]>
git.ipfire.org Git - people/dweismueller/ipfire-2.x.git/log
Arne Fitzenreiter [Sat, 4 Oct 2014 11:53:49 +0000 (13:53 +0200)]
Merge branch 'next'
Michael Tremer [Sat, 4 Oct 2014 11:52:15 +0000 (13:52 +0200)]
firewall: fix rules.pl for old rules without ratelimiting.
Michael Tremer [Thu, 2 Oct 2014 16:21:51 +0000 (18:21 +0200)]
squid: Update to 3.4.8
Contains some security fixes:
* CVE-2014-6270
http://www.squid-cache.org/Advisories/SQUID-2014_3.txt
* CVE-2014-7141
CVE-2014-7142
http://www.squid-cache.org/Advisories/SQUID-2014_4.txt
Arne Fitzenreiter [Tue, 30 Sep 2014 21:53:00 +0000 (23:53 +0200)]
Merge remote-tracking branch 'origin/next'
Arne Fitzenreiter [Tue, 30 Sep 2014 21:49:47 +0000 (23:49 +0200)]
bash: rootfile update.
Arne Fitzenreiter [Tue, 30 Sep 2014 17:30:45 +0000 (19:30 +0200)]
Merge remote-tracking branch 'origin/next'
Michael Tremer [Sat, 26 Jul 2014 19:08:12 +0000 (21:08 +0200)]
parted: Update to 3.1.
Arne Fitzenreiter [Tue, 30 Sep 2014 07:33:27 +0000 (09:33 +0200)]
set PAK_VER to core84.
Arne Fitzenreiter [Tue, 30 Sep 2014 07:32:01 +0000 (09:32 +0200)]
Merge remote-tracking branch 'origin/next'
Michael Tremer [Sat, 26 Jul 2014 20:02:03 +0000 (22:02 +0200)]
readline: Re-add accidentially deleted patches of -compat package
Michael Tremer [Mon, 29 Sep 2014 19:29:57 +0000 (21:29 +0200)]
bash: Import patch for version 4.3.27
See #10633
Michael Tremer [Mon, 29 Sep 2014 11:52:16 +0000 (13:52 +0200)]
core84: Add updated readline
Michael Tremer [Sat, 26 Jul 2014 17:56:54 +0000 (19:56 +0200)]
readline: Update to 6.3.
Michael Tremer [Fri, 26 Sep 2014 10:46:44 +0000 (12:46 +0200)]
bash: Import upstream fixes
Michael Tremer [Thu, 25 Sep 2014 17:38:23 +0000 (19:38 +0200)]
bash: Import fix for CVE-2014-7169
http://www.openwall.com/lists/oss-security/2014/09/25/10
Conflicts:
lfs/bash
Michael Tremer [Wed, 24 Sep 2014 19:02:22 +0000 (21:02 +0200)]
bash: Fix for CVE-2014-6271
A flaw was found in the way Bash evaluated certain specially crafted
environment variables. An attacker could use this flaw to override
or bypass environment restrictions to execute shell commands.
Certain services and applications allow remote unauthenticated
attackers to provide environment variables, allowing them to exploit
this issue.
Michael Tremer [Sat, 26 Jul 2014 18:00:17 +0000 (20:00 +0200)]
bash: Update to 4.3.
Conflicts:
lfs/bash
Arne Fitzenreiter [Mon, 29 Sep 2014 11:44:26 +0000 (13:44 +0200)]
fix merge problem.
Michael Tremer [Sun, 28 Sep 2014 11:32:17 +0000 (13:32 +0200)]
core84: Add changed /etc/rc.d/init.d/network
Michael Tremer [Sun, 28 Sep 2014 11:31:53 +0000 (13:31 +0200)]
Merge remote-tracking branch 'teissler/bug_10454' into next
Timo Eissler [Sat, 27 Sep 2014 21:28:04 +0000 (23:28 +0200)]
network: move start of static-routes
Fixes #10454
Create static routes after network interfaces are initialised.
Timo Eissler [Sat, 27 Sep 2014 21:16:57 +0000 (23:16 +0200)]
network: fix coding style
Michael Tremer [Sat, 27 Sep 2014 21:00:05 +0000 (23:00 +0200)]
Merge remote-tracking branch 'teissler/bug_10535' into next
Michael Tremer [Sat, 27 Sep 2014 20:59:05 +0000 (22:59 +0200)]
Fix wording. Remove "got".
Fixes #10632
Timo Eissler [Sat, 27 Sep 2014 20:24:26 +0000 (22:24 +0200)]
urlfilter.cgi: enhance file extension blocking
Fixes #10535
Add flv, mkv and mp4 as audio/video file exentions.
Add 7z as archive file extension.
Michael Tremer [Sat, 27 Sep 2014 18:43:49 +0000 (20:43 +0200)]
core84: Add changed urlfilter.cgi
Michael Tremer [Sat, 27 Sep 2014 18:43:23 +0000 (20:43 +0200)]
Merge remote-tracking branch 'teissler/Bug_10415' into next
Timo Eissler [Fri, 26 Sep 2014 20:15:13 +0000 (22:15 +0200)]
urlfilter.cgi: safe search enhancements
Fixes: #10415
Activate bing safe search.
Add nwshp to google url patterns.
Alexander Marx [Wed, 17 Sep 2014 13:52:45 +0000 (15:52 +0200)]
squid-accounting: set right permissions of html directory for graphs and logo
Michael Tremer [Fri, 26 Sep 2014 11:03:48 +0000 (13:03 +0200)]
core84: Add changed files from #10620
Michael Tremer [Fri, 26 Sep 2014 11:03:22 +0000 (13:03 +0200)]
Merge remote-tracking branch 'amarx/BUG10620' into next
Michael Tremer [Fri, 26 Sep 2014 11:02:28 +0000 (13:02 +0200)]
Merge remote-tracking branch 'amarx/BUG10615' into next
Michael Tremer [Fri, 26 Sep 2014 11:00:38 +0000 (13:00 +0200)]
core84: Add changed files from fw-checksubnet branch
Michael Tremer [Fri, 26 Sep 2014 10:59:26 +0000 (12:59 +0200)]
Merge remote-tracking branch 'amarx/fw-checksubnet' into next
Michael Tremer [Fri, 26 Sep 2014 10:58:13 +0000 (12:58 +0200)]
core84: Add changed files from the firewall-dnat branch
Michael Tremer [Fri, 26 Sep 2014 10:55:55 +0000 (12:55 +0200)]
Merge remote-tracking branch 'amarx/firewall-dnat' into next
Conflicts:
config/firewall/rules.pl
Michael Tremer [Fri, 26 Sep 2014 10:42:27 +0000 (12:42 +0200)]
bash: Import upstream patches for CVE-2014-6271 and CVE-2014-7169
Michael Tremer [Fri, 26 Sep 2014 10:25:48 +0000 (12:25 +0200)]
core84: Add dnsmasq update
Michael Tremer [Fri, 26 Sep 2014 10:24:16 +0000 (12:24 +0200)]
Create core update 84
Michael Tremer [Fri, 26 Sep 2014 10:21:18 +0000 (12:21 +0200)]
Merge branch 'master' into next
Michael Tremer [Thu, 25 Sep 2014 19:16:01 +0000 (21:16 +0200)]
dnsmasq: Update to 2.72
Arne Fitzenreiter [Thu, 25 Sep 2014 18:37:55 +0000 (20:37 +0200)]
core83: set version to core83.
Arne Fitzenreiter [Thu, 25 Sep 2014 18:36:06 +0000 (20:36 +0200)]
core83: reload init at update because glibc changes.
Michael Tremer [Thu, 25 Sep 2014 17:38:23 +0000 (19:38 +0200)]
bash: Import fix for CVE-2014-7169
http://www.openwall.com/lists/oss-security/2014/09/25/10
Michael Tremer [Wed, 24 Sep 2014 18:39:43 +0000 (20:39 +0200)]
Merge branch 'master' into next
Michael Tremer [Wed, 24 Sep 2014 18:38:59 +0000 (20:38 +0200)]
core83: add changed files
Michael Tremer [Wed, 24 Sep 2014 18:31:55 +0000 (20:31 +0200)]
Create core update 83
Michael Tremer [Wed, 24 Sep 2014 16:48:35 +0000 (18:48 +0200)]
bash: Fix for CVE-2014-6271
A flaw was found in the way Bash evaluated certain specially crafted
environment variables. An attacker could use this flaw to override
or bypass environment restrictions to execute shell commands.
Certain services and applications allow remote unauthenticated
attackers to provide environment variables, allowing them to exploit
this issue.
Stefan Schantl [Sat, 20 Sep 2014 09:49:39 +0000 (11:49 +0200)]
urlfilter.cgi: Fix path to squidGuard binary when converting custom blacklists.
Fixes #10626.
Alexander Marx [Fri, 5 Sep 2014 06:12:44 +0000 (08:12 +0200)]
fw-groups: fix language strings
Stefan Schantl [Tue, 16 Sep 2014 18:37:16 +0000 (20:37 +0200)]
logs.cgi/ids.dat: Change url for snort sid details.
Fixes #10578.
Alexander Marx [Thu, 11 Sep 2014 15:13:07 +0000 (17:13 +0200)]
BUG10620: reload firewall.local in rules.pl, no longer in initscript
Alexander Marx [Thu, 11 Sep 2014 13:10:48 +0000 (15:10 +0200)]
BUG10615: fix wrong values in firewall.cgi
Alexander Marx [Thu, 11 Sep 2014 12:01:28 +0000 (14:01 +0200)]
BUG10615 part3: adapt rules.pl to use connectionlimit and ratelimit
Alexander Marx [Thu, 11 Sep 2014 11:59:54 +0000 (13:59 +0200)]
BUG10615 part2: Add ratelimit to firewallgui
Alexander Marx [Thu, 11 Sep 2014 08:59:25 +0000 (10:59 +0200)]
BUG10615 part1: Add connectionlimit to firewallgui
Arne Fitzenreiter [Tue, 9 Sep 2014 17:20:54 +0000 (19:20 +0200)]
openssl-compat: update to 0.9.8zb.
Arne Fitzenreiter [Tue, 9 Sep 2014 15:57:27 +0000 (17:57 +0200)]
Merge remote-tracking branch 'origin/master' into core82
Arne Fitzenreiter [Tue, 9 Sep 2014 15:54:27 +0000 (17:54 +0200)]
xen-image: add xz-aware xen version hint to README.
Michael Tremer [Sat, 6 Sep 2014 16:44:50 +0000 (18:44 +0200)]
general-functions.pl: Fix perl coding error
Michael Tremer [Thu, 4 Sep 2014 09:13:41 +0000 (11:13 +0200)]
general-functions.pl: Fix syntax error
Michael Tremer [Wed, 3 Sep 2014 20:23:04 +0000 (22:23 +0200)]
general-functions.pl: Subroutine getnetworkip() accepted multiple arguments
Michael Tremer [Sat, 6 Sep 2014 16:44:50 +0000 (18:44 +0200)]
general-functions.pl: Fix perl coding error
Arne Fitzenreiter [Fri, 5 Sep 2014 19:56:01 +0000 (21:56 +0200)]
rsync: update to 3.1.1.
Alexander Marx [Fri, 5 Sep 2014 06:09:54 +0000 (08:09 +0200)]
fw-groups: cleanup checksubnets
Now the checksubnets function from general-functions.pl is used.
Michael Tremer [Thu, 4 Sep 2014 09:13:41 +0000 (11:13 +0200)]
general-functions.pl: Fix syntax error
Michael Tremer [Wed, 3 Sep 2014 20:23:04 +0000 (22:23 +0200)]
general-functions.pl: Subroutine getnetworkip() accepted multiple arguments
Michael Tremer [Wed, 3 Sep 2014 19:49:01 +0000 (21:49 +0200)]
glibc: Import several fixes from RHEL.
Fixes #10611, CVE-2014-5119 among other bug fixes.
Alexander Marx [Mon, 1 Sep 2014 09:11:25 +0000 (11:11 +0200)]
Squid-accounting: revert setlocale because thevalues are not correctly with this setting
Michael Tremer [Thu, 28 Aug 2014 15:01:44 +0000 (17:01 +0200)]
proxy.cgi: Move ACL definitions up
ACl definitions could not be used in some other directives
unless they are defined earlier.
Michael Tremer [Thu, 28 Aug 2014 14:09:31 +0000 (16:09 +0200)]
squid: Update to 3.4.7
Solves a DoS issue "Ignore Range headers with unidentifiable byte-range values"
filed under security advisory SQUID-2014:2 and CVE-2014-3609.
Michael Tremer [Sun, 24 Aug 2014 13:22:04 +0000 (15:22 +0200)]
findutils: Cannot use exec here or the lockfile won't be removed
Michael Tremer [Sun, 24 Aug 2014 13:14:25 +0000 (15:14 +0200)]
minidlna: Update to 1.1.3
Fixes #10573
Michael Tremer [Sun, 24 Aug 2014 12:46:06 +0000 (14:46 +0200)]
findutils: Run updatedb once a week
As suggested in bug #10303
Arne Fitzenreiter [Sat, 23 Aug 2014 15:06:40 +0000 (17:06 +0200)]
Merge branch 'core82' of ssh://git.ipfire.org/pub/git/ipfire-2.x into core82
Arne Fitzenreiter [Sat, 23 Aug 2014 07:36:01 +0000 (09:36 +0200)]
perl-PDF-API2: rootfile fix for arm.
Arne Fitzenreiter [Fri, 22 Aug 2014 15:03:19 +0000 (17:03 +0200)]
samba: bump PAK_VER.
Arne Fitzenreiter [Fri, 22 Aug 2014 10:05:39 +0000 (12:05 +0200)]
sane: depends on cups libs.
Arne Fitzenreiter [Fri, 22 Aug 2014 07:27:18 +0000 (09:27 +0200)]
core82: add iputils to update.
Arne Fitzenreiter [Fri, 22 Aug 2014 07:17:27 +0000 (09:17 +0200)]
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next
Conflicts:
lfs/iputils
Arne Fitzenreiter [Thu, 21 Aug 2014 21:38:30 +0000 (23:38 +0200)]
core82: finish update
Michael Tremer [Thu, 21 Aug 2014 14:12:43 +0000 (16:12 +0200)]
firewall: Fix initialization when RED has not been brought up yet
Michael Tremer [Thu, 21 Aug 2014 08:47:11 +0000 (10:47 +0200)]
Rootfile update
Michael Tremer [Thu, 21 Aug 2014 08:46:34 +0000 (10:46 +0200)]
initscripts: Remove old firewall-reload symlink
Arne Fitzenreiter [Wed, 20 Aug 2014 19:56:35 +0000 (21:56 +0200)]
iputils: Ship tracepath
Arne Fitzenreiter [Tue, 19 Aug 2014 14:17:13 +0000 (16:17 +0200)]
ppp: update to 2.4.7.
Fix for ms-chap-v2.
fixes #10575.
Michael Tremer [Thu, 14 Aug 2014 10:45:37 +0000 (12:45 +0200)]
core82: Add changed files
Michael Tremer [Thu, 14 Aug 2014 10:27:56 +0000 (12:27 +0200)]
Move core updates 80 and 81 to oldcore.
Michael Tremer [Thu, 14 Aug 2014 10:27:15 +0000 (12:27 +0200)]
Create empty core update 82.
Michael Tremer [Mon, 11 Aug 2014 09:49:31 +0000 (11:49 +0200)]
proxy: Allow HTTP Basic authentication against Active Directory servers
Some clients may not support NTLMv2. Basic authentication can
now be activated. This is dangerous as it sends the credentials
in cleartext to the proxy server.
Axel Gembe [Mon, 11 Aug 2014 04:23:58 +0000 (12:23 +0800)]
general-functions.pl: validdomainname misinterprets RFC1035
The function validdomainname checks that each part of a domain name is at least
2 characters in length, but RFC1035 only makes a restriction on a "label" being
at most 63 characters in length. This change allows reverse DNS zones like
2.168.192.in-addr.arpa to be added to the DNS forward configuration, which was
incorrectly prevented before.
Signed-off-by: Axel Gembe <ago@multipixs.com>
Timo Eissler [Thu, 7 Aug 2014 18:11:22 +0000 (20:11 +0200)]
firewall: updated rootfiles
Timo Eissler [Thu, 7 Aug 2014 17:00:58 +0000 (19:00 +0200)]
firewall: fix faulty masquerading packets
Arne Fitzenreiter [Fri, 8 Aug 2014 06:51:53 +0000 (08:51 +0200)]
Merge branch 'master' into next
Arne Fitzenreiter [Fri, 8 Aug 2014 06:14:29 +0000 (08:14 +0200)]
core81: set need reboot flag and restart apache.
Michael Tremer [Thu, 7 Aug 2014 19:06:13 +0000 (21:06 +0200)]
Merge remote-tracking branch 'ms/ddns.cgi-fixes' into next
Conflicts:
html/cgi-bin/ddns.cgi
Stefan Schantl [Sat, 26 Jul 2014 16:26:37 +0000 (18:26 +0200)]
ddns.cgi: Support hostname details without seperating dots.
To keep compatiblity with the settings file of the old DDNS update script
(setddns.pl) we keept the storrage of the hostname information in
two parts (hostname and domain) and connected both with a dot to get a valid
FQDN again. OpenDNS and may some other providers do not use a dotted format
for this information, so one of these two values were empty.
We now can handle such cases in a right way.
Michael Tremer [Thu, 7 Aug 2014 18:58:33 +0000 (20:58 +0200)]
ddns.cgi: Fix CGI clearing all settings.
Michael Tremer [Thu, 7 Aug 2014 18:40:14 +0000 (20:40 +0200)]
ddns.cgi: Fix coding style.
Michael Tremer [Thu, 7 Aug 2014 18:33:10 +0000 (20:33 +0200)]
ddns.cgi: Allow enabling/disabling entries.