From: git@ipfire.org
To: ipfire-scm@lists.ipfire.org
Subject: [git.ipfire.org] IPFire 2.x development tree branch, core120, created. 36600cef36577ca36d4349bc7658a68234311ea2
Date: Fri, 30 Mar 2018 08:37:32 +0100 [thread overview]
Message-ID: <20180330073732.B55A710853B9@git01.ipfire.org> (raw)
[-- Attachment #1: Type: text/plain, Size: 43327 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, core120 has been created
at 36600cef36577ca36d4349bc7658a68234311ea2 (commit)
- Log -----------------------------------------------------------------
commit 36600cef36577ca36d4349bc7658a68234311ea2
Merge: 6a8b2ef97 7eb86ee39
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Fri Mar 30 09:35:28 2018 +0200
Merge branch 'core119' into next
commit 6a8b2ef9772b58406f9e9b073e68dcf71eabb327
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Fri Mar 30 09:25:06 2018 +0200
core120: set pafire version to 120
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit f7e9c14842dee00529df1e4a30f46255a1ed37e4
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Mar 29 13:49:44 2018 +0100
Rootfile update
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 4b072d640efde44017aeceb66d816ea59639be46
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed Mar 28 16:55:18 2018 +0100
pakfire: Use upstream proxy for HTTPS, too
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 66a0f3646ad2b1da568282464b9a63479c8b45d9
Author: Peter Müller <peter.mueller(a)link38.eu>
Date: Wed Mar 28 05:41:50 2018 +0200
use protocol defined in server-list.db for mirror communication
For each mirror server, a protocol can be specified in the
server-list.db database. However, it was not used for the
actual URL query to a mirror before.
This might be useful for deploy HTTPS pinning for Pakfire.
If a mirror is known to support HTTPS, all queries to it
will be made with this protocol.
This saves some overhead if HTTPS is enforced on a mirror
via 301 redirects. To enable this, the server-list.db
needs to be adjusted.
The second version of this patch only handles protocols
HTTP and HTTPS, since we do not expect anything else here
at the moment.
Partially fixes #11661.
Signed-off-by: Peter Müller <peter.mueller(a)link38.eu>
Cc: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 9f0999325dec7ffbcf8b18b846fbf6a8a6c5780f
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed Mar 28 16:39:35 2018 +0100
unbound: Fix crash on startup
Zone names should not be terminated with a dot.
Fixes: #11689
Reported-by: Pontus Larsson <pontuslarsson51(a)yahoo.se>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit d97f43b309b7c041498189b231b7507627a194c6
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed Mar 28 11:22:06 2018 +0100
Rootfile update for curl
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit d9e656bb82542b2ef379563c02d642c3394f1c1c
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Mar 27 20:56:31 2018 +0100
asterisk: Ship documentation
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit d3cd99830a8554e8f9b4df314210cef82ef69376
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Mar 27 20:53:31 2018 +0100
fetchmail: Permit building without SSLv3
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 76f422025ffe1baed977b5c8e1f072e5981e46ff
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Mar 27 16:05:07 2018 +0100
openssl: Update to 1.0.2o
CVE-2018-0739 (OpenSSL advisory) [Moderate severity] 27 March 2018:
Constructed ASN.1 types with a recursive definition (such as can be
found in PKCS7) could eventually exceed the stack given malicious
input with excessive recursion. This could result in a Denial Of
Service attack. There are no such structures used within SSL/TLS
that come from untrusted sources so this is considered safe.
Reported by OSS-fuzz.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 166ceacd6b375bc97eed722012a0f1fffd5a15e1
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Mar 27 15:59:04 2018 +0100
openssl: Update to 1.1.0h
CVE-2018-0739 (OpenSSL advisory) [Moderate severity] 27 March 2018:
Constructed ASN.1 types with a recursive definition (such as can be
found in PKCS7) could eventually exceed the stack given malicious
input with excessive recursion. This could result in a Denial Of
Service attack. There are no such structures used within SSL/TLS
that come from untrusted sources so this is considered safe.
Reported by OSS-fuzz.
This patch also entirely removes support for SSLv3. The patch to
disable it didn't apply and since nobody has been using this before,
we will not compile it into OpenSSL any more.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit c98304604bfed3b29bb384ab0999596644573f2c
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Mon Mar 26 19:04:41 2018 +0100
core120: Ship updated QoS script and gnupg
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit be7878d5c92600e7d316a86b18a77819734b62a0
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Mon Mar 26 19:50:30 2018 +0200
Fix typo in 'makeqosscripts.pl'
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit dd48a7aac8088ef706d2299bc5b473e9389ba2a2
Author: Peter Müller <peter.mueller(a)link38.eu>
Date: Sat Mar 24 16:45:02 2018 +0100
curl: update to 7.59.0
Update curl to 7.59.0 which fixes a number of bugs and
some minor security issues.
Signed-off-by: Peter Müller <peter.mueller(a)link38.eu>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 689fed340aab91240b51bf4da1daf0a606290ac1
Author: Peter Müller <peter.mueller(a)link38.eu>
Date: Sat Mar 24 16:32:53 2018 +0100
gnupg: update to 1.4.22
Update GnuPG to 1.4.22, which fixes some security vulnerabilities,
such as the memory side channel attack CVE-2017-7526.
Signed-off-by: Peter Müller <peter.mueller(a)link38.eu>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit dfdfafc7af57b5088279680098408df823516703
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Mar 20 20:36:15 2018 +0000
core120: Ship updated vnstat
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit a05af852c5f2266151479c9424a9b36243fb1c79
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Tue Mar 20 20:46:52 2018 +0100
vnstat: Update to 1.18
For details see: https://humdi.net/vnstat/CHANGES
Changed "SaveInterval 5" to "SaveInterval 1" in '/etc/vnstat.conf', triggered by
https://forum.ipfire.org/viewtopic.php?f=22&t=20448 to avoid data loss with 1Gbit
connections and high traffic.
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit e7ea357cecf5e069dd4fb4e5cd6099d8e5b7d9a4
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Mar 20 11:08:58 2018 +0000
Forgot to "git add" the new pakfire init script
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 42deeb3b450c74138dfb76d9d45d4588a5271887
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Mon Mar 19 19:45:24 2018 +0000
Revert "installer: Import the Pakfire key at install time"
This reverts commit 7d995c9f56055f39e559bd6e355a9a1689585c6d.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit eb68e27dd27b538d84c8382389f83f1a57ba59e7
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Mon Mar 19 19:44:50 2018 +0000
pakfire: Import key when system boots up
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 5876642d175609919d2f43892deec822d650bdf0
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Mon Mar 19 18:07:49 2018 +0000
ffmpeg: Ship libraries correctly
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 27ef66c26c480542f0ea60d85302da5ada0f0648
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Sun Mar 18 17:32:43 2018 +0100
hdparm: Update to 9.55
Changelogs against 9.53:
"hdparm-9.55:
- added #include <sys/sysmacros.h> for major()/minor() macros
hdparm-9.54:
- Partial revert of Jmicron changes, from Jan Friesse."
Best,
Matthias
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 71e5a29c8123014a8b740c3a99a83742a19019fa
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Sun Mar 18 17:40:47 2018 +0100
dmidecode 3.1: Added patch (Fix firmware version of TPM device)
For details see:
http://git.savannah.gnu.org/cgit/dmidecode.git/commit/?id=174387405e98cd94c627832ae23abcb9be7e5623
"Both the operator (detected by clang, reported by Xorg) and the mask
for the minor firmware version field of TPM devices were wrong."
Best,
Matthias
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 35cdaa194ac5d2abfc0a93f60ed99aab07be9ce3
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Mon Mar 19 11:52:26 2018 +0000
Fix python-m2crypto rootfile
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit b2318b5e351923632c43e3d5d9e6a2351a1b63cd
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sun Mar 18 13:51:38 2018 +0000
core120: Ship updated logrotate and restart unbound
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 9e9fdb39e63e521a4771e3e24746edad3c7430b2
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Sun Mar 18 10:05:33 2018 +0100
unbound: Update to 1.7.0
For details see:
http://www.unbound.net/download.html
Best,
Matthias
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 399c2f9ccc2fa8cac89d27353571f3317b45bde4
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Sun Mar 18 10:21:17 2018 +0100
logrotate: Update to 3.14.0
For details see:
https://github.com/logrotate/logrotate/releases
Best,
Matthias
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 4e316ae0a0a63b6f6a4029fa3ba18c757713a49e
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Sun Mar 18 10:14:07 2018 +0100
htop: Update to 2.1.0
For details see:
https://hisham.hm/htop/index.php?page=downloads
Best,
Matthias
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 9051f3c9d71b483198373b5522f47399b68b9572
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Sun Mar 18 10:00:34 2018 +0100
bind: Update to 9.11.3
For details see:
http://ftp.isc.org/isc/bind9/9.11.3/RELEASE-NOTES-bind-9.11.3.html
Best,
Matthias
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 1c1c1ac238d2fd83b2fc17f9206dc9000e9079bc
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Sun Mar 18 09:53:40 2018 +0100
nano: Update to 2.9.4
For details see:
https://www.nano-editor.org/news.php
Best,
Matthias
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 8aeec0ba89b0179138cec1b5ac079c04ad7db410
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Sun Mar 18 09:48:04 2018 +0100
rsync: Update to 3.1.3
For details see:
https://download.samba.org/pub/rsync/src/rsync-3.1.3-NEWS
Best,
Matthias
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit e779b6bc7aa470289bde0bf99aa7051dffc4384b
Author: Erik Kapfer <erik.kapfer(a)ipfire.org>
Date: Sun Mar 18 13:55:31 2018 +0100
PAM: Delete old lib and symlinks
Core 119 update delivers an updated PAM whereby the libdir has been changed from /lib to /usr/lib
but the old libraries and symlinks are still presant. Since the system searches /lib before
/usr/lib , the old libs and symlinks are used which ends up in an `LIBPAM_EXTENSION_1.1' not found.
Signed-off-by: Erik Kapfer <erik.kapfer(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit cdc1a0e901c285e84f8cbb6a01248ce6a141b361
Author: Erik Kapfer <erik.kapfer(a)ipfire.org>
Date: Mon Mar 12 13:47:34 2018 +0100
OpenVPN: Update to version 2.4.5
This is primarily a maintenance release, with further improved OpenSSL 1.1 integration, several minor bug fixes and other minor improvements.
Further information can be found in here https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst#version-245 and
here https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24 .
Signed-off-by: Erik Kapfer <erik.kapfer(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 35b892b0dd69c482fb3024f8e1dfbd13679b07d8
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Fri Mar 16 14:36:05 2018 +0000
pakfire: Drop old key import mechanism
This was error-prone and allowed to potentially inject another
key.
Fixes: #11539
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 7d995c9f56055f39e559bd6e355a9a1689585c6d
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Fri Mar 16 14:33:42 2018 +0000
installer: Import the Pakfire key at install time
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit ceed3534e154944651be9659e7f299d077edc439
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Fri Mar 16 14:28:17 2018 +0000
core120: Import new pakfire PGP key
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 5e5c2e541395bc5a2ab4d3304f6358861c594d3d
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Fri Mar 16 14:23:56 2018 +0000
Import new Pakfire Signing Key
We will swap the key that we use to sign Pakfire packages
since the current one is considered outdated cryptography.
Fixes: #11539
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit f0e9ed78a2ae1b828493c523e5137735c780d833
Author: Stephan Feddersen <sfeddersen(a)ipfire.org>
Date: Tue Mar 6 20:53:20 2018 +0100
WIO: increment PAK_VER
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit c1fc92a9b8e2a049875c02a736087beacb8c6348
Author: Stephan Feddersen via Development <development(a)lists.ipfire.org>
Date: Tue Feb 27 17:20:07 2018 +0100
WIO: Fix a problem with the Network-Table-Button
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit cc222a8e62ebaebf140f6287f8e55edd887b36aa
Author: Stephan Feddersen via Development <development(a)lists.ipfire.org>
Date: Tue Feb 27 17:18:39 2018 +0100
WIO: Fix some typos
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit a25c95b3a0bf5a3db03fbed0e53f2f2d82d3e148
Author: Stephan Feddersen via Development <development(a)lists.ipfire.org>
Date: Tue Feb 20 21:41:13 2018 +0100
WIO: Update to Version 1.3.2 several changes in many files
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit d536c178ec90fd95b7e793923a856b8dab8bcb52
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Wed Mar 7 19:19:04 2018 +0100
ntp: Update to 4.2.8p11
For details see:
http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
"This release addresses five security issues in ntpd:
LOW/MEDIUM: Sec 3012 / CVE-2016-1549 / VU#961909: Sybil vulnerability: ephemeral
association attack
While fixed in ntp-4.2.8p7, there are significant additional protections for
this issue in 4.2.8p11.
Reported by Matt Van Gundy of Cisco.
INFO/MEDIUM: Sec 3412 / CVE-2018-7182 / VU#961909: ctl_getitem(): buffer read overrun
leads to undefined behavior and information leak
Reported by Yihan Lian of Qihoo 360.
LOW: Sec 3415 / CVE-2018-7170 / VU#961909: Multiple authenticated ephemeral associations
Reported on the questions@ list.
LOW: Sec 3453 / CVE-2018-7184 / VU#961909: Interleaved symmetric mode cannot recover
from bad state
Reported by Miroslav Lichvar of Red Hat.
LOW/MEDIUM: Sec 3454 / CVE-2018-7185 / VU#961909: Unauthenticated packet can reset
authenticated interleaved association
Reported by Miroslav Lichvar of Red Hat.
one security issue in ntpq:
MEDIUM: Sec 3414 / CVE-2018-7183 / VU#961909: ntpq:decodearr() can write beyond its
buffer limit
Reported by Michael Macnair of Thales-esecurity.com.
and provides over 33 bugfixes and 32 other improvements."
Best,
Matthias
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit cc4816a1af40ee470fad90e0a7ec1655dc36367b
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Wed Mar 7 19:26:53 2018 +0100
clamav 0.99.4: removed gcc patch
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit dcd60d274ef7245552ffd0c57c15995a220d13a2
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Mar 6 15:13:56 2018 +0000
core120: Ship updated qos.cgi
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 20ffa7d1a896e5d8101f4e82ef11f8fa5b2ad15c
Author: Daniel Weismüller <daniel.weismueller(a)ipfire.org>
Date: Tue Mar 6 15:56:48 2018 +0100
As described in bug 11257 there is a mistake in the qos templates. The sum of the guaranteed bandwidth of the classes 101 - 120 is bigger than the available bandwidth. I adjusted the guaranteed bandwidth of the classes 101 - 104 so that each of them has a
Signed-off-by: Daniel Weismüller <daniel.weismueller(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 318434affb14cadbfdbe877ae5b1f00aacacea24
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Mar 6 15:12:42 2018 +0000
core120: Ship updated proxy.cgi
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 53d6755451808f8d6eeca8275714d97985d9495b
Author: Daniel Weismüller via Development <development(a)lists.ipfire.org>
Date: Fri Feb 16 13:04:50 2018 +0100
squid: Add RAM-only Proxy functionality
As suggested by Oliver "giller" Fieker <oli(a)new-lan.de>
in bug 10592 I added the functionality to use the squid as ram-only cache.
Further it defines the maximum_object_size_in_memory
as 2% of the in the webif defined "Memory cache size".
The maximum_object_size_in_memory should have a useful
size of the defined memory cache and I don't want to
create another variable which muste be fulled in by the user.
Signed-off-by: Daniel Weismüller <daniel.weismueller(a)ipfire.org>
Suggested-by: Oliver "giller" Fieker <oli(a)new-lan.de>
Suggested-by: Kim Wölfel <xaver4all(a)gmx.de>
Acked-by: Michael Tremer <michael.tremer(a)ipfire.org>
Cc: Stefan Schantl <stefan.schantl(a)ipfire.org>
Signed-off-by: Daniel Weismüller <daniel.weismueller(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 01bec956555de7966990047406cbf417d314c40d
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Mon Mar 5 15:21:56 2018 +0000
core120: Ship updated unbound init script
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 438da7e0a012cb979e77efcb923ab86b9078fb57
Author: Peter Müller <peter.mueller(a)link38.eu>
Date: Sun Mar 4 18:26:52 2018 +0100
test if nameservers with DNSSEC support return "ad"-flagged data
DNSSEC-validating nameservers return an "ad" (Authenticated Data)
flag in the DNS response header. This can be used as a negative
indicator for DNSSEC validation: In case a nameserver does not
return the flag, but failes to look up a domain with an invalid
signature, it does not support DNSSEC validation.
This makes it easier to detect nameservers which do not fully
comply to the RFCs or try to tamper DNS queries.
See bug #11595 (https://bugzilla.ipfire.org/show_bug.cgi?id=11595) for further details.
The second version of this patch avoids unnecessary usage of
grep. Thanks to Michael Tremer for the hint.
Signed-off-by: Peter Müller <peter.mueller(a)link38.eu>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 9d5e5eb01240cad610088fe2ea6b5b68e4f5e5ee
Author: Peter Müller <peter.mueller(a)link38.eu>
Date: Sun Mar 4 18:03:04 2018 +0100
Tor: update to 0.3.2.10
Update Tor to 0.3.2.10, which fixes some security and DoS
issues especially important for relays.
The release notes are available at:
https://blog.torproject.org/new-stable-tor-releases-security-fixes-and-dos-prevention-03210-03110-02915
Signed-off-by: Peter Müller <peter.mueller(a)link38.eu>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
Fixes: #11662
commit a12d48868202f0bef98b4c392eb7ca33cd6fe957
Author: Peter Müller <peter.mueller(a)link38.eu>
Date: Sun Mar 4 17:57:15 2018 +0100
ClamAV: update to 0.99.4
Update ClamAV to 0.99.4 which fixes four security issues
and compatibility issues with GCC 6 and C++ 11.
The release note can be found here: http://blog.clamav.net/2018/03/clamav-0994-has-been-released.html
Signed-off-by: Peter Müller <peter.mueller(a)link38.eu>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 568a227bd318c743225d90c8d93559d04ac72a8f
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Mar 1 19:58:11 2018 +0000
vpnmain.cgi: Fix reading common names from certificates
OpenSSL has changed the output of the subject lines of
certificates.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 63b515dc260f2da9bd413fea254d2e5b634c793a
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed Feb 28 11:55:35 2018 +0000
apache: Require TLSv1.2 for access to the web user interface
This will work fine for FF 27 or newer, Chrome 30 or newer,
IE 11 on Windows 7 or newer, Opera 17 or newer, Safari 9 or
newer, Android 5.0 or newer and Java 8 or newer
Since IPFire is not supposed to host any other applications and
all have been removed in the last few Core Updates, only the web
user interface is served over HTTPS here. We clearly prefer
security over compatibility.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 464426d36348cdb468f5c03f50132cf6583e23bd
Author: Peter Müller <peter.mueller(a)link38.eu>
Date: Tue Nov 7 20:51:32 2017 +0100
change Apache TLS cipher list to "Mozilla Modern"
Change the TLS cipher list of Apache to "Mozilla Modern".
ECDSA is preferred over RSA to save CPU time on both server
and client. Clients without support for TLS 1.2 and AES will
experience connection failures.
Signed-off-by: Peter Müller <peter.mueller(a)link38.eu>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 263d1e6484ad61711f07cad35057c324db28b480
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed Feb 28 11:49:47 2018 +0000
openssl: Apply ciphers patch before running Configure
This works just fine here.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 592949344560592807b5155d1c0ed085ac02c8ab
Author: Peter Müller via Development <development(a)lists.ipfire.org>
Date: Tue Feb 27 18:35:22 2018 +0100
set OpenSSL 1.1.0 DEFAULT cipher list to secure value
Only use secure cipher list for the OpenSSL DEFAULT list:
* ECDSA is preferred over RSA since it is faster and more scalable
* TLS 1.2 suites are preferred over anything older
* weak ciphers such as RC4 and 3DES have been eliminated
* AES-GCM is preferred over AES-CBC (known as "mac-then-encrypt" problem)
* ciphers without PFS are moved to the end of the cipher list
This patch leaves AES-CCM, AES-CCM8 and CHACHA20-POLY1305 suites
where they are since they are considered secure and there is no
need to change anything.
The DEFAULT cipher list is now (output of "openssl ciphers -v"):
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-ECDSA-AES256-CCM8 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESCCM8(256) Mac=AEAD
ECDHE-ECDSA-AES256-CCM TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESCCM(256) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES128-CCM8 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESCCM8(128) Mac=AEAD
ECDHE-ECDSA-AES128-CCM TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESCCM(128) Mac=AEAD
ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384
ECDHE-ECDSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=Camellia(256) Mac=SHA384
ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256
ECDHE-ECDSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=Camellia(128) Mac=SHA256
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD
ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384
ECDHE-RSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=Camellia(256) Mac=SHA384
ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256
ECDHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=Camellia(128) Mac=SHA256
DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD
DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
DHE-RSA-AES256-CCM8 TLSv1.2 Kx=DH Au=RSA Enc=AESCCM8(256) Mac=AEAD
DHE-RSA-AES256-CCM TLSv1.2 Kx=DH Au=RSA Enc=AESCCM(256) Mac=AEAD
DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES128-CCM8 TLSv1.2 Kx=DH Au=RSA Enc=AESCCM8(128) Mac=AEAD
DHE-RSA-AES128-CCM TLSv1.2 Kx=DH Au=RSA Enc=AESCCM(128) Mac=AEAD
DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256
DHE-RSA-CAMELLIA256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA256
DHE-RSA-AES128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(128) Mac=SHA256
DHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA256
ECDHE-ECDSA-AES256-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1
ECDHE-ECDSA-AES128-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA1
ECDHE-RSA-AES256-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1
ECDHE-RSA-AES128-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1
DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1
DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA1
DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1
DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA1
AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD
AES256-CCM8 TLSv1.2 Kx=RSA Au=RSA Enc=AESCCM8(256) Mac=AEAD
AES256-CCM TLSv1.2 Kx=RSA Au=RSA Enc=AESCCM(256) Mac=AEAD
AES128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(128) Mac=AEAD
AES128-CCM8 TLSv1.2 Kx=RSA Au=RSA Enc=AESCCM8(128) Mac=AEAD
AES128-CCM TLSv1.2 Kx=RSA Au=RSA Enc=AESCCM(128) Mac=AEAD
AES256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA256
CAMELLIA256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA256
AES128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA256
CAMELLIA128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=Camellia(128) Mac=SHA256
AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
CAMELLIA256-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA1
AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1
CAMELLIA128-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(128) Mac=SHA1
This has been discussed at 2017-12-04 (https://wiki.ipfire.org/devel/telco/2017-12-04)
and for a similar patch written for OpenSSL 1.0.x.
Signed-off-by: Peter Müller <peter.mueller(a)link38.eu>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit e707599d2cd8af8a1464ce31ee89a5401d5df0e2
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed Feb 28 10:48:29 2018 +0000
core120: Call openvpnctrl with full path
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit ca4c354e085083dacf66071b23e507ea2ebb1b81
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Mon Feb 26 16:28:16 2018 +0000
Bump release of all packages linked against OpenSSL
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit d192815e839c42566c669999900a0dd62824eb8e
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Mon Feb 26 16:22:32 2018 +0000
core120: Ship everything that is linked against OpenSSL
This will make sure that everything is using the new version
of the library.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 1c0cfaa5949e4303e8e4e2f041af86a812f3fe6c
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Mon Feb 26 15:37:49 2018 +0000
Disable Path MTU discovery
This seems to be a failed concept and causes issues with transferring
large packets through an IPsec tunnel connection.
This configures the kernel to still respond to PMTU ICMP discovery
messages, but will not try this on its own.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit f0e308ab2ff92858452d7c3ac3ad114b4ea862f4
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Mon Feb 26 15:34:10 2018 +0000
core120: Fix typo in initscript name
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 61fcd32f152f36edec042dd8e35ae2ab3f2acc2f
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Mon Feb 26 13:06:34 2018 +0000
Rootfile update
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 0eccedd1c8340e186a8329f66a235aea6c92b1af
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Mon Feb 26 11:12:20 2018 +0000
dhcp: Allow adding extra DHCP interfaces
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 39d11d265e4f1a41994d0adf85498f54c63ba7ab
Author: Erik Kapfer via Development <development(a)lists.ipfire.org>
Date: Mon Feb 26 08:00:15 2018 +0100
OpenVPN: Ship missing OpenSSL configuration file for update
Core 115 delivered a patch which prevents the '--ns-cert-type server is deprecated' message
and introduced also '--remote-cert-tls server' -->
https://patchwork.ipfire.org/patch/1441/ whereby the changed ovpn.cnf has not been delivered.
Signed-off-by: Erik Kapfer <erik.kapfer(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 52f61e496df86f1a70fa9d468d64e756bdb66f4d
Author: Erik Kapfer via Development <development(a)lists.ipfire.org>
Date: Sun Feb 25 14:49:49 2018 +0100
OpenVPN: New AES-GCM cipher for N2N and RW
AES-GCM 128, 196 and 256 bit has been added to Net-to-Net and Roadwarrior section.
HMAC selection for N2N will be disabled if AES-GCM is used since GCM provides an own message authentication (GMAC).
'auth *' line in N2N.conf will be deleted appropriately if AES-GCM is used since '--tls-auth' is not available for N2N.
HMAC selection menu for Roadwarriors is still available since '--tls-auth' is available for RWs
which uses the configuered HMAC even AES-GCM has been applied.
Signed-off-by: Erik Kapfer <erik.kapfer(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 87484f5c784e013229bc6d32430cdc8eb7b8a709
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Feb 22 18:52:03 2018 +0000
openssl-compat: Do not try to apply missing padlock patch
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit b9c56c9e9cf261e5d35d060f2f0afce39c633d47
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Feb 22 18:50:38 2018 +0000
openssl-compat: Add missing library path
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 8b080ef12b63e94d82b44c09cc00af40d9e9fe8d
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed Feb 21 13:06:22 2018 +0000
core120: Remove deprecated sshd configuration option
This just created a warning and is now dropped
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit c2646dff80ecd43986d4aafcb42d43303f362790
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed Feb 21 12:55:36 2018 +0000
Revert "wget: Link against GnuTLS instead of OpenSSL"
This reverts commit a46b159a8dc0d191ee57cf48b66be8a39fd7d9ec.
wget 1.19.4 supports linking against OpenSSL 1.1.0.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit c8e4391eccf6cff06b7ee17d1a50912fe77faf32
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed Feb 21 12:41:05 2018 +0000
core120: Remove forgotten PHP file
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 53929f5ae8a2edc8dff4484b4d293fcba5dd50af
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed Feb 21 12:39:55 2018 +0000
core120: Ship updated OpenSSL 1.1.0
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 9434bffaf23228be1774a63ad19d4751339e663c
Merge: cb8a6bf5a a4fd23254
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed Feb 21 12:21:10 2018 +0000
Merge branch 'openssl-11' into next
commit cb8a6bf5a4a2794638da37b992799e275022c78d
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed Feb 21 12:20:57 2018 +0000
Start Core Update 120
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit a4fd232541bf5002eb7e256727d2b10c89b6d1bf
Author: Erik Kapfer <erik.kapfer(a)ipfire.org>
Date: Thu Feb 15 05:43:49 2018 +0100
OpenVPN: Added needed directive for v2.4 update
script-security: The support for the 'system' flag has been removed due to security implications
with shell expansions when executing scripts via system() call.
For more informations: https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage .
ncp-disable: Negotiable crypto parameters has been disabled for the first.
Signed-off-by: Erik Kapfer <erik.kapfer(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit bd42f9f968112d2f15847c274d0e4c8b7bd9ddf1
Author: Erik Kapfer <erik.kapfer(a)ipfire.org>
Date: Wed Feb 7 18:31:49 2018 +0100
CRL updater: Update script for OpenVPNs CRL
Update script for OpenVPNs CRL cause OpenVPN refactors the CRL handling since v.2.4.0 .
Script checks the next update field from the CRL and executes an update before it expires.
Script is placed under fcron.daily for daily checks.
Signed-off-by: Erik Kapfer <erik.kapfer(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 59d77d2eae265304887408b1d36074269f6075a4
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed Feb 7 12:43:28 2018 +0000
openssl: Properly pass CFLAGS and LDFLAGS to build
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 11e78f38b9fe0e5087dd59ef76782cd39bd8f197
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Fri Feb 2 11:12:19 2018 +0000
Package openssl-compat (1.0.2.n)
This is provided for compatibility with binaries that have
been compiled against this version of OpenSSL.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 56f8478e4daaf4028f7332561da4b3418eed6b3a
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Fri Feb 2 10:59:37 2018 +0000
openssl: Rootfile update
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 3b83dffc1961a3911e8197621c8e59ab44b5c614
Author: Erik Kapfer <erik.kapfer(a)ipfire.org>
Date: Wed Jan 31 10:34:59 2018 +0100
OpenVPN: Update to version 2.4.4
Changed LFS and ROOTFILE for OpenVPN 2.4.4 update.
Signed-off-by: Erik Kapfer <erik.kapfer(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 8b87254a02c275a1e19dcd25cf27d83eb5babd38
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sat Jan 13 12:00:08 2018 +0000
python-m2crypto: Install in correct directory
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 1b7cb0484c0b9ca8bd20d480b8fa8ad6c31dfb12
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sat Jan 13 11:59:37 2018 +0000
openssl: Enable engines
Some tools that depend on openssl won't compile without it
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit a46b159a8dc0d191ee57cf48b66be8a39fd7d9ec
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Jan 11 11:49:31 2018 +0000
wget: Link against GnuTLS instead of OpenSSL
This version does not seem to be compatible with OpenSSL 1.1
and might be changed back to OpenSSL when ever it will compile.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit fd07dae7a4c6e78761b2005a9785155610adba0d
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Nov 28 16:51:51 2017 +0000
python-m2crypto: Update to 0.27.0
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 5c82a9f0409e67dd10aeacf82fdcf3042fea31c7
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Nov 28 16:48:20 2017 +0000
python-typing: Required for m2crypto
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 7e63e4f8069e396296360584db498753490097d6
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Nov 28 16:39:38 2017 +0000
transmission: Patch to build against OpenSSL 1.1
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 0d0fe16e22499868b38e35e190729f50c6acf1c9
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Nov 28 15:06:54 2017 +0000
net-snmp: Patch to build against OpenSSL 1.1
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 3b10b313032fe32e8e611a7c47e6e90259972ce3
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Nov 28 13:58:29 2017 +0000
elinks: Patch to build against OpenSSL 1.1
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 2ab923bb8ee35327065f4c724b5a10deee22b364
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Nov 28 13:37:38 2017 +0000
ncat: Update to 7.60
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 5809552f2fb1371870b4e111d4ef018730d683b9
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Nov 28 13:06:26 2017 +0000
krb5: Update to 1.15.2 to build against OpenSSL 1.1
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 07b8dcd0b2287fd316592dd0fe18d103b71b712e
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Nov 28 13:02:17 2017 +0000
openssh: Update to 7.6p1 and patch against OpenSSL 1.1
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit a82d85131b8220c3800c54dec49bd1ce605f0e7a
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Mon Nov 27 13:19:20 2017 +0000
Net-SSLeay: Update to 1.82
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit f8ee1cfcfcc5a2fd520a40c66a5747480debb51a
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Mon Nov 27 12:47:13 2017 +0000
cyrus-sasl: Disable OTP to build against OpenSSL 1.1
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 5a9bbaa93d7693c21dc6e2b23d07716c12aac220
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sat Nov 25 13:03:13 2017 +0000
openssl: Update to version 1.1
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
-----------------------------------------------------------------------
hooks/post-receive
--
IPFire 2.x development tree
reply other threads:[~2018-03-30 7:37 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180330073732.B55A710853B9@git01.ipfire.org \
--to=git@ipfire.org \
--cc=ipfire-scm@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox