From mboxrd@z Thu Jan 1 00:00:00 1970 From: Arne Fitzenreiter To: ipfire-scm@lists.ipfire.org Subject: [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 1d3698fc00d4189fbf90739039f4b3b110fb8b27 Date: Tue, 19 May 2020 19:46:46 +0000 Message-ID: <49RRGb2k71z2xdK@people01.haj.ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============6530591065392790177==" List-Id: --===============6530591065392790177== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree". The branch, next has been updated via 1d3698fc00d4189fbf90739039f4b3b110fb8b27 (commit) via c7e79ba6020904fb42308cd687197d353cd93383 (commit) via 35d361d72e3fd67689c331c6122e380fddae94f3 (commit) via 1eba21f2a8e5f9e04e5e5924152aff95faf02772 (commit) via 996b64e5130ddfd5caf12ba5b1aecfa6494df2d7 (commit) via 82d0a717433cdaf4ee16d2876c2cb282f47374f9 (commit) via 2bd5209d49f902894c4989ff8ca3cf603dd08a83 (commit) from 714ef1cf953745a3c73f900d8012bf3aadd2f9e0 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 1d3698fc00d4189fbf90739039f4b3b110fb8b27 Author: Arne Fitzenreiter Date: Tue May 19 19:45:29 2020 +0000 core145: add bind =20 Signed-off-by: Arne Fitzenreiter commit c7e79ba6020904fb42308cd687197d353cd93383 Author: Matthias Fischer Date: Tue May 19 14:38:11 2020 +0200 bind: Update to 9.11.19 =20 For details see: https://downloads.isc.org/isc/bind9/9.11.19/RELEASE-NOTES-bind-9.11.19.ht= ml =20 "Security Fixes =20 To prevent exhaustion of server resources by a maliciously configured domain, the number of recursive queries that can be triggered by a request before aborting recursion has been further limited. Root and top-level domain servers are no longer exempt from the max-recursion-queries limit. Fetches for missing name server address records are limited to 4 for any domain. This issue was disclosed in CVE-2020-8616. [GL #1388] =20 Replaying a TSIG BADTIME response as a request could trigger an assertion failure. This was disclosed in CVE-2020-8617. [GL #1703] =20 Feature Changes =20 Message IDs in inbound AXFR transfers are now checked for consistency. Log messages are emitted for streams with inconsistent message IDs. [GL #1674] =20 Bug Fixes =20 When running on a system with support for Linux capabilities, named drops root privileges very soon after system startup. This was causing a spurious log message, "unable to set effective uid to 0: Operation not permitted", which has now been silenced. [GL #1042] [GL #1090] =20 When named-checkconf -z was run, it would sometimes incorrectly set its exit code. It reflected the status of the last view found; if zone-loading errors were found in earlier configured views but not in the last one, the exit code indicated success. Thanks to Graham Clinch. [GL #1807] =20 When built without LMDB support, named failed to restart after a zone with a double quote (") in its name was added with rndc addzone. Thanks to Alberto Fern=C3=A1ndez. [GL #1695]" =20 Signed-off-by: Matthias Fischer Signed-off-by: Arne Fitzenreiter commit 35d361d72e3fd67689c331c6122e380fddae94f3 Author: Arne Fitzenreiter Date: Tue May 19 19:43:39 2020 +0000 core145: stop/start suricata and squid =20 Signed-off-by: Arne Fitzenreiter commit 1eba21f2a8e5f9e04e5e5924152aff95faf02772 Author: Arne Fitzenreiter Date: Tue May 19 19:41:22 2020 +0000 core145: restart squid =20 Signed-off-by: Arne Fitzenreiter commit 996b64e5130ddfd5caf12ba5b1aecfa6494df2d7 Author: Arne Fitzenreiter Date: Tue May 19 19:39:30 2020 +0000 core145: add unbound =20 Signed-off-by: Arne Fitzenreiter commit 82d0a717433cdaf4ee16d2876c2cb282f47374f9 Author: Matthias Fischer Date: Tue May 19 14:17:58 2020 +0200 unbound: Update to 1.10.1 =20 For details see: https://lists.nlnetlabs.nl/pipermail/unbound-users/2020-May/006833.html =20 Signed-off-by: Matthias Fischer Reviewed-by: Peter M=C3=BCller Signed-off-by: Arne Fitzenreiter commit 2bd5209d49f902894c4989ff8ca3cf603dd08a83 Author: Peter M=C3=BCller Date: Tue May 19 10:46:59 2020 +0000 Tor: update to 0.4.3.5 =20 Please refer to https://blog.torproject.org/node/1872 for release notes. =20 Signed-off-by: Peter M=C3=BCller Signed-off-by: Arne Fitzenreiter ----------------------------------------------------------------------- Summary of changes: config/rootfiles/common/bind | 4 ++-- config/rootfiles/common/unbound | 2 +- config/rootfiles/{oldcore/100 =3D> core/145}/filelists/bind | 0 config/rootfiles/{oldcore/106 =3D> core/145}/filelists/unbound | 0 config/rootfiles/core/145/update.sh | 6 ++++++ lfs/bind | 4 ++-- lfs/tor | 6 +++--- lfs/unbound | 6 +++--- 8 files changed, 17 insertions(+), 11 deletions(-) copy config/rootfiles/{oldcore/100 =3D> core/145}/filelists/bind (100%) copy config/rootfiles/{oldcore/106 =3D> core/145}/filelists/unbound (100%) Difference in files: diff --git a/config/rootfiles/common/bind b/config/rootfiles/common/bind index 8c6f7983c..d70ce3272 100644 --- a/config/rootfiles/common/bind +++ b/config/rootfiles/common/bind @@ -271,7 +271,7 @@ usr/lib/libbind9.so.161.0.4 #usr/lib/libdns.la #usr/lib/libdns.so usr/lib/libdns.so.1110 -usr/lib/libdns.so.1110.0.1 +usr/lib/libdns.so.1110.0.2 #usr/lib/libisc.la #usr/lib/libisc.so usr/lib/libisc.so.1105 @@ -283,7 +283,7 @@ usr/lib/libisccc.so.161.0.1 #usr/lib/libisccfg.la #usr/lib/libisccfg.so usr/lib/libisccfg.so.163 -usr/lib/libisccfg.so.163.0.6 +usr/lib/libisccfg.so.163.0.7 #usr/lib/liblwres.la #usr/lib/liblwres.so usr/lib/liblwres.so.161 diff --git a/config/rootfiles/common/unbound b/config/rootfiles/common/unbound index 945b08507..cfa8d8ae5 100644 --- a/config/rootfiles/common/unbound +++ b/config/rootfiles/common/unbound @@ -11,7 +11,7 @@ etc/unbound/unbound.conf #usr/lib/libunbound.la #usr/lib/libunbound.so usr/lib/libunbound.so.8 -usr/lib/libunbound.so.8.1.7 +usr/lib/libunbound.so.8.1.8 #usr/lib/pkgconfig/libunbound.pc usr/sbin/unbound usr/sbin/unbound-anchor diff --git a/config/rootfiles/core/145/filelists/bind b/config/rootfiles/core= /145/filelists/bind new file mode 120000 index 000000000..48a0ebaef --- /dev/null +++ b/config/rootfiles/core/145/filelists/bind @@ -0,0 +1 @@ +../../../common/bind \ No newline at end of file diff --git a/config/rootfiles/core/145/filelists/unbound b/config/rootfiles/c= ore/145/filelists/unbound new file mode 120000 index 000000000..66adf0924 --- /dev/null +++ b/config/rootfiles/core/145/filelists/unbound @@ -0,0 +1 @@ +../../../common/unbound \ No newline at end of file diff --git a/config/rootfiles/core/145/update.sh b/config/rootfiles/core/145/= update.sh index 475641d38..45177e158 100644 --- a/config/rootfiles/core/145/update.sh +++ b/config/rootfiles/core/145/update.sh @@ -47,6 +47,8 @@ done =20 # Stop services /etc/init.d/vnstat stop +/etc/init.d/squid stop +/etc/init.d/suricata stop =20 # Prepare OpenVPN for update /usr/local/bin/openvpnctrl -k @@ -63,8 +65,12 @@ rm /etc/rc.d/rc0.d/K45random rm /etc/rc.d/rc6.d/K45random mv /etc/rc.d/rc3.d/S00random /etc/rc.d/rcsysinit.d/S66random mv /etc/rc.d/rcsysinit.d/S92rngd /etc/rc.d/rcsysinit.d/S65rngd + # Start services /etc/init.d/vnstat start +/etc/init.d/unbound restart +/etc/init.d/suricata start +/etc/init.d/squid start =20 # Start OpenVPN again /usr/local/bin/openvpnctrl -s diff --git a/lfs/bind b/lfs/bind index 1d5bca986..4d0602eda 100644 --- a/lfs/bind +++ b/lfs/bind @@ -25,7 +25,7 @@ =20 include Config =20 -VER =3D 9.11.18 +VER =3D 9.11.19 =20 THISAPP =3D bind-$(VER) DL_FILE =3D $(THISAPP).tar.gz @@ -43,7 +43,7 @@ objects =3D $(DL_FILE) =20 $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE) =20 -$(DL_FILE)_MD5 =3D 83144af1532ba16e95f90b42036ef519 +$(DL_FILE)_MD5 =3D 41bc2c6509a4c324e16775b462608820 =20 install : $(TARGET) =20 diff --git a/lfs/tor b/lfs/tor index 83ffa7371..ec08bf0f3 100644 --- a/lfs/tor +++ b/lfs/tor @@ -24,7 +24,7 @@ =20 include Config =20 -VER =3D 0.4.2.7 +VER =3D 0.4.3.5 =20 THISAPP =3D tor-$(VER) DL_FILE =3D $(THISAPP).tar.gz @@ -32,7 +32,7 @@ DL_FROM =3D $(URL_IPFIRE) DIR_APP =3D $(DIR_SRC)/$(THISAPP) TARGET =3D $(DIR_INFO)/$(THISAPP) PROG =3D tor -PAK_VER =3D 48 +PAK_VER =3D 49 =20 DEPS =3D libseccomp =20 @@ -44,7 +44,7 @@ objects =3D $(DL_FILE) =20 $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE) =20 -$(DL_FILE)_MD5 =3D a4b338b9f7444f4f89259c9736ff74c8 +$(DL_FILE)_MD5 =3D 0ad32a560bce8eeb64496d2a0fd8035c =20 install : $(TARGET) =20 diff --git a/lfs/unbound b/lfs/unbound index 14c1bca5b..c119d6b2d 100644 --- a/lfs/unbound +++ b/lfs/unbound @@ -1,7 +1,7 @@ ############################################################################= ### # = # # IPFire.org - A linux based firewall = # -# Copyright (C) 2007-2019 IPFire Team = # +# Copyright (C) 2007-2020 IPFire Team = # # = # # This program is free software: you can redistribute it and/or modify = # # it under the terms of the GNU General Public License as published by = # @@ -24,7 +24,7 @@ =20 include Config =20 -VER =3D 1.10.0 +VER =3D 1.10.1 =20 THISAPP =3D unbound-$(VER) DL_FILE =3D $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects =3D $(DL_FILE) =20 $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE) =20 -$(DL_FILE)_MD5 =3D 0754392baee77c18fd8295b5e51e6fd8 +$(DL_FILE)_MD5 =3D 48f8ee02d0d92603a8d7f4fda7152da0 =20 install : $(TARGET) =20 hooks/post-receive -- IPFire 2.x development tree --===============6530591065392790177==--