfix-3.4.8.html for release announcements.
Signed-off-by: Peter Müller peter.mueller@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit c701ddcba59c7f5e814416a0490d395f8ff5e0e2 Author: Peter Müller peter.mueller@ipfire.org Date: Thu Nov 28 17:19:00 2019 +0000
update ca-certificates CA bundle
Update the CA certificates list to what Mozilla NSS ships currently.
The original file can be retrieved from: https://hg.mozilla.org/mozilla-central/raw-file/tip/security/nss/lib/ckfw/bu...
Signed-off-by: Peter Müller peter.mueller@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 4622af5f153837f7dc0f36eb772d7539586df415 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Mon Dec 2 17:05:15 2019 +0000
core139: add hwdata to updater
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit bf9fa6d864065694babfa8c192fc778b49e8d7fd Author: Peter Müller peter.mueller@ipfire.org Date: Thu Nov 28 17:08:00 2019 +0000
hwdata: update PCI/USB databases
PCI IDs: 2019-11-26 03:15:03 USB IDs: 2019-11-05 20:34:06
Signed-off-by: Peter Müller peter.mueller@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit bedfda83c9e5dc09c1e2168c6cf35bb810d4f0aa Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Dec 1 18:33:19 2019 +0100
dhcpcd.exe: remove red.down run on "NOCARRIER"
after "NOCARRIER" the dhcp client always run "EXPIRE" event.
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 941520c69cf5bf50c3c737f47b27ccb28a73a746 Merge: d346d4746 455291f90 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Dec 1 16:36:43 2019 +0100
Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next
commit d346d474677b9507fce16ee2d2774435658d6ba1 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Dec 1 15:29:59 2019 +0100
up/down beep: move from ppp ip-up/down to general red.up/down
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 455291f90e0729ad8a8edc743d4375f782728ad3 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Dec 1 14:03:46 2019 +0100
70-dhcpdd.exe: don't run red.down scripts at "PREINIT"
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 86409ab1006bd3582d55f59c399385b2c70434e2 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Dec 1 00:45:02 2019 +0100
core139: add dhcp and network changes to updater
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit fff96e394545eef64d160bbc8c7c8b50f364aea8 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sat Nov 30 22:26:00 2019 +0100
networking red: add delay to wait for carrier
some nic's need some time after link up to get a carrier
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit f938083fb5d097ea4c677ec08da91f61fa9f67d1 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sat Nov 30 22:21:42 2019 +0100
dhcpcd: 10-mtu break if carrier was lost
some nic's like Intel e1000e needs a reinit to change the mtu. In this case the dhcp hook reinit the nic and terminate now to let the dhcpcd reinit the card in backgrounnd without running the rest of the hooks.
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 4775d54ba6ebca19dc498fd40d881b6eabd3ecb3 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Nov 25 11:09:58 2019 +0000
clamav: Allow downloads to take up to 10 minutes
freshclam did not have a receive timeout set and a default of 60s was used. That causes that the large main database cannot be downloaded over a line with a 16 MBit/s downlink.
This patch increases that timeout and should allow a successful download on slower connections, too.
Suggested-by: Tim Fitzgeorge ipfb@tfitzgeorge.me.uk Fixes: #12246 Signed-off-by: Michael Tremer michael.tremer@ipfire.org Reviewed-by: Peter Müller peter.mueller@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 78756496c9f2a3bcf0bc505da046957f5d22f5b9 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Fri Nov 22 19:26:59 2019 +0100
bind: Update to 9.11.13
For details see:
https://downloads.isc.org/isc/bind9/9.11.13/RELEASE-NOTES-bind-9.11.13.html
"Security Fixes
Set a limit on the number of concurrently served pipelined TCP queries. This flaw is disclosed in CVE-2019-6477. [GL #1264]"
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 1f1c2f4364434a11ddaaef3f1778a6c284cf380f Author: Matthias Fischer matthias.fischer@ipfire.org Date: Thu Nov 21 17:57:48 2019 +0100
clamav: Update to 0.102.1
For details see: https://blog.clamav.net/2019/11/clamav-01021-and-01015-patches-have.html
"Fix for the following vulnerability affecting 0.102.0 and 0.101.4 and prior:
CVE-2019-15961: A Denial-of-Service (DoS) vulnerability may occur when scanning a specially crafted email file as a result of excessively long scan times. The issue is resolved by implementing several maximums in parsing MIME messages and by optimizing use of memory allocation.
Build system fixes to build clamav-milter, to correctly link with libxml2 when detected, and to correctly detect fanotify for on-access scanning feature support.
Signature load time is significantly reduced by changing to a more efficient algorithm for loading signature patterns and allocating the AC trie. Patch courtesy of Alberto Wu.
Introduced a new configure option to statically link libjson-c with libclamav. Static linking with libjson is highly recommended to prevent crashes in applications that use libclamav alongside another JSON parsing library.
Null-dereference fix in email parser when using the --gen-json metadata option.
Fixes for Authenticode parsing and certificate signature (.crb database) bugs."
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit df1aca40eb6b948854e41387f883c9dd82a7cb05 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sat Nov 30 09:56:29 2019 +0000
core139: add unbound to updater
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 0786c686ea47543bc4ea3d8005ee9489dc98cb13 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Wed Nov 20 17:24:01 2019 +0100
unbound: Update to 1.9.5
For details see: https://nlnetlabs.nl/pipermail/unbound-users/2019-November/011897.html
"This release is a fix for vulnerability CVE-2019-18934, that can cause shell execution in ipsecmod.
Bug Fixes: - Fix for the reported vulnerability.
The CVE number for this vulnerability is CVE-2019-18934"
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit b0e2dffde97822a772a5c0534263517fecf96a9d Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sat Nov 30 09:54:14 2019 +0000
core139: add captive.cgi to updater
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 650aac182e0d0e7ef035c963780fbadc75aecc88 Author: Alexander Marx alexander.marx@ipfire.org Date: Wed Nov 20 11:45:18 2019 +0100
BUG12245: captive portal - clients are not automatically removed
With this patch the clients are updated and those who are expired get deleted from the hash. In addition the table of active clients is now sorted.
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 1a23cf7324ff8497761dc070bbb0186f1d585789 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Nov 19 15:28:22 2019 +0000
bird: Fix path of configuration file in backup
The backup did not pack the configuration file due to an incorrect path.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 007b99e5402ba5e01845ab858a68aa2c908415f4 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sat Nov 30 09:49:58 2019 +0000
core139: add pcregrep to updater
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit eb0adc17d6a5486d58539c78a682c14f55bc980f Author: Erik Kapfer ummeegge@ipfire.org Date: Tue Nov 19 08:09:42 2019 +0100
pcre: Add pcregrep to core system
Triggered by --> https://community.ipfire.org/t/pcregrep-on-ipfire/259 .
This patch adds pcregrep only from the actual package not from pcre-compat.
Signed-off-by: Erik Kapfer ummeegge@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 7942ff9875ea42cd8b4619386fc2cd4be4da9b18 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sat Nov 30 09:48:00 2019 +0000
core139: add updated calamaris mkreport
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit ee506d5027783757a775e3aad6982d1698719023 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Thu Nov 14 19:03:46 2019 +0100
calamaris: Bug fix for proxy reports staying empty after Core 136 upgrade
After upgrading to Core 136, 'calamaris' "Proxy reports" stayed empty. GUI always show "No reports available".
Tested manually on console stops and throws an error:
... root@ipfire: ~ # /usr/bin/perl /var/ipfire/proxy/calamaris/bin/mkreport 1 0 2019 8 10 2019 -d 10 -P 30 -t 10 -D 2 -u -r -1 -R 100 -s Can't use 'defined(%hash)' (Maybe you should just omit the defined()?) at /var/ipfire/proxy/calamaris/bin/calamaris line 2609. ...
Line 2609 was changed and reports are built again.
