From mboxrd@z Thu Jan  1 00:00:00 1970
From: Arne Fitzenreiter <git@ipfire.org>
To: ipfire-scm@lists.ipfire.org
Subject: [git.ipfire.org] IPFire 2.x development tree branch, next, updated.
 8a001e556c02af3f34eacead4e8a44f482a67509
Date: Wed, 28 Aug 2019 09:19:42 +0100
Message-ID: <20190828081943.277EC60B08@people01.haj.ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============8581842934173755460=="
List-Id: <ipfire-scm.lists.ipfire.org>

--===============8581842934173755460==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".

The branch, next has been updated
       via  8a001e556c02af3f34eacead4e8a44f482a67509 (commit)
       via  2b20d0cfc630dc76fe4742634417ea6e006ccc1a (commit)
       via  cf2aa683a96a03f75e0f0ec7b7517e0e63487722 (commit)
       via  84d5f2faf95c21d9ba9e94cad4aa90a60c4610d8 (commit)
       via  4f66bad48822e84933483ed9de2a30e358298c43 (commit)
      from  16bd7e43c1574fdef0f7729bdfc4928baf084d12 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 8a001e556c02af3f34eacead4e8a44f482a67509
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date:   Fri Aug 23 18:53:39 2019 +0200

    dhcpcd: Update to 8.0.3
   =20
    https://roy.marples.name/blog/dhcpcd-8-0-3-released
   =20
    "DHCP: Work with IP headers with options
    script: Assert that env string are correctly terminated
    script: Terminate env strings with no value
    script: Don't attempt to use an invalid env string
    route: Fix NULL deference error when using static routes
    ARP: Respect IFF_NOARP
    DHCP: Add support for ARPHRD_NONE interfaces
    DHCP: Allow full DHCP support for PtP interfaces, but not by default
    DragonFlyBSD: 500704 announces IPv6 address flag changes
    control: sends correct buffer to listeners"
   =20
    Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
    Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>

commit 2b20d0cfc630dc76fe4742634417ea6e006ccc1a
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date:   Fri Aug 23 18:49:04 2019 +0200

    clamav: Update to 0.101.4
   =20
    For details see:
    https://blog.clamav.net/2019/08/clamav-01014-security-patch-release-has.h=
tml
   =20
    "An out of bounds write was possible within ClamAV's NSIS bzip2
    library when attempting decompression in cases where the number
    of selectors exceeded the max limit set by the library (CVE-2019-12900).
    The issue has been resolved by respecting that limit.
   =20
    Thanks to Martin Simmons for reporting the issue here.
   =20
    The zip bomb vulnerability mitigated in 0.101.3 has been assigned
    the CVE identifier CVE-2019-12625. Unfortunately, a workaround for
    the zip-bomb mitigation was immediately identified. To remediate
    the zip-bomb scan time issue, a scan time limit has been introduced
    in 0.101.4.
    This limit now resolves ClamAV's vulnerability to CVE-2019-12625."
   =20
    Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
    Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>

commit cf2aa683a96a03f75e0f0ec7b7517e0e63487722
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date:   Fri Aug 23 18:42:43 2019 +0200

    bind: Update to 9.11.10
   =20
    For details see:
    https://downloads.isc.org/isc/bind9/9.11.10/RELEASE-NOTES-bind-9.11.10.ht=
ml
   =20
    "Security Fixes
   =20
    A race condition could trigger an assertion failure when a large
    number of incoming packets were being rejected.
    This flaw is disclosed in CVE-2019-6471. [GL #942]"
   =20
    Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
    Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>

commit 84d5f2faf95c21d9ba9e94cad4aa90a60c4610d8
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Thu Aug 22 21:45:29 2019 +0000

    freeradius: Add a logrotate configuration file
   =20
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
    Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>

commit 4f66bad48822e84933483ed9de2a30e358298c43
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Thu Aug 22 21:09:24 2019 +0000

    dnsdist: Increase number of open files to 64k
   =20
    dnsdist might need to open large number of connections
    and therefore the default limit of 1024 needs to be
    raised.
   =20
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
    Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>

-----------------------------------------------------------------------

Summary of changes:
 config/freeradius/logrotate      | 11 +++++++++++
 config/rootfiles/common/bind     | 12 +++++++-----
 lfs/bind                         |  4 ++--
 lfs/clamav                       |  6 +++---
 lfs/dhcpcd                       |  4 ++--
 lfs/dnsdist                      |  2 +-
 lfs/freeradius                   |  7 ++++++-
 src/initscripts/packages/dnsdist |  5 +++++
 8 files changed, 37 insertions(+), 14 deletions(-)
 create mode 100644 config/freeradius/logrotate

Difference in files:
diff --git a/config/freeradius/logrotate b/config/freeradius/logrotate
new file mode 100644
index 000000000..ad8d43577
--- /dev/null
+++ b/config/freeradius/logrotate
@@ -0,0 +1,11 @@
+/var/log/radius/*.log /var/log/radius/radacct/*/* {
+    weekly
+    rotate 4
+    copytruncate
+    compress
+    notifempty
+    missingok
+    postrotate
+	/etc/init.d/freeradius reload &>/dev/null || true
+    endscript
+}
diff --git a/config/rootfiles/common/bind b/config/rootfiles/common/bind
index 40babe862..2b67a039c 100644
--- a/config/rootfiles/common/bind
+++ b/config/rootfiles/common/bind
@@ -128,6 +128,7 @@ usr/bin/nsupdate
 #usr/include/isc/crc64.h
 #usr/include/isc/deprecated.h
 #usr/include/isc/dir.h
+#usr/include/isc/endian.h
 #usr/include/isc/entropy.h
 #usr/include/isc/errno.h
 #usr/include/isc/error.h
@@ -192,6 +193,7 @@ usr/bin/nsupdate
 #usr/include/isc/serial.h
 #usr/include/isc/sha1.h
 #usr/include/isc/sha2.h
+#usr/include/isc/siphash.h
 #usr/include/isc/sockaddr.h
 #usr/include/isc/socket.h
 #usr/include/isc/stat.h
@@ -266,15 +268,15 @@ usr/bin/nsupdate
 #usr/lib/libbind9.la
 #usr/lib/libbind9.so
 usr/lib/libbind9.so.161
-usr/lib/libbind9.so.161.0.2
+usr/lib/libbind9.so.161.0.3
 #usr/lib/libdns.la
 #usr/lib/libdns.so
-usr/lib/libdns.so.1106
-usr/lib/libdns.so.1106.0.2
+usr/lib/libdns.so.1107
+usr/lib/libdns.so.1107.0.0
 #usr/lib/libisc.la
 #usr/lib/libisc.so
 usr/lib/libisc.so.1100
-usr/lib/libisc.so.1100.2.0
+usr/lib/libisc.so.1100.3.0
 #usr/lib/libisccc.la
 #usr/lib/libisccc.so
 usr/lib/libisccc.so.161
@@ -282,7 +284,7 @@ usr/lib/libisccc.so.161.0.1
 #usr/lib/libisccfg.la
 #usr/lib/libisccfg.so
 usr/lib/libisccfg.so.163
-usr/lib/libisccfg.so.163.0.1
+usr/lib/libisccfg.so.163.0.2
 #usr/lib/liblwres.la
 #usr/lib/liblwres.so
 usr/lib/liblwres.so.161
diff --git a/lfs/bind b/lfs/bind
index d893f8510..46f935903 100644
--- a/lfs/bind
+++ b/lfs/bind
@@ -25,7 +25,7 @@
=20
 include Config
=20
-VER        =3D 9.11.9
+VER        =3D 9.11.10
=20
 THISAPP    =3D bind-$(VER)
 DL_FILE    =3D $(THISAPP).tar.gz
@@ -43,7 +43,7 @@ objects =3D $(DL_FILE)
=20
 $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE)
=20
-$(DL_FILE)_MD5 =3D 8acbca69b32074ab326ac46cb2288041
+$(DL_FILE)_MD5 =3D d337c24bac0bb0d83470cd0021366bd0
=20
