ipfire-2.x.git
4 years agotoolchain: fix full toolchain crossbuild
Arne Fitzenreiter [Thu, 7 Jan 2016 16:41:43 +0000 (17:41 +0100)] 
toolchain: fix full toolchain crossbuild

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 years agobinutils: update to 2.24
Arne Fitzenreiter [Thu, 7 Jan 2016 16:41:16 +0000 (17:41 +0100)] 
binutils: update to 2.24

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 years agoQoS: Improve saving enabled/disable state
Michael Tremer [Tue, 5 Jan 2016 21:00:19 +0000 (21:00 +0000)] 
QoS: Improve saving enabled/disable state

It was reported that the QoS did not stop when
the user clicked the "stop" button. This patch
fixes that.

Fixes #10664

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Acked-by: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
4 years agoqosctrl: Cleanup code by replacing hardcoded paths
Michael Tremer [Tue, 5 Jan 2016 20:44:26 +0000 (20:44 +0000)] 
qosctrl: Cleanup code by replacing hardcoded paths

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agocore97: Ship updated openvpn package
Michael Tremer [Mon, 4 Jan 2016 22:46:13 +0000 (22:46 +0000)] 
core97: Ship updated openvpn package

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agoopenvpn: Update to version 2.3.7, added --verify-x509-name directive.
Erik Kapfer [Tue, 7 Jul 2015 11:13:35 +0000 (13:13 +0200)] 
openvpn: Update to version 2.3.7, added --verify-x509-name directive.

The tls-remote directive is deprecated and will be removed with
OpenVPN version 2.4 . Added instead --verify-x509-name HOST name
into ovpnmain.cgi.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agobind: Update to 9.10.3-P2
Matthias Fischer [Sat, 26 Dec 2015 23:20:13 +0000 (00:20 +0100)] 
bind: Update to 9.10.3-P2

Changelog:

[security]
Update allowed OpenSSL versions as named is potentially
vulnerable to CVE-2015-3193.

[maint]
H.ROOT-SERVERS.NET is 198.97.190.53 and 2001:500:1::53. [RT #40556]

[security]
Insufficient testing when parsing a message allowed
records with an incorrect class to be be accepted,
triggering a REQUIRE failure when those records
were subsequently cached. (CVE-2015-8000) [RT #40987]

[security]
Address fetch context reference count handling error
on socket error. (CVE-2015-8461) [RT#40945]

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agocore97: Ship dnsmasq
Michael Tremer [Mon, 28 Dec 2015 14:37:02 +0000 (15:37 +0100)] 
core97: Ship dnsmasq

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agodnsmasq 2.75: latest patches from upstream
Matthias Fischer [Thu, 24 Dec 2015 09:17:16 +0000 (10:17 +0100)] 
dnsmasq 2.75: latest patches from upstream

Same procedure as... :-)

Best to all for xmas and 2016!

Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agocore97: Ship pgrep with the updater
Michael Tremer [Mon, 28 Dec 2015 14:30:13 +0000 (15:30 +0100)] 
core97: Ship pgrep with the updater

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agoncurses: rootfile update.
Arne Fitzenreiter [Sat, 26 Dec 2015 16:37:53 +0000 (17:37 +0100)] 
ncurses: rootfile update.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 years agodnsdist: rootfile update.
Arne Fitzenreiter [Sat, 26 Dec 2015 16:34:13 +0000 (17:34 +0100)] 
dnsdist: rootfile update.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 years agodiffutils: rootfile update.
Arne Fitzenreiter [Sat, 26 Dec 2015 16:33:30 +0000 (17:33 +0100)] 
diffutils: rootfile update.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 years agogcc: include libstdc++ to rootfile
Arne Fitzenreiter [Sat, 26 Dec 2015 12:16:59 +0000 (13:16 +0100)] 
gcc: include libstdc++ to rootfile

