From: Arne Fitzenreiter <git@ipfire.org>
To: ipfire-scm@lists.ipfire.org
Subject: [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 8a001e556c02af3f34eacead4e8a44f482a67509
Date: Wed, 28 Aug 2019 09:19:42 +0100 [thread overview]
Message-ID: <20190828081943.277EC60B08@people01.haj.ipfire.org> (raw)
[-- Attachment #1: Type: text/plain, Size: 9984 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via 8a001e556c02af3f34eacead4e8a44f482a67509 (commit)
via 2b20d0cfc630dc76fe4742634417ea6e006ccc1a (commit)
via cf2aa683a96a03f75e0f0ec7b7517e0e63487722 (commit)
via 84d5f2faf95c21d9ba9e94cad4aa90a60c4610d8 (commit)
via 4f66bad48822e84933483ed9de2a30e358298c43 (commit)
from 16bd7e43c1574fdef0f7729bdfc4928baf084d12 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 8a001e556c02af3f34eacead4e8a44f482a67509
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Fri Aug 23 18:53:39 2019 +0200
dhcpcd: Update to 8.0.3
https://roy.marples.name/blog/dhcpcd-8-0-3-released
"DHCP: Work with IP headers with options
script: Assert that env string are correctly terminated
script: Terminate env strings with no value
script: Don't attempt to use an invalid env string
route: Fix NULL deference error when using static routes
ARP: Respect IFF_NOARP
DHCP: Add support for ARPHRD_NONE interfaces
DHCP: Allow full DHCP support for PtP interfaces, but not by default
DragonFlyBSD: 500704 announces IPv6 address flag changes
control: sends correct buffer to listeners"
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 2b20d0cfc630dc76fe4742634417ea6e006ccc1a
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Fri Aug 23 18:49:04 2019 +0200
clamav: Update to 0.101.4
For details see:
https://blog.clamav.net/2019/08/clamav-01014-security-patch-release-has.html
"An out of bounds write was possible within ClamAV's NSIS bzip2
library when attempting decompression in cases where the number
of selectors exceeded the max limit set by the library (CVE-2019-12900).
The issue has been resolved by respecting that limit.
Thanks to Martin Simmons for reporting the issue here.
The zip bomb vulnerability mitigated in 0.101.3 has been assigned
the CVE identifier CVE-2019-12625. Unfortunately, a workaround for
the zip-bomb mitigation was immediately identified. To remediate
the zip-bomb scan time issue, a scan time limit has been introduced
in 0.101.4.
This limit now resolves ClamAV's vulnerability to CVE-2019-12625."
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit cf2aa683a96a03f75e0f0ec7b7517e0e63487722
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Fri Aug 23 18:42:43 2019 +0200
bind: Update to 9.11.10
For details see:
https://downloads.isc.org/isc/bind9/9.11.10/RELEASE-NOTES-bind-9.11.10.html
"Security Fixes
A race condition could trigger an assertion failure when a large
number of incoming packets were being rejected.
This flaw is disclosed in CVE-2019-6471. [GL #942]"
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 84d5f2faf95c21d9ba9e94cad4aa90a60c4610d8
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Aug 22 21:45:29 2019 +0000
freeradius: Add a logrotate configuration file
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 4f66bad48822e84933483ed9de2a30e358298c43
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Aug 22 21:09:24 2019 +0000
dnsdist: Increase number of open files to 64k
dnsdist might need to open large number of connections
and therefore the default limit of 1024 needs to be
raised.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
config/freeradius/logrotate | 11 +++++++++++
config/rootfiles/common/bind | 12 +++++++-----
lfs/bind | 4 ++--
lfs/clamav | 6 +++---
lfs/dhcpcd | 4 ++--
lfs/dnsdist | 2 +-
lfs/freeradius | 7 ++++++-
src/initscripts/packages/dnsdist | 5 +++++
8 files changed, 37 insertions(+), 14 deletions(-)
create mode 100644 config/freeradius/logrotate
Difference in files:
diff --git a/config/freeradius/logrotate b/config/freeradius/logrotate
new file mode 100644
index 000000000..ad8d43577
--- /dev/null
+++ b/config/freeradius/logrotate
@@ -0,0 +1,11 @@
+/var/log/radius/*.log /var/log/radius/radacct/*/* {
+ weekly
+ rotate 4
+ copytruncate
+ compress
+ notifempty
+ missingok
+ postrotate
+ /etc/init.d/freeradius reload &>/dev/null || true
+ endscript
+}
diff --git a/config/rootfiles/common/bind b/config/rootfiles/common/bind
index 40babe862..2b67a039c 100644
--- a/config/rootfiles/common/bind
+++ b/config/rootfiles/common/bind
@@ -128,6 +128,7 @@ usr/bin/nsupdate
#usr/include/isc/crc64.h
#usr/include/isc/deprecated.h
#usr/include/isc/dir.h
+#usr/include/isc/endian.h
#usr/include/isc/entropy.h
#usr/include/isc/errno.h
#usr/include/isc/error.h
@@ -192,6 +193,7 @@ usr/bin/nsupdate
#usr/include/isc/serial.h
#usr/include/isc/sha1.h
#usr/include/isc/sha2.h
+#usr/include/isc/siphash.h
#usr/include/isc/sockaddr.h
#usr/include/isc/socket.h
#usr/include/isc/stat.h
@@ -266,15 +268,15 @@ usr/bin/nsupdate
#usr/lib/libbind9.la
#usr/lib/libbind9.so
usr/lib/libbind9.so.161
-usr/lib/libbind9.so.161.0.2
+usr/lib/libbind9.so.161.0.3
#usr/lib/libdns.la
#usr/lib/libdns.so
-usr/lib/libdns.so.1106
-usr/lib/libdns.so.1106.0.2
+usr/lib/libdns.so.1107
+usr/lib/libdns.so.1107.0.0
#usr/lib/libisc.la
#usr/lib/libisc.so
usr/lib/libisc.so.1100
-usr/lib/libisc.so.1100.2.0
+usr/lib/libisc.so.1100.3.0
#usr/lib/libisccc.la
#usr/lib/libisccc.so
usr/lib/libisccc.so.161
@@ -282,7 +284,7 @@ usr/lib/libisccc.so.161.0.1
#usr/lib/libisccfg.la
#usr/lib/libisccfg.so
usr/lib/libisccfg.so.163
-usr/lib/libisccfg.so.163.0.1
+usr/lib/libisccfg.so.163.0.2
#usr/lib/liblwres.la
#usr/lib/liblwres.so
usr/lib/liblwres.so.161
diff --git a/lfs/bind b/lfs/bind
index d893f8510..46f935903 100644
--- a/lfs/bind
+++ b/lfs/bind
@@ -25,7 +25,7 @@
include Config
-VER = 9.11.9
+VER = 9.11.10
THISAPP = bind-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -43,7 +43,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 8acbca69b32074ab326ac46cb2288041
+$(DL_FILE)_MD5 = d337c24bac0bb0d83470cd0021366bd0
install : $(TARGET)
diff --git a/lfs/clamav b/lfs/clamav
index d6f8164b7..aa7715763 100644
--- a/lfs/clamav
+++ b/lfs/clamav
@@ -24,7 +24,7 @@
include Config
-VER = 0.101.3
+VER = 0.101.4
THISAPP = clamav-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = clamav
-PAK_VER = 45
+PAK_VER = 46
DEPS = ""
@@ -50,7 +50,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 1981c5bd299c1f3cbf3f74095a00524c
+$(DL_FILE)_MD5 = b6e6891035ce3e3f35830154bd280311
install : $(TARGET)
diff --git a/lfs/dhcpcd b/lfs/dhcpcd
index 20501f22b..18d8ee4b7 100644
--- a/lfs/dhcpcd
+++ b/lfs/dhcpcd
@@ -24,7 +24,7 @@
include Config
-VER = 8.0.2
+VER = 8.0.3
THISAPP = dhcpcd-$(VER)
DL_FILE = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = c0375a1f725f1c191b43af60e4f7175b
+$(DL_FILE)_MD5 = 182d506dd88773aec017d93a22d0f025
install : $(TARGET)
diff --git a/lfs/dnsdist b/lfs/dnsdist
index 5963c5acd..6a52f0f47 100644
--- a/lfs/dnsdist
+++ b/lfs/dnsdist
@@ -33,7 +33,7 @@ DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
SUP_ARCH = x86_64 i586
PROG = dnsdist
-PAK_VER = 2
+PAK_VER = 3
DEPS = ""
diff --git a/lfs/freeradius b/lfs/freeradius
index 21f6c0ad2..4afe55f18 100644
--- a/lfs/freeradius
+++ b/lfs/freeradius
@@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = freeradius
-PAK_VER = 7
+PAK_VER = 8
DEPS = "samba"
@@ -141,6 +141,11 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
install -v -m 644 $(DIR_SRC)/config/backup/includes/freeradius \
/var/ipfire/backup/addons/includes/freeradius
+ # Logrotate
+ -mkdir -pv /etc/logrotate.d
+ install -v -m 644 $(DIR_SRC)/config/freeradius/logrotate \
+ /etc/logrotate.d/freeradius
+
#install initscripts
$(call INSTALL_INITSCRIPT,freeradius)
diff --git a/src/initscripts/packages/dnsdist b/src/initscripts/packages/dnsdist
index a70bd3806..c94f429ab 100644
--- a/src/initscripts/packages/dnsdist
+++ b/src/initscripts/packages/dnsdist
@@ -14,6 +14,11 @@
case "${1}" in
start)
boot_mesg "Starting dnsdist..."
+
+ # Increasing maximum number of open files
+ ulimit -n 65536
+
+ # Starting daemon
/usr/bin/dnsdist --supervised ${ARGS} >/dev/null &
evaluate_retval
;;
hooks/post-receive
--
IPFire 2.x development tree
reply other threads:[~2019-08-28 8:19 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190828081943.277EC60B08@people01.haj.ipfire.org \
--to=git@ipfire.org \
--cc=ipfire-scm@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox