* [git.ipfire.org] IPFire 2.x development tree branch, next, updated. fc5fc95f9a618eb67f19895aa1df57dfb76c97e6
@ 2017-01-29 19:38 git
0 siblings, 0 replies; only message in thread
From: git @ 2017-01-29 19:38 UTC (permalink / raw)
To: ipfire-scm
[-- Attachment #1: Type: text/plain, Size: 20802 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via fc5fc95f9a618eb67f19895aa1df57dfb76c97e6 (commit)
via 8d07810dcefece495e8f3d321cb85e22ae5c6bd1 (commit)
via a8f9804a76e4a7cda74e45381a88034ea4c16701 (commit)
via 48db07db14138cf40453d3ee785f7ec7e25154ff (commit)
via dfcf70ba39dfb35ce961e96dc2c4964a29fff2da (commit)
via 014bbf241f00cc2dec1c435dfab983b99c84110a (commit)
from d700ab532b6c5916edd500a339f2d36e9c832915 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit fc5fc95f9a618eb67f19895aa1df57dfb76c97e6
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sun Jan 29 19:33:29 2017 +0000
core109: Ship updated sysklogd
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 8d07810dcefece495e8f3d321cb85e22ae5c6bd1
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Sun Jan 29 14:37:43 2017 +0100
sysklogd: Update to 1.5.1
...and now to something completely different... ;-)
Changelog:
- Bugfix against invalid PRI values (CVE-2014-3634)
CVE-2014-3634:
"...sysklogd 1.5 and earlier allows remote attackers to cause a
denial of service (crash), possibly execute arbitrary code,
or have other unspecified impact via a crafted priority (PRI)
value that triggers an out-of-bounds array access."
Nothing good for a firewall...and besides, 'sysklogd' wasn't updated since 2010.
Best,
Matthias
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit a8f9804a76e4a7cda74e45381a88034ea4c16701
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sun Jan 29 19:28:39 2017 +0000
core109: Ship updated libpcap
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 48db07db14138cf40453d3ee785f7ec7e25154ff
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Sat Jan 28 23:31:50 2017 +0100
squid: Update to 3.5.24
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit dfcf70ba39dfb35ce961e96dc2c4964a29fff2da
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Sat Jan 28 19:05:01 2017 +0100
tcpdump: Update to 4.8.1
Change log:
Tuesday October 25, 2016 mcr(a)sandelman.ca
Summary for 4.8.1 tcpdump release
Fix "-x" for Apple PKTAP and PPI packets
Use PRIx64 to print a 64-bit number in hex.
Printer for HNCP (RFCs 7787 and 7788).
dagid is always an IPv6 address, not an opaque 128-bit string, and other fixes to RPL printer.
RSVP: Add bounds and length checks
OSPF: Do more bounds checking
Handle OpenSSL 1.1.x.
Initial support for the REdis Serialization Protocol known as RESP.
Add printing function for Generic Protocol Extension for VXLAN
draft-ietf-nvo3-vxlan-gpe-01
Network Service Header: draft-ietf-sfc-nsh-01
Don't recompile the filter if the new file has the same DLT.
Pass an adjusted struct pcap_pkthdr to the sub-printer.
Add three test cases for already fixed CVEs
CVE-2014-8767: OLSR
CVE-2014-8768: Geonet
CVE-2014-8769: AODV
Don't do the DDP-over-UDP heuristic first: GitHub issue #499.
Use the new debugging routines in libpcap.
Harmonize TCP source or destination ports tests with UDP ones
Introduce data types to use for integral values in packet structures.
RSVP: Fix an infinite loop
Support of Type 3 and Type 4 LISP packets.
Don't require IPv6 library support in order to support IPv6 addresses.
Many many changes to support libnetdissect usage.
Add a test that makes unaligned accesses: GitHub issue #478.
add a DNSSEC test case: GH #445 and GH #467.
BGP: add decoding of ADD-PATH capability
fixes to LLC header printing, and RFC948-style IP packets
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 014bbf241f00cc2dec1c435dfab983b99c84110a
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Sat Jan 28 18:56:08 2017 +0100
libpcap: Update to 1.8.1
Change log:
Tuesday, Oct. 25, 2016 mcr(a)sandelman.ca
Summary for 1.8.1 libpcap release
Add a target in Makefile.in for Exuberant Ctags use: 'extags'.
Rename configure.in to configure.ac: autoconf 2.59
Clean up the name-to-DLT mapping table.
Add some newer DLT_ values: IPMI_HPM_2,ZWAVE_R1_R2,ZWAVE_R3,WATTSTOPPER_DLM,ISO_14443,RDS
Clarify what the return values are for both success and failure.
Many changes to build on windows
Check for the "break the loop" condition in the inner loop for TPACKET_V3.
Fix handling of packet count in the TPACKET_V3 inner loop: GitHub issue #493.
Filter out duplicate looped back CAN frames.
Fix the handling of loopback filters for IPv6 packets.
Add a link-layer header type for RDS (IEC 62106) groups.
Use different intermediate folders for x86 and x64 builds on Windows.
On Linux, handle all CAN captures with pcap-linux.c, in cooked mode.
Removes the need for the "host-endian" link-layer header type.
Compile with '-Wused-but-marked-unused' in devel mode if supported
Have separate DLTs for big-endian and host-endian SocketCAN headers.
Reflect version.h being renamed to pcap_version.h.
Require that version.h be generated: all build procedures we support generate version.h (autoconf, CMake, MSVC)!
Properly check for sock_recv() errors.
Re-impose some of Winsock's limitations on sock_recv().
Replace sprintf() with pcap_snprintf().
Fix signature of pcap_stats_ex_remote().
Initial cmake support for remote packet capture.
Have rpcap_remoteact_getsock() return a SOCKET and supply an "is active" flag.
Clean up {DAG, Septel, Myricom SNF}-only builds.
Do UTF-16-to-ASCII conversion into the right place.
pcap_create_interface() needs the interface name on Linux.
Clean up hardware time stamp support: the "any" device does not support any time stamp types.
Add support for capturing on FreeBSD usbusN interfaces.
Add a LINKTYPE/DLT_ value for FreeBSD USB.
Go back to using PCAP_API on Windows.
CMake support
Add TurboCap support from WinPcap.
Recognize 802.1ad nested VLAN tag in vlan filter.
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
config/rootfiles/common/libpcap | 5 ++-
config/rootfiles/common/sysklogd | 2 ++
config/rootfiles/core/109/exclude | 2 ++
.../{oldcore/93 => core/109}/filelists/libpcap | 0
config/rootfiles/core/109/filelists/sysklogd | 1 +
config/rootfiles/core/109/update.sh | 3 ++
lfs/libpcap | 6 ++--
lfs/squid | 9 +++--
lfs/sysklogd | 9 ++---
lfs/tcpdump | 8 ++---
...=> squid-3.5.24-fix-max-file-descriptors.patch} | 0
src/patches/squid/squid-3.5-14129.patch | 41 ----------------------
12 files changed, 26 insertions(+), 60 deletions(-)
copy config/rootfiles/{oldcore/93 => core/109}/filelists/libpcap (100%)
create mode 120000 config/rootfiles/core/109/filelists/sysklogd
rename src/patches/{squid-3.5.23-fix-max-file-descriptors.patch => squid-3.5.24-fix-max-file-descriptors.patch} (100%)
delete mode 100644 src/patches/squid/squid-3.5-14129.patch
Difference in files:
diff --git a/config/rootfiles/common/libpcap b/config/rootfiles/common/libpcap
index 2045ca7..6be2bd9 100644
--- a/config/rootfiles/common/libpcap
+++ b/config/rootfiles/common/libpcap
@@ -5,6 +5,9 @@
#usr/include/pcap.h
#usr/include/pcap/bluetooth.h
#usr/include/pcap/bpf.h
+#usr/include/pcap/can_socketcan.h
+#usr/include/pcap/dlt.h
+#usr/include/pcap/export-defs.h
#usr/include/pcap/ipnet.h
#usr/include/pcap/namedb.h
#usr/include/pcap/nflog.h
@@ -15,7 +18,7 @@
#usr/lib/libpcap.a
usr/lib/libpcap.so
usr/lib/libpcap.so.1
-usr/lib/libpcap.so.1.7.4
+usr/lib/libpcap.so.1.8.1
#usr/share/man/man1/pcap-config.1
#usr/share/man/man3/pcap.3pcap
#usr/share/man/man3/pcap_activate.3pcap
diff --git a/config/rootfiles/common/sysklogd b/config/rootfiles/common/sysklogd
index 9792097..f5d55c2 100644
--- a/config/rootfiles/common/sysklogd
+++ b/config/rootfiles/common/sysklogd
@@ -1,6 +1,8 @@
usr/sbin/klogd
usr/sbin/syslogd
+#usr/share/man/man5/syslog.conf.5
#usr/share/man/man8/klogd.8
#usr/share/man/man8/sysklogd.8
+#usr/share/man/man8/syslogd.8
var/log/dhcpcd.log
var/log/messages
diff --git a/config/rootfiles/core/109/exclude b/config/rootfiles/core/109/exclude
index 7ddeae0..d6fd053 100644
--- a/config/rootfiles/core/109/exclude
+++ b/config/rootfiles/core/109/exclude
@@ -24,5 +24,7 @@ var/ipfire/time
var/ipfire/ovpn
var/lib/alternatives
var/log/cache
+var/log/dhcpcd.log
+var/log/messages
var/state/dhcp/dhcpd.leases
var/updatecache
diff --git a/config/rootfiles/core/109/filelists/libpcap b/config/rootfiles/core/109/filelists/libpcap
new file mode 120000
index 0000000..c7f9f52
--- /dev/null
+++ b/config/rootfiles/core/109/filelists/libpcap
@@ -0,0 +1 @@
+../../../common/libpcap
\ No newline at end of file
diff --git a/config/rootfiles/core/109/filelists/sysklogd b/config/rootfiles/core/109/filelists/sysklogd
new file mode 120000
index 0000000..e166ef2
--- /dev/null
+++ b/config/rootfiles/core/109/filelists/sysklogd
@@ -0,0 +1 @@
+../../../common/sysklogd
\ No newline at end of file
diff --git a/config/rootfiles/core/109/update.sh b/config/rootfiles/core/109/update.sh
index 1143890..874ef79 100644
--- a/config/rootfiles/core/109/update.sh
+++ b/config/rootfiles/core/109/update.sh
@@ -45,6 +45,9 @@ ldconfig
# Update Language cache
#/usr/local/bin/update-lang-cache
+# Restart sysklogd
+/etc/init.d/sysklogd restart
+
# Start services
/etc/init.d/unbound start
/etc/init.d/squid start
diff --git a/lfs/libpcap b/lfs/libpcap
index 10fbcd4..0fb62dc 100644
--- a/lfs/libpcap
+++ b/lfs/libpcap
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2015 Michael Tremer & Christian Schmidt #
+# Copyright (C) 2007-2017 IPFire Team <info(a)ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,7 +24,7 @@
include Config
-VER = 1.7.4
+VER = 1.8.1
THISAPP = libpcap-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -42,7 +42,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = b2e13142bbaba857ab1c6894aedaf547
+$(DL_FILE)_MD5 = 3d48f9cd171ff12b0efd9134b52f1447
install : $(TARGET)
diff --git a/lfs/squid b/lfs/squid
index 0015208..4a8d9d8 100644
--- a/lfs/squid
+++ b/lfs/squid
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2016 IPFire Team <info(a)ipfire.org> #
+# Copyright (C) 2007-2017 IPFire Team <info(a)ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,7 +24,7 @@
include Config
-VER = 3.5.23
+VER = 3.5.24
THISAPP = squid-$(VER)
DL_FILE = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 9b68f689e3d9578932b9c6a4041037c2
+$(DL_FILE)_MD5 = 3fae511e16b6379b61c011914673973d
install : $(TARGET)
@@ -70,8 +70,7 @@ $(subst %,%_MD5,$(objects)) :
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar xaf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14129.patch
- cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid-3.5.23-fix-max-file-descriptors.patch
+ cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid-3.5.24-fix-max-file-descriptors.patch
cd $(DIR_APP) && autoreconf -vfi
cd $(DIR_APP)/libltdl && autoreconf -vfi
diff --git a/lfs/sysklogd b/lfs/sysklogd
index ca6110a..75bde5f 100644
--- a/lfs/sysklogd
+++ b/lfs/sysklogd
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007 Michael Tremer & Christian Schmidt #
+# Copyright (C) 2007-2017 IPFire Team <info(a)ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,7 +24,7 @@
include Config
-VER = 1.5
+VER = 1.5.1
THISAPP = sysklogd-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = e053094e8103165f98ddafe828f6ae4b
+$(DL_FILE)_MD5 = c70599ab0d037fde724f7210c2c8d7f8
install : $(TARGET)
@@ -70,9 +70,6 @@ $(subst %,%_MD5,$(objects)) :
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
- #cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/$(THISAPP)-fixes-1.patch
- #cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/$(THISAPP)-8bit-1.patch
- #cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/$(THISAPP)_xen_empty_buffer_check.patch
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
touch /var/log/{dhcpcd.log,messages}
diff --git a/lfs/tcpdump b/lfs/tcpdump
index 646250d..cfeaffa 100644
--- a/lfs/tcpdump
+++ b/lfs/tcpdump
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2015 Michael Tremer & Christian Schmidt #
+# Copyright (C) 2007-2017 IPFire Team <info(a)ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,7 +24,7 @@
include Config
-VER = 4.7.4
+VER = 4.8.1
THISAPP = tcpdump-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = tcpdump
-PAK_VER = 6
+PAK_VER = 7
DEPS = ""
@@ -44,7 +44,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 58af728de36f499341918fc4b8e827c3
+$(DL_FILE)_MD5 = 32f57943649f276e09236ba66622bb0c
install : $(TARGET)
diff --git a/src/patches/squid-3.5.23-fix-max-file-descriptors.patch b/src/patches/squid-3.5.23-fix-max-file-descriptors.patch
deleted file mode 100644
index b740b61..0000000
--- a/src/patches/squid-3.5.23-fix-max-file-descriptors.patch
+++ /dev/null
@@ -1,21 +0,0 @@
---- configure.ac.~ Wed Apr 20 14:26:07 2016
-+++ configure.ac Fri Apr 22 17:20:46 2016
-@@ -3135,6 +3135,9 @@
- ;;
- esac
-
-+SQUID_CHECK_DEFAULT_FD_SETSIZE
-+SQUID_CHECK_MAXFD
-+
- dnl --with-maxfd present for compatibility with Squid-2.
- dnl undocumented in ./configure --help to encourage using the Squid-3 directive
- AC_ARG_WITH(maxfd,,
-@@ -3165,8 +3168,6 @@
- esac
- ])
-
--SQUID_CHECK_DEFAULT_FD_SETSIZE
--SQUID_CHECK_MAXFD
- if test "x$squid_filedescriptors_num" != "x"; then
- AC_MSG_NOTICE([Default number of fieldescriptors: $squid_filedescriptors_num])
- fi
diff --git a/src/patches/squid-3.5.24-fix-max-file-descriptors.patch b/src/patches/squid-3.5.24-fix-max-file-descriptors.patch
new file mode 100644
index 0000000..b740b61
--- /dev/null
+++ b/src/patches/squid-3.5.24-fix-max-file-descriptors.patch
@@ -0,0 +1,21 @@
+--- configure.ac.~ Wed Apr 20 14:26:07 2016
++++ configure.ac Fri Apr 22 17:20:46 2016
+@@ -3135,6 +3135,9 @@
+ ;;
+ esac
+
++SQUID_CHECK_DEFAULT_FD_SETSIZE
++SQUID_CHECK_MAXFD
++
+ dnl --with-maxfd present for compatibility with Squid-2.
+ dnl undocumented in ./configure --help to encourage using the Squid-3 directive
+ AC_ARG_WITH(maxfd,,
+@@ -3165,8 +3168,6 @@
+ esac
+ ])
+
+-SQUID_CHECK_DEFAULT_FD_SETSIZE
+-SQUID_CHECK_MAXFD
+ if test "x$squid_filedescriptors_num" != "x"; then
+ AC_MSG_NOTICE([Default number of fieldescriptors: $squid_filedescriptors_num])
+ fi
diff --git a/src/patches/squid/squid-3.5-14129.patch b/src/patches/squid/squid-3.5-14129.patch
deleted file mode 100644
index b930aca..0000000
--- a/src/patches/squid/squid-3.5-14129.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-------------------------------------------------------------
-revno: 14129
-revision-id: squid3(a)treenet.co.nz-20161226022200-u1dnvhu0rdby78u2
-parent: squid3(a)treenet.co.nz-20161216043137-lsk9s4fq21sqsdfo
-fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=3940
-committer: Amos Jeffries <squid3(a)treenet.co.nz>
-branch nick: 3.5
-timestamp: Mon 2016-12-26 15:22:00 +1300
-message:
- Bug 3940 pt2: Make 'cache deny' do what is documented
-
- Instead of overriding whatever cacheability was previously set to
- (including changing non-cacheables to be cacheable) actually
- prevent both cache read and write.
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3(a)treenet.co.nz-20161226022200-u1dnvhu0rdby78u2
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: 579020c4bb34961317f8fd0498393aba4a797b14
-# timestamp: 2016-12-26 02:23:14 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3(a)treenet.co.nz-20161216043137-\
-# lsk9s4fq21sqsdfo
-#
-# Begin patch
-=== modified file 'src/client_side_request.cc'
---- src/client_side_request.cc 2016-09-23 15:28:42 +0000
-+++ src/client_side_request.cc 2016-12-26 02:22:00 +0000
-@@ -1407,7 +1407,10 @@
- ClientRequestContext::checkNoCacheDone(const allow_t &answer)
- {
- acl_checklist = NULL;
-- http->request->flags.cachable = (answer == ACCESS_ALLOWED);
-+ if (answer == ACCESS_DENIED) {
-+ http->request->flags.noCache = true; // dont read reply from cache
-+ http->request->flags.cachable = false; // dont store reply into cache
-+ }
- http->doCallouts();
- }
-
-
hooks/post-receive
--
IPFire 2.x development tree
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2017-01-29 19:38 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-01-29 19:38 [git.ipfire.org] IPFire 2.x development tree branch, next, updated. fc5fc95f9a618eb67f19895aa1df57dfb76c97e6 git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox