]>
git.ipfire.org Git - people/pmueller/ipfire-2.x.git/log
Arne Fitzenreiter [Thu, 6 Nov 2014 19:16:58 +0000 (20:16 +0100)]
kernel: update netdev ledtrigger patch.
Arne Fitzenreiter [Wed, 5 Nov 2014 23:09:19 +0000 (00:09 +0100)]
kernel: disable crashing sensor drivers on arm.
Arne Fitzenreiter [Wed, 5 Nov 2014 23:08:55 +0000 (00:08 +0100)]
Merge branch 'seventeen' of git.ipfire.org:/pub/git/ipfire-2.x into seventeen
Arne Fitzenreiter [Wed, 5 Nov 2014 23:08:13 +0000 (00:08 +0100)]
kernel: kirkwood: fix legacy boot patch for dreamplug.
Arne Fitzenreiter [Wed, 5 Nov 2014 23:06:43 +0000 (00:06 +0100)]
flash-images: use third partition again as root.
Timmothy Wilson [Wed, 5 Nov 2014 21:08:02 +0000 (22:08 +0100)]
httpscert: Create certificate with SHA256 hash
Arne Fitzenreiter [Wed, 5 Nov 2014 13:27:59 +0000 (14:27 +0100)]
part/fsresize: fix on systems without initrd.
/proc/mounts has no correct entry for / on such systems.
Use mount instead.
Arne Fitzenreiter [Wed, 5 Nov 2014 13:26:37 +0000 (14:26 +0100)]
kernel: arm-multi: disable hanging sunxi_ss crypto module.
udev loads the problematic module automaticly.
Michael Tremer [Wed, 5 Nov 2014 00:34:27 +0000 (01:34 +0100)]
installer: Fix download of the ISO image
Michael Tremer [Wed, 5 Nov 2014 00:33:59 +0000 (01:33 +0100)]
installer: Don't try to install /etc/hosts which does not exist
Michael Tremer [Wed, 5 Nov 2014 00:33:29 +0000 (01:33 +0100)]
installer: Show better helpline in unattended mode
Michael Tremer [Tue, 4 Nov 2014 22:52:28 +0000 (23:52 +0100)]
Merge remote-tracking branch 'origin/seventeen' into seventeen
Michael Tremer [Tue, 4 Nov 2014 22:52:02 +0000 (23:52 +0100)]
fireinfo: Import latest fixes for ARM
Arne Fitzenreiter [Tue, 4 Nov 2014 19:24:17 +0000 (20:24 +0100)]
kernel: build sunxi crypto driver as module.
Arne Fitzenreiter [Tue, 4 Nov 2014 19:21:05 +0000 (20:21 +0100)]
kernel: readd kirkwood legacy boot code.
Arne Fitzenreiter [Tue, 4 Nov 2014 19:16:17 +0000 (20:16 +0100)]
kernel: enable carl97xx hwrng.
Arne Fitzenreiter [Tue, 4 Nov 2014 19:12:50 +0000 (20:12 +0100)]
Merge branch 'seventeen' of git.ipfire.org:/pub/git/ipfire-2.x into seventeen
Michael Tremer [Mon, 3 Nov 2014 22:41:09 +0000 (23:41 +0100)]
Create Core Update 86
Sascha Kilian [Fri, 31 Oct 2014 15:15:54 +0000 (16:15 +0100)]
nagios+icinga plugins: removed ipv6 support
David Kleuker [Mon, 3 Nov 2014 16:43:25 +0000 (17:43 +0100)]
fix typo
David Kleuker [Mon, 3 Nov 2014 16:33:27 +0000 (17:33 +0100)]
use bash instead of sh
Michael Tremer [Mon, 3 Nov 2014 17:36:31 +0000 (18:36 +0100)]
Merge remote-tracking branch 'origin/seventeen' into seventeen
Michael Tremer [Mon, 3 Nov 2014 17:35:56 +0000 (18:35 +0100)]
installer: Correctly position buttons in dialogs
Arne Fitzenreiter [Sun, 2 Nov 2014 20:45:03 +0000 (21:45 +0100)]
kernel: arm multiarch: enanble xhci.
Arne Fitzenreiter [Sun, 2 Nov 2014 08:38:44 +0000 (09:38 +0100)]
Merge branch 'kernel-test-next' into seventeen
Arne Fitzenreiter [Sun, 2 Nov 2014 08:38:23 +0000 (09:38 +0100)]
Merge branch 'seventeen' of ssh://git.ipfire.org/pub/git/ipfire-2.x into seventeen
Arne Fitzenreiter [Sat, 1 Nov 2014 18:57:51 +0000 (19:57 +0100)]
kernel: use correct external modules at initrd build.
Arne Fitzenreiter [Sat, 1 Nov 2014 16:26:09 +0000 (17:26 +0100)]
kernel: patches and preliminary 3.14 config for arm.
Arne Fitzenreiter [Sat, 1 Nov 2014 16:23:40 +0000 (17:23 +0100)]
flash-images: distro image is not compressed on arm.
Arne Fitzenreiter [Sat, 1 Nov 2014 16:19:09 +0000 (17:19 +0100)]
kernel: rootfile update (i586).
Arne Fitzenreiter [Sat, 1 Nov 2014 16:18:43 +0000 (17:18 +0100)]
glibc: rootfile update (i586)
Arne Fitzenreiter [Fri, 31 Oct 2014 16:32:58 +0000 (17:32 +0100)]
Merge remote-tracking branch 'origin/seventeen' into kernel-test-next
Michael Tremer [Thu, 30 Oct 2014 22:18:31 +0000 (23:18 +0100)]
installer: Create locale archive to save space in the initrd
Erik Kapfer [Thu, 30 Oct 2014 15:42:47 +0000 (16:42 +0100)]
New Addon: tmux
Michael Tremer [Thu, 30 Oct 2014 16:49:43 +0000 (17:49 +0100)]
squidclamav: Fix an error when parsing the client IP address
Michael Tremer [Tue, 28 Oct 2014 01:04:05 +0000 (02:04 +0100)]
Update some stuff for the Italian translation
Umberto Parma [Thu, 23 Oct 2014 12:09:19 +0000 (14:09 +0200)]
Add an Italian translation
file web interface in Italian
Michael Tremer [Mon, 27 Oct 2014 23:49:19 +0000 (00:49 +0100)]
installer: Initialize console font
Michael Tremer [Mon, 27 Oct 2014 22:52:55 +0000 (23:52 +0100)]
Set LatArCyrHeb-16 as default font
Michael Tremer [Sun, 26 Oct 2014 20:00:08 +0000 (21:00 +0100)]
strongswan: Update to 5.2.1
Michael Tremer [Sun, 26 Oct 2014 19:51:14 +0000 (20:51 +0100)]
glibc: Fix build on x86
Some files that are patched for ARM are not available
on the x86 source tree. Hence the sed command should not
be executed.
Michael Tremer [Sun, 26 Oct 2014 19:11:57 +0000 (20:11 +0100)]
Merge remote-tracking branch 'origin/seventeen' into seventeen
Conflicts:
make.sh
Michael Tremer [Sun, 26 Oct 2014 19:11:04 +0000 (20:11 +0100)]
installer: Implement option to run a postinstall script in the installer
Arne Fitzenreiter [Sun, 26 Oct 2014 15:40:04 +0000 (16:40 +0100)]
kernel: update to 3.14.22 (intel only yet).
Arne Fitzenreiter [Sun, 26 Oct 2014 15:38:38 +0000 (16:38 +0100)]
cryptodev: update to unreleased 1.7 from git.
Arne Fitzenreiter [Sun, 26 Oct 2014 15:37:44 +0000 (16:37 +0100)]
glibc: fix build on intel platform.
Michael Tremer [Sun, 26 Oct 2014 15:00:03 +0000 (16:00 +0100)]
installer: Allow to disable creation of swap space on command line
Michael Tremer [Sat, 25 Oct 2014 13:54:45 +0000 (15:54 +0200)]
installer: Fix loads of compiler warnings
Michael Tremer [Sat, 25 Oct 2014 12:56:23 +0000 (14:56 +0200)]
installer: Rework downloading ISO and allow using a custom URL
Arne Fitzenreiter [Fri, 24 Oct 2014 10:00:34 +0000 (12:00 +0200)]
Merge branch 'kernel-test' into seventeen
Arne Fitzenreiter [Fri, 24 Oct 2014 09:58:00 +0000 (11:58 +0200)]
kernel: fix build on rpi.
Arne Fitzenreiter [Thu, 23 Oct 2014 19:58:23 +0000 (21:58 +0200)]
kernel: fix uInit ramdisk build.
Michael Tremer [Thu, 23 Oct 2014 19:57:36 +0000 (21:57 +0200)]
glibc: fix build with new patches.
Michael Tremer [Wed, 22 Oct 2014 23:05:56 +0000 (01:05 +0200)]
installer: Simplify kernel command line parsing
Arne Fitzenreiter [Wed, 22 Oct 2014 19:35:13 +0000 (21:35 +0200)]
set toolchain to 8 and version to 2.17.
Arne Fitzenreiter [Wed, 22 Oct 2014 19:34:42 +0000 (21:34 +0200)]
tzdata: fix build with new coreutils.
Arne Fitzenreiter [Wed, 22 Oct 2014 11:49:54 +0000 (13:49 +0200)]
Revert "Revert "toolchain: Fix compiling due to Stack Protector changes.""
This reverts commit
4ec728f840372f61d61c5019d766f453231eb706 .
Michael Tremer [Tue, 21 Oct 2014 20:30:36 +0000 (22:30 +0200)]
installer: Create a config struct
Michael Tremer [Tue, 21 Oct 2014 19:14:19 +0000 (21:14 +0200)]
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into seventeen
Ersan Yildirim [Mon, 20 Oct 2014 09:59:31 +0000 (11:59 +0200)]
Update Turkish translation
Arne Fitzenreiter [Thu, 16 Oct 2014 09:34:20 +0000 (11:34 +0200)]
core85: set version to core85.
Michael Tremer [Wed, 15 Oct 2014 21:39:20 +0000 (23:39 +0200)]
Merge branch 'install-raid' into seventeen
Conflicts:
make.sh
Michael Tremer [Wed, 15 Oct 2014 21:38:05 +0000 (23:38 +0200)]
installer: Make restoring the backup interactive
Michael Tremer [Wed, 15 Oct 2014 20:55:54 +0000 (22:55 +0200)]
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next
Michael Tremer [Wed, 15 Oct 2014 20:55:26 +0000 (22:55 +0200)]
apache: Disable SSLv3 by default for the IPFire webinterface
Arne Fitzenreiter [Wed, 15 Oct 2014 19:44:29 +0000 (21:44 +0200)]
openssl-compat: update to 0.9.8zc
Arne Fitzenreiter [Wed, 15 Oct 2014 18:42:38 +0000 (20:42 +0200)]
kernel: fix build for rpi.
the eMMC patch is also inside of the rpi patchset from rpi-foundation so it cannot applied again.
Michael Tremer [Wed, 15 Oct 2014 17:48:16 +0000 (19:48 +0200)]
Create Core Update 85
Michael Tremer [Wed, 15 Oct 2014 17:19:15 +0000 (19:19 +0200)]
openssl: Update to version 1.0.1j
OpenSSL Security Advisory [15 Oct 2014]
=======================================
SRTP Memory Leak (CVE-2014-3513)
================================
Severity: High
A flaw in the DTLS SRTP extension parsing code allows an attacker, who
sends a carefully crafted handshake message, to cause OpenSSL to fail
to free up to 64k of memory causing a memory leak. This could be
exploited in a Denial Of Service attack. This issue affects OpenSSL
1.0.1 server implementations for both SSL/TLS and DTLS regardless of
whether SRTP is used or configured. Implementations of OpenSSL that
have been compiled with OPENSSL_NO_SRTP defined are not affected.
OpenSSL 1.0.1 users should upgrade to 1.0.1j.
This issue was reported to OpenSSL on 26th September 2014, based on an original
issue and patch developed by the LibreSSL project. Further analysis of the issue
was performed by the OpenSSL team.
The fix was developed by the OpenSSL team.
Session Ticket Memory Leak (CVE-2014-3567)
==========================================
Severity: Medium
When an OpenSSL SSL/TLS/DTLS server receives a session ticket the
integrity of that ticket is first verified. In the event of a session
ticket integrity check failing, OpenSSL will fail to free memory
causing a memory leak. By sending a large number of invalid session
tickets an attacker could exploit this issue in a Denial Of Service
attack.
OpenSSL 1.0.1 users should upgrade to 1.0.1j.
OpenSSL 1.0.0 users should upgrade to 1.0.0o.
OpenSSL 0.9.8 users should upgrade to 0.9.8zc.
This issue was reported to OpenSSL on 8th October 2014.
The fix was developed by Stephen Henson of the OpenSSL core team.
SSL 3.0 Fallback protection
===========================
Severity: Medium
OpenSSL has added support for TLS_FALLBACK_SCSV to allow applications
to block the ability for a MITM attacker to force a protocol
downgrade.
Some client applications (such as browsers) will reconnect using a
downgraded protocol to work around interoperability bugs in older
servers. This could be exploited by an active man-in-the-middle to
downgrade connections to SSL 3.0 even if both sides of the connection
support higher protocols. SSL 3.0 contains a number of weaknesses
including POODLE (CVE-2014-3566).
OpenSSL 1.0.1 users should upgrade to 1.0.1j.
OpenSSL 1.0.0 users should upgrade to 1.0.0o.
OpenSSL 0.9.8 users should upgrade to 0.9.8zc.
https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00
https://www.openssl.org/~bodo/ssl-poodle.pdf
Support for TLS_FALLBACK_SCSV was developed by Adam Langley and Bodo Moeller.
Build option no-ssl3 is incomplete (CVE-2014-3568)
==================================================
Severity: Low
When OpenSSL is configured with "no-ssl3" as a build option, servers
could accept and complete a SSL 3.0 handshake, and clients could be
configured to send them.
OpenSSL 1.0.1 users should upgrade to 1.0.1j.
OpenSSL 1.0.0 users should upgrade to 1.0.0o.
OpenSSL 0.9.8 users should upgrade to 0.9.8zc.
This issue was reported to OpenSSL by Akamai Technologies on 14th October 2014.
The fix was developed by Akamai and the OpenSSL team.
References
==========
URL for this Security Advisory:
https://www.openssl.org/news/secadv_20141015.txt
Note: the online version of the advisory may be updated with additional
details over time.
For details of OpenSSL severity classifications please see:
https://www.openssl.org/about/secpolicy.html
Arne Fitzenreiter [Wed, 15 Oct 2014 14:11:27 +0000 (16:11 +0200)]
kernel: uodate to 3.10.58.
Ersan Yildirim [Mon, 13 Oct 2014 08:19:45 +0000 (10:19 +0200)]
Update Turkish translation
Michael Tremer [Sun, 12 Oct 2014 14:53:12 +0000 (16:53 +0200)]
installer: Make networking and download functions more user-friendly
Allows to retry after a failed attempt or abort
Michael Tremer [Sun, 12 Oct 2014 13:04:25 +0000 (15:04 +0200)]
installer: Remove reading the path of the downloaded ISO
Michael Tremer [Sun, 12 Oct 2014 12:30:51 +0000 (14:30 +0200)]
installer: Allow to start networking without ISO download
Michael Tremer [Sat, 11 Oct 2014 17:19:14 +0000 (19:19 +0200)]
installer: Remove Makefile of old build system
Michael Tremer [Sat, 11 Oct 2014 17:18:27 +0000 (19:18 +0200)]
installer: Remove old unattended installation code
Michael Tremer [Sat, 11 Oct 2014 16:59:31 +0000 (18:59 +0200)]
installer: Enable new partitioning code to be run in unattended mode
The first disk of the system will automatically be used and
a standard installation will be done. After that is done, the
system will reboot into the freshly installed system and execute
setup.
Arne Fitzenreiter [Sat, 11 Oct 2014 07:26:57 +0000 (09:26 +0200)]
kernel: add eMMC 5.x support.
Arne Fitzenreiter [Sat, 11 Oct 2014 07:14:04 +0000 (09:14 +0200)]
kernel: update to 3.10.57.
Arne Fitzenreiter [Sat, 11 Oct 2014 07:11:10 +0000 (09:11 +0200)]
Merge branch 'master' into kernel-test
Michael Tremer [Sat, 11 Oct 2014 05:18:03 +0000 (07:18 +0200)]
Merge branch 'master' of ssh://git.ipfire.org/pub/git/ipfire-2.x into install-raid
Arne Fitzenreiter [Fri, 10 Oct 2014 16:13:13 +0000 (18:13 +0200)]
Merge branch 'next'
Arne Fitzenreiter [Fri, 10 Oct 2014 16:11:52 +0000 (18:11 +0200)]
core84: add update-lang-cache.
this file is missing on some machines.
Michael Tremer [Fri, 10 Oct 2014 13:03:45 +0000 (15:03 +0200)]
Merge remote-tracking branch 'ms/install-raid' into install-raid
Conflicts:
lfs/bash
Michael Tremer [Fri, 10 Oct 2014 12:52:30 +0000 (14:52 +0200)]
Merge branch 'master' into install-raid
Conflicts:
config/rootfiles/common/bash
lfs/bash
Arne Fitzenreiter [Tue, 7 Oct 2014 16:37:01 +0000 (18:37 +0200)]
Merge remote-tracking branch 'origin/next'
Michael Tremer [Tue, 7 Oct 2014 12:54:12 +0000 (14:54 +0200)]
firewall: Use correct interface for RED
Arne Fitzenreiter [Mon, 6 Oct 2014 10:59:15 +0000 (12:59 +0200)]
kernel: update to 3.10.56.
Michael Tremer [Mon, 6 Oct 2014 10:23:35 +0000 (12:23 +0200)]
bash: Update to version 4.3.30
Fixes #10633.
Arne Fitzenreiter [Mon, 6 Oct 2014 08:11:13 +0000 (10:11 +0200)]
Merge remote-tracking branch 'origin/master' into kernel-test
Arne Fitzenreiter [Sun, 5 Oct 2014 19:44:54 +0000 (21:44 +0200)]
rt2800usb: remove some queue warnings.
Arne Fitzenreiter [Sun, 5 Oct 2014 13:12:44 +0000 (15:12 +0200)]
p2pblock: fix flush rules if all p2p's are allowed.
Arne Fitzenreiter [Sat, 4 Oct 2014 12:18:16 +0000 (14:18 +0200)]
p2pblock: ipp2p must run before CONNTRACK.
And can only used for blocking, not for accept conenections bacause connections must already established for detecting protocol types.
Arne Fitzenreiter [Sat, 4 Oct 2014 11:53:49 +0000 (13:53 +0200)]
Merge branch 'next'
Michael Tremer [Sat, 4 Oct 2014 11:52:15 +0000 (13:52 +0200)]
firewall: fix rules.pl for old rules without ratelimiting.
Michael Tremer [Thu, 2 Oct 2014 16:21:51 +0000 (18:21 +0200)]
squid: Update to 3.4.8
Contains some security fixes:
* CVE-2014-6270
http://www.squid-cache.org/Advisories/SQUID-2014_3.txt
* CVE-2014-7141
CVE-2014-7142
http://www.squid-cache.org/Advisories/SQUID-2014_4.txt
Arne Fitzenreiter [Tue, 30 Sep 2014 21:53:00 +0000 (23:53 +0200)]
Merge remote-tracking branch 'origin/next'
Arne Fitzenreiter [Tue, 30 Sep 2014 21:49:47 +0000 (23:49 +0200)]
bash: rootfile update.
Arne Fitzenreiter [Tue, 30 Sep 2014 17:30:45 +0000 (19:30 +0200)]
Merge remote-tracking branch 'origin/next'
Michael Tremer [Sat, 26 Jul 2014 19:08:12 +0000 (21:08 +0200)]
parted: Update to 3.1.