]>
git.ipfire.org Git - ipfire-2.x.git/log
Michael Tremer [Tue, 8 Mar 2016 22:44:01 +0000 (22:44 +0000)]
bird: New package
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 8 Feb 2016 01:52:18 +0000 (01:52 +0000)]
core98: Ship changed /etc/ppp/ip-up
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Sun, 7 Feb 2016 12:45:32 +0000 (13:45 +0100)]
New IP-address of 'ping.ipfire.org'
Telekom gateways (e.g.) don't answer 'pings', therefor '/etc/ppp/ip-up'
uses 'ping.ipfire.org' for the 'gateway Graph' in 'Status / Network (other'.
After moving the infrastructure, several IP addresses were changed.
'178.63.73.246' doesn't work anymore for 'ping.ipfire.org', its now '81.3.27.38'.
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 8 Feb 2016 01:40:35 +0000 (01:40 +0000)]
core98: Ship recently updated grep and sed
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Sun, 31 Jan 2016 13:49:17 +0000 (14:49 +0100)]
grep: Update to 2.22
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Sun, 31 Jan 2016 13:44:05 +0000 (14:44 +0100)]
sed: Update to 4.2.2
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 8 Feb 2016 01:33:15 +0000 (01:33 +0000)]
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next
Arne Fitzenreiter [Sun, 7 Feb 2016 08:38:20 +0000 (09:38 +0100)]
kernel: disable grsecurity KSTACKOVERFLOW.
this is the reason for crashes usb lan dongles and media devices.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Fri, 5 Feb 2016 10:24:03 +0000 (10:24 +0000)]
firewall: Fix MAC filter
Packets destined for the firewall coming in from the blue
device where accepted too early to be processed by the
firewall input chain rules.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 4 Feb 2016 14:35:55 +0000 (14:35 +0000)]
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next
Michael Tremer [Thu, 4 Feb 2016 14:31:53 +0000 (14:31 +0000)]
wirelessctrl: Remove some unused code
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Arne Fitzenreiter [Mon, 1 Feb 2016 06:28:03 +0000 (07:28 +0100)]
dhcpcd: rework mtu handling on buggy nic's
some nic's loose the carrier after setting new mtu.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Sat, 30 Jan 2016 16:37:21 +0000 (16:37 +0000)]
core98: Ship updated tzdata
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Sat, 30 Jan 2016 10:07:46 +0000 (11:07 +0100)]
tzdata: Update to 2016a
Fixes https://bugzilla.ipfire.org/show_bug.cgi?id=11034
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Arne Fitzenreiter [Fri, 29 Jan 2016 13:25:25 +0000 (14:25 +0100)]
kernel: update to 3.14.60
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Thu, 28 Jan 2016 21:08:08 +0000 (22:08 +0100)]
set core to 98 and move 97 to oldcore
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Thu, 28 Jan 2016 15:20:16 +0000 (16:20 +0100)]
finish core97
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Thu, 28 Jan 2016 14:58:46 +0000 (15:58 +0100)]
openssl: security update to 1.0.2f
changes:
* DH small subgroups - CVE-2016-0701
* SSLv2 doesn't block disabled ciphers - CVE-2015-3197
* Reject DH handshakes with parameters shorter than 1024 bits
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Thu, 28 Jan 2016 12:24:50 +0000 (13:24 +0100)]
hwdate: update databases
pci.ids: 2016.01.28
usb.ids: 2015.12.17
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Thu, 28 Jan 2016 12:08:59 +0000 (13:08 +0100)]
core97: prepare new core97 with openssl and openssh update.
the update itself has to be done...
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Thu, 28 Jan 2016 12:03:39 +0000 (13:03 +0100)]
rename core97 to 98 because we have to insert OpenSSL security update
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Thu, 28 Jan 2016 12:02:09 +0000 (13:02 +0100)]
backports: update to 4.2.6
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Tue, 26 Jan 2016 17:02:00 +0000 (18:02 +0100)]
rsync: update to 3.1.2
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Mon, 25 Jan 2016 19:15:06 +0000 (20:15 +0100)]
kernel: update to 3.14.59
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Sat, 23 Jan 2016 01:46:42 +0000 (01:46 +0000)]
squid: Actually make --with-filedescriptors work
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 23 Jan 2016 00:41:02 +0000 (00:41 +0000)]
core97: Ship updated CGI files
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 23 Jan 2016 00:39:24 +0000 (00:39 +0000)]
Merge remote-tracking branch 'meitelwein/web-gui-ipv6' into next
Michael Tremer [Sat, 23 Jan 2016 00:39:19 +0000 (00:39 +0000)]
Merge remote-tracking branch 'origin/master' into next
Daniel Weismüller [Fri, 22 Jan 2016 11:10:19 +0000 (12:10 +0100)]
cmake: Disable parallelism
Building cmake uses a high amount of memory (>2G) and
fails to build on my system. Using less processes reduces
memory usage and lets the build succeed.
Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 22 Jan 2016 00:55:46 +0000 (00:55 +0000)]
Update translations
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 22 Jan 2016 00:55:25 +0000 (00:55 +0000)]
core97: Ship iptables conntrack changes
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 22 Jan 2016 00:54:14 +0000 (00:54 +0000)]
Merge remote-tracking branch 'ms/iptables-conntrack' into next
Michael Tremer [Fri, 22 Jan 2016 00:49:15 +0000 (00:49 +0000)]
Merge branch 'hyper-v-fixes' into next
Arne Fitzenreiter [Wed, 20 Jan 2016 18:28:56 +0000 (19:28 +0100)]
toolchain: fix build on hosts that not support strong stackprotect
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Tue, 19 Jan 2016 00:07:07 +0000 (00:07 +0000)]
core97: Ship updated webaccess.cgi
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Erik Kapfer [Mon, 18 Jan 2016 09:14:10 +0000 (10:14 +0100)]
webaccess.cgi: Fixed language settings.
Fix for #10879. Added also use strict.
Signed-off-by: Erik Kapfer <erik.kapfer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 18 Jan 2016 22:26:23 +0000 (22:26 +0000)]
Improve hardening by using -fstack-protector-strong
This functionality is now available for us since we updated
to GCC 4.9 and just improves the stack smashing protector
in GCC.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Tue, 12 Jan 2016 17:46:52 +0000 (18:46 +0100)]
nano: Update to 2.5.1
Excerpt form 'NEWS':
"It includes fixes for a syntax-highlighting bug and a positionlog bug,
it disables a time-eating multiline regex in the C syntax,
and it adds an escape hatch to the WriteOut menu when
--tempfile is used: the discardbuffer command, ^Q. It
also has translation updates for fifteen languages, and
a small fix in the softwrap code."
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 17 Jan 2016 18:51:47 +0000 (18:51 +0000)]
core97: Ship updated openssh
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Fri, 15 Jan 2016 16:43:50 +0000 (17:43 +0100)]
openssh: Update to 7.1p2
Fixes CVE-2016-0777
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 17 Jan 2016 18:49:03 +0000 (18:49 +0000)]
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next
Arne Fitzenreiter [Fri, 15 Jan 2016 06:20:34 +0000 (07:20 +0100)]
toolchain: bump version number
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Thu, 14 Jan 2016 15:08:24 +0000 (16:08 +0100)]
gcc: remove gdb python files also in root build.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Thu, 14 Jan 2016 02:55:54 +0000 (03:55 +0100)]
toolchain: move *.py remove to correct pass.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Wed, 13 Jan 2016 18:04:56 +0000 (19:04 +0100)]
toolchain: enable bootstrap and remove *.py files from lib.
only with bootstrap the gcc pass2 build works on arm.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Wed, 13 Jan 2016 06:24:34 +0000 (07:24 +0100)]
kernel: disable RANDSTRUCT
RANDSRUCT is incompatible with ccache build.
fixes #10905
fixes #11012
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Sun, 10 Jan 2016 21:20:49 +0000 (21:20 +0000)]
core97: Ship updated ntp
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Sat, 9 Jan 2016 19:39:45 +0000 (20:39 +0100)]
ntp 4.2.8p5: removed obsolete patch file
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Sat, 9 Jan 2016 19:29:41 +0000 (20:29 +0100)]
ntp: Update to 4.2.8p5
"...addresses 1 medium-severity security issue, 14 bugfixes,
and contains other improvements over 4.2.8p4."
For a complete list, see:
http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 10 Jan 2016 19:35:42 +0000 (19:35 +0000)]
grub: Disable hardening for grub-script-check
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 9 Jan 2016 19:48:21 +0000 (19:48 +0000)]
ccache: Include hash of compiler specs in hashing
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Eitelwein [Sat, 9 Jan 2016 19:09:58 +0000 (20:09 +0100)]
No code changes, fixed formatting by replacing spaces with tabs
Michael Tremer [Sat, 9 Jan 2016 14:56:33 +0000 (14:56 +0000)]
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next
Michael Tremer [Thu, 7 Jan 2016 23:47:39 +0000 (23:47 +0000)]
timectrl: Stop ntp daemon when disabled
Fixes #11000
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Eitelwein [Thu, 7 Jan 2016 18:40:24 +0000 (19:40 +0100)]
Fixed detection of firewall chain when bridge is used for ipv6
Signed-off-by: Michael Eitelwein <michael@eitelwein.net>
Michael Eitelwein [Thu, 7 Jan 2016 15:55:11 +0000 (16:55 +0100)]
Firewall chain was not extracted correctly when ipv6 uses bridge
Signed-off-by: Michael Eitelwein <michael@eitelwein.net>
Arne Fitzenreiter [Thu, 7 Jan 2016 16:41:43 +0000 (17:41 +0100)]
toolchain: fix full toolchain crossbuild
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Thu, 7 Jan 2016 16:41:16 +0000 (17:41 +0100)]
binutils: update to 2.24
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Eitelwein [Thu, 7 Jan 2016 14:24:13 +0000 (15:24 +0100)]
Fix regex to extract firewall chain for ipv6 in showrequestfrom*.dat
If bridged ipv6 is used, $iface is taken from PHYSIN
In the log line the order of fields is "... IN=XY OUT=XY PHYSIN=XY ..."
Signed-off-by: Michael Eitelwein <michael@eitelwein.net>
Michael Eitelwein [Thu, 7 Jan 2016 13:00:01 +0000 (14:00 +0100)]
Enable correct display of ipv6 entries in Firewall log pages of web UI.
3 main changes:
- Fill $iface and $out from PHYSIN and PHYSOUT when looking at bridged packets, othwerwise fill from IN and OUT
- Recognize ipv4 and ipv6 address style for $srcaddr and $dstaddr
- Match color coding of tables to pie charts (see seperate patch sent earlier)
I am using the bridged ipv6 setup as proposed in the wiki. I do not think this breaks anything when not using ipv6. So it would be nice to include this even if ipv6 is not officially supported yet. It is quite useful when using the ipv6 setup.
Signed-off-by: Michael Eitelwein <michael@eitelwein.net>
---
Daniel Weismüller [Wed, 6 Jan 2016 13:56:18 +0000 (14:56 +0100)]
owncloud: updated to version 7.0.11
Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 6 Jan 2016 15:05:37 +0000 (15:05 +0000)]
dnsdist: Don't build on ARM
There seem to be some serious C++ issues in this so that
it won't build on ARM.
At the moment I do not have any resources to look further
into this, so I just disable building this package for
all ARM architectures.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 5 Jan 2016 21:00:19 +0000 (21:00 +0000)]
QoS: Improve saving enabled/disable state
It was reported that the QoS did not stop when
the user clicked the "stop" button. This patch
fixes that.
Fixes #10664
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Acked-by: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Michael Tremer [Tue, 5 Jan 2016 20:44:26 +0000 (20:44 +0000)]
qosctrl: Cleanup code by replacing hardcoded paths
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 4 Jan 2016 22:46:13 +0000 (22:46 +0000)]
core97: Ship updated openvpn package
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Erik Kapfer [Tue, 7 Jul 2015 11:13:35 +0000 (13:13 +0200)]
openvpn: Update to version 2.3.7, added --verify-x509-name directive.
The tls-remote directive is deprecated and will be removed with
OpenVPN version 2.4 . Added instead --verify-x509-name HOST name
into ovpnmain.cgi.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Sat, 26 Dec 2015 23:20:13 +0000 (00:20 +0100)]
bind: Update to 9.10.3-P2
Changelog:
[security]
Update allowed OpenSSL versions as named is potentially
vulnerable to CVE-2015-3193.
[maint]
H.ROOT-SERVERS.NET is 198.97.190.53 and 2001:500:1::53. [RT #40556]
[security]
Insufficient testing when parsing a message allowed
records with an incorrect class to be be accepted,
triggering a REQUIRE failure when those records
were subsequently cached. (CVE-2015-8000) [RT #40987]
[security]
Address fetch context reference count handling error
on socket error. (CVE-2015-8461) [RT#40945]
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 28 Dec 2015 14:37:02 +0000 (15:37 +0100)]
core97: Ship dnsmasq
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Thu, 24 Dec 2015 09:17:16 +0000 (10:17 +0100)]
dnsmasq 2.75: latest patches from upstream
Same procedure as... :-)
Best to all for xmas and 2016!
Matthias
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 28 Dec 2015 14:30:13 +0000 (15:30 +0100)]
core97: Ship pgrep with the updater
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Arne Fitzenreiter [Sat, 26 Dec 2015 16:37:53 +0000 (17:37 +0100)]
ncurses: rootfile update.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Sat, 26 Dec 2015 16:34:13 +0000 (17:34 +0100)]
dnsdist: rootfile update.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Sat, 26 Dec 2015 16:33:30 +0000 (17:33 +0100)]
diffutils: rootfile update.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Sat, 26 Dec 2015 12:16:59 +0000 (13:16 +0100)]
gcc: include libstdc++ to rootfile
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Fri, 25 Dec 2015 11:45:05 +0000 (12:45 +0100)]
vdr_eepg: fix source download.
the external server has changed the compression so the md5 has changed.
Always use the IPFire server as primary download source.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Wed, 23 Dec 2015 10:32:53 +0000 (11:32 +0100)]
core96: remove rrd ramdisk entry from fstab
Arne Fitzenreiter [Wed, 23 Dec 2015 09:14:26 +0000 (10:14 +0100)]
kernel: apply arm-multi grsecurity fixes only at arm-multi build
Michael Tremer [Thu, 10 Dec 2015 21:25:27 +0000 (21:25 +0000)]
dnsdist: New package
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 10 Dec 2015 21:10:06 +0000 (21:10 +0000)]
lua: New package
Simple scripting language. Supposed to be fast. Needed for dnsdist.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 22 Dec 2015 22:27:10 +0000 (22:27 +0000)]
Disable packaging mediatomb
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 22 Dec 2015 22:25:18 +0000 (22:25 +0000)]
linux: Fix build of kernel and headers package
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 22 Dec 2015 15:10:31 +0000 (15:10 +0000)]
core96: Regenerate language cache
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 15 Dec 2015 18:30:56 +0000 (18:30 +0000)]
linux: Backport Hyper-V network driver
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 12 Dec 2015 15:31:33 +0000 (15:31 +0000)]
kernel: Add grsecurity compile fix
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 4 Dec 2015 22:11:49 +0000 (22:11 +0000)]
mediatomb: Disable build because it FTBFS
The upstream project seems to be dead
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 10 Dec 2015 17:47:33 +0000 (17:47 +0000)]
gcc: Update armv5tel rootfile
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 10 Dec 2015 14:40:36 +0000 (14:40 +0000)]
gcc: Update x86_64 rootfile
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 4 Dec 2015 21:24:14 +0000 (21:24 +0000)]
gcc: Update to version 4.9.3
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 4 Dec 2015 21:22:30 +0000 (21:22 +0000)]
glibc: Fix headers to build with new GCC
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 4 Dec 2015 21:21:32 +0000 (21:21 +0000)]
libmpc: New package
A dependency for GCC
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 22 Dec 2015 12:34:59 +0000 (12:34 +0000)]
core97: Ship updated bind package
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 22 Dec 2015 12:34:18 +0000 (12:34 +0000)]
Create Core Update 97
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 22 Dec 2015 11:11:24 +0000 (11:11 +0000)]
Move Core Update 96 to oldcore
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Sat, 7 Nov 2015 06:33:57 +0000 (07:33 +0100)]
bind: Update to 9.10.3
bind: Update to 9.10.3
Security fixes:
An incorrect boundary check in the OPENPGPKEY rdatatype could trigger an assertion failure. This flaw is disclosed in CVE-2015-5986. [RT #40286]
A buffer accounting error could trigger an assertion failure when parsing certain malformed DNSSEC keys.
This flaw was discovered by Hanno Böck of the Fuzzing Project, and is disclosed in CVE-2015-5722. [RT #40212]
A specially crafted query could trigger an assertion failure in message.c.
This flaw was discovered by Jonathan Foote, and is disclosed in CVE-2015-5477. [RT #40046]
On servers configured to perform DNSSEC validation, an assertion failure could be triggered on answers from a specially configured server.
This flaw was discovered by Breno Silveira Soares, and is disclosed in CVE-2015-4620. [RT #39795]
Bug fixes:
Asynchronous zone loads were not handled correctly when the zone load was already in progress; this could trigger a crash in zt.c. [RT #37573]
A race during shutdown or reconfiguration could cause an assertion failure in mem.c. [RT #38979]
Some answer formatting options didn't work correctly with dig +short. [RT #39291]
Malformed records of some types, including NSAP and UNSPEC, could trigger assertion failures when loading text zone files. [RT #40274] [RT #40285]
Fixed a possible crash in ratelimiter.c caused by NOTIFY messages being removed from the wrong rate limiter queue. [RT #40350]
The default rrset-order of random was inconsistently applied. [RT #40456]
BADVERS responses from broken authoritative name servers were not handled correctly. [RT #40427]
Several bugs have been fixed in the RPZ implementation.
For a complete list, see:
https://kb.isc.org/article/AA-01306/0/BIND-9.10.3-Release-Notes.html
Regards,
Matthias
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 22 Dec 2015 10:27:26 +0000 (10:27 +0000)]
core96: Correctly call qosctrl
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 22 Dec 2015 10:26:27 +0000 (10:26 +0000)]
core96: Fix deleting the old ramdisk directory
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Arne Fitzenreiter [Sun, 20 Dec 2015 19:19:43 +0000 (20:19 +0100)]
core96: set pakfire version to 96.
Michael Tremer [Sat, 19 Dec 2015 14:12:29 +0000 (14:12 +0000)]
curl: Fix certificate validation
curl did not find the certificate bundle so that server
certificates could not be verified.
Fixes #10995
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 19 Dec 2015 14:09:10 +0000 (14:09 +0000)]
strongswan: Update to 5.3.5
Also ships a fix for #853 upstream.
Fixes #10998
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 18 Dec 2015 23:42:15 +0000 (23:42 +0000)]
core96: Ship updated grub
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>