From mboxrd@z Thu Jan 1 00:00:00 1970 From: Arne Fitzenreiter To: ipfire-scm@lists.ipfire.org Subject: [git.ipfire.org] IPFire 2.x development tree branch, core123, created. 1e1806adce3e82b500e6ed6aed6508f0c63358d5 Date: Wed, 15 Aug 2018 06:33:53 +0100 Message-ID: <20180815053353.8F2CF1081BD3@git01.ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============5148330250137443938==" List-Id: --===============5148330250137443938== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree". The branch, core123 has been created at 1e1806adce3e82b500e6ed6aed6508f0c63358d5 (commit) - Log ----------------------------------------------------------------- commit 1e1806adce3e82b500e6ed6aed6508f0c63358d5 Author: Arne Fitzenreiter Date: Wed Aug 15 07:30:53 2018 +0200 core123: set pakfire version =20 Signed-off-by: Arne Fitzenreiter commit 06966f3613b32af90619bc5cd0ee6aaadc9a29dd Author: Michael Tremer Date: Tue Aug 14 20:39:17 2018 +0100 core123: Ship updated backup.pl =20 Signed-off-by: Michael Tremer commit 84578512f52e62bc994b944f88f1785c73b4d96a Author: Matthias Fischer Date: Tue Aug 14 21:34:38 2018 +0200 Fixes for 'backup.pl' (Bug #11816) =20 Hi, =20 Fixes #11816 (https://bugzilla.ipfire.org/show_bug.cgi?id=3D11816 and https://bugzilla.ipfire.org/attachment.cgi?id=3D608): =20 "[root(a)ipfire ~]# backupctrl exclude ... tar: The following options were used after any non-optional arguments in archive create or update mode. These options are positional and affect only arguments that follow them. Please, rearrange them properly. tar: --exclude-from '/var/ipfire/backup/exclude.user' has no effect tar: Exiting with failure status due to previous errors" =20 Please test - I got no errors anymore. =20 Best, Matthias =20 Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit 3045fd1b58758a1df5032cf34f465247ad99266b Author: Michael Tremer Date: Tue Aug 14 20:37:54 2018 +0100 core123: Ship openssl-compat, too =20 Signed-off-by: Michael Tremer commit 2eed2aaa509c6ae5a8f6d0fe7b6ffeeb52353ba5 Author: Arne Fitzenreiter Date: Tue Aug 14 20:29:03 2018 +0200 core123: Ship updated openssl =20 Signed-off-by: Arne Fitzenreiter commit d6d070a07a5394f9d6e4d3cd49884ce78c68db62 Merge: a9e611997 2a3dde52f Author: Michael Tremer Date: Tue Aug 14 19:14:58 2018 +0100 Merge remote-tracking branch 'ms/aws-cli' into next commit a9e6119972ea3fa61d830fc0fcd8e029c2aedd20 Author: Michael Tremer Date: Tue Aug 14 19:12:53 2018 +0100 openssl: Update to 1.1.0i and 1.0.2p =20 Changes between 1.1.0h and 1.1.0i [14 Aug 2018] =20 *) Client DoS due to large DH parameter =20 During key agreement in a TLS handshake using a DH(E) based ciphersu= ite a malicious server can send a very large prime value to the client. Th= is will cause the client to spend an unreasonably long period of time genera= ting a key for this prime resulting in a hang until the client has finished= . This could be exploited in a Denial Of Service attack. =20 This issue was reported to OpenSSL on 5th June 2018 by Guido Vranken (CVE-2018-0732) [Guido Vranken] =20 *) Cache timing vulnerability in RSA Key Generation =20 The OpenSSL RSA Key generation algorithm has been shown to be vulner= able to a cache timing side channel attack. An attacker with sufficient acce= ss to mount cache timing attacks during the RSA key generation process cou= ld recover the private key. =20 This issue was reported to OpenSSL on 4th April 2018 by Alejandro Ca= brera Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis Manuel Alvarez = Tapia. (CVE-2018-0737) [Billy Brumley] =20 *) Make EVP_PKEY_asn1_new() a bit stricter about its input. A NULL pem= _str parameter is no longer accepted, as it leads to a corrupt table. NU= LL pem_str is reserved for alias entries only. [Richard Levitte] =20 *) Revert blinding in ECDSA sign and instead make problematic addition length-invariant. Switch even to fixed-length Montgomery multiplicat= ion. [Andy Polyakov] =20 *) Change generating and checking of primes so that the error rate of n= ot being prime depends on the intended use based on the size of the inp= ut. For larger primes this will result in more rounds of Miller-Rabin. The maximal error rate for primes with more than 1080 bits is lowered to 2^-128. [Kurt Roeckx, Annie Yousar] =20 *) Increase the number of Miller-Rabin rounds for DSA key generating to= 64. [Kurt Roeckx] =20 *) Add blinding to ECDSA and DSA signatures to protect against side cha= nnel attacks discovered by Keegan Ryan (NCC Group). [Matt Caswell] =20 *) When unlocking a pass phrase protected PEM file or PKCS#8 container,= we now allow empty (zero character) pass phrases. [Richard Levitte] =20 *) Certificate time validation (X509_cmp_time) enforces stricter compliance with RFC 5280. Fractional seconds and timezone offsets are no longer allowed. [Emilia K=C3=A4sper] =20 *) Fixed a text canonicalisation bug in CMS =20 Where a CMS detached signature is used with text content the text go= es through a canonicalisation process first prior to signing or verifyi= ng a signature. This process strips trailing space at the end of lines, c= onverts line terminators to CRLF and removes additional trailing line termin= ators at the end of a file. A bug in the canonicalisation process meant th= at some characters, such as form-feed, were incorrectly treated as whit= espace and removed. This is contrary to the specification (RFC5485). This f= ix could mean that detached text data signed with an earlier version of OpenSSL 1.1.0 may fail to verify using the fixed version, or text da= ta signed with a fixed OpenSSL may fail to verify with an earlier versi= on of OpenSSL 1.1.0. A workaround is to only verify the canonicalised text= data and use the "-binary" flag (for the "cms" command line application) = or set the SMIME_BINARY/PKCS7_BINARY/CMS_BINARY flags (if using CMS_verify(= )). [Matt Caswell] =20 Changes between 1.0.2o and 1.0.2p [14 Aug 2018] =20 *) Client DoS due to large DH parameter =20 During key agreement in a TLS handshake using a DH(E) based ciphersu= ite a malicious server can send a very large prime value to the client. Th= is will cause the client to spend an unreasonably long period of time genera= ting a key for this prime resulting in a hang until the client has finished= . This could be exploited in a Denial Of Service attack. =20 This issue was reported to OpenSSL on 5th June 2018 by Guido Vranken (CVE-2018-0732) [Guido Vranken] =20 *) Cache timing vulnerability in RSA Key Generation =20 The OpenSSL RSA Key generation algorithm has been shown to be vulner= able to a cache timing side channel attack. An attacker with sufficient acce= ss to mount cache timing attacks during the RSA key generation process cou= ld recover the private key. =20 This issue was reported to OpenSSL on 4th April 2018 by Alejandro Ca= brera Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis Manuel Alvarez = Tapia. (CVE-2018-0737) [Billy Brumley] =20 *) Make EVP_PKEY_asn1_new() a bit stricter about its input. A NULL pem= _str parameter is no longer accepted, as it leads to a corrupt table. NU= LL pem_str is reserved for alias entries only. [Richard Levitte] =20 *) Revert blinding in ECDSA sign and instead make problematic addition length-invariant. Switch even to fixed-length Montgomery multiplicat= ion. [Andy Polyakov] =20 *) Change generating and checking of primes so that the error rate of n= ot being prime depends on the intended use based on the size of the inp= ut. For larger primes this will result in more rounds of Miller-Rabin. The maximal error rate for primes with more than 1080 bits is lowered to 2^-128. [Kurt Roeckx, Annie Yousar] =20 *) Increase the number of Miller-Rabin rounds for DSA key generating to= 64. [Kurt Roeckx] =20 *) Add blinding to ECDSA and DSA signatures to protect against side cha= nnel attacks discovered by Keegan Ryan (NCC Group). [Matt Caswell] =20 *) When unlocking a pass phrase protected PEM file or PKCS#8 container,= we now allow empty (zero character) pass phrases. [Richard Levitte] =20 *) Certificate time validation (X509_cmp_time) enforces stricter compliance with RFC 5280. Fractional seconds and timezone offsets are no longer allowed. [Emilia K=C3=A4sper] =20 Signed-off-by: Michael Tremer commit 2a3dde52f796adfda5e9f0e119c85e4d0ac1becb Author: Michael Tremer Date: Tue Aug 14 15:13:24 2018 +0100 python3-s3transfer: Fix rootfile =20 Signed-off-by: Michael Tremer commit faa5472a2e75d69946c8321f09ee5c34f601d73b Author: Michael Tremer Date: Tue Aug 14 14:52:33 2018 +0100 python3-pyasn1: New package as required by aws-cli =20 Signed-off-by: Michael Tremer commit d45d524725eb0c9578c71d4fa8353ef44407c780 Author: Michael Tremer Date: Tue Aug 14 14:44:30 2018 +0100 python3-rsa: New package as required by aws-cli =20 Signed-off-by: Michael Tremer commit 953f6f7332be90e69390a88dcb1e41598832e4c3 Author: Michael Tremer Date: Tue Aug 14 14:38:11 2018 +0100 python3-s3transfer: New package as required by aws-cli =20 Signed-off-by: Michael Tremer commit d2da17a182196d3cb2dad4b887d35fc67f679cb9 Author: Michael Tremer Date: Tue Aug 14 14:19:33 2018 +0100 python3-yaml: New paclage as required by aws-cli =20 Signed-off-by: Michael Tremer commit 041d2116c0551a401322e488c487f7627ce493a2 Author: Michael Tremer Date: Tue Aug 14 14:11:38 2018 +0100 python3-docutils: New package as required by aws-cli =20 Signed-off-by: Michael Tremer commit a33ca4cc6f055dde3170935d240b217746ad4350 Author: Michael Tremer Date: Tue Aug 14 14:04:03 2018 +0100 python3-colorama: New package as required by aws-cli =20 Signed-off-by: Michael Tremer commit d48ea6b5a758c592cd157a65ffcd0e2bc4bc1c76 Author: Michael Tremer Date: Tue Aug 14 13:57:02 2018 +0100 python3-jmespath: New package as required by python3-botocore =20 Signed-off-by: Michael Tremer commit 9e25fe5c1b068e6d20cc42108f7431792995c51c Author: Michael Tremer Date: Tue Aug 14 13:18:00 2018 +0100 python3-six: New package as required by python3-dateutil =20 Signed-off-by: Michael Tremer commit e0a05a80598530a5d16edcf7ecfc1c70b4487eb5 Author: Michael Tremer Date: Tue Aug 14 13:13:07 2018 +0100 python3-dateutil: New package required by python3-botocore =20 Signed-off-by: Michael Tremer commit 4ab80c5daff0f433ca71529b0b60b691cfbc0e70 Author: Michael Tremer Date: Tue Aug 14 12:54:23 2018 +0100 python3-botocore: Required by aws-cli =20 Signed-off-by: Michael Tremer commit 280ee7e767953cd55ad266405f68c04d84607d6f Author: Michael Tremer Date: Tue Aug 14 12:45:38 2018 +0100 aws-cli: New package =20 Needed to communicate with AWS services like EC2, S3, etc... =20 Signed-off-by: Michael Tremer commit f2f0d61fc1ecaff1f13ece1c0f85d2adbe2ba347 Author: Stefan Schantl Date: Tue Aug 14 12:01:53 2018 +0200 logs.cgi/ids.dat: Rework linking to external rule documentation. =20 Check if the sid of a rule belongs to sourcefire and link to the changed URL for gathering more details. If the sid of the rule belongs to emergingthreads now link to the emergingthreads documentation. =20 Fixes #11806. =20 Signed-off-by: Stefan Schantl Signed-off-by: Michael Tremer commit 89f634ff9ed358a72c28330f643d5c128bc21b20 Author: Michael Tremer Date: Tue Aug 14 08:36:19 2018 +0100 Rootfile update =20 Signed-off-by: Michael Tremer commit df74fcbff940c9b92cd51be36a5b7c831f9b5292 Author: Michael Tremer Date: Mon Aug 13 19:50:06 2018 +0100 Revert "usbutils: update to 010" =20 This reverts commit b07b1bef22eae7038e7d0fcba0bfd53813f85258. =20 Signed-off-by: Michael Tremer commit 9d0601917f4f5f34ffca3589ed0d85845d5f4a9c Author: Michael Tremer Date: Mon Aug 13 19:49:58 2018 +0100 Revert "core123: Ship updated usbutils" =20 This reverts commit a65d07ec6d36a712882294b608e718db2d56b24e. =20 Signed-off-by: Michael Tremer commit d179a9d0a746ba6f763750b0d7a5889ceee37cd5 Author: Michael Tremer Date: Mon Aug 13 19:49:48 2018 +0100 Revert "usbutils: Update rootfile" =20 This reverts commit 9aefd1ed07eee7d83e5b274d4a83240811f9e091. =20 Signed-off-by: Michael Tremer commit 397d627eab8f6fa3e87996902089237f9acd728f Author: Michael Tremer Date: Mon Aug 13 18:59:10 2018 +0100 Revert "avahi: Build without dbus" =20 This reverts commit 5221a852e80526d188306b05202e595616f0c065. =20 Signed-off-by: Michael Tremer commit 8defa50e7395714930dd3a813ad4c509711c0b57 Author: Michael Tremer Date: Mon Aug 13 12:14:49 2018 +0100 aws: Execute user-data script while we have networking up =20 Signed-off-by: Michael Tremer commit 3d0e252e35ad404529797b3c52232ca52c378f93 Author: Arne Fitzenreiter Date: Sat Aug 11 14:45:56 2018 +0200 intel-microcode: update to 20180807 =20 fixes #11590 =20 Signed-off-by: Arne Fitzenreiter commit 98ce8975201d48754c89fb2c476571d99d9ae109 Author: Michael Tremer Date: Fri Aug 10 12:20:38 2018 +0100 avahi: Bump package version =20 Signed-off-by: Michael Tremer commit 5221a852e80526d188306b05202e595616f0c065 Author: Michael Tremer Date: Fri Aug 10 12:20:06 2018 +0100 avahi: Build without dbus =20 We don't have any services connected to dbus, so what is the point of avahi trying to connect to it? =20 Signed-off-by: Michael Tremer commit 4ec7c2936dc06cf3096134e955f4e6ad779c96ae Author: Michael Tremer Date: Fri Aug 10 12:18:29 2018 +0100 avahi: Build with -U_FORTIFY_SOURCE =20 Avahi locks up when built with -D_FORTIFY_SOURCE=3D2 =20 Signed-off-by: Michael Tremer commit 467581b8ab2c9a62a2239a7dcea4fe40fe70093c Author: Michael Tremer Date: Fri Aug 10 11:19:25 2018 +0100 avahi: Update to 0.7 =20 Signed-off-by: Michael Tremer commit 6064cd87ccfdccc02baaf17e75184ca378977d1c Author: Michael Tremer Date: Fri Aug 10 11:08:09 2018 +0100 Revert "avahi: Drop package" =20 This reverts commit aa6ee515c59cd42b12d69981329a2438e4d6e933. =20 Signed-off-by: Michael Tremer commit ebbca90d70765fac6a42d8ebcc8ec98c1c38f434 Author: Michael Tremer Date: Thu Aug 9 16:28:14 2018 +0100 openssh: Disable password authentication by default =20 Signed-off-by: Michael Tremer commit 7f841117c5377136b85c878fa7252e9a4458a526 Author: Arne Fitzenreiter Date: Wed Aug 8 10:26:38 2018 +0200 kernel: fix build on x86_64 =20 oops i deleted a wrong line... =20 Signed-off-by: Arne Fitzenreiter commit 07664187ac7323af8cbcce166be6fb5e6786fdca Author: Arne Fitzenreiter Date: Tue Aug 7 19:05:35 2018 +0200 kernel: fix build on armv5tel =20 Signed-off-by: Arne Fitzenreiter commit 7529349754e0f99f626a36c895347806fc6f2dd2 Author: Arne Fitzenreiter Date: Sun Aug 5 17:19:52 2018 +0200 kernel: apu2 leds: update string for newer bios =20 Signed-off-by: Arne Fitzenreiter commit 28b252145a3240caea81d586d3e63db72c573c87 Merge: b403b04a1 4a5068190 Author: Arne Fitzenreiter Date: Sun Aug 5 17:19:36 2018 +0200 Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next commit b403b04a139c02156829d8d21943bc69b2cf0c53 Author: Arne Fitzenreiter Date: Sun Aug 5 13:32:36 2018 +0200 initrd: add early microcode load =20 Signed-off-by: Arne Fitzenreiter commit 4a50681905af88adb0c4c19e6bc7dfda3dbe3606 Author: Erik Kapfer Date: Sat Aug 4 13:52:32 2018 +0200 tor: Update to version 0.3.3.9 =20 Signed-off-by: Michael Tremer commit 351567966d83908eb3de7108f79c4eab7a37e1e0 Author: Erik Kapfer Date: Sat Aug 4 13:49:00 2018 +0200 nginx: Update to version 1.15.1 =20 Deleted last slash in --prefix configure option to prevent such --> https://forum.ipfire.org/viewtopic.php?t=3D19213#p109787 problems. =20 Signed-off-by: Michael Tremer commit b856ad695a29059939b16789d410ef52448c6160 Author: Matthias Fischer Date: Sat Aug 4 08:35:05 2018 +0200 rng-tools: Update to 6.3.1 =20 Bugfix release, for details see: https://github.com/nhorman/rng-tools/releases =20 Best, Matthias =20 Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit 1fb7f56e11729f27cab7c5c3349d2c05a8e41a53 Author: Michael Tremer Date: Sat Aug 4 13:39:00 2018 +0100 make.sh: Add command to update list of contributors =20 Signed-off-by: Michael Tremer commit 79bcc6f769eff10558db6a2c5d7247e5ced508bb Author: Arne Fitzenreiter Date: Fri Aug 3 16:13:12 2018 +0200 collectd: fix cpufreq plugin enable =20 Signed-off-by: Arne Fitzenreiter commit f32cbd89d9990b2a1017b7ad19ba98f8d38a5c11 Author: Michael Tremer Date: Tue Jul 31 16:23:07 2018 +0100 backup: Bump release number in ISO download script =20 Signed-off-by: Michael Tremer commit b5a1294c987be0f81b597ea2abca563b26118927 Author: Arne Fitzenreiter Date: Thu Aug 2 21:15:11 2018 +0200 linux-firmware: update to 30.7.2018 =20 include new amd microcodes for Spectre updates =20 Signed-off-by: Arne Fitzenreiter commit 0cf70cae66593ce985d22b05d0be95c5b43b0565 Author: Michael Tremer Date: Mon Jul 30 16:54:50 2018 +0100 aws: Disable SSH password authentication by default =20 Signed-off-by: Michael Tremer commit a580a31c0ff5c596027b4e942869e4e7342f2de6 Author: Michael Tremer Date: Thu Jul 26 14:46:53 2018 +0100 core123: Ship and restart squid and apache =20 Signed-off-by: Michael Tremer commit 51099ddfd7a497d535662a93362e774ba30fe1ca Author: Matthias Fischer Date: Tue Jul 17 20:50:41 2018 +0200 squid: Update to 3.5.28 =20 For details see: http://www.squid-cache.org/Versions/v3/3.5/changesets/ =20 Best, Matthias =20 Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit 64add19dfe8ecef092679871eac1d56560e2b0f5 Author: Wolfgang Apolinarski Date: Tue Jul 17 20:13:30 2018 +0200 Apache: Update to 2.4.34 =20 Signed-off-by: Michael Tremer commit 4e4c122c58349a9cf7e496b1e61ea3f55e070681 Author: Michael Tremer Date: Fri Jul 20 16:19:46 2018 +0100 aws: Add support for a script that can be executed at first boot =20 Signed-off-by: Michael Tremer commit ba06294341bffb06c2842128fa52978e79fe972c Author: Michael Tremer Date: Tue Jul 17 18:05:07 2018 +0100 aws: Always exit the init script cleanly =20 Signed-off-by: Michael Tremer commit 04441d8a3c582aaed2a34f65934dfb7bda28b7e2 Author: Michael Tremer Date: Fri Jul 20 14:21:36 2018 +0000 asterisk: Don't optimise for builder =20 Asterisk enables -march=3Dnative which renders the code incompatible to most systems. =20 Fixes: #11793 =20 Signed-off-by: Michael Tremer ----------------------------------------------------------------------- hooks/post-receive -- IPFire 2.x development tree --===============5148330250137443938==--