This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, core123 has been created
at 1e1806adce3e82b500e6ed6aed6508f0c63358d5 (commit)
- Log -----------------------------------------------------------------
commit 1e1806adce3e82b500e6ed6aed6508f0c63358d5
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Wed Aug 15 07:30:53 2018 +0200
core123: set pakfire version
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 06966f3613b32af90619bc5cd0ee6aaadc9a29dd
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Aug 14 20:39:17 2018 +0100
core123: Ship updated backup.pl
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 84578512f52e62bc994b944f88f1785c73b4d96a
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Tue Aug 14 21:34:38 2018 +0200
Fixes for 'backup.pl' (Bug #11816)
Hi,
Fixes #11816
(https://bugzilla.ipfire.org/show_bug.cgi?id=11816 and
https://bugzilla.ipfire.org/attachment.cgi?id=608):
"[root(a)ipfire ~]# backupctrl exclude
...
tar: The following options were used after any non-optional arguments in
archive create or update mode. These options are positional and affect
only arguments that follow them. Please, rearrange them properly.
tar: --exclude-from '/var/ipfire/backup/exclude.user' has no effect
tar: Exiting with failure status due to previous errors"
Please test - I got no errors anymore.
Best,
Matthias
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 3045fd1b58758a1df5032cf34f465247ad99266b
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Aug 14 20:37:54 2018 +0100
core123: Ship openssl-compat, too
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 2eed2aaa509c6ae5a8f6d0fe7b6ffeeb52353ba5
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Tue Aug 14 20:29:03 2018 +0200
core123: Ship updated openssl
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit d6d070a07a5394f9d6e4d3cd49884ce78c68db62
Merge: a9e611997 2a3dde52f
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Aug 14 19:14:58 2018 +0100
Merge remote-tracking branch 'ms/aws-cli' into next
commit a9e6119972ea3fa61d830fc0fcd8e029c2aedd20
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Aug 14 19:12:53 2018 +0100
openssl: Update to 1.1.0i and 1.0.2p
Changes between 1.1.0h and 1.1.0i [14 Aug 2018]
*) Client DoS due to large DH parameter
During key agreement in a TLS handshake using a DH(E) based ciphersuite a
malicious server can send a very large prime value to the client. This will
cause the client to spend an unreasonably long period of time generating a
key for this prime resulting in a hang until the client has finished. This
could be exploited in a Denial Of Service attack.
This issue was reported to OpenSSL on 5th June 2018 by Guido Vranken
(CVE-2018-0732)
[Guido Vranken]
*) Cache timing vulnerability in RSA Key Generation
The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to
a cache timing side channel attack. An attacker with sufficient access to
mount cache timing attacks during the RSA key generation process could
recover the private key.
This issue was reported to OpenSSL on 4th April 2018 by Alejandro Cabrera
Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis Manuel Alvarez Tapia.
(CVE-2018-0737)
[Billy Brumley]
*) Make EVP_PKEY_asn1_new() a bit stricter about its input. A NULL pem_str
parameter is no longer accepted, as it leads to a corrupt table. NULL
pem_str is reserved for alias entries only.
[Richard Levitte]
*) Revert blinding in ECDSA sign and instead make problematic addition
length-invariant. Switch even to fixed-length Montgomery multiplication.
[Andy Polyakov]
*) Change generating and checking of primes so that the error rate of not
being prime depends on the intended use based on the size of the input.
For larger primes this will result in more rounds of Miller-Rabin.
The maximal error rate for primes with more than 1080 bits is lowered
to 2^-128.
[Kurt Roeckx, Annie Yousar]
*) Increase the number of Miller-Rabin rounds for DSA key generating to 64.
[Kurt Roeckx]
*) Add blinding to ECDSA and DSA signatures to protect against side channel
attacks discovered by Keegan Ryan (NCC Group).
[Matt Caswell]
*) When unlocking a pass phrase protected PEM file or PKCS#8 container, we
now allow empty (zero character) pass phrases.
[Richard Levitte]
*) Certificate time validation (X509_cmp_time) enforces stricter
compliance with RFC 5280. Fractional seconds and timezone offsets
are no longer allowed.
