git.ipfire.org Git - ipfire-2.x.git/log

ipset: Don't (re-)build kernel module here

The reason why this comes up is that we currently don't build
a kernel for aarch64 and therefore building ipset fails.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Sat, 6 May 2017 12:04:12 +0000 (14:04 +0200)]

dfb++: Drop package

This does not seem to be needed by anything

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Sun, 7 May 2017 11:42:30 +0000 (13:42 +0200)]

boost: Update to 1.64.0

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Wed, 17 May 2017 21:26:27 +0000 (23:26 +0200)]

iftop: Drop package

This is not maintained upstream any more and I cannot get this to build.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Wed, 17 May 2017 21:08:30 +0000 (23:08 +0200)]

tcpick: Drop package

This FTBFS and is not maintained upstream any more.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Mon, 24 Apr 2017 13:55:49 +0000 (15:55 +0200)]

make.sh: Build autoconf and automake before berkeley

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Fri, 21 Apr 2017 10:06:08 +0000 (12:06 +0200)]

make.sh: Drop installmake()

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Fri, 21 Apr 2017 10:00:14 +0000 (12:00 +0200)]

make.sh: Drop ipfiremake() which is identical to lfsmake2

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Wed, 17 May 2017 20:58:03 +0000 (22:58 +0200)]

fuse: Update to 2.9.7

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Sat, 6 May 2017 08:09:34 +0000 (10:09 +0200)]

iperf: Update to 2.0.9

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Fri, 5 May 2017 17:03:47 +0000 (19:03 +0200)]

crda: Compile fix for newer GCC

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Fri, 5 May 2017 12:14:25 +0000 (14:14 +0200)]

lcr: Fix compilation with GCC 6

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Sun, 30 Apr 2017 10:59:55 +0000 (12:59 +0200)]

ghostscript: Delete all bundled libraries

ghostscript ships a number of bundled libraries
that is needs to be build and at runtime.

This patch removes them all which causes ghostcript
to automatically fall back to the libraries installed
in the system.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Fri, 28 Apr 2017 11:56:58 +0000 (12:56 +0100)]

linux: Do not build GCC plugins

Our version of GCC has plugins enabled and built but for
some reason they are not properly detected.

Hence they are disabled for now.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Mon, 1 May 2017 15:04:37 +0000 (17:04 +0200)]

perl: Fix Errno.pm generation for GCC >= 5

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Mon, 1 May 2017 14:46:00 +0000 (16:46 +0200)]

libdvbpsi: Fails to build with newer GCC

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Fri, 28 Apr 2017 11:30:04 +0000 (13:30 +0200)]

fontconfig: Fix build with glibc >= 2.25

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Thu, 27 Apr 2017 10:10:03 +0000 (11:10 +0100)]

Drop paxctl

Since the new toolchain the flags are not compiled into the
binaries any more which causes paxctl to fail.

On top of that, PaX and grsecurity won't be available freely
any more which requires us to remove it from the distribution.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Thu, 27 Apr 2017 09:58:35 +0000 (10:58 +0100)]

grub: Fix compile error in gnulib with newer GCCs

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Fri, 28 Apr 2017 11:10:41 +0000 (13:10 +0200)]

python: Update to 2.7.13

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Thu, 27 Apr 2017 10:04:05 +0000 (12:04 +0200)]

mysql: Fix build with newer GCC

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Wed, 26 Apr 2017 10:48:48 +0000 (11:48 +0100)]

glibc: Do not enable stack-smashing protector in toolchain stage

This is causing build errors on some systems where the host
system does or does not use SSP.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Wed, 26 Apr 2017 10:48:31 +0000 (11:48 +0100)]

ncurses-compat: Fix build with GCC 6

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Wed, 26 Apr 2017 10:28:58 +0000 (11:28 +0100)]

make.sh: Pass BUILD_PLATFORM variable to build environment

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Wed, 26 Apr 2017 10:45:27 +0000 (12:45 +0200)]

pam: Compile fix for newer glibcs

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Tue, 25 Apr 2017 09:56:40 +0000 (11:56 +0200)]

openssl: Make package compile on all arches

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Tue, 25 Apr 2017 09:56:17 +0000 (11:56 +0200)]

udev: Remove old compile fix for older versions of glibc

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Tue, 25 Apr 2017 09:56:02 +0000 (11:56 +0200)]

binutils: Cleanup makefile

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Tue, 25 Apr 2017 09:08:35 +0000 (11:08 +0200)]

glibc: Install obsolete RPC headers

Some programs still use these and therefore we need to install
them here.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Tue, 25 Apr 2017 09:07:55 +0000 (11:07 +0200)]

sysklogd: Fix build with GCC 6

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Tue, 25 Apr 2017 09:07:30 +0000 (11:07 +0200)]

stage2: Make sure to install lib64 symlinks on all 64 bit architectures

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Tue, 25 Apr 2017 10:27:00 +0000 (11:27 +0100)]

gcc: Remove some deprecated configure options in 2nd toolchain pass

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Tue, 25 Apr 2017 10:26:50 +0000 (11:26 +0100)]

glibc: Test toolchain after build

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Mon, 24 Apr 2017 18:31:37 +0000 (19:31 +0100)]

gcc: Perform full bootstrap on ARM32

The build fails with various reasons and a full bootstrap
always succeeds. This takes a very long time so we try to
avoid it where ever possible.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Mon, 24 Apr 2017 09:17:43 +0000 (10:17 +0100)]

gcc: Do not build libmpx on x86 in first pass in toolchain

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Mon, 24 Apr 2017 11:12:37 +0000 (13:12 +0200)]

cleanup-toolchain: Fix TARGET for toolchain and non-toolchain pass

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Mon, 24 Apr 2017 11:11:54 +0000 (13:11 +0200)]

make.sh: Use a better marker to determine if toolchain is present

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Fri, 21 Apr 2017 15:09:17 +0000 (17:09 +0200)]

stage1: New build script

Creates some basic directories and symlinks in toolchain stage

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Fri, 21 Apr 2017 15:08:45 +0000 (17:08 +0200)]

gcc: Always pass --disable-multilib

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Fri, 21 Apr 2017 10:04:42 +0000 (12:04 +0200)]

make.sh: Use enterchroot function in ipfiredist

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Thu, 20 Apr 2017 16:43:38 +0000 (18:43 +0200)]

make.sh: Let lfsmake2 use the new enterchroot function

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Thu, 20 Apr 2017 16:02:15 +0000 (18:02 +0200)]

make.sh: Create a function to execute a command in chroot

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Thu, 20 Apr 2017 15:45:49 +0000 (17:45 +0200)]

make.sh: Correctly configure ccache in toolchain stage

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Thu, 20 Apr 2017 15:09:42 +0000 (17:09 +0200)]

make.sh: Cleanup of polluted environment

The build environment is using a number of variables which
occasionally conflicted with some other build systems.

This patch cleans that up by renaming some variables and
later unexporting them in the lfs files.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Mon, 17 Apr 2017 11:42:46 +0000 (13:42 +0200)]

cleanup-toolchain: Use TOOLCHAIN variable

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Wed, 19 Apr 2017 08:19:33 +0000 (09:19 +0100)]

binutils: Drop modifying CFLAGS in PASS=1

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Wed, 19 Apr 2017 08:17:27 +0000 (09:17 +0100)]

glibc: Enable hard float abi when compiling for armv7hl

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Wed, 19 Apr 2017 08:16:34 +0000 (09:16 +0100)]

gcc: Build with hard floating point support on armv7hl

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Wed, 19 Apr 2017 08:15:44 +0000 (09:15 +0100)]

armv7hl: Build without -mthumb

Causes some linking problems when bootstrapping the toolchain

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Thu, 13 Apr 2017 14:12:49 +0000 (15:12 +0100)]

linux: Install ARM headers for armv7hl

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Wed, 12 Apr 2017 10:07:33 +0000 (11:07 +0100)]

Support building for armv7hl

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Sun, 16 Apr 2017 16:28:08 +0000 (18:28 +0200)]

toolchain: Drop first pass of cleanup-toolchain script

This is no longer necessary

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Thu, 13 Apr 2017 18:27:32 +0000 (20:27 +0200)]

Cleanup makefiles by using the new TOOLCHAIN variable

No functional changes

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Thu, 13 Apr 2017 17:05:58 +0000 (19:05 +0200)]

binutils: Remove some unnecessary compiler options

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Thu, 13 Apr 2017 16:56:16 +0000 (18:56 +0200)]

gcc: Don't bootstrap in second pass

GCC does not need to be bootstrapped in the second pass
any more since the toolchain is not built hardened

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Thu, 13 Apr 2017 16:56:06 +0000 (18:56 +0200)]

gcc: Remove unnecessary compiler options

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Thu, 13 Apr 2017 16:55:35 +0000 (18:55 +0200)]

Build for aarch64 by default on aarch64 hosts

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Sun, 12 Mar 2017 16:40:28 +0000 (17:40 +0100)]

