Peter Müller [Sat, 11 Apr 2020 10:20:01 +0000 (12:20 +0200)]
Pakfire: do not leak upstream proxy password in log messages
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Peter Müller [Sat, 11 Apr 2020 09:02:26 +0000 (11:02 +0200)]
system.cgi: correctly translate CPU frequency
The CPU frequency diagram used the same "translation" as the CPU load,
which was confusing. This patch introduces a dedicated translation for
"CPU frequency", which makes things a little bit better but still does
not solve a Deppenleerzeichen ("CPU-Frequenz Diagramm") in the German
translation.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Peter Müller [Sat, 11 Apr 2020 08:25:29 +0000 (10:25 +0200)]
lang: fix typo (MacVTtap != MacVTap)
Fixes: #12339 Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Erik Kapfer [Sat, 11 Apr 2020 05:26:58 +0000 (07:26 +0200)]
borgbackup: Fixes DEP error. Update to 1.1.11
Fixes #12356
Several fixes but also new features has been added with this version.
Full changelog can be found in here --> https://github.com/borgbackup/borg/blob/1.1.11/docs/changes.rst#version-1111-2020-03-08 .
Signed-off-by: Erik Kapfer <ummeegge@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Reviewed-by: Jonatan Schlag <jonatan.schlag@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Peter Müller [Fri, 10 Apr 2020 08:00:37 +0000 (10:00 +0200)]
gzip: ship zgrep, zless and zmore
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Erik Kapfer [Wed, 8 Apr 2020 09:12:18 +0000 (11:12 +0200)]
iproute2: Update to version 5.6.0
Several fixes and new enhancements, including new binaries (devlink, rdma, tipc) has been added.
For all commits, take a look in here --> https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/log/ .
Signed-off-by: Erik Kapfer <ummeegge@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Erik Kapfer [Wed, 8 Apr 2020 08:56:17 +0000 (10:56 +0200)]
ipset: Update to version 7.6
Update includes several userspace and kernel part changes.
For an overview, take a look into the changelog http://ipset.netfilter.org/changelog.html
Signed-off-by: Erik Kapfer <ummeegge@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Peter Müller [Tue, 7 Apr 2020 15:07:18 +0000 (17:07 +0200)]
firewall initscript: slightly improve comments
This patch corrects some typos and does not introduce functional changes.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Peter Müller [Wed, 29 Apr 2020 14:15:27 +0000 (16:15 +0200)]
gcc: disable parallel build
Cc: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Acked-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
* Faster slice-by-8 CRC32 implementation.
see https://lwn.net/Articles/453931/ for motivation.
* Add CMake build.
* Deprecate Visual Studio project files in favor of CMake.
* configure --disable-crc option for fuzzing.
* Various build fixes.
* Documentation and example code fixes.
Version 1.3.3 (2017 November 7)
* Fix an issue with corrupt continued packet handling.
* Update Windows projects and build settings.
* Remove Mac OS 9 build support.
Version 1.3.2 (2014 May 27)
* Fix an bug in oggpack_writecopy().
Version 1.3.1 (2013 May 12)
* Guard against very large packets.
* Respect the configure --docdir override.
* Documentation fixes.
* More Windows build fixes."
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Erik Kapfer [Thu, 2 Apr 2020 11:21:44 +0000 (13:21 +0200)]
strace: Update to version 5.5
The version jump from 4.7 to 5.5 includes several bugfixes and improvements.
For a full overview --> https://github.com/strace/strace/releases .
Signed-off-by: Erik Kapfer <ummeegge@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Erik Kapfer [Thu, 2 Apr 2020 11:14:40 +0000 (13:14 +0200)]
fping: Update to version 4.2
Some bugfixes but also features are included.
The changelog can be found in here --> https://github.com/schweikert/fping/releases/tag/v4.2 .
Signed-off-by: Erik Kapfer <ummeegge@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
For details see:
https://downloads.isc.org/isc/bind9/9.11.18/RELEASE-NOTES-bind-9.11.18.html
"Security Fixes
DNS rebinding protection was ineffective when BIND 9 is configured as a forwarding
DNS server. Found and responsibly reported by Tobias Klein. [GL #1574]
Known Issues
We have received reports that in some circumstances, receipt of an IXFR can cause
the processing of queries to slow significantly. Some of these were related to RPZ
processing, which has been fixed in this release (see below). Others appear to occur
where there are NSEC3-related changes (such as an operator changing the NSEC3 salt
used in the hash calculation). These are being investigated. [GL #1685]"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
For details see:
https://roy.marples.name/archives/dhcpcd-discuss/0002941.html
"* Control sockets are not opened in test mode
* privsep: no longer aborts if protocol not available
* inet6: Don't regen temporary addresses without a state
* inet6: Reduce RA log spam
* dhcp6: Don't log when things consitently fail
* inet6: Add temporary directive to slaac option [1]
* Ensure current interface flags persist when setting a flag
* DHCP via BPF is now aligned correctly
* CMSG buffers are now aligned correctly
* hostnames are no longer clobbered when being forced and a RA is recieved"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
CVE-2020-1967 (OpenSSL advisory) [High severity] 21 April 2020:
Server or client applications that call the SSL_check_chain()
function during or after a TLS 1.3 handshake may crash due
to a NULL pointer dereference as a result of incorrect handling
of the "signature_algorithms_cert" TLS extension.
The crash occurs if an invalid or unrecognised signature algorithm
is received from the peer. This could be exploited by a malicious
peer in a Denial of Service attack.
https://www.openssl.org/news/secadv/20200421.txt
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Thu, 16 Apr 2020 19:27:08 +0000 (19:27 +0000)]
Package the official Go compiler
Since Go has a horrible build system which requires a Go
compiler to build the Go compiler and takes a very long
time to compile, we are following Rust and are using the
"official" pre-compiled release tarball.
We no longer ship the Go runtime, which mitigates the
risk of shipping any malware.
Because we currently only have one package using this
and which is only being compiled for x86_64, we are
only making Go available on this architecture.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
glibc calls clock_nanosleep_time64 syscall even if it not defined in
the headers for this arch and the seccomp filter kills the process
with because an unknown syscall.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>