From mboxrd@z Thu Jan 1 00:00:00 1970 From: git@ipfire.org To: ipfire-scm@lists.ipfire.org Subject: [git.ipfire.org] IPFire 2.x development tree branch, core96, created. df00a3f1cd6a23ef48c80e431b8e472a4a340e5b Date: Sun, 20 Dec 2015 20:23:27 +0100 Message-ID: <20151220192327.91B8F21E7C@argus.ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============1212593438944255797==" List-Id: --===============1212593438944255797== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree". The branch, core96 has been created at df00a3f1cd6a23ef48c80e431b8e472a4a340e5b (commit) - Log ----------------------------------------------------------------- commit df00a3f1cd6a23ef48c80e431b8e472a4a340e5b Author: Arne Fitzenreiter Date: Sun Dec 20 20:19:43 2015 +0100 core96: set pakfire version to 96. commit 54206b6e35cacf20218addcbaaaf50029afd6e69 Author: Michael Tremer Date: Sat Dec 19 14:12:29 2015 +0000 curl: Fix certificate validation =20 curl did not find the certificate bundle so that server certificates could not be verified. =20 Fixes #10995 =20 Signed-off-by: Michael Tremer commit 4d7f9a81ac575207edb6bb69f8bbea8762feab96 Author: Michael Tremer Date: Sat Dec 19 14:09:10 2015 +0000 strongswan: Update to 5.3.5 =20 Also ships a fix for #853 upstream. =20 Fixes #10998 =20 Signed-off-by: Michael Tremer commit b84a9b078dae234641a3708fbd7c1624c0731468 Author: Michael Tremer Date: Fri Dec 18 23:42:15 2015 +0000 core96: Ship updated grub =20 Signed-off-by: Michael Tremer commit 44fb4620ee2a314070fbf47de6cd7a6a2c7365f2 Author: Matthias Fischer Date: Fri Dec 18 21:28:52 2015 +0100 grub 2.00: Bugfix for CVE-2015-8370 =20 See: http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html =20 "A vulnerability in Grub2 has been found. Versions from 1.98 (December, 2= 009) to 2.02 (December, 2015) are affected. The vulnerability can be exploited under certain circumstances, allowing local attackers to bypass any kind = of authentication (plain or hashed passwords). And so, the attacker may take control of the computer." =20 Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit 1e1b03d5819269184a85dc5bcc042c978666bc08 Author: Matthias Fischer Date: Fri Dec 18 15:11:25 2015 +0100 dnsmasq 2.75: latest upstream patches ;-) =20 The neverending story continues... =20 Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit fbcc3cb7841f10c1390550074d676ddf2afa2c1a Author: Matthias Fischer Date: Wed Dec 16 21:42:41 2015 +0100 dnsmasq 2.75: latest upstream patches =20 Since 'Makefile' was affected, I had to rewrite 'dnsmasq-Add-support-to-read-ISC-DHCP-lease-file.patch', too. =20 Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit 78af2f67bba5900eb97989ed271b45a74448b457 Author: Alexander Marx Date: Thu Dec 17 11:31:30 2015 +0100 Squid-Accounting: Bugfix & clean up data =20 There was a Bug in the addon so that no data was displayed because of a typo. Additionally the computeraccounts are now filtered out of trafficdata collection. Only Proxy/AD/LDAP Accounts and IP adresses are collected. =20 Signed-off-by: Alexander Marx Signed-off-by: Michael Tremer commit b42a7ec1a663b356dde786cc7eeb1bb54ddcc662 Author: Michael Tremer Date: Tue Dec 15 18:32:55 2015 +0000 Rootfile update =20 Signed-off-by: Michael Tremer commit d9ef106e5cb1e2476101090caeac4609a41a1906 Author: Matthias Fischer Date: Sun Dec 13 18:04:40 2015 +0100 Midnight Commander 4.8.15: Update for rootfile =20 There was a syntax file which I overlooked... =20 Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit a8d24cee436f87939625f9506e6f84fc092f4200 Author: Michael Tremer Date: Tue Dec 15 13:54:04 2015 +0000 core96: Ship rules.pl =20 Signed-off-by: Michael Tremer commit 306098a49811868e2ffc4e19ce8cd62f69a2e9f3 Author: Alexander Marx Date: Mon Dec 7 15:57:32 2015 +0100 BUG10994: SNAT rules are missing the outgoing interface =20 When creating SNAT rules, the outgoing interface is not set. As a side effect, traffic that should be send unnatted to a vpn tunnel can be natted which is a BUG. With this patch the SNAT rules are getting a outgoing interface according to the configuration. When selecting the RED Target network, all SNAT rules will be configured with "-o red0". Otherwise if "all" is selected, there is no interface in the rule, which matches all networks. =20 Signed-off-by: Alexander Marx Signed-off-by: Michael Tremer commit 08729f79fb7b31326d367a74a50e372e4fb688d7 Author: Michael Tremer Date: Tue Dec 15 13:47:52 2015 +0000 ramdisk: Backup ramdisks once a night =20 Signed-off-by: Michael Tremer commit 429524c0406baeddf270d6e2df6e5a60a410e61a Author: Michael Tremer Date: Tue Dec 15 12:49:27 2015 +0000 ntp: Prefer local clock =20 For some reason, ntp won't use a local clock even if it is there and up and running. Therefore we need to "prefer" our only source of time. =20 Signed-off-by: Michael Tremer Tested-by: Daniel Weism=C3=BCller commit 73a000f9d1e1f43807156cfb9a9c56843330d4c6 Author: Matthias Fischer Date: Tue Dec 15 00:07:10 2015 +0100 ntp 4.2.8p4: Update for rootfile =20 '/usr/share/ntp/lib/NTP/Util.pm' is needed for 'ntptrace' to run correctly =20 Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit 93d6eed9a48a509e910fb4e248a70de9cdc15f0c Author: Michael Tremer Date: Tue Dec 15 12:37:16 2015 +0000 ntp: Fix syncing with local clock =20 This is a bug that was introduced with the latest release from upstream =20 Fixes #10997 Upstream: http://bugs.ntp.org/show_bug.cgi?id=3D2965 =20 Signed-off-by: Michael Tremer commit 50923742ba537464986269c8eb3442676b315267 Author: Matthias Fischer Date: Sun Dec 13 18:54:25 2015 +0100 nano: Update to 2.5.0 =20 Changelog: http://www.nano-editor.org/dist/v2.5/ChangeLog =20 Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit c4b28466d1004bd7fdb43299e18cbfa44b2a52ae Author: Matthias Fischer Date: Sun Dec 13 18:58:10 2015 +0100 arping 2.15: Update for rootfile =20 Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit 1b169a72daae63d435ee74b7ca9f28f1813fb177 Author: Michael Tremer Date: Sat Dec 12 17:06:10 2015 +0000 Speed up rootfile generation =20 The old usage of find walked through the entire filesystem tree and excluded some paths from being printed. The more efficient solution is to skip walking through excluded directories entirely. =20 This is a slight speedup of the build process by a few minutes. =20 Signed-off-by: Michael Tremer commit ca762aaf6e9e0062168b145b935171713c88d2b5 Author: Matthias Fischer Date: Sat Dec 12 14:10:16 2015 +0100 arping: Update to 2.15 =20 arping: Update to 2.15 =20 Signed-off-by: Matthias Fischer Signed-off-by: Erik Kapfer Signed-off-by: Michael Tremer commit 0909a0a1d8873ac694a3eab0c91e10e0f5cd486f Author: Michael Tremer Date: Sat Dec 12 11:52:18 2015 +0000 Update rootfiles =20 Signed-off-by: Michael Tremer commit b5e1360eb9ca4da5c68dd7dcea79151276003622 Author: Michael Tremer Date: Sat Dec 12 12:46:02 2015 +0100 ramdisk: Remove temporary directory recursively =20 Signed-off-by: Michael Tremer commit 24f2144dd26388215ab204b0e48217ffa4d40bfb Author: root Date: Sat Dec 12 12:35:24 2015 +0100 ramdisk: Fix copying files =20 The shell expansion wasn't used because of the quotation marks. =20 Signed-off-by: Michael Tremer commit ffeaaef6182adc81f01684a98cd1f5975d22b4be Author: Michael Tremer Date: Sat Dec 12 09:50:19 2015 +0000 connections.cgi: Fix page crash with IPsec connections with one subnet on= ly =20 Signed-off-by: Michael Tremer commit ea6fa9de5afc5a0d0b258ff08fe7bfbc0c6dbb30 Author: Michael Tremer Date: Fri Dec 11 18:48:19 2015 +0000 core96: Ship missing libnet =20 Signed-off-by: Michael Tremer commit 600ac5c6573a2c942c462c0f2aa844a417da310d Author: Matthias Fischer Date: Sat Dec 5 20:11:59 2015 +0100 libnet 1.1.6: Fix for rootfile =20 libnet 1.1.6: Fix for rootfile =20 See: https://forum.ipfire.org/viewtopic.php?f=3D27&t=3D15377, "error with arping and libnet.so.1" Should fix: Bug #10996 / https://bugzilla.ipfire.org/show_bug.cgi?id=3D10= 996 =20 Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit db1404051fa3f84ede679969ace44c0020946a7a Author: Matthias Fischer Date: Sat Dec 5 04:12:51 2015 +0100 clamav: Update to 0.99 =20 clamav: Update to 0.99 =20 Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit b7488afd894de0ca908563d4b058f7f9ed0f92fc Author: Michael Tremer Date: Fri Dec 11 18:43:39 2015 +0000 core96: Ship updated rrdtool =20 Signed-off-by: Michael Tremer commit 4955d7239b2d42347a246d610eaf294f7ab4966d Author: Matthias Fischer Date: Sat Dec 5 04:08:49 2015 +0100 rrdtool: Update to 1.5.5 =20 rrdtool: Update to 1.5.5 =20 Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit db7d2b13124e5388214f55564c6eab36373ed125 Author: Matthias Fischer Date: Thu Dec 3 19:09:45 2015 +0100 Midnight Commander: Update to 4.8.15 =20 Removed uncognized option: --with-samba =20 Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit e0eb23de56d5a207d755ea8380f9f5e2abfbaace Author: Michael Tremer Date: Thu Dec 10 16:38:36 2015 +0000 core96: Ship routing.cgi =20 Signed-off-by: Michael Tremer commit 1e656e8adccae48639e3ce66a50b85017cadf75b Author: Alexander Marx Date: Mon Dec 7 14:36:31 2015 +0100 BUG10993: fix errormessage when editing static routes =20 When editing existing static routes and clicking on apply button, there was an errormessage saying that this route is already in use. Now the errormessage is only displayed if a new route has the same ip than an existing one. =20 Signed-off-by: Alexander Marx Signed-off-by: Michael Tremer commit b1372c3befd4ba4541fad1a90200ae7c1628ff00 Author: Michael Tremer Date: Thu Dec 10 16:35:09 2015 +0000 dma: Import patch for better authentication =20 Signed-off-by: Michael Tremer commit e46f7c44ca3bc0f2eb42692866294ed6924e65e1 Author: Michael Tremer Date: Fri Dec 4 22:22:55 2015 +0000 Update translations =20 Signed-off-by: Michael Tremer commit 24f05f327190bb245a11ca6d9a726f6c6d7cdfcb Author: Michael Tremer Date: Fri Dec 4 22:22:41 2015 +0000 Update rootfiles =20 Signed-off-by: Michael Tremer commit 688a79a45e8b145561a26791b8f762bd046589fe Author: Michael Tremer Date: Fri Dec 4 22:13:44 2015 +0000 libpri: Honour CFLAGS =20 Signed-off-by: Michael Tremer commit b51ffa68db18e26d0a7ee25334ebe608c3fcfe94 Author: Michael Tremer Date: Fri Dec 4 22:11:28 2015 +0000 openvmtools: Update to version 10.0.5 =20 Signed-off-by: Michael Tremer commit 2b163f4497855bc56d00a8cc626c669517e8b95d Author: Michael Tremer Date: Fri Dec 4 21:41:56 2015 +0000 Drop tripwire =20 This add-on is likely to be unused =20 Signed-off-by: Michael Tremer commit 74e43e149346a5bffb7d6c6ca91d5442d297659b Author: Michael Tremer Date: Fri Dec 4 21:38:05 2015 +0000 xtables-addons: Make sure kernel module directory exists =20 Signed-off-by: Michael Tremer commit 5b2155bfdd1de0553f88c7a19a15e355e74c8001 Author: Michael Tremer Date: Fri Dec 4 21:32:58 2015 +0000 Drop cryptodev =20 This module isn't used by openssl any more and therefore quite unnecessary. =20 Signed-off-by: Michael Tremer commit 5b2e3ab6830ac81b3678b3e3b6c9372ed4f60ff9 Author: Michael Tremer Date: Fri Dec 4 21:18:11 2015 +0000 mISDNuser: Don't build with -Werror =20 Signed-off-by: Michael Tremer commit e31708279ac112ac0b0c7dc912765e1977e6cd22 Author: Michael Tremer Date: Fri Dec 4 21:17:27 2015 +0000 liboping: Don't build with -Werror =20 Signed-off-by: Michael Tremer commit fb39daffef9dc7396d65b6b2da0b73d6f625eabb Author: Michael Tremer Date: Fri Dec 4 22:17:51 2015 +0000 core96: Ship updated mdadm =20 Signed-off-by: Michael Tremer commit 5c424125051c9fbacfe1a2293168bbd36ec135aa Author: Michael Tremer Date: Fri Dec 4 21:15:18 