Allow building for aarch64

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Thu, 13 Apr 2017 14:03:38 +0000 (16:03 +0200)]

toolchain: Build without hardening

The toolchain will be built without hardening which makes
the entire bootstrapping process way more complicated than
necessary and sometimes fail on some host distribution.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Thu, 13 Apr 2017 14:03:17 +0000 (16:03 +0200)]

pkg-config: Remove accidentially commited line

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Wed, 12 Apr 2017 09:47:47 +0000 (11:47 +0200)]

glibc: Update to 2.25

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Wed, 12 Apr 2017 09:45:41 +0000 (11:45 +0200)]

binutils: Update to version 2.28

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Wed, 12 Apr 2017 09:44:31 +0000 (11:44 +0200)]

gcc: Update to version 6.3.0

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Wed, 12 Apr 2017 09:39:04 +0000 (11:39 +0200)]

pkg-config: Fix compilation with newer GCCs

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Sun, 12 Mar 2017 16:54:41 +0000 (17:54 +0100)]

gcc: Package doesn't support build in parallel

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Sun, 12 Mar 2017 16:53:22 +0000 (17:53 +0100)]

gcc: Enable --with-float only on armv5tel

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Thu, 18 May 2017 10:55:20 +0000 (11:55 +0100)]

core111: Ship updated cpio

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Tue, 25 Apr 2017 09:13:04 +0000 (11:13 +0200)]

cpio: Update to 2.12

FTBFS on aarch64

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Thu, 13 Apr 2017 17:16:25 +0000 (19:16 +0200)]

ccache: Cleanup makefile

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Thu, 13 Apr 2017 17:02:21 +0000 (19:02 +0200)]

make.sh: Set TOOLCHAIN=1 in toolchain stage

This allows better lfs files and fewer ifdefs in toolchain stage.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Thu, 13 Apr 2017 17:01:28 +0000 (19:01 +0200)]

make.sh: Adjust toolchain PATH in lfsmake1 instead of globally

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Sat, 8 Apr 2017 10:12:42 +0000 (12:12 +0200)]

kernel headers: Install correct headers for all architectures

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Wed, 12 Apr 2017 09:38:42 +0000 (11:38 +0200)]

fake-environ: Fix typos

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Fri, 5 May 2017 12:10:36 +0000 (14:10 +0200)]

make.sh: Show last lines of log when build aborts

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Thu, 18 May 2017 10:47:07 +0000 (11:47 +0100)]

Start Core Update 111

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Thu, 18 May 2017 10:24:41 +0000 (11:24 +0100)]

Merge remote-tracking branch 'origin/master' into next

commit | commitdiff | tree

Michael Tremer [Thu, 18 May 2017 10:22:20 +0000 (11:22 +0100)]

Merge remote-tracking branch 'ms/wlanclient' into next

commit | commitdiff | tree

Michael Tremer [Tue, 16 May 2017 14:02:25 +0000 (16:02 +0200)]

index.cgi: Show WiFi properties on front page

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Tue, 16 May 2017 13:05:25 +0000 (15:05 +0200)]

WiFi: Show EAP status on wireless client page

This patch adds some status information so that we know what
authentication an access point is using.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Tue, 16 May 2017 10:33:40 +0000 (11:33 +0100)]

tor: Update to 0.3.0.7

Fixes various security vulnerabilities of medium severity in
the relay component.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Gabriel Rolland [Thu, 4 May 2017 08:28:35 +0000 (10:28 +0200)]

Italian translations in it.pl after 110

Missing or incorrect translations.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Matthias Fischer [Fri, 5 May 2017 21:22:30 +0000 (23:22 +0200)]

web-user-interface: Fix for rootfile

Added 'back.png' for Firewall-GUI

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Fri, 5 May 2017 11:02:21 +0000 (12:02 +0100)]

vpnmain.cgi: Fix typo

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Fri, 5 May 2017 10:31:36 +0000 (11:31 +0100)]

wlan client: Generate wpa_supplicant configuration file for EAP

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Fri, 5 May 2017 10:17:06 +0000 (11:17 +0100)]

wlan client: Allow configuration of EAP-PEAP and EAP-TTLS on web user interface

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Matthias Fischer [Sun, 30 Apr 2017 10:59:23 +0000 (12:59 +0200)]

GUI: Some simple FW-Log cosmetics

I altered 'showrequestfromcountry.dat', 'showrequestfromip.dat' and 'showrequestfromport.dat'
in the same manner as the 'Loggraphs'-Pages in commit

Each 'Details'-page got a unique title.

Furthermore, I added a 'Back'-Button to go back to the previous page. For this, I used
'back.png' from 'wio' (thanks Stephan! ;-) ) since I found no other appropriate image.

'ipinfo.cgi' got a centered 'Back'-Button, too.

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Matthias Fischer [Fri, 28 Apr 2017 19:29:58 +0000 (21:29 +0200)]

BUG 11305: Suggested fix for '/var/log/btmp' permissions

Fixes BUG 11305, for details see:
https://bugzilla.ipfire.org/show_bug.cgi?id=11305

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Sun, 30 Apr 2017 12:09:51 +0000 (13:09 +0100)]

unbound: Update dnssec-status file

The status file was not updated when DNSSEC was disabled
before and has been enabled after which always caused
the webif to show that DNSSEC was disabled.

Fixes #11315

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Matthias Fischer [Mon, 24 Apr 2017 18:56:29 +0000 (20:56 +0200)]

unbound: Update to 1.6.2

For details see:
http://www.unbound.net/download.html

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Matthias Fischer [Tue, 25 Apr 2017 19:08:32 +0000 (21:08 +0200)]

bind: Update to 9.11.1

For details see:
https://ftp.isc.org/isc/bind9/9.11.1/RELEASE-NOTES-bind-9.11.1.html

"Security Fixes

rndc "" could trigger an assertion failure in named. This flaw is disclosed
in (CVE-2017-3138). [RT #44924]

Some chaining (i.e., type CNAME or DNAME) responses to upstream queries could
trigger assertion failures. This flaw is disclosed in CVE-2017-3137. [RT #44734]

dns64 with break-dnssec yes; can result in an assertion failure. This flaw is
disclosed in CVE-2017-3136. [RT #44653]

If a server is configured with a response policy zone (RPZ) that rewrites an
answer with local data, and is also configured for DNS64 address mapping, a NULL
pointer can be read triggering a server crash. This flaw is disclosed in
CVE-2017-3135. [RT #44434]

A coding error in the nxdomain-redirect feature could lead to an assertion failure
if the redirection namespace was served from a local authoritative data source such
as a local zone or a DLZ instead of via recursive lookup. This flaw is disclosed in
CVE-2016-9778. [RT #43837]

named could mishandle authority sections with missing RRSIGs, triggering an
assertion failure. This flaw is disclosed in CVE-2016-9444. [RT #43632]

named mishandled some responses where covering RRSIG records were returned without
the requested data, resulting in an assertion failure. This flaw is disclosed in
CVE-2016-9147. [RT #43548]

named incorrectly tried to cache TKEY records which could trigger an assertion failure
when there was a class mismatch. This flaw is disclosed in CVE-2016-9131. [RT #43522]

It was possible to trigger assertions when processing responses containing answers of
type DNAME. This flaw is disclosed in CVE-2016-8864. [RT #43465]

Added the ability to specify the maximum number of records permitted in a zone
(max-records #;). This provides a mechanism to block overly large zone transfers, which
is a potential risk with slave zones from other parties, as described in CVE-2016-6170.
[RT #42143]

Bug Fixes

A synthesized CNAME record appearing in a response before the associated DNAME could be
cached, when it should not have been. This was a regression introduced while addressing
CVE-2016-8864. [RT #44318]

named could deadlock if multiple changes to NSEC/NSEC3 parameters for the same zone were
being processed at the same time. [RT #42770]

named could trigger an assertion when sending NOTIFY messages. [RT #44019]

Referencing a nonexistent zone in a response-policy statement could cause an assertion
failure during configuration. [RT #43787]

rndc addzone could cause a crash when attempting to add a zone with a type other than
master or slave. Such zones are now rejected. [RT #43665]

named could hang when encountering log file names with large apparent gaps in version
number (for example, when files exist called "logfile.0", "logfile.1", and
"logfile.1482954169"). This is now handled correctly. [RT #38688]

If a zone was updated while named was processing a query for nonexistent data, it could
return out-of-sync NSEC3 records causing potential DNSSEC validation failure. [RT #43247]"

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Matthias Fischer [Tue, 25 Apr 2017 19:13:17 +0000 (21:13 +0200)]

nano: Update to 2.8.1

For details see:
https://www.nano-editor.org/news.php

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Matthias Fischer [Fri, 28 Apr 2017 06:17:33 +0000 (08:17 +0200)]

logrotate: Update to 3.12.1

For details see:
https://github.com/logrotate/logrotate/blob/master/ChangeLog.md

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Fri, 28 Apr 2017 12:03:46 +0000 (13:03 +0100)]

OpenVPN: Mark SHA1 as weak

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit | commitdiff | tree

Michael Tremer [Fri, 28 Apr 2017 12:01:41 +0000 (13:01 +0100)]

OpenVPN: Use SHA512 by default

This will break compatibility with old clients like
Windows XP, but these are too old now to be supported.

SHA1 is considered to be weak and should not be used any more

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

IPFire 2.x development tree

RSS Atom