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit e557cecbddd021198c01eb1adaa38adb36b27925 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Thu Nov 28 18:41:18 2019 +0100
python: update to 2.7.17
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 4baee8fa4c2ede6f28a1d669d191ea64bb68ad51 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Fri Nov 15 16:29:42 2019 +0100
kernel: fix x86_64 rootfile
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 906d9265cde12f1a0e677db43c076f2263fe15df Author: Arne Fitzenreiter arne_f@ipfire.org Date: Fri Nov 15 16:28:02 2019 +0100
set core to 139 and pakfire to 138
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit aee6dd0ba45cf12f014050bbab234d9e4b0d03ab Merge: 44b227b10 9e5434d4b Author: Arne Fitzenreiter arne_f@ipfire.org Date: Thu Nov 14 22:13:23 2019 +0100
Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next
commit 44b227b102964e520369d8628db342e68551966f Author: Arne Fitzenreiter arne_f@ipfire.org Date: Thu Nov 14 22:12:12 2019 +0100
kernel: update to 4.14.154
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit b007a35292928d150fcbe0053bd21e9fe6eebe0e Author: Arne Fitzenreiter arne_f@ipfire.org Date: Thu Nov 14 22:10:04 2019 +0100
vulnearabilities.cgi: add tsx async abort and itlb_multihit
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 9e5434d4bf822ba7c62cb8917ec8692b9aa68143 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Thu Nov 14 17:28:38 2019 +0000
rename core138 -> core139 to insert a emergency core update
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 60490558f655b7184879f5574520852d3f08a6ee Author: Arne Fitzenreiter arne_f@ipfire.org Date: Thu Nov 14 02:42:54 2019 +0000
core138: fix rootfile
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 6eac34e43185a6ee04f9ee86b4cfa40fdc176615 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Thu Nov 14 01:55:46 2019 +0000
intel-microcode: fix rootfile
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 1d91ea28f9dcd640c39fa68df9c400b22ae0879c Author: Arne Fitzenreiter arne_f@ipfire.org Date: Thu Nov 14 01:55:09 2019 +0000
bash: fix rootfile
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 02ad01eb9f8942d687246cec46e838f74b28face Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Nov 13 20:08:41 2019 +0000
core138: fix intel-microcode rootfile link
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 1ec32691e9d3bff913b5701178ddceacae3f8e1f Author: Peter Müller peter.mueller@ipfire.org Date: Wed Nov 13 19:18:00 2019 +0000
intel-microcode: update to 20191112
For release notes, refer to: - https://blogs.intel.com/technology/2019/11/ipas-november-2019-intel-platform... - https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases...
Signed-off-by: Peter Müller peter.mueller@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 510a670253de9d93fec967a72a3f0e32650eb164 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Nov 13 19:56:11 2019 +0000
qemu: remove sdl from dependency list
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit d8bef72e7686539769debd5e914d69d6ec28fc68 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Nov 13 19:55:17 2019 +0000
qemu: switch to xz compressed source
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit beae0121b740ad235a9ecea866a4bc4789279ad0 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Nov 13 19:45:14 2019 +0000
core138: add bash, readline and readline-compat
commit 415fb8b5bd4509f274515408e8e36c308e05f497 Author: Peter Müller peter.mueller@ipfire.org Date: Tue Nov 12 17:15:00 2019 +0000
bash: update to 5.0 (patchlevel 11)
The third version of this patch also includes patches 1-11 for version 5.0, drops orphaned 4.3 patches, and fixes rootfile mistakes reported by Arne.
Please refer to https://tiswww.case.edu/php/chet/bash/bashtop.html for release notes.
Cc: Michael Tremer michael.tremer@ipfire.org Cc: Arne Fitzenreiter arne_f@ipfire.org Signed-off-by: Peter Müller peter.mueller@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit c82aa03e2c14f8380ada3f38011990bf49cfe9c4 Author: Peter Müller peter.mueller@ipfire.org Date: Tue Nov 12 17:14:00 2019 +0000
readline: update to 8.0 (patchlevel 1)
The third version of this patch fixes missing rootfile changes, drops orphaned readline 5.2 patches (as they became obsolete due to readline-compat changes), includes readline 8.0 upstream patch, and keeps the for-loop in LFS file (as commented by Michael).
Cc: Michael Tremer michael.tremer@ipfire.org Cc: Arne Fitzenreiter arne_f@ipfire.org Signed-off-by: Peter Müller peter.mueller@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit f7b1fe542f6734b597821cba0e2f75d6bc6e5cb1 Author: peter.mueller@ipfire.org peter.mueller@ipfire.org Date: Tue Nov 12 15:59:00 2019 +0000
readline-compat: update to 6.3
This is necessary as many add-ons still need readline-compat as they cannot link against readline 8.0, yet.
Reported-by: Arne Fitzenreiter arne_f@ipfire.org Signed-off-by: Peter Müller peter.mueller@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 83596e7059b772e657ea74e07ca279eb888325d8 Author: Stephan Feddersen sfeddersen@ipfire.org Date: Tue Nov 12 21:34:00 2019 +0100
wio-1.3.2-7: fixed bug with arp client import
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 4ae9d47ba3b72f8007c43256e1533a088abffe53 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Nov 12 09:09:01 2019 +0100
ddns: Import rename NoIP.com handle back to no-ip.com patch
This patch is required for compatiblity reasons for any existing configurations.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 9cc131cc5ad1d8c733c033a7b451e73508835d2b Author: Jonatan Schlag jonatan.schlag@ipfire.org Date: Sun Nov 10 13:03:02 2019 +0000
Update qemu to version 4.1.0
Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit f64cbda3d1983204b5624b55498977020829894a Author: Jonatan Schlag jonatan.schlag@ipfire.org Date: Sun Nov 10 13:03:01 2019 +0000
qemu: disable sdl and documentation
A newer version of qemu does not build anymore with our version of sdl. I tried around a little bit and as I have not got a clue why we are using sdl (spice and remote access still works) I think we should disable it.
I disabled the generation of the documentation as well but this switch does not seem to have any effect.
Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 5cc921b474c991c36120d29c8974dcb8734ebc65 Author: Jonatan Schlag jonatan.schlag@ipfire.org Date: Sun Nov 10 13:03:00 2019 +0000
Libvirt: enable lvm
This was requested in the forum:
https://forum.ipfire.org/viewtopic.php?f=17&t=21872&p=120243&hil...
Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 62e116567adf025d1ecc4e290b0dcbb3fb886fb2 Author: Jonatan Schlag jonatan.schlag@ipfire.org Date: Sun Nov 10 13:02:59 2019 +0000
Libvirt: update to version 5.6.0
Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 3e5d4e6f83a75412ef9b9205829cf5102d504d25 Author: Jonatan Schlag jonatan.schlag@ipfire.org Date: Sun Nov 10 13:02:58 2019 +0000
libvirt: use a custom config file
The patch which adjusts the options for IPFire in the libvirtd.conf does not apply in a newer version of libvirt. Creating this patch is harder than to use a separate config file.
This separate config file also enables us to adjust options much faster.
Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 8d82903c0d2fbf8180a5d07681af9872e86a0611 Author: Jonatan Schlag jonatan.schlag@ipfire.org Date: Sun Nov 10 13:02:57 2019 +0000
Libvirt: disable Wireshark
When I try to build libvirt a second-time without ./make.sh clean between the two builds, libvirt tries to link against Wireshark and fails. This configure option solves the problem.
Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit df67c7a80e8a3465384ed818fa50ac75d0db31a0 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Nov 13 19:37:47 2019 +0000
core138: add squid
commit 7487e2340ec92cb401413f880c7d37c329d8e7ed Author: Matthias Fischer matthias.fischer@ipfire.org Date: Fri Nov 8 17:47:06 2019 +0100
squid: Update to 4.9
For details see: http://www.squid-cache.org/Versions/v4/changesets/
Fixes CVE-2019-12526, CVE-2019-12523, CVE-2019-18676, CVE-2019-18677, CVE-2019-18678 and CVE-2019-18679
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 527c3f39b8af9399619eaca5b5e4feace9f0f2f3 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Nov 5 19:23:41 2019 +0100
ddns: Import upstream patch for NoIP.com
Reference: #11561.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 590e4a38bfb35640cc8ca2bd3cd624ff6e947e8c Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Nov 13 19:33:53 2019 +0000
core138: add ddns
commit ca6dc5ad5e74c19e6414491f4b902803453b5639 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Nov 13 19:33:31 2019 +0000
core138: add logwatch
commit 3e9f88bc65213150f0fc975f360d835c1423f622 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Nov 5 10:37:44 2019 +0100
ddns: Update to 012
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 42541ddb7eb2196951fc5353012324ca0575790c Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Nov 13 19:20:17 2019 +0000
core138: add suricata changes
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 961a27b5e2285da9953abf00b265fbb37e744c4a Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Nov 5 10:32:02 2019 +0100
suricata: Use DNS_SERVERS declaration from external file.
These settings now will be read from /var/ipfire/suricata/suricata-dns-servers.yaml, which will be generated by the generate_dns_servers_file() function, located in ids-functions.pl and called by various scripts.
Fixes #12166.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit c8b068a2b5a3965e10adf01b0e231cfbd3a0384c Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Nov 5 10:32:01 2019 +0100
red.up: Generate Suricata DNS servers file on reconnect.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit bb2696da35b7e92515dddd6ec18644974bb78dc9 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Nov 5 10:32:00 2019 +0100
convert-snort: Generate DNS servers file.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit a40ee6b9bf36410664536e1b591ae0982678fba7 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Nov 5 10:31:59 2019 +0100
ids.cgi: Generate and store the DNS server configuration.
This will be done by the recently added generate_dns_servers_file() function from ids-functions.pl.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 30ee98e949097ee91e92987c2303c15c71cb0ae3 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Nov 5 10:31:58 2019 +0100
ids-functions.pl: Introduce generate_dns_servers_file()
This function is used to generate a yaml file which take care of the current used DNS configuration and should be included in the main suricata config file.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit e93959a7aab3e47248930e53fcde94c098a6e012 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Tue Nov 5 09:07:46 2019 +0100
logwatch: Update to 7.5.2
For details see: https://build.opensuse.org/package/view_file/server:monitoring/logwatch/Chan...
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit be8afd151f95cf6b2a77e73524c42628600cd543 Author: peter.mueller@ipfire.org peter.mueller@ipfire.org Date: Mon Nov 4 18:53:00 2019 +0000
Apache: deny framing of WebUI from different origins
There is no legitimate reason to do this. Setting header X-Frame-Options to "sameorigin" is necessary for displaying some collectd graphs on the WebUI.
Signed-off-by: Peter Müller peter.mueller@ipfire.org Acked-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 90582bb01e41bd700421f59587724f395a57d951 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Nov 13 19:10:03 2019 +0000
core138: add ipfire-interface.conf
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 583687a88d263b68b4fdb27e78a7b65120d21088 Author: peter.mueller@ipfire.org peter.mueller@ipfire.org Date: Mon Nov 4 18:52:00 2019 +0000
Apache: prevent Referrer leaks via WebUI
By default, even modern browsers sent the URL of ther originating site to another one when accessing hyperlinks. This is an information leak and may expose internal details (such as FQDN or IP address) of an IPFire installation to a third party.
Signed-off-by: Peter Müller peter.mueller@ipfire.org Acked-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 1141bc69c9b218717699c1ee02ed06e566aea96b Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Nov 13 19:08:02 2019 +0000
core138: add ipfire-interface-ssl.conf
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 4636ed66c6c12c7c17ea05ffaa2242b4b0355990 Author: peter.mueller@ipfire.org peter.mueller@ipfire.org Date: Mon Nov 4 18:35:00 2019 +0000
Apache: drop CBC ciphers for WebUI
CBC ciphers contain some known vulnerabilities and should not be used anymore. While dropping them for OpenSSL clients or public web servers still causes interoperability problems with legacy setups, they can be safely removed from IPFire's administrative UI.
This patch changes the used cipersuite to:
TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD
Since TLS 1.3 ciphers will be added automatically by OpenSSL, mentioning them in "SSLCipherSuite" is unnecessary. ECDSA is preferred over RSA for performance reasons.
Signed-off-by: Peter Müller peter.mueller@ipfire.org Acked-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 856cdf15df30e3cab170581b2cd3e4c19fbb9170 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Nov 13 19:04:48 2019 +0000
core138: add openssl
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit e153efaf11a673a02ff81b10e09305463d22ffaf Author: peter.mueller@ipfire.org peter.mueller@ipfire.org Date: Mon Nov 4 18:24:00 2019 +0000
OpenSSL: drop preferring of Chacha20/Poly1305 over AES-GCM
As hardware acceleration for AES is emerging (Fireinfo indicates 30.98% of reporting installations support this, compared to 28.22% in summer), there is no more reason to manually prefer Chacha20/Poly1305 over it.
Further, overall performance is expected to increase as server CPUs usually come with AES-NI today, where Chacha/Poly would be an unnecessary bottleneck. Small systems without AES-NI, however, compute Chacha/Poly measurable, but not significantly faster, so there only was a small advantage of this.
This patch changes the OpenSSL default ciphersuite to:
TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384 ECDHE-ECDSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=Camellia(256) Mac=SHA384 ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384 ECDHE-RSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=Camellia(256) Mac=SHA384 ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256 ECDHE-ECDSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=Camellia(128) Mac=SHA256 ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256 ECDHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=Camellia(128) Mac=SHA256 DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256 DHE-RSA-CAMELLIA256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA256 DHE-RSA-AES128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(128) Mac=SHA256 DHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA256 ECDHE-ECDSA-AES256-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1 ECDHE-ECDSA-AES128-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA1 ECDHE-RSA-AES256-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1 ECDHE-RSA-AES128-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1 DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1 DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA1 DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1 DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA1 AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD AES128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(128) Mac=AEAD AES256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA256 CAMELLIA256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA256 AES128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA256 CAMELLIA128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=Camellia(128) Mac=SHA256 AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 CAMELLIA256-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA1 AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1 CAMELLIA128-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(128) Mac=SHA1
Signed-off-by: Peter Müller peter.mueller@ipfire.org Acked-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 1826c42b9e7bf55b9afd9ac39799554892e751f9 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Nov 13 18:55:53 2019 +0000
core138: add ovpnmain.cgi
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit fa5274763c55515dc1a0e519da3582b0fec440b8 Author: Erik Kapfer ummeegge@ipfire.org Date: Mon Nov 4 15:52:26 2019 +0100
OpenVPN: Fix max-clients option
Fix: Triggered by https://forum.ipfire.org/viewtopic.php?f=16&t=23551
Since the 'DHCP_WINS' cgiparam has been set for the max-client directive, changes in the WUI has not been adapted to server.conf.
Signed-off-by: Erik Kapfer ummeegge@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit c86bf0bf2484213e6ada44be65d70b4fca1f8ef9 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Nov 13 18:54:28 2019 +0000
core138: add unbound initscript
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit cdf373c8fc1c9262afc0954816c2244006c8a4e2 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Nov 4 12:02:46 2019 +0000
unbound: Fix whitespace error in initscript
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit d93b76a00eab09ef1e7c9327ec1f1b703e6fb801 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Nov 13 18:52:15 2019 +0000
core138: add openvpn
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit a0926f75e0691527688a5bb0b964acae4f204bff Author: Erik Kapfer ummeegge@ipfire.org Date: Fri Nov 1 14:33:06 2019 +0100
OpenVPN: Update to version 2.4.8
This is primarily a maintenance release with bugfixes and improvements. All changes can be overviewed in here --> https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24 .
Signed-off-by: Erik Kapfer ummeegge@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 64e0b8a5afabc66a9da6586a1c23cf2ce1d7b6d4 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Nov 13 18:50:07 2019 +0000
core138: add init.d/functions
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 31a36bb951818457c2505a32cfc110f7e7cc9bf0 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Oct 31 18:09:05 2019 +0000
initscripts: Tell users to report bugs on Bugzilla
I have been receiving a couple of emails recently directed at info@ipfire.org with bug reports when a system did not boot up or shut down properly.
This is obviously not the right way to report bugs, but we are telling our users to do so.
This patch changes this to report bugs to Bugzilla like it should be.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit cb41e4a9a9bf9e860f65110422820a0267492bf5 Author: Erik Kapfer ummeegge@ipfire.org Date: Thu Oct 31 08:58:30 2019 +0100
libarchiv: Update to version 3.4.0
Version 3.4.0 is a feature and security release. The changelog can be found in here --> https://github.com/libarchive/libarchive/releases .
Signed-off-by: Erik Kapfer ummeegge@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit eeb1a2a219ae844b1a130e28fa3b394ad7a4f260 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Nov 13 18:44:36 2019 +0000
core138: add lz4
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit bc456dd750a09b8d86089d00f27308a17145f10d Author: Erik Kapfer ummeegge@ipfire.org Date: Thu Oct 31 08:49:55 2019 +0100
lz4: Update to version 1.9.2
Several fixes and improvements has been integrated. The changes list through the different versions since the current version 1.8.1.2 can be found in here --> https://github.com/lz4/lz4/releases
Signed-off-by: Erik Kapfer ummeegge@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 39bf8c634163c92939693b090af6bfcdb2226b46 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Nov 13 18:42:17 2019 +0000
core138: add mail.cgi
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 095bf494074994c5a2cd867f3b00603de95ed207 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Oct 30 10:59:00 2019 +0000
mail.cgi: Do not print content of input fields
This was printed unescaped and could therefore be used for a stored XSS attack.
Fixes: #12226 Reported-by: Pisher Honda pisher24@gmail.com Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 0a340fbe1e76323afc7473b296dec871f3d820b0 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Oct 30 10:58:59 2019 +0000
mail.cgi: Always check content of fields
These checks did not do anything but clear all fields when mailing was disabled.
It makes a lot more sense to retain people's settings, even when they have been disabled.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 8f9c4081b41783505f24a3c43404d5ad82e067c1 Author: peter.mueller@ipfire.org peter.mueller@ipfire.org Date: Tue Oct 29 18:17:00 2019 +0000
Core Update 138: ship ca-certificates
Signed-off-by: Peter Müller peter.mueller@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit d5ccd924e04ff4e4a71293aa488870bc7767ef6e Author: peter.mueller@ipfire.org peter.mueller@ipfire.org Date: Tue Oct 29 18:16:00 2019 +0000
update ca-certificates CA bundle
Update the CA certificates list to what Mozilla NSS ships currently.
The original file can be retrieved from: https://hg.mozilla.org/mozilla-central/raw-file/tip/security/nss/lib/ckfw/bu...
Signed-off-by: Peter Müller peter.mueller@ipfire.org Acked-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit c772b7550c4dd06f7945e32cc6af47e8f6a0f229 Author: peter.mueller@ipfire.org peter.mueller@ipfire.org Date: Tue Oct 29 18:37:00 2019 +0000
Tor: fix permissions of /var/ipfire/tor/torrc after installation
Fixes #12220
Reported-by: Michael Tremer michael.tremer@ipfire.org Signed-off-by: Peter Müller peter.mueller@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 94c09bd9c425dc11bada0548a5d066df6a73cd91 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Tue Oct 29 13:25:55 2019 +0000
core138: add firewall-lib.pl to update
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit dba780a78460ff19ba0f332ed4cab7b1db321af2 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Apr 16 21:08:05 2019 +0200
firewall-lib.pl: Populate GeoIP rules only if location is available.
In case a GeoIP related firewall rule should be created, the script now will check if the given location is still available.
Fixes #12054.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Reviewed-by: Peter Müller peter.mueller@ipfire.org Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 75612f0644da16bc26cd2f7f0483ba73ae741404 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Tue Oct 29 13:22:31 2019 +0000
start core138
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
-----------------------------------------------------------------------
hooks/post-receive -- IPFire 2.x development tree