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 years agovdr_eepg: fix source download.
Arne Fitzenreiter [Fri, 25 Dec 2015 11:45:05 +0000 (12:45 +0100)] 
vdr_eepg: fix source download.

the external server has changed the compression so the md5 has changed.
Always use the IPFire server as primary download source.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 years agokernel: apply arm-multi grsecurity fixes only at arm-multi build
Arne Fitzenreiter [Wed, 23 Dec 2015 09:14:26 +0000 (10:14 +0100)] 
kernel: apply arm-multi grsecurity fixes only at arm-multi build

4 years agodnsdist: New package
Michael Tremer [Thu, 10 Dec 2015 21:25:27 +0000 (21:25 +0000)] 
dnsdist: New package

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agolua: New package
Michael Tremer [Thu, 10 Dec 2015 21:10:06 +0000 (21:10 +0000)] 
lua: New package

Simple scripting language. Supposed to be fast. Needed for dnsdist.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agoDisable packaging mediatomb
Michael Tremer [Tue, 22 Dec 2015 22:27:10 +0000 (22:27 +0000)] 
Disable packaging mediatomb

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agolinux: Fix build of kernel and headers package
Michael Tremer [Tue, 22 Dec 2015 22:25:18 +0000 (22:25 +0000)] 
linux: Fix build of kernel and headers package

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agokernel: Add grsecurity compile fix
Michael Tremer [Sat, 12 Dec 2015 15:31:33 +0000 (15:31 +0000)] 
kernel: Add grsecurity compile fix

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agomediatomb: Disable build because it FTBFS
Michael Tremer [Fri, 4 Dec 2015 22:11:49 +0000 (22:11 +0000)] 
mediatomb: Disable build because it FTBFS

The upstream project seems to be dead

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agogcc: Update armv5tel rootfile
Michael Tremer [Thu, 10 Dec 2015 17:47:33 +0000 (17:47 +0000)] 
gcc: Update armv5tel rootfile

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agogcc: Update x86_64 rootfile
Michael Tremer [Thu, 10 Dec 2015 14:40:36 +0000 (14:40 +0000)] 
gcc: Update x86_64 rootfile

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agogcc: Update to version 4.9.3
Michael Tremer [Fri, 4 Dec 2015 21:24:14 +0000 (21:24 +0000)] 
gcc: Update to version 4.9.3

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agoglibc: Fix headers to build with new GCC
Michael Tremer [Fri, 4 Dec 2015 21:22:30 +0000 (21:22 +0000)] 
glibc: Fix headers to build with new GCC

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agolibmpc: New package
Michael Tremer [Fri, 4 Dec 2015 21:21:32 +0000 (21:21 +0000)] 
libmpc: New package

A dependency for GCC

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agocore97: Ship updated bind package
Michael Tremer [Tue, 22 Dec 2015 12:34:59 +0000 (12:34 +0000)] 
core97: Ship updated bind package

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agoCreate Core Update 97
Michael Tremer [Tue, 22 Dec 2015 12:34:18 +0000 (12:34 +0000)] 
Create Core Update 97

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agoMove Core Update 96 to oldcore
Michael Tremer [Tue, 22 Dec 2015 11:11:24 +0000 (11:11 +0000)] 
Move Core Update 96 to oldcore

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agobind: Update to 9.10.3
Matthias Fischer [Sat, 7 Nov 2015 06:33:57 +0000 (07:33 +0100)] 
bind: Update to 9.10.3

bind: Update to 9.10.3

Security fixes:
An incorrect boundary check in the OPENPGPKEY rdatatype could trigger an assertion failure. This flaw is disclosed in CVE-2015-5986. [RT #40286]

A buffer accounting error could trigger an assertion failure when parsing certain malformed DNSSEC keys.
This flaw was discovered by Hanno Böck of the Fuzzing Project, and is disclosed in CVE-2015-5722. [RT #40212]

A specially crafted query could trigger an assertion failure in message.c.
This flaw was discovered by Jonathan Foote, and is disclosed in CVE-2015-5477. [RT #40046]

On servers configured to perform DNSSEC validation, an assertion failure could be triggered on answers from a specially configured server.
This flaw was discovered by Breno Silveira Soares, and is disclosed in CVE-2015-4620. [RT #39795]

Bug fixes:
Asynchronous zone loads were not handled correctly when the zone load was already in progress; this could trigger a crash in zt.c. [RT #37573]

A race during shutdown or reconfiguration could cause an assertion failure in mem.c. [RT #38979]

Some answer formatting options didn't work correctly with dig +short. [RT #39291]

Malformed records of some types, including NSAP and UNSPEC, could trigger assertion failures when loading text zone files. [RT #40274] [RT #40285]

Fixed a possible crash in ratelimiter.c caused by NOTIFY messages being removed from the wrong rate limiter queue. [RT #40350]

The default rrset-order of random was inconsistently applied. [RT #40456]

BADVERS responses from broken authoritative name servers were not handled correctly. [RT #40427]

Several bugs have been fixed in the RPZ implementation.

For a complete list, see:
https://kb.isc.org/article/AA-01306/0/BIND-9.10.3-Release-Notes.html

Regards,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agocore96: set pakfire version to 96.
Arne Fitzenreiter [Sun, 20 Dec 2015 19:19:43 +0000 (20:19 +0100)] 
core96: set pakfire version to 96.

4 years agocurl: Fix certificate validation
Michael Tremer [Sat, 19 Dec 2015 14:12:29 +0000 (14:12 +0000)] 
curl: Fix certificate validation

curl did not find the certificate bundle so that server
certificates could not be verified.

Fixes #10995

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agostrongswan: Update to 5.3.5
Michael Tremer [Sat, 19 Dec 2015 14:09:10 +0000 (14:09 +0000)] 
strongswan: Update to 5.3.5

Also ships a fix for #853 upstream.

Fixes #10998

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agocore96: Ship updated grub
Michael Tremer [Fri, 18 Dec 2015 23:42:15 +0000 (23:42 +0000)] 
core96: Ship updated grub

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agogrub 2.00: Bugfix for CVE-2015-8370
Matthias Fischer [Fri, 18 Dec 2015 20:28:52 +0000 (21:28 +0100)] 
grub 2.00: Bugfix for CVE-2015-8370

See: http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html

"A vulnerability in Grub2 has been found. Versions from 1.98 (December, 2009)
to 2.02 (December, 2015) are affected. The vulnerability can be exploited
under certain circumstances, allowing local attackers to bypass any kind of
authentication (plain or hashed passwords). And so, the attacker may take
control of the computer."

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agodnsmasq 2.75: latest upstream patches ;-)
Matthias Fischer [Fri, 18 Dec 2015 14:11:25 +0000 (15:11 +0100)] 
dnsmasq 2.75: latest upstream patches ;-)

The neverending story continues...

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agodnsmasq 2.75: latest upstream patches
Matthias Fischer [Wed, 16 Dec 2015 20:42:41 +0000 (21:42 +0100)] 
dnsmasq 2.75: latest upstream patches

Since 'Makefile' was affected, I had to rewrite
'dnsmasq-Add-support-to-read-ISC-DHCP-lease-file.patch', too.

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agoSquid-Accounting: Bugfix & clean up data
Alexander Marx [Thu, 17 Dec 2015 10:31:30 +0000 (11:31 +0100)] 
Squid-Accounting: Bugfix & clean up data

There was a Bug in the addon so that no data was displayed because of a
typo. Additionally the computeraccounts are now filtered out of
trafficdata collection.
Only Proxy/AD/LDAP Accounts and IP adresses are collected.

Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agoRootfile update
Michael Tremer [Tue, 15 Dec 2015 18:32:55 +0000 (18:32 +0000)] 
Rootfile update

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agoMidnight Commander 4.8.15: Update for rootfile
Matthias Fischer [Sun, 13 Dec 2015 17:04:40 +0000 (18:04 +0100)] 
Midnight Commander 4.8.15: Update for rootfile

There was a syntax file which I overlooked...

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agocore96: Ship rules.pl
Michael Tremer [Tue, 15 Dec 2015 13:54:04 +0000 (13:54 +0000)] 
core96: Ship rules.pl

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agoBUG10994: SNAT rules are missing the outgoing interface
Alexander Marx [Mon, 7 Dec 2015 14:57:32 +0000 (15:57 +0100)] 
BUG10994: SNAT rules are missing the outgoing interface

When creating SNAT rules, the outgoing interface is not set. As a side
effect, traffic that should be send unnatted to a vpn tunnel can be
natted which is a BUG.
With this patch the SNAT rules are getting a outgoing interface
according to the configuration. When selecting the RED Target network,
all SNAT rules will be configured with "-o red0". Otherwise if "all" is
selected, there is no interface in the rule, which matches all networks.

Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agoramdisk: Backup ramdisks once a night
Michael Tremer [Tue, 15 Dec 2015 13:47:52 +0000 (13:47 +0000)] 
ramdisk: Backup ramdisks once a night

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agontp: Prefer local clock
Michael Tremer [Tue, 15 Dec 2015 12:49:27 +0000 (12:49 +0000)] 
ntp: Prefer local clock

For some reason, ntp won't use a local clock even if it is
there and up and running. Therefore we need to "prefer" our
only source of time.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Tested-by: Daniel Weismüller <daniel.weismueller@ipfire.org>
4 years agontp 4.2.8p4: Update for rootfile
Matthias Fischer [Mon, 14 Dec 2015 23:07:10 +0000 (00:07 +0100)] 
ntp 4.2.8p4: Update for rootfile

'/usr/share/ntp/lib/NTP/Util.pm' is needed for 'ntptrace'
to run correctly

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agontp: Fix syncing with local clock
Michael Tremer [Tue, 15 Dec 2015 12:37:16 +0000 (12:37 +0000)] 
ntp: Fix syncing with local clock

This is a bug that was introduced with the latest release
from upstream

Fixes #10997
Upstream: http://bugs.ntp.org/show_bug.cgi?id=2965

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agonano: Update to 2.5.0
Matthias Fischer [Sun, 13 Dec 2015 17:54:25 +0000 (18:54 +0100)] 
nano: Update to 2.5.0

Changelog: http://www.nano-editor.org/dist/v2.5/ChangeLog

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agoarping 2.15: Update for rootfile
Matthias Fischer [Sun, 13 Dec 2015 17:58:10 +0000 (18:58 +0100)] 
arping 2.15: Update for rootfile

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agoSpeed up rootfile generation
Michael Tremer [Sat, 12 Dec 2015 17:06:10 +0000 (17:06 +0000)] 
Speed up rootfile generation

The old usage of find walked through the entire filesystem tree
and excluded some paths from being printed. The more efficient
solution is to skip walking through excluded directories entirely.

This is a slight speedup of the build process by a few minutes.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agoarping: Update to 2.15
Matthias Fischer [Sat, 12 Dec 2015 13:10:16 +0000 (14:10 +0100)] 
arping: Update to 2.15

arping: Update to 2.15

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agoUpdate rootfiles
Michael Tremer [Sat, 12 Dec 2015 11:52:18 +0000 (11:52 +0000)] 
Update rootfiles

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agoramdisk: Remove temporary directory recursively
Michael Tremer [Sat, 12 Dec 2015 11:46:02 +0000 (12:46 +0100)] 
ramdisk: Remove temporary directory recursively

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agoramdisk: Fix copying files
root [Sat, 12 Dec 2015 11:35:24 +0000 (12:35 +0100)] 
ramdisk: Fix copying files

The shell expansion wasn't used because of the quotation marks.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agoconnections.cgi: Fix page crash with IPsec connections with one subnet only
Michael Tremer [Sat, 12 Dec 2015 09:50:19 +0000 (09:50 +0000)] 
connections.cgi: Fix page crash with IPsec connections with one subnet only

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agocore96: Ship missing libnet
Michael Tremer [Fri, 11 Dec 2015 18:48:19 +0000 (18:48 +0000)] 
core96: Ship missing libnet

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agolibnet 1.1.6: Fix for rootfile
Matthias Fischer [Sat, 5 Dec 2015 19:11:59 +0000 (20:11 +0100)] 
libnet 1.1.6: Fix for rootfile

libnet 1.1.6: Fix for rootfile

See: https://forum.ipfire.org/viewtopic.php?f=27&t=15377, "error with
arping and libnet.so.1"
Should fix: Bug #10996 / https://bugzilla.ipfire.org/show_bug.cgi?id=10996

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agoclamav: Update to 0.99
Matthias Fischer [Sat, 5 Dec 2015 03:12:51 +0000 (04:12 +0100)] 
clamav: Update to 0.99

clamav: Update to 0.99

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agocore96: Ship updated rrdtool
Michael Tremer [Fri, 11 Dec 2015 18:43:39 +0000 (18:43 +0000)] 
core96: Ship updated rrdtool

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agorrdtool: Update to 1.5.5
Matthias Fischer [Sat, 5 Dec 2015 03:08:49 +0000 (04:08 +0100)] 
rrdtool: Update to 1.5.5

rrdtool: Update to 1.5.5

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agoMidnight Commander: Update to 4.8.15
Matthias Fischer [Thu, 3 Dec 2015 18:09:45 +0000 (19:09 +0100)] 
Midnight Commander: Update to 4.8.15

Removed uncognized option: --with-samba

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agocore96: Ship routing.cgi
Michael Tremer [Thu, 10 Dec 2015 16:38:36 +0000 (16:38 +0000)] 
core96: Ship routing.cgi

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agoBUG10993: fix errormessage when editing static routes
Alexander Marx [Mon, 7 Dec 2015 13:36:31 +0000 (14:36 +0100)] 
BUG10993: fix errormessage when editing static routes

When editing existing static routes and clicking on apply button, there
was an errormessage saying that this route is already in use.
Now the errormessage is only displayed if a new route has the same ip
than an existing one.

Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agodma: Import patch for better authentication
Michael Tremer [Thu, 10 Dec 2015 16:35:09 +0000 (16:35 +0000)] 
dma: Import patch for better authentication

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agoUpdate translations
Michael Tremer [Fri, 4 Dec 2015 22:22:55 +0000 (22:22 +0000)] 
Update translations

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agoUpdate rootfiles
Michael Tremer [Fri, 4 Dec 2015 22:22:41 +0000 (22:22 +0000)] 
Update rootfiles

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agolibpri: Honour CFLAGS
Michael Tremer [Fri, 4 Dec 2015 22:13:44 +0000 (22:13 +0000)] 
libpri: Honour CFLAGS

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agoopenvmtools: Update to version 10.0.5
Michael Tremer [Fri, 4 Dec 2015 22:11:28 +0000 (22:11 +0000)] 
openvmtools: Update to version 10.0.5

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agoDrop tripwire
Michael Tremer [Fri, 4 Dec 2015 21:41:56 +0000 (21:41 +0000)] 
Drop tripwire

This add-on is likely to be unused

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agoxtables-addons: Make sure kernel module directory exists
Michael Tremer [Fri, 4 Dec 2015 21:38:05 +0000 (21:38 +0000)] 
xtables-addons: Make sure kernel module directory exists

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agoDrop cryptodev
Michael Tremer [Fri, 4 Dec 2015 21:32:58 +0000 (21:32 +0000)] 
Drop cryptodev

This module isn't used by openssl any more and therefore
quite unnecessary.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agomISDNuser: Don't build with -Werror
Michael Tremer [Fri, 4 Dec 2015 21:18:11 +0000 (21:18 +0000)] 
mISDNuser: Don't build with -Werror

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agoliboping: Don't build with -Werror
Michael Tremer [Fri, 4 Dec 2015 21:17:27 +0000 (21:17 +0000)] 
liboping: Don't build with -Werror

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agocore96: Ship updated mdadm
Michael Tremer [Fri, 4 Dec 2015 22:17:51 +0000 (22:17 +0000)] 
core96: Ship updated mdadm

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agomdadm: Update to 3.3.4
Michael Tremer [Fri, 4 Dec 2015 21:15:18 +0000 (21:15 +0000)] 
mdadm: Update to 3.3.4

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agoebtables: Honour CFLAGS
Michael Tremer [Fri, 4 Dec 2015 21:14:47 +0000 (21:14 +0000)] 
ebtables: Honour CFLAGS

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agoopenssl: Update to 1.0.2e
Michael Tremer [Thu, 3 Dec 2015 16:59:48 +0000 (16:59 +0000)] 
openssl: Update to 1.0.2e

OpenSSL Security Advisory [3 Dec 2015]
=======================================

NOTE: WE ANTICIPATE THAT 1.0.0t AND 0.9.8zh WILL BE THE LAST RELEASES FOR THE
0.9.8 AND 1.0.0 VERSIONS AND THAT NO MORE SECURITY FIXES WILL BE PROVIDED (AS
PER PREVIOUS ANNOUNCEMENTS). USERS ARE ADVISED TO UPGRADE TO LATER VERSIONS.

BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193)
==================================================================

Severity: Moderate

There is a carry propagating bug in the x86_64 Montgomery squaring procedure. No
EC algorithms are affected. Analysis suggests that attacks against RSA and DSA
as a result of this defect would be very difficult to perform and are not
believed likely. Attacks against DH are considered just feasible (although very
difficult) because most of the work necessary to deduce information
about a private key may be performed offline. The amount of resources
required for such an attack would be very significant and likely only
accessible to a limited number of attackers. An attacker would
additionally need online access to an unpatched system using the target
private key in a scenario with persistent DH parameters and a private
key that is shared between multiple clients. For example this can occur by
default in OpenSSL DHE based SSL/TLS ciphersuites.

This issue affects OpenSSL version 1.0.2.

OpenSSL 1.0.2 users should upgrade to 1.0.2e

This issue was reported to OpenSSL on August 13 2015 by Hanno
Böck. The fix was developed by Andy Polyakov of the OpenSSL
development team.

Certificate verify crash with missing PSS parameter (CVE-2015-3194)
===================================================================

Severity: Moderate

The signature verification routines will crash with a NULL pointer dereference
if presented with an ASN.1 signature using the RSA PSS algorithm and absent
mask generation function parameter. Since these routines are used to verify
certificate signature algorithms this can be used to crash any certificate
verification operation and exploited in a DoS attack. Any application which
performs certificate verification is vulnerable including OpenSSL clients and
servers which enable client authentication.

This issue affects OpenSSL versions 1.0.2 and 1.0.1.

OpenSSL 1.0.2 users should upgrade to 1.0.2e
OpenSSL 1.0.1 users should upgrade to 1.0.1q

This issue was reported to OpenSSL on August 27 2015 by Loïc Jonas Etienne
(Qnective AG). The fix was developed by Dr. Stephen Henson of the OpenSSL
development team.

X509_ATTRIBUTE memory leak (CVE-2015-3195)
==========================================

Severity: Moderate

When presented with a malformed X509_ATTRIBUTE structure OpenSSL will leak
memory. This structure is used by the PKCS#7 and CMS routines so any
application which reads PKCS#7 or CMS data from untrusted sources is affected.
SSL/TLS is not affected.

This issue affects OpenSSL versions 1.0.2 and 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.2 users should upgrade to 1.0.2e
OpenSSL 1.0.1 users should upgrade to 1.0.1q
OpenSSL 1.0.0 users should upgrade to 1.0.0t
OpenSSL 0.9.8 users should upgrade to 0.9.8zh

This issue was reported to OpenSSL on November 9 2015 by Adam Langley
(Google/BoringSSL) using libFuzzer. The fix was developed by Dr. Stephen
Henson of the OpenSSL development team.

Race condition handling PSK identify hint (CVE-2015-3196)
=========================================================

Severity: Low

If PSK identity hints are received by a multi-threaded client then
the values are wrongly updated in the parent SSL_CTX structure. This can
result in a race condition potentially leading to a double free of the
identify hint data.

This issue was fixed in OpenSSL 1.0.2d and 1.0.1p but has not been previously
listed in an OpenSSL security advisory. This issue also affects OpenSSL 1.0.0
and has not been previously fixed in an OpenSSL 1.0.0 release.

OpenSSL 1.0.2 users should upgrade to 1.0.2d
OpenSSL 1.0.1 users should upgrade to 1.0.1p
OpenSSL 1.0.0 users should upgrade to 1.0.0t

The fix for this issue can be identified in the OpenSSL git repository by commit
ids 3c66a669dfc7 (1.0.2), d6be3124f228 (1.0.1) and 1392c238657e (1.0.0).

The fix was developed by Dr. Stephen Henson of the OpenSSL development team.

Note
====

As per our previous announcements and our Release Strategy
(https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions
1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these
versions will be provided after that date. In the absence of significant
security issues being identified prior to that date, the 1.0.0t and 0.9.8zh
releases will be the last for those versions. Users of these versions are
advised to upgrade.

References
==========

URL for this Security Advisory:
https://www.openssl.org/news/secadv/20151203.txt

Note: the online version of the advisory may be updated with additional
details over time.

For details of OpenSSL severity classifications please see:
https://www.openssl.org/about/secpolicy.html

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agoramdisk: Migrate everything during the update
Michael Tremer [Thu, 3 Dec 2015 16:34:59 +0000 (16:34 +0000)] 
ramdisk: Migrate everything during the update

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agoramdisk: Avoid copying data if no ramdisk is used
Michael Tremer [Thu, 3 Dec 2015 16:03:29 +0000 (16:03 +0000)] 
ramdisk: Avoid copying data if no ramdisk is used

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agoramdisk: Move crontab back to disk
Michael Tremer [Thu, 3 Dec 2015 14:57:30 +0000 (14:57 +0000)] 
ramdisk: Move crontab back to disk

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agoramdisk: Make usage of ramdisk configurable
Michael Tremer [Thu, 3 Dec 2015 14:41:49 +0000 (14:41 +0000)] 
ramdisk: Make usage of ramdisk configurable

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agoinitscripts: functions: Fix indentation
Michael Tremer [Thu, 3 Dec 2015 14:27:33 +0000 (14:27 +0000)] 
initscripts: functions: Fix indentation

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agoRemove ramdisks for RRD databases
Alexander Marx [Thu, 3 Dec 2015 13:14:23 +0000 (13:14 +0000)] 
Remove ramdisks for RRD databases

Ramdisks are very limited in space and as new graphs
are generated for OpenVPN N2N connections, etc. more
space is necessary.

This patch will enable ramdisks for all systems with more
than 490M of memory and allows the user to force using
a ramdisk on systems with less memory.

Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Acked-by: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agoMerge branch 'master' into next
Arne Fitzenreiter [Wed, 2 Dec 2015 20:39:20 +0000 (21:39 +0100)] 
Merge branch 'master' into next

4 years agocore95: don't update snort.conf. core95 v2.17-core95
Arne Fitzenreiter [Wed, 2 Dec 2015 13:48:01 +0000 (14:48 +0100)] 
core95: don't update snort.conf.

because this will erase selected rules.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 years agodhcpcd: revert dhclient config before core91.
Arne Fitzenreiter [Wed, 2 Dec 2015 13:39:19 +0000 (14:39 +0100)] 
dhcpcd: revert dhclient config before core91.

the new config has some ipv6 defaults that conflict with
t-com entertain.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 years agokernel: bump pak version for pae kernel.
Arne Fitzenreiter [Wed, 2 Dec 2015 13:36:07 +0000 (14:36 +0100)] 
kernel: bump pak version for pae kernel.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 years agocpufreq: change initscript for intel pstate driver.
Arne Fitzenreiter [Wed, 2 Dec 2015 13:17:34 +0000 (14:17 +0100)] 
cpufreq: change initscript for intel pstate driver.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 years agokernel: enable intel_pstate driver.
Arne Fitzenreiter [Wed, 2 Dec 2015 13:13:04 +0000 (14:13 +0100)] 
kernel: enable intel_pstate driver.

this is needed to use turbo boost of newer intel processors.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
4 years agocore96: Don't restart services that have not been updated
Michael Tremer [Tue, 1 Dec 2015 22:37:07 +0000 (22:37 +0000)] 
core96: Don't restart services that have not been updated

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agocore96: Ship updated dnsmasq
Michael Tremer [Tue, 1 Dec 2015 22:36:21 +0000 (22:36 +0000)] 
core96: Ship updated dnsmasq

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agodnsmasq 2.75: latest upstream patches
Matthias Fischer [Fri, 27 Nov 2015 21:11:41 +0000 (22:11 +0100)] 
dnsmasq 2.75: latest upstream patches

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agorouting.cgi: Fix syntax error that caused an Internal Server Error
Michael Tremer [Wed, 25 Nov 2015 12:47:29 +0000 (12:47 +0000)] 
routing.cgi: Fix syntax error that caused an Internal Server Error

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agoUpdate Turkish translation
Ersan Yildirim [Mon, 23 Nov 2015 13:42:45 +0000 (13:42 +0000)] 
Update Turkish translation

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agoUpdate translations
Michael Tremer [Mon, 23 Nov 2015 13:42:08 +0000 (13:42 +0000)] 
Update translations

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agoinstaller+setup: Update translations
Michael Tremer [Sat, 21 Nov 2015 14:27:04 +0000 (14:27 +0000)] 
installer+setup: Update translations

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agocore96: Ship changed files
Michael Tremer [Thu, 19 Nov 2015 12:54:41 +0000 (12:54 +0000)] 
core96: Ship changed files

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agoBUG10984: Fix portforwardconverter for upgrades before core 77
Alexander Marx [Mon, 16 Nov 2015 11:01:07 +0000 (12:01 +0100)] 
BUG10984: Fix portforwardconverter for upgrades before core 77

When upgrading from a post core-77 installation, the portforwarding
rules seem to get broken. With this patch the sourceports and the
subnetmasks from the rules are converted correctly.

Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agoBUG10963: implement a better email verification
Alexander Marx [Thu, 19 Nov 2015 10:09:49 +0000 (11:09 +0100)] 
BUG10963: implement a better email verification

We now check all allowed chars in the address before the @ sign.
The domainpart after the '@' sign is just checked for valid chars, so that user@ipfire is valid, too

Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
4 years agostrongswan: Update to 5.3.4
Michael Tremer [Thu, 19 Nov 2015 12:52:31 +0000 (12:52 +0000)] 
strongswan: Update to 5.3.4

Fixes a security vulnerability in the EAP-MSCHAPv2 plugin
that is filed under CVE-2015-8023.

https://www.strongswan.org/blog/2015/11/16/strongswan-vulnerability-%28cve-2015-8023%29.html

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>