[Emilia Käsper]
*) Fixed a text canonicalisation bug in CMS
Where a CMS detached signature is used with text content the text goes
through a canonicalisation process first prior to signing or verifying a
signature. This process strips trailing space at the end of lines, converts
line terminators to CRLF and removes additional trailing line terminators
at the end of a file. A bug in the canonicalisation process meant that
some characters, such as form-feed, were incorrectly treated as whitespace
and removed. This is contrary to the specification (RFC5485). This fix
could mean that detached text data signed with an earlier version of
OpenSSL 1.1.0 may fail to verify using the fixed version, or text data
signed with a fixed OpenSSL may fail to verify with an earlier version of
OpenSSL 1.1.0. A workaround is to only verify the canonicalised text data
and use the "-binary" flag (for the "cms" command line application) or set
the SMIME_BINARY/PKCS7_BINARY/CMS_BINARY flags (if using CMS_verify()).
[Matt Caswell]
Changes between 1.0.2o and 1.0.2p [14 Aug 2018]
*) Client DoS due to large DH parameter
During key agreement in a TLS handshake using a DH(E) based ciphersuite a
malicious server can send a very large prime value to the client. This will
cause the client to spend an unreasonably long period of time generating a
key for this prime resulting in a hang until the client has finished. This
could be exploited in a Denial Of Service attack.
This issue was reported to OpenSSL on 5th June 2018 by Guido Vranken
(CVE-2018-0732)
[Guido Vranken]
*) Cache timing vulnerability in RSA Key Generation
The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to
a cache timing side channel attack. An attacker with sufficient access to
mount cache timing attacks during the RSA key generation process could
recover the private key.
This issue was reported to OpenSSL on 4th April 2018 by Alejandro Cabrera
Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis Manuel Alvarez Tapia.
(CVE-2018-0737)
[Billy Brumley]
*) Make EVP_PKEY_asn1_new() a bit stricter about its input. A NULL pem_str
parameter is no longer accepted, as it leads to a corrupt table. NULL
pem_str is reserved for alias entries only.
[Richard Levitte]
*) Revert blinding in ECDSA sign and instead make problematic addition
length-invariant. Switch even to fixed-length Montgomery multiplication.
[Andy Polyakov]
*) Change generating and checking of primes so that the error rate of not
being prime depends on the intended use based on the size of the input.
For larger primes this will result in more rounds of Miller-Rabin.
The maximal error rate for primes with more than 1080 bits is lowered
to 2^-128.
[Kurt Roeckx, Annie Yousar]
*) Increase the number of Miller-Rabin rounds for DSA key generating to 64.
[Kurt Roeckx]
*) Add blinding to ECDSA and DSA signatures to protect against side channel
attacks discovered by Keegan Ryan (NCC Group).
[Matt Caswell]
*) When unlocking a pass phrase protected PEM file or PKCS#8 container, we
now allow empty (zero character) pass phrases.
[Richard Levitte]
*) Certificate time validation (X509_cmp_time) enforces stricter
compliance with RFC 5280. Fractional seconds and timezone offsets
are no longer allowed.
[Emilia Käsper]
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 2a3dde52f796adfda5e9f0e119c85e4d0ac1becb
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Aug 14 15:13:24 2018 +0100
python3-s3transfer: Fix rootfile
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit faa5472a2e75d69946c8321f09ee5c34f601d73b
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Aug 14 14:52:33 2018 +0100
python3-pyasn1: New package as required by aws-cli
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit d45d524725eb0c9578c71d4fa8353ef44407c780
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Aug 14 14:44:30 2018 +0100
python3-rsa: New package as required by aws-cli
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 953f6f7332be90e69390a88dcb1e41598832e4c3
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Aug 14 14:38:11 2018 +0100
python3-s3transfer: New package as required by aws-cli
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit d2da17a182196d3cb2dad4b887d35fc67f679cb9
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Aug 14 14:19:33 2018 +0100
python3-yaml: New paclage as required by aws-cli
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 041d2116c0551a401322e488c487f7627ce493a2
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Aug 14 14:11:38 2018 +0100
python3-docutils: New package as required by aws-cli
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit a33ca4cc6f055dde3170935d240b217746ad4350
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Aug 14 14:04:03 2018 +0100
python3-colorama: New package as required by aws-cli
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit d48ea6b5a758c592cd157a65ffcd0e2bc4bc1c76
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Aug 14 13:57:02 2018 +0100
python3-jmespath: New package as required by python3-botocore
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 9e25fe5c1b068e6d20cc42108f7431792995c51c
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Aug 14 13:18:00 2018 +0100
python3-six: New package as required by python3-dateutil
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit e0a05a80598530a5d16edcf7ecfc1c70b4487eb5
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Aug 14 13:13:07 2018 +0100
python3-dateutil: New package required by python3-botocore
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 4ab80c5daff0f433ca71529b0b60b691cfbc0e70
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Aug 14 12:54:23 2018 +0100
python3-botocore: Required by aws-cli
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 280ee7e767953cd55ad266405f68c04d84607d6f
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Aug 14 12:45:38 2018 +0100
aws-cli: New package
Needed to communicate with AWS services like EC2, S3, etc...
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit f2f0d61fc1ecaff1f13ece1c0f85d2adbe2ba347
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Tue Aug 14 12:01:53 2018 +0200
logs.cgi/ids.dat: Rework linking to external rule documentation.
Check if the sid of a rule belongs to sourcefire and link to the
changed URL for gathering more details. If the sid of the rule belongs
to emergingthreads now link to the emergingthreads documentation.
Fixes #11806.
Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 89f634ff9ed358a72c28330f643d5c128bc21b20
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Aug 14 08:36:19 2018 +0100
Rootfile update
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit df74fcbff940c9b92cd51be36a5b7c831f9b5292
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Mon Aug 13 19:50:06 2018 +0100
Revert "usbutils: update to 010"
This reverts commit b07b1bef22eae7038e7d0fcba0bfd53813f85258.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 9d0601917f4f5f34ffca3589ed0d85845d5f4a9c
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Mon Aug 13 19:49:58 2018 +0100
Revert "core123: Ship updated usbutils"
This reverts commit a65d07ec6d36a712882294b608e718db2d56b24e.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit d179a9d0a746ba6f763750b0d7a5889ceee37cd5
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Mon Aug 13 19:49:48 2018 +0100
Revert "usbutils: Update rootfile"
This reverts commit 9aefd1ed07eee7d83e5b274d4a83240811f9e091.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 397d627eab8f6fa3e87996902089237f9acd728f
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Mon Aug 13 18:59:10 2018 +0100
Revert "avahi: Build without dbus"
This reverts commit 5221a852e80526d188306b05202e595616f0c065.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 8defa50e7395714930dd3a813ad4c509711c0b57
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Mon Aug 13 12:14:49 2018 +0100
aws: Execute user-data script while we have networking up
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 3d0e252e35ad404529797b3c52232ca52c378f93
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Sat Aug 11 14:45:56 2018 +0200
intel-microcode: update to 20180807
fixes #11590
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 98ce8975201d48754c89fb2c476571d99d9ae109
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Fri Aug 10 12:20:38 2018 +0100
avahi: Bump package version
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 5221a852e80526d188306b05202e595616f0c065
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Fri Aug 10 12:20:06 2018 +0100
avahi: Build without dbus
We don't have any services connected to dbus, so what is the
point of avahi trying to connect to it?
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 4ec7c2936dc06cf3096134e955f4e6ad779c96ae
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Fri Aug 10 12:18:29 2018 +0100
avahi: Build with -U_FORTIFY_SOURCE
Avahi locks up when built with -D_FORTIFY_SOURCE=2
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 467581b8ab2c9a62a2239a7dcea4fe40fe70093c
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Fri Aug 10 11:19:25 2018 +0100
avahi: Update to 0.7
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 6064cd87ccfdccc02baaf17e75184ca378977d1c
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Fri Aug 10 11:08:09 2018 +0100
Revert "avahi: Drop package"
This reverts commit aa6ee515c59cd42b12d69981329a2438e4d6e933.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit ebbca90d70765fac6a42d8ebcc8ec98c1c38f434
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Aug 9 16:28:14 2018 +0100
openssh: Disable password authentication by default
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 7f841117c5377136b85c878fa7252e9a4458a526
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Wed Aug 8 10:26:38 2018 +0200
kernel: fix build on x86_64
oops i deleted a wrong line...
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 07664187ac7323af8cbcce166be6fb5e6786fdca
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Tue Aug 7 19:05:35 2018 +0200
kernel: fix build on armv5tel
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 7529349754e0f99f626a36c895347806fc6f2dd2
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Sun Aug 5 17:19:52 2018 +0200
kernel: apu2 leds: update string for newer bios
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 28b252145a3240caea81d586d3e63db72c573c87
Merge: b403b04a1 4a5068190
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Sun Aug 5 17:19:36 2018 +0200
Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next
commit b403b04a139c02156829d8d21943bc69b2cf0c53
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Sun Aug 5 13:32:36 2018 +0200
initrd: add early microcode load
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 4a50681905af88adb0c4c19e6bc7dfda3dbe3606
Author: Erik Kapfer <erik.kapfer(a)ipfire.org>
Date: Sat Aug 4 13:52:32 2018 +0200
tor: Update to version 0.3.3.9
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 351567966d83908eb3de7108f79c4eab7a37e1e0
Author: Erik Kapfer <erik.kapfer(a)ipfire.org>
Date: Sat Aug 4 13:49:00 2018 +0200
nginx: Update to version 1.15.1
Deleted last slash in --prefix configure option to prevent such -->
https://forum.ipfire.org/viewtopic.php?t=19213#p109787 problems.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit b856ad695a29059939b16789d410ef52448c6160
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Sat Aug 4 08:35:05 2018 +0200
rng-tools: Update to 6.3.1
Bugfix release, for details see:
https://github.com/nhorman/rng-tools/releases
Best,
Matthias
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 1fb7f56e11729f27cab7c5c3349d2c05a8e41a53
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sat Aug 4 13:39:00 2018 +0100
make.sh: Add command to update list of contributors
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 79bcc6f769eff10558db6a2c5d7247e5ced508bb
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Fri Aug 3 16:13:12 2018 +0200
collectd: fix cpufreq plugin enable
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit f32cbd89d9990b2a1017b7ad19ba98f8d38a5c11
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Jul 31 16:23:07 2018 +0100
backup: Bump release number in ISO download script
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit b5a1294c987be0f81b597ea2abca563b26118927
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Thu Aug 2 21:15:11 2018 +0200
linux-firmware: update to 30.7.2018
include new amd microcodes for Spectre updates
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 0cf70cae66593ce985d22b05d0be95c5b43b0565
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Mon Jul 30 16:54:50 2018 +0100
aws: Disable SSH password authentication by default
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit a580a31c0ff5c596027b4e942869e4e7342f2de6
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Jul 26 14:46:53 2018 +0100
core123: Ship and restart squid and apache
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 51099ddfd7a497d535662a93362e774ba30fe1ca
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Tue Jul 17 20:50:41 2018 +0200
squid: Update to 3.5.28
For details see:
http://www.squid-cache.org/Versions/v3/3.5/changesets/
Best,
Matthias
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 64add19dfe8ecef092679871eac1d56560e2b0f5
Author: Wolfgang Apolinarski <wolfgang.apolinarski(a)ipfire.org>
Date: Tue Jul 17 20:13:30 2018 +0200
Apache: Update to 2.4.34
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 4e4c122c58349a9cf7e496b1e61ea3f55e070681
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Fri Jul 20 16:19:46 2018 +0100
aws: Add support for a script that can be executed at first boot
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit ba06294341bffb06c2842128fa52978e79fe972c
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Jul 17 18:05:07 2018 +0100
aws: Always exit the init script cleanly
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 04441d8a3c582aaed2a34f65934dfb7bda28b7e2
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Fri Jul 20 14:21:36 2018 +0000
asterisk: Don't optimise for builder
Asterisk enables -march=native which renders the code
incompatible to most systems.
Fixes: #11793
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
-----------------------------------------------------------------------
hooks/post-receive
--
IPFire 2.x development tree