From: git@ipfire.org
To: ipfire-scm@lists.ipfire.org
Subject: [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 11a1a874e9e682fb681e36c776027ea129e3dc67
Date: Wed, 15 Oct 2014 19:49:12 +0200 [thread overview]
Message-ID: <20141015174912.4EEEB2126B@argus.ipfire.org> (raw)
[-- Attachment #1: Type: text/plain, Size: 22371 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via 11a1a874e9e682fb681e36c776027ea129e3dc67 (commit)
via 877e2ef8bb5d492af2be5956249db738a06cee3a (commit)
from 95a1679c6ba5c6da6116ed446b489979db312c17 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 11a1a874e9e682fb681e36c776027ea129e3dc67
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed Oct 15 19:48:16 2014 +0200
Create Core Update 85
commit 877e2ef8bb5d492af2be5956249db738a06cee3a
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed Oct 15 19:19:15 2014 +0200
openssl: Update to version 1.0.1j
OpenSSL Security Advisory [15 Oct 2014]
=======================================
SRTP Memory Leak (CVE-2014-3513)
================================
Severity: High
A flaw in the DTLS SRTP extension parsing code allows an attacker, who
sends a carefully crafted handshake message, to cause OpenSSL to fail
to free up to 64k of memory causing a memory leak. This could be
exploited in a Denial Of Service attack. This issue affects OpenSSL
1.0.1 server implementations for both SSL/TLS and DTLS regardless of
whether SRTP is used or configured. Implementations of OpenSSL that
have been compiled with OPENSSL_NO_SRTP defined are not affected.
OpenSSL 1.0.1 users should upgrade to 1.0.1j.
This issue was reported to OpenSSL on 26th September 2014, based on an original
issue and patch developed by the LibreSSL project. Further analysis of the issue
was performed by the OpenSSL team.
The fix was developed by the OpenSSL team.
Session Ticket Memory Leak (CVE-2014-3567)
==========================================
Severity: Medium
When an OpenSSL SSL/TLS/DTLS server receives a session ticket the
integrity of that ticket is first verified. In the event of a session
ticket integrity check failing, OpenSSL will fail to free memory
causing a memory leak. By sending a large number of invalid session
tickets an attacker could exploit this issue in a Denial Of Service
attack.
OpenSSL 1.0.1 users should upgrade to 1.0.1j.
OpenSSL 1.0.0 users should upgrade to 1.0.0o.
OpenSSL 0.9.8 users should upgrade to 0.9.8zc.
This issue was reported to OpenSSL on 8th October 2014.
The fix was developed by Stephen Henson of the OpenSSL core team.
SSL 3.0 Fallback protection
===========================
Severity: Medium
OpenSSL has added support for TLS_FALLBACK_SCSV to allow applications
to block the ability for a MITM attacker to force a protocol
downgrade.
Some client applications (such as browsers) will reconnect using a
downgraded protocol to work around interoperability bugs in older
servers. This could be exploited by an active man-in-the-middle to
downgrade connections to SSL 3.0 even if both sides of the connection
support higher protocols. SSL 3.0 contains a number of weaknesses
including POODLE (CVE-2014-3566).
OpenSSL 1.0.1 users should upgrade to 1.0.1j.
OpenSSL 1.0.0 users should upgrade to 1.0.0o.
OpenSSL 0.9.8 users should upgrade to 0.9.8zc.
https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00
https://www.openssl.org/~bodo/ssl-poodle.pdf
Support for TLS_FALLBACK_SCSV was developed by Adam Langley and Bodo Moeller.
Build option no-ssl3 is incomplete (CVE-2014-3568)
==================================================
Severity: Low
When OpenSSL is configured with "no-ssl3" as a build option, servers
could accept and complete a SSL 3.0 handshake, and clients could be
configured to send them.
OpenSSL 1.0.1 users should upgrade to 1.0.1j.
OpenSSL 1.0.0 users should upgrade to 1.0.0o.
OpenSSL 0.9.8 users should upgrade to 0.9.8zc.
This issue was reported to OpenSSL by Akamai Technologies on 14th October 2014.
The fix was developed by Akamai and the OpenSSL team.
References
==========
URL for this Security Advisory:
https://www.openssl.org/news/secadv_20141015.txt
Note: the online version of the advisory may be updated with additional
details over time.
For details of OpenSSL severity classifications please see:
https://www.openssl.org/about/secpolicy.html
-----------------------------------------------------------------------
Summary of changes:
config/rootfiles/core/{84 => 85}/exclude | 0
config/rootfiles/{oldcore/60 => core/85}/filelists/files | 1 +
config/rootfiles/{oldcore/28 => core/85}/filelists/openssl | 0
config/rootfiles/core/{84 => 85}/meta | 0
config/rootfiles/{oldcore/83 => core/85}/update.sh | 5 +----
config/rootfiles/{core => oldcore}/84/exclude | 0
config/rootfiles/{core => oldcore}/84/filelists/bash | 0
config/rootfiles/{core => oldcore}/84/filelists/dnsmasq | 0
config/rootfiles/{core => oldcore}/84/filelists/files | 0
config/rootfiles/{core => oldcore}/84/filelists/readline | 0
config/rootfiles/{core => oldcore}/84/filelists/squid | 0
config/rootfiles/{core => oldcore}/84/meta | 0
config/rootfiles/{core => oldcore}/84/update.sh | 0
lfs/openssl | 4 ++--
make.sh | 4 ++--
15 files changed, 6 insertions(+), 8 deletions(-)
copy config/rootfiles/core/{84 => 85}/exclude (100%)
copy config/rootfiles/{oldcore/60 => core/85}/filelists/files (63%)
copy config/rootfiles/{oldcore/28 => core/85}/filelists/openssl (100%)
copy config/rootfiles/core/{84 => 85}/meta (100%)
copy config/rootfiles/{oldcore/83 => core/85}/update.sh (97%)
rename config/rootfiles/{core => oldcore}/84/exclude (100%)
rename config/rootfiles/{core => oldcore}/84/filelists/bash (100%)
rename config/rootfiles/{core => oldcore}/84/filelists/dnsmasq (100%)
rename config/rootfiles/{core => oldcore}/84/filelists/files (100%)
rename config/rootfiles/{core => oldcore}/84/filelists/readline (100%)
rename config/rootfiles/{core => oldcore}/84/filelists/squid (100%)
rename config/rootfiles/{core => oldcore}/84/meta (100%)
rename config/rootfiles/{core => oldcore}/84/update.sh (100%)
Difference in files:
diff --git a/config/rootfiles/core/84/exclude b/config/rootfiles/core/84/exclude
deleted file mode 100644
index 18e9b4d..0000000
--- a/config/rootfiles/core/84/exclude
+++ /dev/null
@@ -1,20 +0,0 @@
-boot/config.txt
-etc/collectd.custom
-etc/ipsec.conf
-etc/ipsec.secrets
-etc/ipsec.user.conf
-etc/ipsec.user.secrets
-etc/localtime
-etc/shadow
-etc/ssh/ssh_config
-etc/ssh/sshd_config
-etc/ssl/openssl.cnf
-etc/sudoers
-etc/sysconfig/firewall.local
-etc/sysconfig/rc.local
-etc/udev/rules.d/30-persistent-network.rules
-srv/web/ipfire/html/proxy.pac
-var/ipfire/ovpn
-var/log/cache
-var/state/dhcp/dhcpd.leases
-var/updatecache
diff --git a/config/rootfiles/core/84/filelists/bash b/config/rootfiles/core/84/filelists/bash
deleted file mode 120000
index de970cb..0000000
--- a/config/rootfiles/core/84/filelists/bash
+++ /dev/null
@@ -1 +0,0 @@
-../../../common/bash
\ No newline at end of file
diff --git a/config/rootfiles/core/84/filelists/dnsmasq b/config/rootfiles/core/84/filelists/dnsmasq
deleted file mode 120000
index d469c74..0000000
--- a/config/rootfiles/core/84/filelists/dnsmasq
+++ /dev/null
@@ -1 +0,0 @@
-../../../common/dnsmasq
\ No newline at end of file
diff --git a/config/rootfiles/core/84/filelists/files b/config/rootfiles/core/84/filelists/files
deleted file mode 100644
index 2cbc242..0000000
--- a/config/rootfiles/core/84/filelists/files
+++ /dev/null
@@ -1,11 +0,0 @@
-etc/system-release
-etc/issue
-etc/rc.d/init.d/firewall
-etc/rc.d/init.d/network
-srv/web/ipfire/cgi-bin/firewall.cgi
-srv/web/ipfire/cgi-bin/fwhosts.cgi
-srv/web/ipfire/cgi-bin/urlfilter.cgi
-usr/lib/firewall/firewall-lib.pl
-usr/lib/firewall/rules.pl
-usr/local/bin/update-lang-cache
-var/ipfire/langs
diff --git a/config/rootfiles/core/84/filelists/readline b/config/rootfiles/core/84/filelists/readline
deleted file mode 120000
index 84209f1..0000000
--- a/config/rootfiles/core/84/filelists/readline
+++ /dev/null
@@ -1 +0,0 @@
-../../../common/readline
\ No newline at end of file
diff --git a/config/rootfiles/core/84/filelists/squid b/config/rootfiles/core/84/filelists/squid
deleted file mode 120000
index 2dc8372..0000000
--- a/config/rootfiles/core/84/filelists/squid
+++ /dev/null
@@ -1 +0,0 @@
-../../../common/squid
\ No newline at end of file
diff --git a/config/rootfiles/core/84/meta b/config/rootfiles/core/84/meta
deleted file mode 100644
index d547fa8..0000000
--- a/config/rootfiles/core/84/meta
+++ /dev/null
@@ -1 +0,0 @@
-DEPS=""
diff --git a/config/rootfiles/core/84/update.sh b/config/rootfiles/core/84/update.sh
deleted file mode 100644
index 93a9e20..0000000
--- a/config/rootfiles/core/84/update.sh
+++ /dev/null
@@ -1,60 +0,0 @@
-#!/bin/bash
-############################################################################
-# #
-# This file is part of the IPFire Firewall. #
-# #
-# IPFire is free software; you can redistribute it and/or modify #
-# it under the terms of the GNU General Public License as published by #
-# the Free Software Foundation; either version 3 of the License, or #
-# (at your option) any later version. #
-# #
-# IPFire is distributed in the hope that it will be useful, #
-# but WITHOUT ANY WARRANTY; without even the implied warranty of #
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
-# GNU General Public License for more details. #
-# #
-# You should have received a copy of the GNU General Public License #
-# along with IPFire; if not, write to the Free Software #
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
-# #
-# Copyright (C) 2014 IPFire-Team <info(a)ipfire.org>. #
-# #
-############################################################################
-#
-. /opt/pakfire/lib/functions.sh
-/usr/local/bin/backupctrl exclude >/dev/null 2>&1
-
-# Remove old core updates from pakfire cache to save space...
-core=84
-for (( i=1; i<=$core; i++ ))
-do
- rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire
-done
-
-# Stop services
-/etc/init.d/squid stop
-/etc/init.d/dnsmasq stop
-
-# Remove old files
-
-# Extract files
-extract_files
-
-# Start services
-/etc/init.d/dnsmasq start
-/etc/init.d/squid start
-
-# Update Language cache
-perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang"
-
-sync
-
-# This update need a reboot...
-touch /var/run/need_reboot
-
-# Finish
-/etc/init.d/fireinfo start
-sendprofile
-
-# Don't report the exitcode last command
-exit 0
diff --git a/config/rootfiles/core/85/exclude b/config/rootfiles/core/85/exclude
new file mode 100644
index 0000000..18e9b4d
--- /dev/null
+++ b/config/rootfiles/core/85/exclude
@@ -0,0 +1,20 @@
+boot/config.txt
+etc/collectd.custom
+etc/ipsec.conf
+etc/ipsec.secrets
+etc/ipsec.user.conf
+etc/ipsec.user.secrets
+etc/localtime
+etc/shadow
+etc/ssh/ssh_config
+etc/ssh/sshd_config
+etc/ssl/openssl.cnf
+etc/sudoers
+etc/sysconfig/firewall.local
+etc/sysconfig/rc.local
+etc/udev/rules.d/30-persistent-network.rules
+srv/web/ipfire/html/proxy.pac
+var/ipfire/ovpn
+var/log/cache
+var/state/dhcp/dhcpd.leases
+var/updatecache
diff --git a/config/rootfiles/core/85/filelists/files b/config/rootfiles/core/85/filelists/files
new file mode 100644
index 0000000..168c7d1
--- /dev/null
+++ b/config/rootfiles/core/85/filelists/files
@@ -0,0 +1,3 @@
+etc/system-release
+etc/issue
+var/ipfire/langs
diff --git a/config/rootfiles/core/85/filelists/openssl b/config/rootfiles/core/85/filelists/openssl
new file mode 120000
index 0000000..e011a92
--- /dev/null
+++ b/config/rootfiles/core/85/filelists/openssl
@@ -0,0 +1 @@
+../../../common/openssl
\ No newline at end of file
diff --git a/config/rootfiles/core/85/meta b/config/rootfiles/core/85/meta
new file mode 100644
index 0000000..d547fa8
--- /dev/null
+++ b/config/rootfiles/core/85/meta
@@ -0,0 +1 @@
+DEPS=""
diff --git a/config/rootfiles/core/85/update.sh b/config/rootfiles/core/85/update.sh
new file mode 100644
index 0000000..ec9ac63
--- /dev/null
+++ b/config/rootfiles/core/85/update.sh
@@ -0,0 +1,56 @@
+#!/bin/bash
+############################################################################
+# #
+# This file is part of the IPFire Firewall. #
+# #
+# IPFire is free software; you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation; either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# IPFire is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with IPFire; if not, write to the Free Software #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
+# #
+# Copyright (C) 2014 IPFire-Team <info(a)ipfire.org>. #
+# #
+############################################################################
+#
+. /opt/pakfire/lib/functions.sh
+/usr/local/bin/backupctrl exclude >/dev/null 2>&1
+
+# Remove old core updates from pakfire cache to save space...
+core=85
+for (( i=1; i<=$core; i++ ))
+do
+ rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire
+done
+
+# Stop services
+
+# Remove old files
+
+# Extract files
+extract_files
+
+# Start services
+
+# Update Language cache
+perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang"
+
+sync
+
+# This update need a reboot...
+touch /var/run/need_reboot
+
+# Finish
+/etc/init.d/fireinfo start
+sendprofile
+
+# Don't report the exitcode last command
+exit 0
diff --git a/config/rootfiles/oldcore/84/exclude b/config/rootfiles/oldcore/84/exclude
new file mode 100644
index 0000000..18e9b4d
--- /dev/null
+++ b/config/rootfiles/oldcore/84/exclude
@@ -0,0 +1,20 @@
+boot/config.txt
+etc/collectd.custom
+etc/ipsec.conf
+etc/ipsec.secrets
+etc/ipsec.user.conf
+etc/ipsec.user.secrets
+etc/localtime
+etc/shadow
+etc/ssh/ssh_config
+etc/ssh/sshd_config
+etc/ssl/openssl.cnf
+etc/sudoers
+etc/sysconfig/firewall.local
+etc/sysconfig/rc.local
+etc/udev/rules.d/30-persistent-network.rules
+srv/web/ipfire/html/proxy.pac
+var/ipfire/ovpn
+var/log/cache
+var/state/dhcp/dhcpd.leases
+var/updatecache
diff --git a/config/rootfiles/oldcore/84/filelists/bash b/config/rootfiles/oldcore/84/filelists/bash
new file mode 120000
index 0000000..de970cb
--- /dev/null
+++ b/config/rootfiles/oldcore/84/filelists/bash
@@ -0,0 +1 @@
+../../../common/bash
\ No newline at end of file
diff --git a/config/rootfiles/oldcore/84/filelists/dnsmasq b/config/rootfiles/oldcore/84/filelists/dnsmasq
new file mode 120000
index 0000000..d469c74
--- /dev/null
+++ b/config/rootfiles/oldcore/84/filelists/dnsmasq
@@ -0,0 +1 @@
+../../../common/dnsmasq
\ No newline at end of file
diff --git a/config/rootfiles/oldcore/84/filelists/files b/config/rootfiles/oldcore/84/filelists/files
new file mode 100644
index 0000000..2cbc242
--- /dev/null
+++ b/config/rootfiles/oldcore/84/filelists/files
@@ -0,0 +1,11 @@
+etc/system-release
+etc/issue
+etc/rc.d/init.d/firewall
+etc/rc.d/init.d/network
+srv/web/ipfire/cgi-bin/firewall.cgi
+srv/web/ipfire/cgi-bin/fwhosts.cgi
+srv/web/ipfire/cgi-bin/urlfilter.cgi
+usr/lib/firewall/firewall-lib.pl
+usr/lib/firewall/rules.pl
+usr/local/bin/update-lang-cache
+var/ipfire/langs
diff --git a/config/rootfiles/oldcore/84/filelists/readline b/config/rootfiles/oldcore/84/filelists/readline
new file mode 120000
index 0000000..84209f1
--- /dev/null
+++ b/config/rootfiles/oldcore/84/filelists/readline
@@ -0,0 +1 @@
+../../../common/readline
\ No newline at end of file
diff --git a/config/rootfiles/oldcore/84/filelists/squid b/config/rootfiles/oldcore/84/filelists/squid
new file mode 120000
index 0000000..2dc8372
--- /dev/null
+++ b/config/rootfiles/oldcore/84/filelists/squid
@@ -0,0 +1 @@
+../../../common/squid
\ No newline at end of file
diff --git a/config/rootfiles/oldcore/84/meta b/config/rootfiles/oldcore/84/meta
new file mode 100644
index 0000000..d547fa8
--- /dev/null
+++ b/config/rootfiles/oldcore/84/meta
@@ -0,0 +1 @@
+DEPS=""
diff --git a/config/rootfiles/oldcore/84/update.sh b/config/rootfiles/oldcore/84/update.sh
new file mode 100644
index 0000000..93a9e20
--- /dev/null
+++ b/config/rootfiles/oldcore/84/update.sh
@@ -0,0 +1,60 @@
+#!/bin/bash
+############################################################################
+# #
+# This file is part of the IPFire Firewall. #
+# #
+# IPFire is free software; you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation; either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# IPFire is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with IPFire; if not, write to the Free Software #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
+# #
+# Copyright (C) 2014 IPFire-Team <info(a)ipfire.org>. #
+# #
+############################################################################
+#
+. /opt/pakfire/lib/functions.sh
+/usr/local/bin/backupctrl exclude >/dev/null 2>&1
+
+# Remove old core updates from pakfire cache to save space...
+core=84
+for (( i=1; i<=$core; i++ ))
+do
+ rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire
+done
+
+# Stop services
+/etc/init.d/squid stop
+/etc/init.d/dnsmasq stop
+
+# Remove old files
+
+# Extract files
+extract_files
+
+# Start services
+/etc/init.d/dnsmasq start
+/etc/init.d/squid start
+
+# Update Language cache
+perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang"
+
+sync
+
+# This update need a reboot...
+touch /var/run/need_reboot
+
+# Finish
+/etc/init.d/fireinfo start
+sendprofile
+
+# Don't report the exitcode last command
+exit 0
diff --git a/lfs/openssl b/lfs/openssl
index 0f0b823..186ea6c 100644
--- a/lfs/openssl
+++ b/lfs/openssl
@@ -24,7 +24,7 @@
include Config
-VER = 1.0.1i
+VER = 1.0.1j
THISAPP = openssl-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -51,7 +51,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = c8dc151a671b9b92ff3e4c118b174972
+$(DL_FILE)_MD5 = f7175c9cd3c39bb1907ac8bba9df8ed3
install : $(TARGET)
diff --git a/make.sh b/make.sh
index 23ef2b6..d942711 100755
--- a/make.sh
+++ b/make.sh
@@ -25,8 +25,8 @@
NAME="IPFire" # Software name
SNAME="ipfire" # Short name
VERSION="2.15" # Version number
-CORE="84" # Core Level (Filename)
-PAKFIRE_CORE="83" # Core Level (PAKFIRE)
+CORE="85" # Core Level (Filename)
+PAKFIRE_CORE="84" # Core Level (PAKFIRE)
GIT_BRANCH=`git rev-parse --abbrev-ref HEAD` # Git Branch
SLOGAN="www.ipfire.org" # Software slogan
CONFIG_ROOT=/var/ipfire # Configuration rootdir
hooks/post-receive
--
IPFire 2.x development tree
reply other threads:[~2014-10-15 17:49 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20141015174912.4EEEB2126B@argus.ipfire.org \
--to=git@ipfire.org \
--cc=ipfire-scm@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox