ipfire-2.x.git
3 years agocups: Use avahi and DBUS
Michael Tremer [Sat, 25 Feb 2017 15:37:29 +0000 (15:37 +0000)] 
cups: Use avahi and DBUS

These services are quite handy to make the printing
capabilities available to the network.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agounbound depends on expat
Michael Tremer [Sat, 25 Feb 2017 14:56:43 +0000 (14:56 +0000)] 
unbound depends on expat

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agognutls: New package
Michael Tremer [Sat, 25 Feb 2017 14:04:37 +0000 (14:04 +0000)] 
gnutls: New package

Another TLS library that is required by CUPS for SSL support

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agoepson-inkjet-printer-escpr: Update to 1.6.12
Michael Tremer [Sat, 25 Feb 2017 13:41:24 +0000 (13:41 +0000)] 
epson-inkjet-printer-escpr: Update to 1.6.12

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agox86_64: Ship libssp.so as on all other architectures, too
Michael Tremer [Sat, 25 Feb 2017 12:56:05 +0000 (12:56 +0000)] 
x86_64: Ship libssp.so as on all other architectures, too

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agoVarious rootfile fixes
Michael Tremer [Fri, 24 Feb 2017 20:09:03 +0000 (20:09 +0000)] 
Various rootfile fixes

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agoUpdate CUPS to 2.2.2
Michael Tremer [Fri, 24 Feb 2017 20:06:01 +0000 (20:06 +0000)] 
Update CUPS to 2.2.2

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agounbound: Update to 1.6.1
Matthias Fischer [Wed, 22 Feb 2017 17:39:40 +0000 (18:39 +0100)] 
unbound: Update to 1.6.1

For details see:
http://www.unbound.net/download.html

"Features

    configure --enable-systemd and lets unbound use systemd sockets if you enable use-systemd:
    yes in unbound.conf. Also there are contrib/unbound.socket and contrib/unbound.service:
    systemd files for unbound, install them in /usr/lib/systemd/system. Contributed by Sami Kerola
    and Pavel Odintsov.
    [bugzilla: 1185 ]
    Source IP rate limiting, patch from Larissa Feng.
    [bugzilla: 1184 ]
    Log DNS replies. This includes the same logging information that DNS queries and response
    code and response size, patch from Larissa Feng.
    Include root trust anchor id 20326 in unbound-anchor.
    64bit is default for windows builds.

Bug Fixes

    [bugzilla: 1176 ] Fix stack size too small for Alpine Linux.
    Fix unbound-control and ipv6 only.
    [bugzilla: 1182 ] Fix Resource leak (socket), at startup.
    [bugzilla: 1178 ] Fix attempt to fix setup error at end, pop result values at end of install.
    iana portlist update
    Fix inet_ntop and inet_pton warnings in windows compile.
    [bugzilla: 1191 ] Fix remove comment about view deletion.
    [bugzilla: 1188 ] Fix unresolved symbol 'fake_dsa' in libunbound.so when built with Nettle
    [bugzilla: 1190 ] Fix to not echo back EDNS options in local-zone error response.
    [bugzilla: 1194 ] Fix if cross build fails when $host isn't `uname` for getentropy.
    Fix reload chdir failure when also chrooted to that directory.
    Fix to return formerr for queries for meta-types, to avoid packet amplification if this meta-type
    is sent on to upstream.
    [bugzilla: 1201 ] Fix missing unlock in answer_from_cache error condition.
    [bugzilla: 1202 ] Fix code comment that packed_rrset_data is not always 'packed'.
    Fix to also block meta types 128 through to 248 with formerr.
    [bugzilla: 1206 ] Fix that some view-related commands are missing from 'unbound-control -h'
    Fix to rename ub_callback_t to ub_callback_type, because POSIX reserves _t typedefs.
    Fix to rename internally used types from _t to _type, because _t type names are reserved by
    POSIX.
    Increase MAX_MODULE to 16.
    [bugzilla: 1211 ] Fix can't enable interface-automatic if no IPv6 with more helpful error message.
    fix root_anchor test for updated icannbundle.pem lower certificates.
    Fix compile on solaris of the fix to use $host detect.
    Fix for type name change and fix warning on windows compile.
    Fix pythonmod for typedef changes.
    Fix dnstap for warning of set but not used.
    Fix autoconf of systemd check for lack of pkg-config."

Best, Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agocups: Depend on cups-filters
Michael Tremer [Wed, 22 Feb 2017 09:18:43 +0000 (09:18 +0000)] 
cups: Depend on cups-filters

Without the filters package, CUPS is faily useless

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agocups-filters: New package
Michael Tremer [Wed, 22 Feb 2017 09:17:36 +0000 (09:17 +0000)] 
cups-filters: New package

Allows CUPS to process input data (e.g. PDF documents and/or images)
and convert them into the correct format to be printed

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agopoppler: New package
Michael Tremer [Wed, 22 Feb 2017 09:16:09 +0000 (09:16 +0000)] 
poppler: New package

PDF rendering library

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agoqpdf: New package
Michael Tremer [Wed, 22 Feb 2017 09:14:22 +0000 (09:14 +0000)] 
qpdf: New package

PDF rendering library

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agolcms2: New package
Michael Tremer [Wed, 22 Feb 2017 09:12:35 +0000 (09:12 +0000)] 
lcms2: New package

Image processing library

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agoepson-inkjet-printer-escpr: New package
Michael Tremer [Wed, 22 Feb 2017 09:11:11 +0000 (09:11 +0000)] 
epson-inkjet-printer-escpr: New package

Supports plenty of EPSON printers

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agoBuild avahi before CUPS so that CUPS can depend on it
Michael Tremer [Wed, 22 Feb 2017 09:10:14 +0000 (09:10 +0000)] 
Build avahi before CUPS so that CUPS can depend on it

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agocairo: Update to 1.14.8
Michael Tremer [Wed, 22 Feb 2017 09:02:41 +0000 (09:02 +0000)] 
cairo: Update to 1.14.8

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agofontconfig: Update to 2.12.1
Michael Tremer [Wed, 22 Feb 2017 09:02:04 +0000 (09:02 +0000)] 
fontconfig: Update to 2.12.1

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agofreetype: Update to 2.7.1
Michael Tremer [Wed, 22 Feb 2017 08:59:18 +0000 (08:59 +0000)] 
freetype: Update to 2.7.1

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agopixman: Update to 0.34.0
Michael Tremer [Wed, 22 Feb 2017 08:57:49 +0000 (08:57 +0000)] 
pixman: Update to 0.34.0

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agosquid 3.5.24: latest patch (14142)
Matthias Fischer [Sat, 11 Feb 2017 14:39:26 +0000 (15:39 +0100)] 
squid 3.5.24: latest patch (14142)

(Fixed: wrong squid version from previous commit)

"Bump SSL client on [more] errors encountered before ssl_bump evaluation"

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agoShow better connection information for on-demand IPsec connections
Michael Tremer [Wed, 15 Feb 2017 12:15:42 +0000 (12:15 +0000)] 
Show better connection information for on-demand IPsec connections

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agoIPsec: Close on-demand tunnels after 15 min of inactivity
Michael Tremer [Wed, 15 Feb 2017 11:22:27 +0000 (11:22 +0000)] 
IPsec: Close on-demand tunnels after 15 min of inactivity

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agoIPsec: Allow to create on-demand connections
Michael Tremer [Wed, 15 Feb 2017 10:11:58 +0000 (10:11 +0000)] 
IPsec: Allow to create on-demand connections

This will create IPsec VPN connections with auto=route set
instead of auto=start which will cause the connection being
created, but not brought up yet.

As soon as the first packet is received, the connection will
be established and data will be passed through it.

This allows IPFire to handle more VPN connections on weaker
systems and avoids negotiating many connections which are
rarely used.

Suggested-by: Tom Rymes <tomvend@rymes.com>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Fixes: #10733

3 years agowget: Update to 1.19.1
Matthias Fischer [Tue, 14 Feb 2017 17:45:43 +0000 (18:45 +0100)] 
wget: Update to 1.19.1

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agobind: Update to 9.11.0-P3
Matthias Fischer [Fri, 10 Feb 2017 21:44:58 +0000 (22:44 +0100)] 
bind: Update to 9.11.0-P3

For details see:
https://ftp.isc.org/isc/bind9/9.11.0-P3/RELEASE-NOTES-bind-9.11.0-P3.html

"BIND 9.11.0-P3 addresses the security issue described in CVE-2017-3135,
and fixes a regression introduced in a prior security release.

BIND 9.11.0-P2 addresses the security issues described in CVE-2016-9131,
CVE-2016-9147, CVE-2016-9444 and CVE-2016-9778.

BIND 9.11.0-P1 addresses the security issue described in CVE-2016-8864.

...

Security Fixes

If a server is configured with a response policy zone (RPZ) that rewrites an
answer with local data, and is also configured for DNS64 address mapping, a
NULL pointer can be read triggering a server crash. This flaw is disclosed in
CVE-2017-3135. [RT #44434]

A coding error in the nxdomain-redirect feature could lead to an assertion
failure if the redirection namespace was served from a local authoritative
data source such as a local zone or a DLZ instead of via recursive lookup.
This flaw is disclosed in CVE-2016-9778. [RT #43837]

named could mishandle authority sections with missing RRSIGs, triggering an
assertion failure. This flaw is disclosed in CVE-2016-9444. [RT #43632]

named mishandled some responses where covering RRSIG records were returned
without the requested data, resulting in an assertion failure. This flaw is
disclosed in CVE-2016-9147.
[RT #43548]

named incorrectly tried to cache TKEY records which could trigger an assertion
failure when there was a class mismatch. This flaw is disclosed in CVE-2016-9131.
[RT #43522]

It was possible to trigger assertions when processing responses containing answers
of type DNAME. This flaw is disclosed in CVE-2016-8864. [RT #43465]"

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agoTypo in it.pl
Gabriel Rolland [Tue, 7 Feb 2017 10:44:05 +0000 (11:44 +0100)] 
Typo in it.pl

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agoTranslation fixes in it.pl
Gabriel Rolland [Tue, 7 Feb 2017 11:17:12 +0000 (12:17 +0100)] 
Translation fixes in it.pl

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agoBUG11271 / GeoIP: Download GeoIP database via HTTPS
Matthias Fischer [Sat, 4 Feb 2017 10:23:26 +0000 (11:23 +0100)] 
BUG11271 / GeoIP: Download GeoIP database via HTTPS

For details see:
https://bugzilla.ipfire.org/show_bug.cgi?id=11271

Download GEoIP database per HTTPS download.

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agoBUG10972: Typo in 'de.pl'
Matthias Fischer [Sat, 4 Feb 2017 10:59:58 +0000 (11:59 +0100)] 
BUG10972: Typo in 'de.pl'

Second try... ;-)
First: "Submitted by IT Superhack on Dec. 18, 2015, 5:48 p.m."

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Timmothy Wilson <itsuperhack@web.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agoBUG11284: Typo in 'it.pl'
Matthias Fischer [Sat, 4 Feb 2017 10:31:58 +0000 (11:31 +0100)] 
BUG11284: Typo in 'it.pl'

"On line 2380
'urlfilter configuration' => 'Configurazione filttri per URL'

must be corrected in
'urlfilter configuration' => 'Configurazione filtri per URL'"

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agowget: Update to 1.19
Matthias Fischer [Fri, 3 Feb 2017 17:13:29 +0000 (18:13 +0100)] 
wget: Update to 1.19

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agotcpdump: Update to 4.9.0
Matthias Fischer [Fri, 3 Feb 2017 16:41:13 +0000 (17:41 +0100)] 
tcpdump: Update to 4.9.0

For details see:
http://www.tcpdump.org/tcpdump-changes.txt

Removed unrecognized options: --disable-nls

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agocore109: finish update
Arne Fitzenreiter [Wed, 1 Feb 2017 21:34:53 +0000 (22:34 +0100)] 
core109: finish update

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agonewt: fix rootfile
Arne Fitzenreiter [Wed, 1 Feb 2017 09:29:27 +0000 (10:29 +0100)] 
newt: fix rootfile

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agoinitscripts: fix arm rootfile
Arne Fitzenreiter [Wed, 1 Feb 2017 09:25:44 +0000 (10:25 +0100)] 
initscripts: fix arm rootfile

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agopython3: fix rootfile for arm
Arne Fitzenreiter [Tue, 31 Jan 2017 17:21:05 +0000 (18:21 +0100)] 
python3: fix rootfile for arm

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agocore109: Ship updated sysklogd
Michael Tremer [Sun, 29 Jan 2017 19:33:29 +0000 (19:33 +0000)] 
core109: Ship updated sysklogd

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agosysklogd: Update to 1.5.1
Matthias Fischer [Sun, 29 Jan 2017 13:37:43 +0000 (14:37 +0100)] 
sysklogd: Update to 1.5.1

...and now to something completely different... ;-)

Changelog:

- Bugfix against invalid PRI values (CVE-2014-3634)

CVE-2014-3634:
"...sysklogd 1.5 and earlier allows remote attackers to cause a
denial of service (crash), possibly execute arbitrary code,
or have other unspecified impact via a crafted priority (PRI)
value that triggers an out-of-bounds array access."

Nothing good for a firewall...and besides, 'sysklogd' wasn't updated since 2010.

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agocore109: Ship updated libpcap
Michael Tremer [Sun, 29 Jan 2017 19:28:39 +0000 (19:28 +0000)] 
core109: Ship updated libpcap

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agosquid: Update to 3.5.24
Matthias Fischer [Sat, 28 Jan 2017 22:31:50 +0000 (23:31 +0100)] 
squid: Update to 3.5.24

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agotcpdump: Update to 4.8.1
Matthias Fischer [Sat, 28 Jan 2017 18:05:01 +0000 (19:05 +0100)] 
tcpdump: Update to 4.8.1

Change log:

Tuesday October 25, 2016 mcr@sandelman.ca
  Summary for 4.8.1 tcpdump release
  Fix "-x" for Apple PKTAP and PPI packets
  Use PRIx64 to print a 64-bit number in hex.
  Printer for HNCP (RFCs 7787 and 7788).
  dagid is always an IPv6 address, not an opaque 128-bit string, and other fixes to RPL printer.
  RSVP: Add bounds and length checks
  OSPF: Do more bounds checking
  Handle OpenSSL 1.1.x.
  Initial support for the REdis Serialization Protocol known as RESP.
  Add printing function for Generic Protocol Extension for VXLAN
      draft-ietf-nvo3-vxlan-gpe-01
  Network Service Header: draft-ietf-sfc-nsh-01
  Don't recompile the filter if the new file has the same DLT.
  Pass an adjusted struct pcap_pkthdr to the sub-printer.
  Add three test cases for already fixed CVEs
      CVE-2014-8767: OLSR
      CVE-2014-8768: Geonet
      CVE-2014-8769: AODV
  Don't do the DDP-over-UDP heuristic first: GitHub issue #499.
  Use the new debugging routines in libpcap.
  Harmonize TCP source or destination ports tests with UDP ones
  Introduce data types to use for integral values in packet structures.
  RSVP: Fix an infinite loop
  Support of Type 3 and Type 4 LISP packets.
  Don't require IPv6 library support in order to support IPv6 addresses.
  Many many changes to support libnetdissect usage.
  Add a test that makes unaligned accesses: GitHub issue #478.
  add a DNSSEC test case: GH #445 and GH #467.
  BGP: add decoding of ADD-PATH capability
    fixes to LLC header printing, and RFC948-style IP packets

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agolibpcap: Update to 1.8.1
Matthias Fischer [Sat, 28 Jan 2017 17:56:08 +0000 (18:56 +0100)] 
libpcap: Update to 1.8.1

Change log:

Tuesday, Oct. 25, 2016 mcr@sandelman.ca
  Summary for 1.8.1 libpcap release
    Add a target in Makefile.in for Exuberant Ctags use: 'extags'.
    Rename configure.in to configure.ac: autoconf 2.59
    Clean up the name-to-DLT mapping  table.
    Add some newer DLT_ values: IPMI_HPM_2,ZWAVE_R1_R2,ZWAVE_R3,WATTSTOPPER_DLM,ISO_14443,RDS
    Clarify what the return values are for both success and failure.
    Many changes to build on windows
    Check for the "break the loop" condition in the inner loop for TPACKET_V3.
    Fix handling of packet count in the TPACKET_V3 inner loop: GitHub issue #493.
    Filter out duplicate looped back CAN frames.
    Fix the handling of loopback filters for IPv6 packets.
    Add a link-layer header type for RDS (IEC 62106) groups.
    Use different intermediate folders for x86 and x64 builds on Windows.
    On Linux, handle all CAN captures with pcap-linux.c, in cooked mode.
    Removes the need for the "host-endian" link-layer header type.
    Compile with '-Wused-but-marked-unused' in devel mode if supported
    Have separate DLTs for big-endian and host-endian SocketCAN headers.
    Reflect version.h being renamed to pcap_version.h.
    Require that version.h be generated: all build procedures we support generate version.h (autoconf, CMake, MSVC)!
    Properly check for sock_recv() errors.
    Re-impose some of Winsock's limitations on sock_recv().
    Replace sprintf() with pcap_snprintf().
    Fix signature of pcap_stats_ex_remote().
    Initial cmake support for remote packet capture.
    Have rpcap_remoteact_getsock() return a SOCKET and supply an "is active" flag.
    Clean up {DAG, Septel, Myricom SNF}-only builds.
    Do UTF-16-to-ASCII conversion into the right place.
    pcap_create_interface() needs the interface name on Linux.
    Clean up hardware time stamp support: the "any" device does not support any time stamp types.
    Add support for capturing on FreeBSD usbusN interfaces.
    Add a LINKTYPE/DLT_ value for FreeBSD USB.
    Go back to using PCAP_API on Windows.
    CMake support
    Add TurboCap support from WinPcap.
    Recognize 802.1ad nested VLAN tag in vlan filter.

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agopython3: Fixes for (i586-)rootfile
Matthias Fischer [Sat, 28 Jan 2017 17:39:02 +0000 (18:39 +0100)] 
python3: Fixes for (i586-)rootfile

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agoMake Python 3 an add-on package
Michael Tremer [Thu, 26 Jan 2017 20:33:27 +0000 (20:33 +0000)] 
Make Python 3 an add-on package

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agoopenssl: Update to 1.0.2k
Michael Tremer [Thu, 26 Jan 2017 15:21:58 +0000 (15:21 +0000)] 
openssl: Update to 1.0.2k

https://www.openssl.org/news/secadv/20170126.txt

Truncated packet could crash via OOB read (CVE-2017-3731)
=========================================================

Severity: Moderate

If an SSL/TLS server or client is running on a 32-bit host, and a specific
cipher is being used, then a truncated packet can cause that server or client
to perform an out-of-bounds read, usually resulting in a crash.

For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305;
users should upgrade to 1.1.0d

For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have
not disabled that algorithm should update to 1.0.2k

This issue was reported to OpenSSL on 13th November 2016 by Robert Święcki of
Google. The fix was developed by Andy Polyakov of the OpenSSL development team.

Bad (EC)DHE parameters cause a client crash (CVE-2017-3730)
===========================================================

Severity: Moderate

If a malicious server supplies bad parameters for a DHE or ECDHE key exchange
then this can result in the client attempting to dereference a NULL pointer
leading to a client crash. This could be exploited in a Denial of Service
attack.

OpenSSL 1.1.0 users should upgrade to 1.1.0d

This issue does not affect OpenSSL version 1.0.2.

Note that this issue was fixed prior to it being recognised as a security
concern. This means the git commit with the fix does not contain the CVE
identifier. The relevant fix commit can be identified by commit hash efbe126e3.

This issue was reported to OpenSSL on 14th January 2017 by Guido Vranken. The
fix was developed by Matt Caswell of the OpenSSL development team.

BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)
==================================================================

Severity: Moderate

There is a carry propagating bug in the x86_64 Montgomery squaring procedure. No
EC algorithms are affected. Analysis suggests that attacks against RSA and DSA
as a result of this defect would be very difficult to perform and are not
believed likely. Attacks against DH are considered just feasible (although very
difficult) because most of the work necessary to deduce information
about a private key may be performed offline. The amount of resources
required for such an attack would be very significant and likely only
accessible to a limited number of attackers. An attacker would
additionally need online access to an unpatched system using the target
private key in a scenario with persistent DH parameters and a private
key that is shared between multiple clients. For example this can occur by
default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very
similar to CVE-2015-3193 but must be treated as a separate problem.

OpenSSL 1.1.0 users should upgrade to 1.1.0d
OpenSSL 1.0.2 users should upgrade to 1.0.2k

This issue was reported to OpenSSL on 15th January 2017 by the OSS-Fuzz project.
The fix was developed by Andy Polyakov of the OpenSSL development team.

Montgomery multiplication may produce incorrect results (CVE-2016-7055)
=======================================================================

Severity: Low

This issue was previously fixed in 1.1.0c and covered in security advisory
https://www.openssl.org/news/secadv/20161110.txt

OpenSSL 1.0.2 users should upgrade to 1.0.2k

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agoNew package python3
Jonatan Schlag [Mon, 23 Jan 2017 15:17:20 +0000 (16:17 +0100)] 
New package python3

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agoPrepare for python3
Jonatan Schlag [Mon, 23 Jan 2017 15:17:19 +0000 (16:17 +0100)] 
Prepare for python3

The build of ipaadr fails with python3 because two possibilities of
/usr/lib/python* are availible. This patch set the path to
/usr/lib/python2* to make the path clear.

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agozlib: Update to 1.2.11
Matthias Fischer [Sat, 21 Jan 2017 08:20:29 +0000 (09:20 +0100)] 
zlib: Update to 1.2.11

Based on:
http://git.ipfire.org/?p=people/mlorenz/ipfire-2.x.git;a=commit;h=b693162e9fdc7c4cae2f148e8c7832c689ac6fd2
http://git.ipfire.org/?p=people/mlorenz/ipfire-2.x.git;a=commit;h=43a3b9986b7710eb685f00d6099965ebb220c012

Sadly, I couldn't avoid this configure-error while building 'clamav':

...
checking for zlib installation... using /usr
configure: error: The installed zlib version may contain a security bug.
Please upgrade to 1.2.2 or later: http://www.zlib.net.
You can omit this check with --disable-zlib-vcheck but DO NOT REPORT any stability issues then!
...

'clamav' seems to check 'zlib.h' for an appropriate zlib version ('clamav'-configure,
line 18679ff) greater v1.2.1 (line 18719ff), but I didn't find a solution for 1.2.11.

Therefore, '--disable-zlib-vcheck' was added to 'clamav'-configure options.
Any hints are welcome.

Testing zlib 1.2.11 with clamav 0.96.2 didn't find any seen problems so far.

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agotor: Update to 0.2.9.9
Michael Tremer [Tue, 24 Jan 2017 13:56:45 +0000 (13:56 +0000)] 
tor: Update to 0.2.9.9

Includes a fix for a denial-of-service vulnerability among
many more various fixes.

Fixes #11281

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agokernel: support for newer eMMC modules
Arne Fitzenreiter [Thu, 19 Jan 2017 17:20:31 +0000 (18:20 +0100)] 
kernel: support for newer eMMC modules

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agocore109: Ship updated perl GeoIP module
Michael Tremer [Mon, 16 Jan 2017 16:56:55 +0000 (16:56 +0000)] 
core109: Ship updated perl GeoIP module

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agoGeoIP: Update to 1.25 / changed database path
Matthias Fischer [Wed, 11 Jan 2017 17:38:13 +0000 (18:38 +0100)] 
GeoIP: Update to 1.25 / changed database path

Database path changed to '/usr/share/GeoIP'

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agoDrop mldonkey files
Michael Tremer [Mon, 16 Jan 2017 16:53:35 +0000 (16:53 +0000)] 
Drop mldonkey files

The packages has been dropped years ago. However, some
files remained in the source tree.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agocore109: Ship bind security update
Michael Tremer [Mon, 16 Jan 2017 16:50:42 +0000 (16:50 +0000)] 
core109: Ship bind security update

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agobind: Update to 9.11.0-P2
Matthias Fischer [Sat, 14 Jan 2017 12:10:43 +0000 (13:10 +0100)] 
bind: Update to 9.11.0-P2

For details see:
https://ftp.isc.org/isc/bind9/9.11.0-P2/RELEASE-NOTES-bind-9.11.0-P2.html

"BIND 9.11.0-P2 addresses the security issues described in CVE-2016-9131, CVE-2016-9147,
CVE-2016-9444 and CVE-2016-9778.

...

Security Fixes

A coding error in the nxdomain-redirect feature could lead to an assertion failure if the
redirection namespace was served from a local authoritative data source such as a local zone
or a DLZ instead of via recursive lookup. This flaw is disclosed in CVE-2016-9778. [RT

Named could mishandle authority sections that were missing RRSIGs triggering an assertion
failure. This flaw is disclosed in CVE-2016-9444. [RT # 43632]

Named mishandled some responses where covering RRSIG records are returned without the
requested data resulting in a assertion failure. This flaw is disclosed in CVE-2016-9147.
[RT #43548]

Named incorrectly tried to cache TKEY records which could trigger a assertion failure when
there was a class mismatch. This flaw is disclosed in CVE-2016-9131. [RT #43522]

It was possible to trigger assertions when processing a response. This flaw is disclosed in
CVE-2016-8864. [RT #43465]"

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agocore109: Ship recently updated perl files
Michael Tremer [Wed, 11 Jan 2017 17:21:46 +0000 (17:21 +0000)] 
core109: Ship recently updated perl files

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agonetwork-functions.pl: Add tests for the new equals function
Michael Tremer [Wed, 11 Jan 2017 17:18:46 +0000 (17:18 +0000)] 
network-functions.pl: Add tests for the new equals function

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agonetwork-functions.pl: Fix code formatting
Michael Tremer [Wed, 11 Jan 2017 17:09:42 +0000 (17:09 +0000)] 
network-functions.pl: Fix code formatting

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agoBUG11278: enable creation from subnets of internal networks
Alexander Marx [Tue, 10 Jan 2017 14:13:58 +0000 (15:13 +0100)] 
BUG11278: enable creation from subnets of internal networks

In firewallgroups it was not possible to create new networks that are subnets of
IPFire internal networks. Now this is possible for all internal networks.

Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agoBUG11278: Cleanup function for network check
Alexander Marx [Tue, 10 Jan 2017 13:12:27 +0000 (14:12 +0100)] 
BUG11278: Cleanup function for network check

Deleted some code which is also used in another function

Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agostrongswan: fix rootfile (padlock)
Arne Fitzenreiter [Mon, 9 Jan 2017 17:09:43 +0000 (18:09 +0100)] 
strongswan: fix rootfile (padlock)

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agosarg: Update to 2.3.10
Michael Tremer [Mon, 9 Jan 2017 15:26:54 +0000 (15:26 +0000)] 
sarg: Update to 2.3.10

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agolang: Add string for "Guardian"
Michael Tremer [Mon, 9 Jan 2017 14:57:24 +0000 (14:57 +0000)] 
lang: Add string for "Guardian"

This is shown in the log section even when the add-on is not
installed and was rendered as an empty field

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agoLibvirt: Rootfile fixes
Jonatan Schlag [Wed, 4 Jan 2017 14:33:55 +0000 (15:33 +0100)] 
Libvirt: Rootfile fixes

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agotmux: Update to 2.3
Matthias Fischer [Tue, 3 Jan 2017 19:28:22 +0000 (20:28 +0100)] 
tmux: Update to 2.3

For details see:
https://raw.githubusercontent.com/tmux/tmux/master/CHANGES

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agocore109: Ship updated backupiso script
Michael Tremer [Wed, 4 Jan 2017 11:22:02 +0000 (11:22 +0000)] 
core109: Ship updated backupiso script

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agoFix the backup iso script once again.
Jonatan Schlag [Tue, 3 Jan 2017 16:49:06 +0000 (17:49 +0100)] 
Fix the backup iso script once again.

In commit 391560854f64ad2385adb3ff25dbbcec0ff92668 was an error in the
case statement. On i?586 the check fails. Removing the "" fixes the
error.

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agoImprovement of backup iso script
Jonatan Schlag [Mon, 2 Jan 2017 15:17:08 +0000 (16:17 +0100)] 
Improvement of backup iso script

The backup iso script did not check the arch of the host. On x86_64 host
the wrong iso was downloaded.

Furthermore, there were some if clauses which could cause trouble which
I also tried to improve.
(For example: -e is valid if we have a directory or a file, but we want
to check for a file only )

Fixes: 11258

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agoUpdate libvirt to 2.5
Jonatan Schlag [Mon, 2 Jan 2017 14:23:10 +0000 (15:23 +0100)] 
Update libvirt to 2.5

For Changelog see:
https://libvirt.org/news-2016.html

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agoUpdate qemu to 2.8
Jonatan Schlag [Mon, 2 Jan 2017 14:23:09 +0000 (15:23 +0100)] 
Update qemu to 2.8

For Changelog see:

http://wiki.qemu.org/ChangeLog/2.8
http://wiki.qemu.org/ChangeLog/2.7

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agonano: Update to 2.7.3
Matthias Fischer [Sun, 1 Jan 2017 19:23:29 +0000 (20:23 +0100)] 
nano: Update to 2.7.3

Sorry, they did it again...:

For details see:
https://www.nano-editor.org/news.php

"GNU nano 2.7.3 "Ontbijtkoek" wipes away a handful of bugs:
your editor is now able to handle filenames that contain
newlines, avoids a brief flash of color when switching
between buffers that are governed by different syntaxes,
makes the Shift+Ctrl+Arrow keys select text again on a
Linux console, is more resistant against malformations
in the positionlog file, and does not crash when ^C is
typed on systems where it produces the code KEY_CANCEL.
Oh, and it no longer mistakenly warns about editing an
unlocked file just after saving a new one.  That's it.
Tastes great with thick butter."

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agologrotate: Update to 3.9.1
Matthias Fischer [Sun, 1 Jan 2017 14:45:04 +0000 (15:45 +0100)] 
logrotate: Update to 3.9.1

For details see:
https://fedorahosted.org/logrotate/browser/tags/r3-9-1/CHANGES

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agoUse a better naming scheme for physical devices.
Jonatan Schlag [Sat, 31 Dec 2016 14:04:05 +0000 (15:04 +0100)] 
Use a better naming scheme for physical devices.

Instead of orange0phys we should use orangephys0 this patch implements
the necessary changes.

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agoUse MAC addresses to define a slave
Jonatan Schlag [Sat, 31 Dec 2016 14:03:32 +0000 (15:03 +0100)] 
Use MAC addresses to define a slave

It is now also possible to use the MAC address to define a slave of a
bridge.
Simply add the mac address to the ZONE_SLAVES=''.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agocore109: Ship network bridge changes
Jonatan Schlag [Thu, 29 Dec 2016 19:37:34 +0000 (20:37 +0100)] 
core109: Ship network bridge changes

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agonetwork: Rename MACVTAP script
Jonatan Schlag [Thu, 29 Dec 2016 19:37:33 +0000 (20:37 +0100)] 
network: Rename MACVTAP script

This script is creating common bridges now, too and therefore
needs a more generic name.

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agonetwork: Support bridge mode for zones
Jonatan Schlag [Thu, 29 Dec 2016 19:37:32 +0000 (20:37 +0100)] 
network: Support bridge mode for zones

This bridge mode is supposed to be used for virtual environments
to create a network zone as a bridge and have virtual machines inside
it. Other physical interfaces can also be added to the bridge.

This is very similar to the MACVTAP bridge feature but still works
when the link of any (or all) physical interfaces is down.

Fixes: #11252

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agoudev: Do not use MACVTAP for any wireless devices
Jonatan Schlag [Thu, 29 Dec 2016 19:37:31 +0000 (20:37 +0100)] 
udev: Do not use MACVTAP for any wireless devices

Fixes #11179

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agolibpng: Update to version 1.2.57
Michael Tremer [Thu, 29 Dec 2016 16:04:29 +0000 (16:04 +0000)] 
libpng: Update to version 1.2.57

These all fix a potential "NULL dereference" bug that has existed in libpng
since version 0.71 of June 26, 1995.  To be vulnerable, an application
has to load a text chunk into the png structure, then delete all text, then
add another text chunk to the same png structure, which seems to be
an unlikely sequence, but it has happened.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agosquid 3.5.23: latest patch (14129)
Matthias Fischer [Tue, 27 Dec 2016 20:55:46 +0000 (21:55 +0100)] 
squid 3.5.23: latest patch (14129)

Seems to be a serious one.
"Bug #3940 pt2: Make 'cache deny' do what is documented".
(Duplicate of Bug 3783)

For details see:

http://bugs.squid-cache.org/show_bug.cgi?id=3940

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agonano: Update to 2.7.2
Matthias Fischer [Sat, 24 Dec 2016 14:05:33 +0000 (15:05 +0100)] 
nano: Update to 2.7.2