2015 +0000 mdadm: Update to 3.3.4 =20 Signed-off-by: Michael Tremer commit a5ba61b89b9bcc818fb3f856ae44f4234680e07e Author: Michael Tremer Date: Fri Dec 4 21:14:47 2015 +0000 ebtables: Honour CFLAGS =20 Signed-off-by: Michael Tremer commit c7762365dc67c671b79e8869b617ad2e316bcce5 Author: Michael Tremer Date: Thu Dec 3 16:59:48 2015 +0000 openssl: Update to 1.0.2e =20 OpenSSL Security Advisory [3 Dec 2015] =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =20 NOTE: WE ANTICIPATE THAT 1.0.0t AND 0.9.8zh WILL BE THE LAST RELEASES FOR= THE 0.9.8 AND 1.0.0 VERSIONS AND THAT NO MORE SECURITY FIXES WILL BE PROVIDED= (AS PER PREVIOUS ANNOUNCEMENTS). USERS ARE ADVISED TO UPGRADE TO LATER VERSIO= NS. =20 BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193) =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =20 Severity: Moderate =20 There is a carry propagating bug in the x86_64 Montgomery squaring proced= ure. No EC algorithms are affected. Analysis suggests that attacks against RSA an= d DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (althoug= h very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. =20 This issue affects OpenSSL version 1.0.2. =20 OpenSSL 1.0.2 users should upgrade to 1.0.2e =20 This issue was reported to OpenSSL on August 13 2015 by Hanno B=C3=B6ck. The fix was developed by Andy Polyakov of the OpenSSL development team. =20 Certificate verify crash with missing PSS parameter (CVE-2015-3194) =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =20 Severity: Moderate =20 The signature verification routines will crash with a NULL pointer derefe= rence if presented with an ASN.1 signature using the RSA PSS algorithm and abse= nt mask generation function parameter. Since these routines are used to veri= fy certificate signature algorithms this can be used to crash any certificate verification operation and exploited in a DoS attack. Any application whi= ch performs certificate verification is vulnerable including OpenSSL clients= and servers which enable client authentication. =20 This issue affects OpenSSL versions 1.0.2 and 1.0.1. =20 OpenSSL 1.0.2 users should upgrade to 1.0.2e OpenSSL 1.0.1 users should upgrade to 1.0.1q =20 This issue was reported to OpenSSL on August 27 2015 by Lo=C3=AFc Jonas E= tienne (Qnective AG). The fix was developed by Dr. Stephen Henson of the OpenSSL development team. =20 X509_ATTRIBUTE memory leak (CVE-2015-3195) =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =20 Severity: Moderate =20 When presented with a malformed X509_ATTRIBUTE structure OpenSSL will leak memory. This structure is used by the PKCS#7 and CMS routines so any application which reads PKCS#7 or CMS data from untrusted sources is affe= cted. SSL/TLS is not affected. =20 This issue affects OpenSSL versions 1.0.2 and 1.0.1, 1.0.0 and 0.9.8. =20 OpenSSL 1.0.2 users should upgrade to 1.0.2e OpenSSL 1.0.1 users should upgrade to 1.0.1q OpenSSL 1.0.0 users should upgrade to 1.0.0t OpenSSL 0.9.8 users should upgrade to 0.9.8zh =20 This issue was reported to OpenSSL on November 9 2015 by Adam Langley (Google/BoringSSL) using libFuzzer. The fix was developed by Dr. Stephen Henson of the OpenSSL development team. =20 Race condition handling PSK identify hint (CVE-2015-3196) =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D =20 Severity: Low =20 If PSK identity hints are received by a multi-threaded client then the values are wrongly updated in the parent SSL_CTX structure. This can result in a race condition potentially leading to a double free of the identify hint data. =20 This issue was fixed in OpenSSL 1.0.2d and 1.0.1p but has not been previo= usly listed in an OpenSSL security advisory. This issue also affects OpenSSL 1= .0.0 and has not been previously fixed in an OpenSSL 1.0.0 release. =20 OpenSSL 1.0.2 users should upgrade to 1.0.2d OpenSSL 1.0.1 users should upgrade to 1.0.1p OpenSSL 1.0.0 users should upgrade to 1.0.0t =20 The fix for this issue can be identified in the OpenSSL git repository by= commit ids 3c66a669dfc7 (1.0.2), d6be3124f228 (1.0.1) and 1392c238657e (1.0.0). =20 The fix was developed by Dr. Stephen Henson of the OpenSSL development te= am. =20 Note =3D=3D=3D=3D =20 As per our previous announcements and our Release Strategy (https://www.openssl.org/about/releasestrat.html), support for OpenSSL ve= rsions 1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for= these versions will be provided after that date. In the absence of significant security issues being identified prior to that date, the 1.0.0t and 0.9.8= zh releases will be the last for those versions. Users of these versions are advised to upgrade. =20 References =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =20 URL for this Security Advisory: https://www.openssl.org/news/secadv/20151203.txt =20 Note: the online version of the advisory may be updated with additional details over time. =20 For details of OpenSSL severity classifications please see: https://www.openssl.org/about/secpolicy.html =20 Signed-off-by: Michael Tremer commit 228bec09bf8245e03193d8d69a0999c7059ac915 Author: Michael Tremer Date: Thu Dec 3 16:34:59 2015 +0000 ramdisk: Migrate everything during the update =20 Signed-off-by: Michael Tremer commit 6146d1904aad28f0bacbb6986205c28bb7020356 Author: Michael Tremer Date: Thu Dec 3 16:03:29 2015 +0000 ramdisk: Avoid copying data if no ramdisk is used =20 Signed-off-by: Michael Tremer commit 84c5f0d66d5312005a2c7528dbf686dc1968cd10 Author: Michael Tremer Date: Thu Dec 3 14:57:30 2015 +0000 ramdisk: Move crontab back to disk =20 Signed-off-by: Michael Tremer commit ee3dec50a36c175f0eb4f258855de27051bb76ac Author: Michael Tremer Date: Thu Dec 3 14:41:49 2015 +0000 ramdisk: Make usage of ramdisk configurable =20 Signed-off-by: Michael Tremer commit 5258a65deaba155637d44dba97958b90ed942197 Author: Michael Tremer Date: Thu Dec 3 14:27:33 2015 +0000 initscripts: functions: Fix indentation =20 Signed-off-by: Michael Tremer commit c4a451eeadaade76900c0e8f8c6a90502473eada Author: Alexander Marx Date: Thu Dec 3 13:14:23 2015 +0000 Remove ramdisks for RRD databases =20 Ramdisks are very limited in space and as new graphs are generated for OpenVPN N2N connections, etc. more space is necessary. =20 This patch will enable ramdisks for all systems with more than 490M of memory and allows the user to force using a ramdisk on systems with less memory. =20 Signed-off-by: Alexander Marx Acked-by: Arne Fitzenreiter Signed-off-by: Michael Tremer commit 74e5c32e19b3752e64c83a4762c7dacfee532bb6 Merge: 7fd716f e5d5819 Author: Arne Fitzenreiter Date: Wed Dec 2 21:39:20 2015 +0100 Merge branch 'master' into next commit 7fd716f81c2ef856be5e69645340aebc7d4d6901 Author: Michael Tremer Date: Tue Dec 1 22:37:07 2015 +0000 core96: Don't restart services that have not been updated =20 Signed-off-by: Michael Tremer commit 5a0ddc615deaf0268139c61930f9af986f9b8ba7 Author: Michael Tremer Date: Tue Dec 1 22:36:21 2015 +0000 core96: Ship updated dnsmasq =20 Signed-off-by: Michael Tremer commit 40e1bbda54635bfa6d9894044b7bce603b12e855 Author: Matthias Fischer Date: Fri Nov 27 22:11:41 2015 +0100 dnsmasq 2.75: latest upstream patches =20 Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit e546449f6ac1203c397cd94e12a73640f35518cd Author: Ersan Yildirim Date: Mon Nov 23 13:42:45 2015 +0000 Update Turkish translation =20 Signed-off-by: Michael Tremer commit aaf67a64c3498ab8ed0a453d433807e4b014cb0a Author: Michael Tremer Date: Mon Nov 23 13:42:08 2015 +0000 Update translations =20 Signed-off-by: Michael Tremer commit a74ade6d9a854bd76bd7eecf59eb6954c87dffef Author: Michael Tremer Date: Sat Nov 21 14:27:04 2015 +0000 installer+setup: Update translations =20 Signed-off-by: Michael Tremer commit 0b075172af1ae899337e7f072fc8490ae57e5501 Author: Michael Tremer Date: Thu Nov 19 12:54:41 2015 +0000 core96: Ship changed files =20 Signed-off-by: Michael Tremer commit 0cf6bacad2cafcacdee5810c2a4080cb19aa85ae Author: Alexander Marx Date: Mon Nov 16 12:01:07 2015 +0100 BUG10984: Fix portforwardconverter for upgrades before core 77 =20 When upgrading from a post core-77 installation, the portforwarding rules seem to get broken. With this patch the sourceports and the subnetmasks from the rules are converted correctly. =20 Signed-off-by: Alexander Marx Signed-off-by: Michael Tremer commit b00797e260bc84be15cea26a144f560244be4c6e Author: Alexander Marx Date: Thu Nov 19 11:09:49 2015 +0100 BUG10963: implement a better email verification =20 We now check all allowed chars in the address before the @ sign. The domainpart after the '@' sign is just checked for valid chars, so tha= t user(a)ipfire is valid, too =20 Signed-off-by: Alexander Marx Signed-off-by: Michael Tremer commit 915c88931a2c5c4cd34ece5dc754cb8da984d2e3 Author: Michael Tremer Date: Thu Nov 19 12:52:31 2015 +0000 strongswan: Update to 5.3.4 =20 Fixes a security vulnerability in the EAP-MSCHAPv2 plugin that is filed under CVE-2015-8023. =20 https://www.strongswan.org/blog/2015/11/16/strongswan-vulnerability-%28cv= e-2015-8023%29.html =20 Signed-off-by: Michael Tremer commit 06988eaf4961be6c74a9aefb8203eb7b53157bd6 Author: Michael Tremer Date: Wed Nov 18 17:31:32 2015 +0000 core96: Ship updated core initscript =20 Signed-off-by: Michael Tremer commit c77e962d565b1ae07c9b44e3c864c9bacc9f6b78 Author: Stefan Schantl Date: Fri Oct 16 18:49:15 2015 +0200 snort: Also monitor assigned alias addresses on red. =20 These changes will allow snort to also inspect the traffic for one or more configured alias addresses, which has not been done in the pa= st. =20 The current situation is, that snort if enabled on red, only inspects the traffic which is desired to the statically configured red address. =20 If some alias addresses have been assigned to the red interface the traffic to these addresses will not be checked by snort and completely bypasses the IDS. =20 There is no user interaction required, nor visible-effects or any backward-compatiblity required, only a restart of snort after the update process to protect all red addresses. =20 To do this we will now check if, the RED interface has been set to STATIC= (which is required to use the aliases function) and any aliases have been config= ured. In case of this, the modified code will add all enabled alias addresses to t= he HOMENET variable in which snort is storing all the monitored addresses. =20 Fixes #10619. =20 Signed-off-by: Stefan Schantl Signed-off-by: Michael Tremer commit e9fbc1cecf856ccc7f5f2b2c504aa4318e879a7d Author: Arne Fitzenreiter Date: Wed Nov 11 22:05:15 2015 +0100 boost: build also on x86 with -j2 =20 boost need to much memory if it was build with more than 2 parallel processes. =20 Signed-off-by: Arne Fitzenreiter commit dccbe309d2b568147c47a4d37c59b5686a7babbe Author: Arne Fitzenreiter Date: Wed Nov 11 15:01:13 2015 +0100 core96: add pakfire changes to updater commit 4e17785fc101be1bef918fe5c739a2aa8e68075c Author: Arne Fitzenreiter Date: Wed Nov 11 14:54:21 2015 +0100 pakfire: remove wrong version of installed addons =20 in the installed addon list pakfire has showed the latest version of the addon not the installed. =20 Fixes: #10875 =20 Signed-off-by: Arne Fitzenreiter commit cfac8f9476678259698b14463fdd0c1b3ffeff23 Author: Arne Fitzenreiter Date: Wed Nov 11 14:49:02 2015 +0100 start core96 =20 Signed-off-by: Arne Fitzenreiter ----------------------------------------------------------------------- hooks/post-receive -- IPFire 2.x development tree --===============1212593438944255797==--