 install : $(TARGET)
=20
diff --git a/lfs/clamav b/lfs/clamav
index d6f8164b7..aa7715763 100644
--- a/lfs/clamav
+++ b/lfs/clamav
@@ -24,7 +24,7 @@
=20
 include Config
=20
-VER        =3D 0.101.3
+VER        =3D 0.101.4
=20
 THISAPP    =3D clamav-$(VER)
 DL_FILE    =3D $(THISAPP).tar.gz
@@ -32,7 +32,7 @@ DL_FROM    =3D $(URL_IPFIRE)
 DIR_APP    =3D $(DIR_SRC)/$(THISAPP)
 TARGET     =3D $(DIR_INFO)/$(THISAPP)
 PROG       =3D clamav
-PAK_VER    =3D 45
+PAK_VER    =3D 46
=20
 DEPS       =3D ""
=20
@@ -50,7 +50,7 @@ objects =3D $(DL_FILE)
=20
 $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE)
=20
-$(DL_FILE)_MD5 =3D 1981c5bd299c1f3cbf3f74095a00524c
+$(DL_FILE)_MD5 =3D b6e6891035ce3e3f35830154bd280311
=20
 install : $(TARGET)
=20
diff --git a/lfs/dhcpcd b/lfs/dhcpcd
index 20501f22b..18d8ee4b7 100644
--- a/lfs/dhcpcd
+++ b/lfs/dhcpcd
@@ -24,7 +24,7 @@
=20
 include Config
=20
-VER        =3D 8.0.2
+VER        =3D 8.0.3
=20
 THISAPP    =3D dhcpcd-$(VER)
 DL_FILE    =3D $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects =3D $(DL_FILE)
=20
 $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE)
=20
-$(DL_FILE)_MD5 =3D c0375a1f725f1c191b43af60e4f7175b
+$(DL_FILE)_MD5 =3D 182d506dd88773aec017d93a22d0f025
=20
 install : $(TARGET)
=20
diff --git a/lfs/dnsdist b/lfs/dnsdist
index 5963c5acd..6a52f0f47 100644
--- a/lfs/dnsdist
+++ b/lfs/dnsdist
@@ -33,7 +33,7 @@ DIR_APP    =3D $(DIR_SRC)/$(THISAPP)
 TARGET     =3D $(DIR_INFO)/$(THISAPP)
 SUP_ARCH   =3D x86_64 i586
 PROG       =3D dnsdist
-PAK_VER    =3D 2
+PAK_VER    =3D 3
=20
 DEPS       =3D ""
=20
diff --git a/lfs/freeradius b/lfs/freeradius
index 21f6c0ad2..4afe55f18 100644
--- a/lfs/freeradius
+++ b/lfs/freeradius
@@ -32,7 +32,7 @@ DL_FROM    =3D $(URL_IPFIRE)
 DIR_APP    =3D $(DIR_SRC)/$(THISAPP)
 TARGET     =3D $(DIR_INFO)/$(THISAPP)
 PROG       =3D freeradius
-PAK_VER    =3D 7
+PAK_VER    =3D 8
=20
 DEPS       =3D "samba"
=20
@@ -141,6 +141,11 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	install -v -m 644 $(DIR_SRC)/config/backup/includes/freeradius \
 		/var/ipfire/backup/addons/includes/freeradius
=20
+	# Logrotate
+	-mkdir -pv /etc/logrotate.d
+	install -v -m 644 $(DIR_SRC)/config/freeradius/logrotate \
+		/etc/logrotate.d/freeradius
+
 	#install initscripts
 	$(call INSTALL_INITSCRIPT,freeradius)
=20
diff --git a/src/initscripts/packages/dnsdist b/src/initscripts/packages/dnsd=
ist
index a70bd3806..c94f429ab 100644
--- a/src/initscripts/packages/dnsdist
+++ b/src/initscripts/packages/dnsdist
@@ -14,6 +14,11 @@
 case "${1}" in
 	start)
 		boot_mesg "Starting dnsdist..."
+
+		# Increasing maximum number of open files
+		ulimit -n 65536
+
+		# Starting daemon
 		/usr/bin/dnsdist --supervised ${ARGS} >/dev/null &
 		evaluate_retval
 		;;


hooks/post-receive
--
IPFire 2.x development tree

--===============8581842934173755460==--