From: Michael Tremer <git@ipfire.org>
To: ipfire-scm@lists.ipfire.org
Subject: [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 1c64d2071382093a5d87e875e34850cf071bc292
Date: Tue, 27 Aug 2024 09:49:23 +0000 [thread overview]
Message-ID: <4WtN6q3XfBz2xSd@people01.haj.ipfire.org> (raw)
[-- Attachment #1: Type: text/plain, Size: 8361 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via 1c64d2071382093a5d87e875e34850cf071bc292 (commit)
via 3586563f17b418a2f2d35743276a3ede53b60d71 (commit)
via 23e53133e2ad08449f57ffb3cd4c03e998d7ffb9 (commit)
from 20719b4ce36fbfa7d7b05ce0e3f1a56fdeb0d750 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 1c64d2071382093a5d87e875e34850cf071bc292
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Aug 27 09:49:09 2024 +0000
core189: Ship OpenSSL
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 3586563f17b418a2f2d35743276a3ede53b60d71
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Sat Aug 24 16:29:14 2024 +0200
clamav: Update to 1.4.0
For details see:
https://blog.clamav.net/2024/08/clamav-140-feature-release-and-clamav.html
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 23e53133e2ad08449f57ffb3cd4c03e998d7ffb9
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Mon Aug 26 14:24:19 2024 +0200
openssl: Update to version 3.3.1
- Update from 3.3.0 to 3.3.1
- Update of rootfile not required
- This version has 2 CVE fixes both of which are classified as Low Severity so looks like
they can wait for CU189
- Changelog
3.3.1
* Fixed potential use after free after SSL_free_buffers() is called.
The SSL_free_buffers function is used to free the internal OpenSSL
buffer used when processing an incoming record from the network.
The call is only expected to succeed if the buffer is not currently
in use. However, two scenarios have been identified where the buffer
is freed even when still in use.
The first scenario occurs where a record header has been received
from the network and processed by OpenSSL, but the full record body
has not yet arrived. In this case calling SSL_free_buffers will succeed
even though a record has only been partially processed and the buffer
is still in use.
The second scenario occurs where a full record containing application
data has been received and processed by OpenSSL but the application has
only read part of this data. Again a call to SSL_free_buffers will
succeed even though the buffer is still in use.
([CVE-2024-4741])
* Fixed an issue where checking excessively long DSA keys or parameters may
be very slow.
Applications that use the functions EVP_PKEY_param_check() or
EVP_PKEY_public_check() to check a DSA public key or DSA parameters may
experience long delays. Where the key or parameters that are being checked
have been obtained from an untrusted source this may lead to a Denial of
Service.
To resolve this issue DSA keys larger than OPENSSL_DSA_MAX_MODULUS_BITS
will now fail the check immediately with a DSA_R_MODULUS_TOO_LARGE error
reason.
([CVE-2024-4603])
* Improved EC/DSA nonce generation routines to avoid bias and timing
side channel leaks.
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
config/rootfiles/{oldcore/100 => core/189}/filelists/openssl | 0
config/rootfiles/packages/clamav | 12 ++++++------
lfs/clamav | 6 +++---
lfs/openssl | 4 ++--
4 files changed, 11 insertions(+), 11 deletions(-)
copy config/rootfiles/{oldcore/100 => core/189}/filelists/openssl (100%)
Difference in files:
diff --git a/config/rootfiles/core/189/filelists/openssl b/config/rootfiles/core/189/filelists/openssl
new file mode 120000
index 000000000..e011a9266
--- /dev/null
+++ b/config/rootfiles/core/189/filelists/openssl
@@ -0,0 +1 @@
+../../../common/openssl
\ No newline at end of file
diff --git a/config/rootfiles/packages/clamav b/config/rootfiles/packages/clamav
index 2c7242d7e..0bf660202 100644
--- a/config/rootfiles/packages/clamav
+++ b/config/rootfiles/packages/clamav
@@ -14,20 +14,20 @@ usr/bin/sigtool
#usr/include/libfreshclam.h
usr/lib/libclamav.so
usr/lib/libclamav.so.12
-usr/lib/libclamav.so.12.0.2
+usr/lib/libclamav.so.12.0.3
#usr/lib/libclamav_rust.a
usr/lib/libclammspack.so
usr/lib/libclammspack.so.0
usr/lib/libclammspack.so.0.8.0
usr/lib/libclamunrar.so
usr/lib/libclamunrar.so.12
-usr/lib/libclamunrar.so.12.0.2
+usr/lib/libclamunrar.so.12.0.3
usr/lib/libclamunrar_iface.so
usr/lib/libclamunrar_iface.so.12
-usr/lib/libclamunrar_iface.so.12.0.2
+usr/lib/libclamunrar_iface.so.12.0.3
usr/lib/libfreshclam.so
usr/lib/libfreshclam.so.3
-usr/lib/libfreshclam.so.3.0.1
+usr/lib/libfreshclam.so.3.0.2
#usr/lib/pkgconfig/libclamav.pc
usr/sbin/clamd
#usr/share/doc/ClamAV
@@ -105,14 +105,13 @@ usr/sbin/clamd
#usr/share/doc/ClamAV/html/images
#usr/share/doc/ClamAV/html/images/change-fork-name.png
#usr/share/doc/ClamAV/html/images/cisco.png
+#usr/share/doc/ClamAV/html/images/clamav-git-workflow.png
#usr/share/doc/ClamAV/html/images/clone-your-fork.png
#usr/share/doc/ClamAV/html/images/create-a-fork.png
#usr/share/doc/ClamAV/html/images/demon.png
#usr/share/doc/ClamAV/html/images/flamegraph.svg
#usr/share/doc/ClamAV/html/images/fork-is-behind.png
#usr/share/doc/ClamAV/html/images/logo.png
-#usr/share/doc/ClamAV/html/images/new-git-workflow.png
-#usr/share/doc/ClamAV/html/images/old-git-workflow.png
#usr/share/doc/ClamAV/html/index.html
#usr/share/doc/ClamAV/html/manual
#usr/share/doc/ClamAV/html/manual/Development
@@ -163,6 +162,7 @@ usr/sbin/clamd
#usr/share/doc/ClamAV/html/manual/Usage/Scanning.html
#usr/share/doc/ClamAV/html/manual/Usage/Services.html
#usr/share/doc/ClamAV/html/manual/Usage/SignatureManagement.html
+#usr/share/doc/ClamAV/html/manual/cisco-talos.gpg
#usr/share/doc/ClamAV/html/mark.min.js
#usr/share/doc/ClamAV/html/mode-rust.js
#usr/share/doc/ClamAV/html/print.html
diff --git a/lfs/clamav b/lfs/clamav
index 5a1089187..494142a87 100644
--- a/lfs/clamav
+++ b/lfs/clamav
@@ -26,7 +26,7 @@ include Config
SUMMARY = Antivirus Toolkit
-VER = 1.3.0
+VER = 1.4.0
THISAPP = clamav-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = clamav
-PAK_VER = 71
+PAK_VER = 72
DEPS =
@@ -50,7 +50,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = dc411b1a905d2699c497870877fbe99e3910f8e29bc77830085c8ab75161c80066ca1396f47c3cd6a098c06c839464dbe31feb2e7e64622c657ad4a6a9401282
+$(DL_FILE)_BLAKE2 = 04f4f04ba058dfb8ff5b90a4813192cf76cbd954a3b7a9f02ff3b42a29976c1e9fdbe3fee81aeeea0ffb64d51a6489c781d67e21cbc41a4cc3f765a9198b2090
install : $(TARGET)
diff --git a/lfs/openssl b/lfs/openssl
index 00b19b41a..d6333f7a4 100644
--- a/lfs/openssl
+++ b/lfs/openssl
@@ -24,7 +24,7 @@
include Config
-VER = 3.3.0
+VER = 3.3.1
THISAPP = openssl-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -72,7 +72,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = c68efaf8aca87961f396e305acc767b56d651b9adf4fd2c9d9b5a3266e35da4b856c6ed34be47d656c782aade975f20317a6759913b33d29d7eb088e638fa501
+$(DL_FILE)_BLAKE2 = b09bbe94f49c33015fbcee5f578a20c0da33c289791bf33292170d5d3de44ea2e22144ee11067947aef2733e979c0fded875a4ec92d81468285837053447e68e
install : $(TARGET)
hooks/post-receive
--
IPFire 2.x development tree
reply other threads:[~2024-08-27 9:49 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4WtN6q3XfBz2xSd@people01.haj.ipfire.org \
--to=git@ipfire.org \
--cc=ipfire-scm@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox