Michael Tremer [Fri, 9 Oct 2020 14:39:21 +0000 (15:39 +0100)]
samba: Drop refresh page hack
This is very invalid HTML, very often inserted into spaces where
it should not be, and the page does not even need to be reloaded
after any action has been performed.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
The second version of this patch avoids re-defining $db_handle.
Fixes: #12492 Cc: Stefan Schantl <stefan.schantl@ipfire.org Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Acked-By: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
The second version of this patch avoids re-defining $db_handle.
Fixes: #12492 Cc: Stefan Schantl <stefan.schantl@ipfire.org Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Acked-By: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 7 Oct 2020 11:46:46 +0000 (11:46 +0000)]
/var/ipfire/ethernet/settings: Drop BROADCAST variable
This variable is no longer being used and was only used to
assign IP addresses to the individual interfaces.
However, the kernel knows best which IP address to select
as broadcast address for each network. Therefore we depend
on the kernel which allows us to support RFC3021.
Fixes: #12486 - no /31 transfer net available on red Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
We already pass -fstack-protector-strong, which might be overridden
by -fstack-protector-all. We also know that SSP works in our version
of libc and do not need to link against libssp.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Sat, 2 May 2020 19:57:54 +0000 (21:57 +0200)]
Python3: update to 3.8.2
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Sun, 3 May 2020 10:02:27 +0000 (12:02 +0200)]
python3-botocore: update to 1.16.1
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Sun, 3 May 2020 10:04:50 +0000 (12:04 +0200)]
python3-colorama: update to 0.4.3
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Sun, 3 May 2020 10:07:33 +0000 (12:07 +0200)]
python3-dateutil: update to 2.8.1
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Sun, 3 May 2020 10:09:49 +0000 (12:09 +0200)]
python3-docutils: update to 0.16
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Sun, 3 May 2020 10:11:19 +0000 (12:11 +0200)]
python3-jmespath: update to 0.9.5
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Sun, 3 May 2020 10:15:45 +0000 (12:15 +0200)]
python3-pyasn1: update to 0.4.8
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Sun, 3 May 2020 10:17:51 +0000 (12:17 +0200)]
python3-rsa: update to 4.0
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Sun, 3 May 2020 10:19:21 +0000 (12:19 +0200)]
python3-s3transfer: update to 0.3.3
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Sun, 3 May 2020 10:23:55 +0000 (12:23 +0200)]
python3-six: update to 1.14.0
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Mon, 5 Oct 2020 19:45:31 +0000 (19:45 +0000)]
sysctl.conf: prevent autoloading of TTY line disciplines
Malicious/vulnerable TTY line disciplines have been subject of some
kernel exploits such as CVE-2017-2636, and since - to put it in Greg
Kroah-Hatrman's words - we do not "trust the userspace to do the right
thing", this reduces local kernel attack surface.
Further, there is no legitimate reason why an unprivileged user should
load kernel modules during runtime, anyway.
See also:
- https://lkml.org/lkml/2019/4/15/890
- https://a13xp0p0v.github.io/2017/03/24/CVE-2017-2636.html
Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org> Cc: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Mon, 5 Oct 2020 14:12:18 +0000 (14:12 +0000)]
sysctl.conf: prevent unintentional writes into attacker-controlled files and FIFOs
Similar to hard- and symlink protection introduced a while ago, this
patch enables protections against unintentional writes into
attacker-controlled regular files or FIFOs, where a program expected to
create new ones. This makes exploiting TOCTOU flaws harder.
See also: https://www.kernel.org/doc/Documentation/sysctl/fs.txt
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Erik Kapfer [Thu, 1 Oct 2020 13:19:22 +0000 (15:19 +0200)]
freeradius: Update to version 3.0.21
Update includes several fixes (incl. CVE-2019-17185) and feature improvements.
A full overview of all changes can be found in here --> https://raw.githubusercontent.com/FreeRADIUS/freeradius-server/v3.0.x/doc/ChangeLog .
The freeradius-no-buildtime-cert-gen patch applies also with this version.
Signed-off-by: Erik Kapfer <ummeegge@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Erik Kapfer [Thu, 1 Oct 2020 12:45:48 +0000 (14:45 +0200)]
lynis: Update to version 3.0.0
Several Fixes (incl. CVE-2019-13033 and CVE-2020-13882) and features has been added since the last version 2.6.4 .
For a full overview of the changes take a look in here --> https://cisofy.com/changelog/lynis/ .
Signed-off-by: Erik Kapfer <ummeegge@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Erik Kapfer [Thu, 1 Oct 2020 12:37:14 +0000 (14:37 +0200)]
libsolv: Update to version 0.7.14
Several fixes and features has been added.
A full overview of all changes can be found in here --> https://github.com/openSUSE/libsolv/blob/master/package/libsolv.changes .
Signed-off-by: Erik Kapfer <ummeegge@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>