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agohwdata: update databases
Arne Fitzenreiter [Thu, 22 Dec 2016 20:53:39 +0000 (21:53 +0100)] 
hwdata: update databases

pci.ids 2016.12.19
usb.ids 2016.12.05

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agostart core109 updater
Arne Fitzenreiter [Thu, 22 Dec 2016 19:38:44 +0000 (20:38 +0100)] 
start core109 updater

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agobind: Update to 9.11.0-P1
Matthias Fischer [Fri, 16 Dec 2016 17:06:51 +0000 (18:06 +0100)] 
bind: Update to 9.11.0-P1

http://ftp.isc.org/isc/bind9/9.11.0-P1/RELEASE-NOTES-bind-9.11.0-P1.html:
"BIND 9.11.0-P1 addresses the security issue described in CVE-2016-8864"

https://access.redhat.com/security/cve/cve-2016-8864:
"A denial of service flaw was found in the way BIND handled responses
containing a DNAME answer. A remote attacker could use this flaw to
make named exit unexpectedly with an assertion failure via a specially
crafted DNS response."

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agosnort: Update to 2.9.9.0
Matthias Fischer [Sat, 17 Dec 2016 13:18:44 +0000 (14:18 +0100)] 
snort: Update to 2.9.9.0

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agosquid: Update to 3.5.23
Matthias Fischer [Sat, 17 Dec 2016 13:11:53 +0000 (14:11 +0100)] 
squid: Update to 3.5.23

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agosquid 3.5.22: latest patches (14123-14126)
Matthias Fischer [Fri, 16 Dec 2016 07:41:32 +0000 (08:41 +0100)] 
squid 3.5.22: latest patches (14123-14126)

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agoRevert "unbound: Deactivate qname-minimization & harden-below-nxdomain"
Michael Tremer [Fri, 16 Dec 2016 11:59:59 +0000 (11:59 +0000)] 
Revert "unbound: Deactivate qname-minimization & harden-below-nxdomain"

This reverts commit 86e9d04bfb73eb256682a567e187fe1e5cdcc3ca.

This seems to be working with unbound 1.6.0 so that this can be
re-enabled for better privacy.

http://lists.ipfire.org/pipermail/development/2016-December/002807.html

3 years agounbound: Update to 1.6.0
Matthias Fischer [Fri, 16 Dec 2016 08:50:19 +0000 (09:50 +0100)] 
unbound: Update to 1.6.0

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
For details, see:
http://www.unbound.net/download.html
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agounbound: EDNS buffer size defaults to 4096
Michael Tremer [Wed, 14 Dec 2016 12:51:46 +0000 (12:51 +0000)] 
unbound: EDNS buffer size defaults to 4096

If this is changed, a warning will be shown.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agounbound: Test for working EDNS buffer size and adjust accordingly
Michael Tremer [Wed, 14 Dec 2016 12:45:07 +0000 (12:45 +0000)] 
unbound: Test for working EDNS buffer size and adjust accordingly

Some networks have equipment that fails to forward DNS queries
with EDNS and the DO bit set. They might even lose the replies.

This patch will adjust unbound so that it will not try to receive
too large replies and falls back to TCP earlier. This creates
some higher load on the DNS servers but at least gives us
working DNS.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agofinish core108 v2.19-core108
Arne Fitzenreiter [Tue, 13 Dec 2016 22:29:21 +0000 (23:29 +0100)] 
finish core108

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
3 years agosquid 3.5.22: latest patches (14119-14122)
Matthias Fischer [Sat, 10 Dec 2016 17:44:03 +0000 (18:44 +0100)] 
squid 3.5.22: latest patches (14119-14122)

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agonano: Update to 2.7.1
Matthias Fischer [Sun, 11 Dec 2016 00:22:51 +0000 (01:22 +0100)] 
nano: Update to 2.7.1

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agocore108: Ship updated squid
Michael Tremer [Tue, 6 Dec 2016 14:20:16 +0000 (14:20 +0000)] 
core108: Ship updated squid

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agosquid 3.5.22: latest patches (14114-14118)
Matthias Fischer [Fri, 2 Dec 2016 22:22:22 +0000 (23:22 +0100)] 
squid 3.5.22: latest patches (14114-14118)

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agosquid 3.5.22: latest patches (14103-14113)
Matthias Fischer [Wed, 30 Nov 2016 17:50:05 +0000 (18:50 +0100)] 
squid 3.5.22: latest patches (14103-14113)

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agosquid 3.5.22: latest patches (14100-14102)
Matthias Fischer [Fri, 28 Oct 2016 07:49:32 +0000 (09:49 +0200)] 
squid 3.5.22: latest patches (14100-14102)

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agosquid 3.5.22: latest patch (14099)
Matthias Fischer [Fri, 21 Oct 2016 18:30:29 +0000 (20:30 +0200)] 
squid 3.5.22: latest patch (14099)

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
3 years agocore108: Ship updated NTP
Michael Tremer [Tue, 6 Dec 2016 14:17:05 +0000 (14:17 +0000)] 
core108: Ship updated NTP

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>