people/dweismueller/ipfire-2.x.git
4 years agoset version to IPFire-2.17 core89 master
Arne Fitzenreiter [Fri, 20 Mar 2015 10:20:45 +0000 (11:20 +0100)]
set version to IPFire-2.17 core89

4 years agoopenssl: Fix soname version of build
Arne Fitzenreiter [Thu, 19 Mar 2015 18:16:33 +0000 (19:16 +0100)]
openssl: Fix soname version of build

4 years agoopenssl: Rebase "disable SSLv2, SSLv3" patch
Michael Tremer [Thu, 19 Mar 2015 15:04:35 +0000 (16:04 +0100)]
openssl: Rebase "disable SSLv2, SSLv3" patch

4 years agoopenssl: Remove "fix parallel build" patch
Michael Tremer [Thu, 19 Mar 2015 15:03:58 +0000 (16:03 +0100)]
openssl: Remove "fix parallel build" patch

4 years agoopenssl: Update weak-ciphers and build patches
Michael Tremer [Thu, 19 Mar 2015 14:54:43 +0000 (15:54 +0100)]
openssl: Update weak-ciphers and build patches

4 years agoopenssl: Remove support for cryptodev
Michael Tremer [Thu, 19 Mar 2015 14:47:13 +0000 (15:47 +0100)]
openssl: Remove support for cryptodev

The patches won't apply any more and there does not seem
support from upstream for the latest versions of OpenSSL

4 years agoopenssl: Update to version 1.0.1m and 0.9.8zf
Michael Tremer [Thu, 19 Mar 2015 14:13:07 +0000 (15:13 +0100)]
openssl: Update to version 1.0.1m and 0.9.8zf

http://openssl.org/news/secadv_20150319.txt

OpenSSL Security Advisory [19 Mar 2015]
=======================================

OpenSSL 1.0.2 ClientHello sigalgs DoS (CVE-2015-0291)
=====================================================

Severity: High

If a client connects to an OpenSSL 1.0.2 server and renegotiates with an
invalid signature algorithms extension a NULL pointer dereference will occur.
This can be exploited in a DoS attack against the server.

This issue affects OpenSSL version: 1.0.2

OpenSSL 1.0.2 users should upgrade to 1.0.2a.

This issue was was reported to OpenSSL on 26th February 2015 by David Ramos
of Stanford University. The fix was developed by Stephen Henson and Matt
Caswell of the OpenSSL development team.

Reclassified: RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)
============================================================================

Severity: High

This security issue was previously announced by the OpenSSL project and
classified as "low" severity. This severity rating has now been changed to
"high".

This was classified low because it was originally thought that server RSA
export ciphersuite support was rare: a client was only vulnerable to a MITM
attack against a server which supports an RSA export ciphersuite. Recent
studies have shown that RSA export ciphersuites support is far more common.

This issue affects OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.1 users should upgrade to 1.0.1k.
OpenSSL 1.0.0 users should upgrade to 1.0.0p.
OpenSSL 0.9.8 users should upgrade to 0.9.8zd.

This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan
Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen
Henson of the OpenSSL core team. It was previously announced in the OpenSSL
security advisory on 8th January 2015.

Multiblock corrupted pointer (CVE-2015-0290)
============================================

Severity: Moderate

OpenSSL 1.0.2 introduced the "multiblock" performance improvement. This feature
only applies on 64 bit x86 architecture platforms that support AES NI
instructions. A defect in the implementation of "multiblock" can cause OpenSSL's
internal write buffer to become incorrectly set to NULL when using non-blocking
IO. Typically, when the user application is using a socket BIO for writing, this
will only result in a failed connection. However if some other BIO is used then
it is likely that a segmentation fault will be triggered, thus enabling a
potential DoS attack.

This issue affects OpenSSL version: 1.0.2

OpenSSL 1.0.2 users should upgrade to 1.0.2a.

This issue was reported to OpenSSL on 13th February 2015 by Daniel Danner and
Rainer Mueller. The fix was developed by Matt Caswell of the OpenSSL development
team.

Segmentation fault in DTLSv1_listen (CVE-2015-0207)
===================================================

Severity: Moderate

The DTLSv1_listen function is intended to be stateless and processes the initial
ClientHello from many peers. It is common for user code to loop over the call to
DTLSv1_listen until a valid ClientHello is received with an associated cookie. A
defect in the implementation of DTLSv1_listen means that state is preserved in
the SSL object from one invocation to the next that can lead to a segmentation
fault. Errors processing the initial ClientHello can trigger this scenario. An
example of such an error could be that a DTLS1.0 only client is attempting to
connect to a DTLS1.2 only server.

This issue affects OpenSSL version: 1.0.2

OpenSSL 1.0.2 DTLS users should upgrade to 1.0.2a.

This issue was reported to OpenSSL on 27th January 2015 by Per Allansson. The
fix was developed by Matt Caswell of the OpenSSL development team.

Segmentation fault in ASN1_TYPE_cmp (CVE-2015-0286)
===================================================

Severity: Moderate

The function ASN1_TYPE_cmp will crash with an invalid read if an attempt is
made to compare ASN.1 boolean types. Since ASN1_TYPE_cmp is used to check
certificate signature algorithm consistency this can be used to crash any
certificate verification operation and exploited in a DoS attack. Any
application which performs certificate verification is vulnerable including
OpenSSL clients and servers which enable client authentication.

This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.2 users should upgrade to 1.0.2a
OpenSSL 1.0.1 users should upgrade to 1.0.1m.
OpenSSL 1.0.0 users should upgrade to 1.0.0r.
OpenSSL 0.9.8 users should upgrade to 0.9.8zf.

This issue was discovered and fixed by Stephen Henson of the OpenSSL
development team.

Segmentation fault for invalid PSS parameters (CVE-2015-0208)
=============================================================

Severity: Moderate

The signature verification routines will crash with a NULL pointer
dereference if presented with an ASN.1 signature using the RSA PSS
algorithm and invalid parameters. Since these routines are used to verify
certificate signature algorithms this can be used to crash any
certificate verification operation and exploited in a DoS attack. Any
application which performs certificate verification is vulnerable including
OpenSSL clients and servers which enable client authentication.

This issue affects OpenSSL version: 1.0.2

OpenSSL 1.0.2 users should upgrade to 1.0.2a

This issue was was reported to OpenSSL on 31st January 2015 by Brian Carpenter
and a fix developed by Stephen Henson of the OpenSSL development team.

ASN.1 structure reuse memory corruption (CVE-2015-0287)
=======================================================

Severity: Moderate

Reusing a structure in ASN.1 parsing may allow an attacker to cause
memory corruption via an invalid write. Such reuse is and has been
strongly discouraged and is believed to be rare.

Applications that parse structures containing CHOICE or ANY DEFINED BY
components may be affected. Certificate parsing (d2i_X509 and related
functions) are however not affected. OpenSSL clients and servers are
not affected.

This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0
and 0.9.8.

OpenSSL 1.0.2 users should upgrade to 1.0.2a
OpenSSL 1.0.1 users should upgrade to 1.0.1m.
OpenSSL 1.0.0 users should upgrade to 1.0.0r.
OpenSSL 0.9.8 users should upgrade to 0.9.8zf.

This issue was discovered by Emilia Käsper and a fix developed by
Stephen Henson of the OpenSSL development team.

PKCS7 NULL pointer dereferences (CVE-2015-0289)
===============================================

Severity: Moderate

The PKCS#7 parsing code does not handle missing outer ContentInfo correctly.
An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with
missing content and trigger a NULL pointer dereference on parsing.

Applications that verify PKCS#7 signatures, decrypt PKCS#7 data or
otherwise parse PKCS#7 structures from untrusted sources are
affected. OpenSSL clients and servers are not affected.

This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0
and 0.9.8.

OpenSSL 1.0.2 users should upgrade to 1.0.2a
OpenSSL 1.0.1 users should upgrade to 1.0.1m.
OpenSSL 1.0.0 users should upgrade to 1.0.0r.
OpenSSL 0.9.8 users should upgrade to 0.9.8zf.

This issue was reported to OpenSSL on February 16th 2015 by Michal
Zalewski (Google) and a fix developed by Emilia Käsper of the OpenSSL
development team.

Base64 decode (CVE-2015-0292)
=============================

Severity: Moderate

A vulnerability existed in previous versions of OpenSSL related to the
processing of base64 encoded data. Any code path that reads base64 data from an
untrusted source could be affected (such as the PEM processing routines).
Maliciously crafted base 64 data could trigger a segmenation fault or memory
corruption. This was addressed in previous versions of OpenSSL but has not been
included in any security advisory until now.

This issue affects OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.1 users should upgrade to 1.0.1h.
OpenSSL 1.0.0 users should upgrade to 1.0.0m.
OpenSSL 0.9.8 users should upgrade to 0.9.8za.

The fix for this issue can be identified by commits d0666f289a (1.0.1),
84fe686173 (1.0.0) and 9febee0272 (0.9.8). This issue was originally reported by
Robert Dugal and subsequently by David Ramos.

DoS via reachable assert in SSLv2 servers (CVE-2015-0293)
=========================================================

Severity: Moderate

A malicious client can trigger an OPENSSL_assert (i.e., an abort) in
servers that both support SSLv2 and enable export cipher suites by sending
a specially crafted SSLv2 CLIENT-MASTER-KEY message.

This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0
and 0.9.8.

OpenSSL 1.0.2 users should upgrade to 1.0.2a
OpenSSL 1.0.1 users should upgrade to 1.0.1m.
OpenSSL 1.0.0 users should upgrade to 1.0.0r.
OpenSSL 0.9.8 users should upgrade to 0.9.8zf.

This issue was discovered by Sean Burford (Google) and Emilia Käsper
(OpenSSL development team) in March 2015 and the fix was developed by
Emilia Käsper.

Empty CKE with client auth and DHE (CVE-2015-1787)
==================================================

Severity: Moderate

If client auth is used then a server can seg fault in the event of a DHE
ciphersuite being selected and a zero length ClientKeyExchange message being
sent by the client. This could be exploited in a DoS attack.

This issue affects OpenSSL version: 1.0.2

OpenSSL 1.0.2 users should upgrade to 1.0.2a.

This issue was discovered and the fix was developed by Matt Caswell of the
OpenSSL development team.

Handshake with unseeded PRNG (CVE-2015-0285)
============================================

Severity: Low

Under certain conditions an OpenSSL 1.0.2 client can complete a handshake with
an unseeded PRNG. The conditions are:
- The client is on a platform where the PRNG has not been seeded automatically,
and the user has not seeded manually
- A protocol specific client method version has been used (i.e. not
SSL_client_methodv23)
- A ciphersuite is used that does not require additional random data from the
PRNG beyond the initial ClientHello client random (e.g. PSK-RC4-SHA).

If the handshake succeeds then the client random that has been used will have
been generated from a PRNG with insufficient entropy and therefore the output
may be predictable.

For example using the following command with an unseeded openssl will succeed on
an unpatched platform:

openssl s_client -psk 1a2b3c4d -tls1_2 -cipher PSK-RC4-SHA

This issue affects OpenSSL version: 1.0.2

OpenSSL 1.0.2 users should upgrade to 1.0.2a.

This issue was discovered and the fix was developed by Matt Caswell of the
OpenSSL development team.

Use After Free following d2i_ECPrivatekey error (CVE-2015-0209)
===============================================================

Severity: Low

A malformed EC private key file consumed via the d2i_ECPrivateKey function could
cause a use after free condition. This, in turn, could cause a double
free in several private key parsing functions (such as d2i_PrivateKey
or EVP_PKCS82PKEY) and could lead to a DoS attack or memory corruption
for applications that receive EC private keys from untrusted
sources. This scenario is considered rare.

This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.2 users should upgrade to 1.0.2a
OpenSSL 1.0.1 users should upgrade to 1.0.1m.
OpenSSL 1.0.0 users should upgrade to 1.0.0r.
OpenSSL 0.9.8 users should upgrade to 0.9.8zf.

This issue was discovered by the BoringSSL project and fixed in their commit
517073cd4b. The OpenSSL fix was developed by Matt Caswell of the OpenSSL
development team.

X509_to_X509_REQ NULL pointer deref (CVE-2015-0288)
===================================================

Severity: Low

The function X509_to_X509_REQ will crash with a NULL pointer dereference if
the certificate key is invalid. This function is rarely used in practice.

This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0
and 0.9.8.

OpenSSL 1.0.2 users should upgrade to 1.0.2a
OpenSSL 1.0.1 users should upgrade to 1.0.1m.
OpenSSL 1.0.0 users should upgrade to 1.0.0r.
OpenSSL 0.9.8 users should upgrade to 0.9.8zf.

This issue was discovered by Brian Carpenter and a fix developed by Stephen
Henson of the OpenSSL development team.

Note
====

As per our previous announcements and our Release Strategy
(https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions
1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these
releases will be provided after that date. Users of these releases are advised
to upgrade.

References
==========

URL for this Security Advisory:
https://www.openssl.org/news/secadv_20150319.txt

Note: the online version of the advisory may be updated with additional
details over time.

For details of OpenSSL severity classifications please see:
https://www.openssl.org/about/secpolicy.html

4 years agoopenssh: Update to version 6.8p1
Michael Tremer [Wed, 18 Mar 2015 14:51:37 +0000 (15:51 +0100)]
openssh: Update to version 6.8p1

4 years agofireinfo: Forbid string "Serial"
Michael Tremer [Tue, 17 Mar 2015 21:23:13 +0000 (22:23 +0100)]
fireinfo: Forbid string "Serial"

4 years agoprepare core88.
Arne Fitzenreiter [Tue, 17 Mar 2015 13:08:13 +0000 (14:08 +0100)]
prepare core88.

4 years agocore89: stop/start ipsec, rewrite ddns config with new cgi.
Arne Fitzenreiter [Tue, 17 Mar 2015 13:03:31 +0000 (14:03 +0100)]
core89: stop/start ipsec, rewrite ddns config with new cgi.

4 years agocore89: add changed packages to updater.
Arne Fitzenreiter [Tue, 17 Mar 2015 12:56:51 +0000 (13:56 +0100)]
core89: add changed packages to updater.

4 years agocore89: remove all sqlite meta-data files.
Arne Fitzenreiter [Tue, 17 Mar 2015 12:54:19 +0000 (13:54 +0100)]
core89: remove all sqlite meta-data files.

4 years agomove core88 to 89.
Arne Fitzenreiter [Tue, 17 Mar 2015 12:50:38 +0000 (13:50 +0100)]
move core88 to 89.

4 years agocore88: Add collectd to updater
Michael Tremer [Thu, 12 Mar 2015 12:25:29 +0000 (13:25 +0100)]
core88: Add collectd to updater

4 years agoopenssl-compat: Disable SSLv3 and SSLv2 as well
Michael Tremer [Thu, 12 Mar 2015 12:14:26 +0000 (13:14 +0100)]
openssl-compat: Disable SSLv3 and SSLv2 as well

4 years agoAdd more missing files of Core Update 88
Michael Tremer [Thu, 12 Mar 2015 12:07:44 +0000 (13:07 +0100)]
Add more missing files of Core Update 88

4 years agodnsmasq: Import more patches from upstream
Michael Tremer [Tue, 10 Mar 2015 15:21:58 +0000 (16:21 +0100)]
dnsmasq: Import more patches from upstream

4 years agodnsmasq: Enable DNSSEC timestamp feature
Michael Tremer [Tue, 10 Mar 2015 15:22:09 +0000 (16:22 +0100)]
dnsmasq: Enable DNSSEC timestamp feature

This disables DNSSEC until the system clock has been set correctly.
There is a circular dependency on working DNS and being able to
resolve DNS records in order to reach a time server. Systems without
a RTC or empty RTC battery will start up with time way in the past
in which all DNSSEC signatures are invalid.

4 years agocore88: Add ddns.cgi to updater
Michael Tremer [Thu, 12 Mar 2015 11:58:04 +0000 (12:58 +0100)]
core88: Add ddns.cgi to updater

4 years agoddns.cgi: Add token handling for zzzz.io.
Stefan Schantl [Sun, 7 Sep 2014 13:44:19 +0000 (15:44 +0200)]
ddns.cgi: Add token handling for zzzz.io.

4 years agoopenssl: Disable SSLv3 and SSLv2 by default
Michael Tremer [Thu, 12 Mar 2015 11:55:40 +0000 (12:55 +0100)]
openssl: Disable SSLv3 and SSLv2 by default

This patch will disable SSLv3 and SSLv2 by default but leaves
the protocol compiled in into the library so that applications
can use it when they still need it (e.g. sslscan).

4 years agoRevert "openssl: Disable SSLv2 and SSLv3."
Michael Tremer [Thu, 12 Mar 2015 11:55:05 +0000 (12:55 +0100)]
Revert "openssl: Disable SSLv2 and SSLv3."

This reverts commit 98a5192ef2f3cde9b9c6867f69f3a400f3c62ec5.

4 years agolang.pl: Always fall back to English
Michael Tremer [Mon, 9 Mar 2015 23:04:55 +0000 (00:04 +0100)]
lang.pl: Always fall back to English

Fixes #10769

4 years agoset version to 2.17-core88.
Arne Fitzenreiter [Sat, 7 Mar 2015 09:18:50 +0000 (10:18 +0100)]
set version to 2.17-core88.

4 years agoinitskripts: rootfile update.
Arne Fitzenreiter [Sat, 7 Mar 2015 09:17:17 +0000 (10:17 +0100)]
initskripts: rootfile update.

4 years agobackup: make include file parsing more robust.
Arne Fitzenreiter [Fri, 6 Mar 2015 16:22:18 +0000 (17:22 +0100)]
backup: make include file parsing more robust.

4 years agoinstaller+setup: Update translations
Michael Tremer [Thu, 5 Mar 2015 21:12:38 +0000 (22:12 +0100)]
installer+setup: Update translations

4 years agoddns: Update to 007.
Stefan Schantl [Thu, 5 Mar 2015 18:37:47 +0000 (19:37 +0100)]
ddns: Update to 007.

4 years agohaproxy: New package
Michael Tremer [Thu, 5 Mar 2015 13:48:16 +0000 (14:48 +0100)]
haproxy: New package

4 years agoAccidentially disabled nmap build
Michael Tremer [Thu, 5 Mar 2015 12:44:50 +0000 (13:44 +0100)]
Accidentially disabled nmap build

4 years agoMove Core Update 86 and 87 files to oldcore directory
Michael Tremer [Thu, 5 Mar 2015 11:55:32 +0000 (12:55 +0100)]
Move Core Update 86 and 87 files to oldcore directory

4 years agoclamav: Fix compiling
Michael Tremer [Thu, 5 Mar 2015 11:54:22 +0000 (12:54 +0100)]
clamav: Fix compiling

glibc headers were not correctly included

4 years agontfs-3g: Ship all user-space tools with the package
Michael Tremer [Wed, 4 Mar 2015 22:59:43 +0000 (23:59 +0100)]
ntfs-3g: Ship all user-space tools with the package

4 years agoMerge remote-tracking branch 'mfischer/ntfs-3g' into next
Michael Tremer [Wed, 4 Mar 2015 22:58:58 +0000 (23:58 +0100)]
Merge remote-tracking branch 'mfischer/ntfs-3g' into next

4 years agoMerge remote-tracking branch 'origin/master' into next
Michael Tremer [Wed, 4 Mar 2015 22:58:47 +0000 (23:58 +0100)]
Merge remote-tracking branch 'origin/master' into next

Conflicts:
config/rootfiles/packages/clamav
lfs/clamav

4 years agostrongswan: Update solution for strongswan bug #816
Michael Tremer [Wed, 4 Mar 2015 22:54:10 +0000 (23:54 +0100)]
strongswan: Update solution for strongswan bug #816

4 years agodnsmasq: Import latest git version of dnsmasq
Michael Tremer [Wed, 4 Mar 2015 22:27:27 +0000 (23:27 +0100)]
dnsmasq: Import latest git version of dnsmasq

4 years agoowncloud: updated to version 7.0.3
Daniel Weismüller [Wed, 4 Mar 2015 13:37:39 +0000 (14:37 +0100)]
owncloud: updated to version 7.0.3

4 years agoMerge remote-tracking branch 'amarx/BUG10756' into next
Michael Tremer [Tue, 3 Mar 2015 20:13:46 +0000 (21:13 +0100)]
Merge remote-tracking branch 'amarx/BUG10756' into next

4 years agoteamspeak: Remove package
Michael Tremer [Tue, 3 Mar 2015 20:11:34 +0000 (21:11 +0100)]
teamspeak: Remove package

This is an old version any way and just used to download the
pre-compiled data from the servers of the vendor.

4 years agoasterisk: sqlite is not an add-on package any more
Michael Tremer [Tue, 3 Mar 2015 20:07:23 +0000 (21:07 +0100)]
asterisk: sqlite is not an add-on package any more

4 years agologrotate: Fix an empty /etc/logrotate.d directory
Michael Tremer [Tue, 3 Mar 2015 16:57:38 +0000 (17:57 +0100)]
logrotate: Fix an empty /etc/logrotate.d directory

Fixes #10625

4 years agoRevert "pound: Allow to use legacy renegotiation."
Michael Tremer [Tue, 3 Mar 2015 11:44:00 +0000 (12:44 +0100)]
Revert "pound: Allow to use legacy renegotiation."

This reverts commit 09e3b0fa356c087b27ca7197024bf0210455a73c.

4 years agovpnmain.cgi: Added inclusion of ipsec.user-post.conf to the end of ipsec.conf in...
Christoph Anderegg [Mon, 2 Mar 2015 21:10:13 +0000 (22:10 +0100)]
vpnmain.cgi: Added inclusion of ipsec.user-post.conf to the end of ipsec.conf in order to allow connection parameters to be overwritten in ipsec.user.conf.

4 years agopound: Allow to use legacy renegotiation.
Michael Tremer [Fri, 16 May 2014 15:13:19 +0000 (17:13 +0200)]
pound: Allow to use legacy renegotiation.

4 years agontfs-3g: Update to 2014.2.15
Matthias Fischer [Mon, 2 Mar 2015 20:12:20 +0000 (21:12 +0100)]
ntfs-3g: Update to 2014.2.15
fuse: Update to 2.9.3

4 years agoBUG10756: fixes possibillity to enable logging when editing a rule. Also remark can...
Alexander Marx [Mon, 2 Mar 2015 14:33:44 +0000 (15:33 +0100)]
BUG10756: fixes possibillity to enable logging when editing a rule. Also remark can be deleted

4 years agoBUG10756: consolidate rulecheck
Alexander Marx [Mon, 2 Mar 2015 14:20:32 +0000 (15:20 +0100)]
BUG10756: consolidate rulecheck

4 years agoinstaller: Cut off disk description if it gets too long
Michael Tremer [Thu, 26 Feb 2015 12:54:07 +0000 (13:54 +0100)]
installer: Cut off disk description if it gets too long

4 years agocore88: Include fwhosts.cgi fixes in the update
Michael Tremer [Thu, 26 Feb 2015 10:11:38 +0000 (11:11 +0100)]
core88: Include fwhosts.cgi fixes in the update

4 years agoMerge remote-tracking branch 'amarx/BUG10753' into next
Michael Tremer [Thu, 26 Feb 2015 10:11:04 +0000 (11:11 +0100)]
Merge remote-tracking branch 'amarx/BUG10753' into next

4 years agoBUG10753: Fix servicegroups to have only max. 15 services per protocol
Alexander Marx [Wed, 25 Feb 2015 07:09:05 +0000 (08:09 +0100)]
BUG10753: Fix servicegroups to have only max. 15 services per protocol

4 years agoclamav: update to 0.98.6.
Arne Fitzenreiter [Mon, 23 Feb 2015 15:53:07 +0000 (16:53 +0100)]
clamav: update to 0.98.6.

4 years agosamba: security update to 3.6.25.
Arne Fitzenreiter [Mon, 23 Feb 2015 15:51:15 +0000 (16:51 +0100)]
samba: security update to 3.6.25.

Fix CVE-2015-0240 (unexpected code execution in smbd).

4 years agoclamav: Update to 0.98.5
Matthias Fischer [Sat, 6 Dec 2014 21:15:53 +0000 (22:15 +0100)]
clamav: Update to 0.98.5

4 years agoMerge branch 'master' into next
Arne Fitzenreiter [Sun, 22 Feb 2015 22:44:39 +0000 (23:44 +0100)]
Merge branch 'master' into next

4 years agocore87: remove grub2 config/image on xen.
Arne Fitzenreiter [Sun, 22 Feb 2015 21:57:04 +0000 (22:57 +0100)]
core87: remove grub2 config/image on xen.

4 years agocore87: don't recreate S19checkfstab and S70console startlinks.
Arne Fitzenreiter [Sat, 21 Feb 2015 18:28:06 +0000 (19:28 +0100)]
core87: don't recreate S19checkfstab and S70console startlinks.

4 years agoMerge branch 'core87' of git.ipfire.org:/pub/git/ipfire-2.x into core87
Arne Fitzenreiter [Sat, 21 Feb 2015 15:59:50 +0000 (16:59 +0100)]
Merge branch 'core87' of git.ipfire.org:/pub/git/ipfire-2.x into core87

4 years agocore87: add glibc to arm update.
Arne Fitzenreiter [Sat, 21 Feb 2015 15:54:15 +0000 (16:54 +0100)]
core87: add glibc to arm update.

4 years agocore87: add backupiso to update.
Arne Fitzenreiter [Sat, 21 Feb 2015 10:45:30 +0000 (11:45 +0100)]
core87: add backupiso to update.

4 years agocore87: set correct version.
Arne Fitzenreiter [Fri, 20 Feb 2015 15:57:40 +0000 (16:57 +0100)]
core87: set correct version.

4 years agoremove not working wandboad wlan nvram files.
Arne Fitzenreiter [Fri, 20 Feb 2015 15:52:53 +0000 (16:52 +0100)]
remove not working wandboad wlan nvram files.

4 years agoset version to IPFire 2.17 core87.
Arne Fitzenreiter [Fri, 20 Feb 2015 15:50:32 +0000 (16:50 +0100)]
set version to IPFire 2.17 core87.

4 years agocore86 is now core87.
Arne Fitzenreiter [Fri, 20 Feb 2015 15:41:18 +0000 (16:41 +0100)]
core86 is now core87.

4 years agonext-core87 -> core88.
Arne Fitzenreiter [Fri, 20 Feb 2015 15:39:05 +0000 (16:39 +0100)]
next-core87 -> core88.

4 years agokernel: fix lamobo-r1 sata power regulator.
Arne Fitzenreiter [Fri, 20 Feb 2015 15:13:10 +0000 (16:13 +0100)]
kernel: fix lamobo-r1 sata power regulator.

4 years agocleanup: remove some unused patches.
Arne Fitzenreiter [Fri, 20 Feb 2015 09:09:34 +0000 (10:09 +0100)]
cleanup: remove some unused patches.

4 years agou-boot: uEnv.txt load initrd on sunxi boot.
Arne Fitzenreiter [Fri, 20 Feb 2015 09:07:33 +0000 (10:07 +0100)]
u-boot: uEnv.txt load initrd on sunxi boot.

This is needed to be able to boot the rootfs also from sata.

4 years agocore87: don't overwrite /etc/sysconfig/modules.
Arne Fitzenreiter [Thu, 19 Feb 2015 14:04:27 +0000 (15:04 +0100)]
core87: don't overwrite /etc/sysconfig/modules.

4 years agolibsrtp: fix for lfs-file
Matthias Fischer [Thu, 19 Feb 2015 08:55:16 +0000 (09:55 +0100)]
libsrtp: fix for lfs-file

4 years agoMerge branch 'master' of git.ipfire.org:/pub/git/ipfire-2.x
Arne Fitzenreiter [Wed, 18 Feb 2015 23:11:13 +0000 (00:11 +0100)]
Merge branch 'master' of git.ipfire.org:/pub/git/ipfire-2.x

4 years agokernel: update to 3.14.33.
Arne Fitzenreiter [Wed, 18 Feb 2015 23:10:33 +0000 (00:10 +0100)]
kernel: update to 3.14.33.

4 years agoxen: fix image build and kernel package for xen.
Arne Fitzenreiter [Wed, 18 Feb 2015 19:51:15 +0000 (20:51 +0100)]
xen: fix image build and kernel package for xen.

4 years agodnsmasq: Disable using inotify
Michael Tremer [Sun, 15 Feb 2015 18:55:56 +0000 (19:55 +0100)]
dnsmasq: Disable using inotify

The ISC reader code won't work without inotify

4 years agoUpdate GeoIP database 2015-02-15
Michael Tremer [Sun, 15 Feb 2015 12:30:30 +0000 (13:30 +0100)]
Update GeoIP database 2015-02-15

4 years agoUpdate the hardware database
Michael Tremer [Sun, 15 Feb 2015 12:24:27 +0000 (13:24 +0100)]
Update the hardware database

4 years agotzdata: Update to version 2015a
Michael Tremer [Sun, 15 Feb 2015 12:21:22 +0000 (13:21 +0100)]
tzdata: Update to version 2015a

4 years agofireinfo: Update to version 2.1.11
Michael Tremer [Sun, 15 Feb 2015 12:16:08 +0000 (13:16 +0100)]
fireinfo: Update to version 2.1.11

4 years agoUpdate GeoIP database 2015-02-15
Michael Tremer [Sun, 15 Feb 2015 12:30:30 +0000 (13:30 +0100)]
Update GeoIP database 2015-02-15

4 years agoUpdate the hardware database
Michael Tremer [Sun, 15 Feb 2015 12:24:27 +0000 (13:24 +0100)]
Update the hardware database

4 years agotzdata: Update to version 2015a
Michael Tremer [Sun, 15 Feb 2015 12:21:22 +0000 (13:21 +0100)]
tzdata: Update to version 2015a

4 years agofireinfo: Update to version 2.1.11
Michael Tremer [Sun, 15 Feb 2015 12:16:08 +0000 (13:16 +0100)]
fireinfo: Update to version 2.1.11

4 years agoRootfile update
Michael Tremer [Wed, 11 Feb 2015 18:36:55 +0000 (19:36 +0100)]
Rootfile update

4 years agolibrstp: Make an independent package
Michael Tremer [Wed, 11 Feb 2015 18:36:22 +0000 (19:36 +0100)]
librstp: Make an independent package

4 years agostrongswan: Create configuration for better interoperability
Michael Tremer [Wed, 11 Feb 2015 14:15:47 +0000 (15:15 +0100)]
strongswan: Create configuration for better interoperability

Also import some upstream fixes for connection stability.

4 years agoRevert "strongswan: Fix for CVE-2014-9221"
Michael Tremer [Wed, 11 Feb 2015 13:59:11 +0000 (14:59 +0100)]
Revert "strongswan: Fix for CVE-2014-9221"

This reverts commit c1000c2cd4a7fb0ea38ed9c4772207a38819c070.

This commit has been merged from master to this branch, but
actually strongswan was already updated to version 5.2.2 which
does not need this fix any more.

4 years agoMerge branch 'master' into next
Michael Tremer [Wed, 11 Feb 2015 13:58:10 +0000 (14:58 +0100)]
Merge branch 'master' into next

4 years agoswconfig: supress error on non dtb machines.
Arne Fitzenreiter [Wed, 11 Feb 2015 07:07:49 +0000 (08:07 +0100)]
swconfig: supress error on non dtb machines.

4 years agokernel: r8169 disable PCIe L23 modes.
Arne Fitzenreiter [Wed, 11 Feb 2015 07:03:57 +0000 (08:03 +0100)]
kernel: r8169 disable PCIe L23 modes.

4 years agokernel: update to 3.14.32.
Arne Fitzenreiter [Sun, 8 Feb 2015 21:36:02 +0000 (22:36 +0100)]
kernel: update to 3.14.32.

4 years agoCleanup left over sources
Michael Tremer [Sat, 7 Feb 2015 22:22:31 +0000 (22:22 +0000)]
Cleanup left over sources

4 years agocmake: Limit build to two concurrent compiler processes
Michael Tremer [Sat, 7 Feb 2015 22:22:08 +0000 (22:22 +0000)]
cmake: Limit build to two concurrent compiler processes

Overheats my system :(

4 years agosetup: Better not include the language directories recursively
Michael Tremer [Wed, 4 Feb 2015 18:51:30 +0000 (19:51 +0100)]
setup: Better not include the language directories recursively

4 years agoinstaller+setup: Rootfile update
Michael Tremer [Wed, 4 Feb 2015 18:49:51 +0000 (19:49 +0100)]
installer+setup: Rootfile update

4 years agoinstaller+setup: Automatically update language lists
Michael Tremer [Wed, 4 Feb 2015 12:31:36 +0000 (13:31 +0100)]
installer+setup: Automatically update language lists

4 years agoMerge branch 'master' into next
Michael Tremer [Wed, 4 Feb 2015 12:24:05 +0000 (13:24 +0100)]
Merge branch 'master' into next

Conflicts:
make.sh

4 years agoopenvpn certificate generation: Update openssl config file
Michael Tremer [Wed, 4 Feb 2015 12:21:43 +0000 (13:21 +0100)]
openvpn certificate generation: Update openssl config file

This was not correctly updated with Core Update 79 because
of the exclude file.

Bug #10741

4 years agokernel: update to 3.14.31.
Arne Fitzenreiter [Tue, 3 Feb 2015 19:43:32 +0000 (20:43 +0100)]
kernel: update to 3.14.31.