From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: ipfire-scm@lists.ipfire.org Subject: [git.ipfire.org] IPFire 2.x development tree branch, next, updated. da4ff2f6a971ceedeacfd0c929ed1eaf4ecef34f Date: Thu, 17 Mar 2022 16:45:14 +0000 Message-ID: <4KKCgG5DYVz2xsy@people01.haj.ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============4805067516154508380==" List-Id: --===============4805067516154508380== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree". The branch, next has been updated via da4ff2f6a971ceedeacfd0c929ed1eaf4ecef34f (commit) via bfb19ad7401353ab2ac807ff1c7a0ab6d6a8e9c9 (commit) via 1ad5c1bd26fc6aa2d37ec1a35107f528c344b121 (commit) from b1b1cb344bd5430ec9c9f1eaa5b54d90aa5b6ba8 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit da4ff2f6a971ceedeacfd0c929ed1eaf4ecef34f Author: Michael Tremer Date: Thu Mar 17 16:45:00 2022 +0000 core166: Ship apache2 =20 Signed-off-by: Michael Tremer commit bfb19ad7401353ab2ac807ff1c7a0ab6d6a8e9c9 Author: Matthias Fischer Date: Wed Mar 16 17:09:12 2022 +0100 apache: Update to 2.4.53 =20 For details see: https://dlcdn.apache.org/httpd/CHANGES_2.4.53 =20 Short summary of the most important SECURITY changes: =20 "Changes with Apache 2.4.53 =20 *) SECURITY: CVE-2022-23943: mod_sed: Read/write beyond bounds (cve.mitre.org) Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions. Credits: Ronald Crane (Zippenhop LLC) =20 *) SECURITY: CVE-2022-22721: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody (cve.mitre.org) If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. Credits: Anonymous working with Trend Micro Zero Day Initiative =20 *) SECURITY: CVE-2022-22720: HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier (cve.mitre.org) Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling Credits: James Kettle =20 *) SECURITY: CVE-2022-22719: mod_lua Use of uninitialized value of in r:parsebody (cve.mitre.org) A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. Credits: Chamal De Silva ..." =20 Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit 1ad5c1bd26fc6aa2d37ec1a35107f528c344b121 Author: St=C3=A9phane Pautrel Date: Thu Mar 17 15:50:16 2022 +0000 fr: Update French translation =20 Signed-off-by: Michael Tremer ----------------------------------------------------------------------- Summary of changes: .../{oldcore/114 =3D> core/166}/filelists/apache2 | 0 config/rootfiles/core/166/update.sh | 1 + doc/language_issues.fr | 25 --------------- doc/language_missings | 22 ------------- langs/fr/cgi-bin/fr.pl | 37 ++++++++++++++++----= -- lfs/apache2 | 6 ++-- 6 files changed, 32 insertions(+), 59 deletions(-) copy config/rootfiles/{oldcore/114 =3D> core/166}/filelists/apache2 (100%) Difference in files: diff --git a/config/rootfiles/core/166/filelists/apache2 b/config/rootfiles/c= ore/166/filelists/apache2 new file mode 120000 index 000000000..eef95efa7 --- /dev/null +++ b/config/rootfiles/core/166/filelists/apache2 @@ -0,0 +1 @@ +../../../common/apache2 \ No newline at end of file diff --git a/config/rootfiles/core/166/update.sh b/config/rootfiles/core/166/= update.sh index 164f97b8e..d94b20338 100644 --- a/config/rootfiles/core/166/update.sh +++ b/config/rootfiles/core/166/update.sh @@ -60,6 +60,7 @@ perl -e "require '/var/ipfire/ids-functions.pl'; &IDS::oink= master();" /etc/init.d/suricata reload =20 # Start services +/etc/init.d/apache restart /etc/init.d/sshd restart =20 # This update needs a reboot... diff --git a/doc/language_issues.fr b/doc/language_issues.fr index 63d233018..aff9deb18 100644 --- a/doc/language_issues.fr +++ b/doc/language_issues.fr @@ -327,8 +327,6 @@ WARNING: translation string unused: external access rule = removed WARNING: translation string unused: extrahd WARNING: translation string unused: extrahd unable to read WARNING: translation string unused: extrahd unable to write -WARNING: translation string unused: false max bandwith -WARNING: translation string unused: false min bandwith WARNING: translation string unused: filename WARNING: translation string unused: firmware WARNING: translation string unused: firmware upload @@ -500,7 +498,6 @@ WARNING: translation string unused: manage printers WARNING: translation string unused: manual WARNING: translation string unused: manual control and status WARNING: translation string unused: marked -WARNING: translation string unused: max bandwith WARNING: translation string unused: max incoming size WARNING: translation string unused: max outgoing size WARNING: translation string unused: max size @@ -913,24 +910,6 @@ WARNING: translation string unused: zoneconf val vlan am= ount assignment error WARNING: translation string unused: zoneconf val vlan tag assignment error WARNING: translation string unused: zoneconf val vlan tag range error WARNING: translation string unused: zoneconf val zoneslave amount error -WARNING: untranslated string: cake profile bridged-llcsnap 32 =3D Bridged LL= C SNAP (32 bytes) -WARNING: untranslated string: cake profile bridged-ptm 19 =3D Bridged PTM (1= 9 bytes) -WARNING: untranslated string: cake profile bridged-vcmux 24 =3D Bridged VC-M= UX (24 bytes) -WARNING: untranslated string: cake profile conservative 48 =3D Conservative = (should work on all connections, 48 bytes) -WARNING: untranslated string: cake profile docsis 18 =3D DOCSIS (18 bytes) -WARNING: untranslated string: cake profile ethernet 38 =3D Ethernet (38 byte= s) -WARNING: untranslated string: cake profile ethernet vlan 42 =3D Ethernet wit= h VLAN (42 bytes) -WARNING: untranslated string: cake profile ipoa-llcsnap 16 =3D IP over ATM L= LC SNAP (16 bytes) -WARNING: untranslated string: cake profile ipoa-vcmux 8 =3D IP over ATM VC-M= UX (8 bytes) -WARNING: untranslated string: cake profile pppoa-llc 14 =3D PPPoA LLC (14 by= tes) -WARNING: untranslated string: cake profile pppoa-vcmux 10 =3D PPPoA VC-MUX (= 10 bytes) -WARNING: untranslated string: cake profile pppoe-llcsnap 40 =3D PPPoE LLC SN= AP (40 bytes) -WARNING: untranslated string: cake profile pppoe-ptm 27 =3D PPPoE PTM (27 by= tes) -WARNING: untranslated string: cake profile pppoe-vcmux 32 =3D PPPoE VC-MUX (= 32 bytes) -WARNING: untranslated string: cake profile raw 0 =3D Raw (no overhead compen= sation) -WARNING: untranslated string: eol architecture warning =3D You are running a= n architecture of IPFire which reached its end of life. You will not receive = updates anymore. This is a security risk. -WARNING: untranslated string: false max bandwidth =3D Maximum bandwidth is f= alse. -WARNING: untranslated string: false min bandwidth =3D Minimum bandwidth is f= alse. WARNING: untranslated string: fwhost cust locationgrp =3D unknown string WARNING: untranslated string: fwhost err hostip =3D unknown string WARNING: untranslated string: guaranteed bandwidth =3D Guaranteed bandwidth @@ -963,10 +942,6 @@ WARNING: untranslated string: guardian logtarget_file = =3D unknown string WARNING: untranslated string: guardian logtarget_syslog =3D unknown string WARNING: untranslated string: guardian no entries =3D unknown string WARNING: untranslated string: guardian service =3D unknown string -WARNING: untranslated string: invalid input for subscription code =3D Invali= d input for subscription code -WARNING: untranslated string: link-layer encapsulation =3D Link-Layer Encaps= ulation -WARNING: untranslated string: log dropped conntrack invalids =3D Log dropped= packets classified as INVALID by connection tracking -WARNING: untranslated string: max bandwidth =3D Maximum bandwidth WARNING: untranslated string: pakfire ago =3D ago. WARNING: untranslated string: route config changed =3D unknown string WARNING: untranslated string: routing config added =3D unknown string diff --git a/doc/language_missings b/doc/language_missings index 0019fb227..895800ea0 100644 --- a/doc/language_missings +++ b/doc/language_missings @@ -996,31 +996,9 @@ < ansi t1.483 < bewan adsl pci st < bewan adsl usb -< cake profile bridged-llcsnap 32 -< cake profile bridged-ptm 19 -< cake profile bridged-vcmux 24 -< cake profile conservative 48 -< cake profile docsis 18 -< cake profile ethernet 38 -< cake profile ethernet vlan 42 -< cake profile ipoa-llcsnap 16 -< cake profile ipoa-vcmux 8 -< cake profile pppoa-llc 14 -< cake profile pppoa-vcmux 10 -< cake profile pppoe-llcsnap 40 -< cake profile pppoe-ptm 27 -< cake profile pppoe-vcmux 32 -< cake profile raw 0 -< eol architecture warning -< false max bandwidth -< false min bandwidth < g.dtm < g.lite < guaranteed bandwidth -< invalid input for subscription code -< link-layer encapsulation -< log dropped conntrack invalids -< max bandwidth < upload fcdsl.o ############################################################################ # Checking cgi-bin translations for language: it # diff --git a/langs/fr/cgi-bin/fr.pl b/langs/fr/cgi-bin/fr.pl index 1b3da02ab..60ea0dcc5 100644 --- a/langs/fr/cgi-bin/fr.pl +++ b/langs/fr/cgi-bin/fr.pl @@ -331,8 +331,8 @@ 'advproxy errmsg wpad invalid ip or mask' =3D> 'WPAD : IP ou sous-r=C3=A9sea= u invalide pour le sous-r=C3=A9seau IP exclu', 'advproxy error design' =3D> 'Construction messages erron=C3=A9s ', 'advproxy error language' =3D> 'Langage des messages erron=C3=A9s ', -'advproxy fastflux detection' =3D> 'Refuser l\'acc=C3=A8s aux destinations h= =C3=A9berg=C3=A9es sur les configurations de flux rapide', -'advproxy fastflux detection threshold' =3D> 'Seuil', +'advproxy fastflux detection' =3D> 'Refuser l\'acc=C3=A8s aux destinations h= =C3=A9berg=C3=A9es sur les configurations de flux rapide ', +'advproxy fastflux detection threshold' =3D> 'Seuil ', 'advproxy fastflux no threshold given' =3D> 'Aucun seuil n\'a =C3=A9t=C3=A9 = fourni pour la d=C3=A9tection de flux rapide', 'advproxy fastflux threshold invalid' =3D> 'Le seuil de d=C3=A9tection de fl= ux rapide fourni n\'est pas valide', 'advproxy fastflux threshold out of bounds' =3D> 'Le seuil de d=C3=A9tection= de flux rapide fourni est hors limites', @@ -372,7 +372,7 @@ 'advproxy reset' =3D> 'Relancer', 'advproxy saturday' =3D> 'Sam', 'advproxy save and restart' =3D> 'Sauvegarder et red=C3=A9marrer', -'advproxy selectively announcements detection' =3D> 'Refuser l\'acc=C3=A8s a= ux destinations h=C3=A9berg=C3=A9es sur des r=C3=A9seaux annonc=C3=A9s de man= i=C3=A8re s=C3=A9lective', +'advproxy selectively announcements detection' =3D> 'Refuser l\'acc=C3=A8s a= ux destinations h=C3=A9berg=C3=A9es sur des r=C3=A9seaux annonc=C3=A9s de man= i=C3=A8re s=C3=A9lective ', 'advproxy squid version' =3D> 'Version Squid Cache ', 'advproxy squidclamav' =3D> 'SquidClamav', 'advproxy ssadvanced proxy' =3D> 'Proxy avanc=C3=A9', @@ -503,7 +503,7 @@ 'bad destination range' =3D> 'La plage des ports de destination =C3=A0 une p= remi=C3=A8re valeur sup=C3=A9rieure ou =C3=A9gale =C3=A0 la deuxi=C3=A8me val= eur.', 'bad ignore filter' =3D> 'Mauvais filtre ignor=C3=A9 :', 'bad return code' =3D> 'Le programme d\'aide retourne un code d\'erreur', -'bad source range' =3D> 'La plage des ports source =C3=A0 une premi=C3=A8re = valeur sup=C3=A9rieure ou =C3=A9gale =C3=A0 la deuxi=C3=A8me valeur.', +'bad source range' =3D> 'La plage des ports source contient une premi=C3=A8r= e valeur sup=C3=A9rieure ou =C3=A9gale =C3=A0 la deuxi=C3=A8me valeur.', 'bandwidth usage' =3D> 'utilisation de la bande passante (externe)', 'bandwidtherror' =3D> 'Vous ne pouvez pas changer les r=C3=A9glages de la ba= nde passante tant que la Qos est d=C3=A9marr=C3=A9e. Arr=C3=AAtez d\'abord la= Qos.

', 'bandwidthsettings' =3D> 'R=C3=A9glages de la bande passante', @@ -534,6 +534,21 @@ 'cached' =3D> 'en cache', 'cached memory' =3D> 'M=C3=A9moire tampon ', 'cached swap' =3D> 'Swap tampon', +'cake profile bridged-llcsnap 32' =3D> 'Bridged LLC SNAP (32 octets)', +'cake profile bridged-ptm 19' =3D> 'Bridged PTM (19 octets)', +'cake profile bridged-vcmux 24' =3D> 'Bridged VC-MUX (24 octets)', +'cake profile conservative 48' =3D> 'Conservateur (devrait fonctionner sur t= outes les connexions, 48 octets)', +'cake profile docsis 18' =3D> 'DOCSIS (18 octets)', +'cake profile ethernet 38' =3D> 'Ethernet (38 octets)', +'cake profile ethernet vlan 42' =3D> 'Ethernet avec VLAN (42 octets)', +'cake profile ipoa-llcsnap 16' =3D> 'IP over ATM LLC SNAP (16 octets)', +'cake profile ipoa-vcmux 8' =3D> 'IP over ATM VC-MUX (8 octets)', +'cake profile pppoa-llc 14' =3D> 'PPPoA LLC (14 octets)', +'cake profile pppoa-vcmux 10' =3D> 'PPPoA VC-MUX (10 octets)', +'cake profile pppoe-llcsnap 40' =3D> 'PPPoE LLC SNAP (40 octets)', +'cake profile pppoe-ptm 27' =3D> 'PPPoE PTM (27 octets)', +'cake profile pppoe-vcmux 32' =3D> 'PPPoE VC-MUX (32 octets)', +'cake profile raw 0' =3D> 'Brut (no overhead compensation)', 'calamaris available reports' =3D> 'Rapports disponibles ', 'calamaris byte unit' =3D> 'Unit=C3=A9 (octets) ', 'calamaris create report' =3D> 'Cr=C3=A9er un rapport', @@ -1023,6 +1038,7 @@ 'enter data' =3D> 'Saisissez vos r=C3=A9glages
et cliquez sur Sauv= egarder.', 'entropy' =3D> 'Courbe d\'efficacit=C3=A9 (entropie)', 'entropy graphs' =3D> 'Graphs entropie', +'eol architecture warning' =3D> 'Vous ex=C3=A9cutez une architecture d\'IPFi= re qui a atteint sa fin de vie. Vous ne recevrez plus de mises =C3=A0 jour. I= l s\'agit d\'un risque de s=C3=A9curit=C3=A9.', 'err bk 1' =3D> 'Erreur lors de la cr=C3=A9ation de l\'archive', 'err bk 10 password' =3D> 'Erreur avec le mot de passe de sauvegarde', 'err bk 2 key' =3D> 'Erreur lors de la cr=C3=A9ation du fichier clef', @@ -1070,8 +1086,8 @@ 'extrahd you cant mount' =3D> 'Vous ne pouvez pas monter', 'fallout zombieload ridl' =3D> 'Fallout / ZombieLoad / RIDL', 'false classnumber' =3D> 'Le num=C3=A9ro de classe ne correspond pas =C3=A0 = l\'interface.', -'false max bandwith' =3D> 'La bande passante maximum est fausse.', -'false min bandwith' =3D> 'La bande passante minimum est fausse.', +'false max bandwidth' =3D> 'La bande passante maximum est fausse.', +'false min bandwidth' =3D> 'La bande passante minimum est fausse.', 'february' =3D> 'F=C3=A9vrier', 'fetch ip from' =3D> 'Deviner la v=C3=A9ritable IP publique =C3=A0 l\'aide d= \'un serveur externe', 'fifteen minutes' =3D> '15 minutes', @@ -1522,6 +1538,7 @@ 'invalid input for organization' =3D> 'Organisation non valide', 'invalid input for remote host/ip' =3D> 'h=C3=B4te/IP distant(e) non valide.= ', 'invalid input for state or province' =3D> 'R=C3=A9gion ou d=C3=A9partement = non valide.', +'invalid input for subscription code' =3D> 'Entr=C3=A9e invalide pour le cod= e d\'abonnement', 'invalid input for valid till days' =3D> 'Entr=C3=A9e invalide pour Valide j= usqu\=C3=A0 (jours).', 'invalid ip' =3D> 'IP Adresse non valide', 'invalid ip or hostname' =3D> 'Adresse IP ou nom d\'h=C3=B4te invalide', @@ -1599,7 +1616,7 @@ 'july' =3D> 'Juillet', 'june' =3D> 'Juin', 'kernel' =3D> 'Noyau', -'kernel logging server' =3D> 'Serveur de logs du noyau', +'kernel logging server' =3D> 'Serveur de journaux du noyau', 'kernel version' =3D> 'Version du noyau :', 'key stuff' =3D> '2. Clefs et certificats', 'keyreset' =3D> 'R=C3=A9tablir les clefs', @@ -1610,13 +1627,14 @@ 'last' =3D> 'Dernier', 'last activity' =3D> 'Derni=C3=A8re activit=C3=A9', 'lateprompting' =3D> 'Derni=C3=A8re action', -'lease expires' =3D> 'Bail expir=C3=A9', +'lease expires' =3D> 'Expiration bail', 'least preferred' =3D> 'le moins souhait=C3=A9', 'legacy architecture warning' =3D> 'Vous ex=C3=A9cutez IPFire sur une archit= ecture h=C3=A9rit=C3=A9e et il est recommand=C3=A9 de mettre =C3=A0 niveau', 'legend' =3D> 'L=C3=A9gende ', 'length' =3D> 'Longueur', 'lifetime' =3D> 'Dur=C3=A9e de vie :', 'line' =3D> 'Ligne', +'link-layer encapsulation' =3D> 'Encapsulation de la couche de liaison', 'linkq' =3D> 'Qualit=C3=A9 du lien', 'load printer' =3D> 'Charger imprimante', 'loaded modules' =3D> 'Modules charg=C3=A9s :', @@ -1640,6 +1658,7 @@ 'locationblock enable feature' =3D> 'Activer le blocage par localisation :', 'locationblock flag' =3D> 'Drap.', 'log' =3D> 'Rapport :', +'log dropped conntrack invalids' =3D> 'Journaliser les paquets abandonn=C3= =A9s class=C3=A9s comme INVALIDES par le suivi de connexion', 'log enabled' =3D> 'Journal activ=C3=A9', 'log level' =3D> 'Niveau de rapport', 'log lines per page' =3D> 'Nb de lignes par page ', @@ -1707,7 +1726,7 @@ 'masquerading' =3D> 'Masquage (une seule IP pour plusieurs machines en sorti= e du r=C3=A9seau interne)', 'masquerading disabled' =3D> 'Masquage d=C3=A9sactiv=C3=A9', 'masquerading enabled' =3D> 'Masquage activ=C3=A9', -'max bandwith' =3D> 'Bande passante maximum', +'max bandwidth' =3D> 'Bande passante maximum', 'max incoming size' =3D> 'Taille maximum des t=C3=A9l=C3=A9chargement (Ko) := ', 'max lease time' =3D> 'Dur=C3=A9e maximum du bail (minutes) :', 'max outgoing size' =3D> 'Taille maximum des envois (Ko) :', diff --git a/lfs/apache2 b/lfs/apache2 index 226058a22..6771ff903 100644 --- a/lfs/apache2 +++ b/lfs/apache2 @@ -1,7 +1,7 @@ ############################################################################= ### # = # # IPFire.org - A linux based firewall = # -# Copyright (C) 2007-2021 IPFire Team = # +# Copyright (C) 2007-2022 IPFire Team = # # = # # This program is free software: you can redistribute it and/or modify = # # it under the terms of the GNU General Public License as published by = # @@ -25,7 +25,7 @@ =20 include Config =20 -VER =3D 2.4.52 +VER =3D 2.4.53 =20 THISAPP =3D httpd-$(VER) DL_FILE =3D $(THISAPP).tar.bz2 @@ -45,7 +45,7 @@ objects =3D $(DL_FILE) =20 $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE) =20 -$(DL_FILE)_MD5 =3D a94ae42b84309d5ef6e613ae825b92fa +$(DL_FILE)_MD5 =3D f594f137137b5bdff3998dc17e3e9526 =20 install : $(TARGET) =20 hooks/post-receive -- IPFire 2.x development tree --===============4805067516154508380==--