This is a security release in order to address
CVE-2020-14318 (Missing handle permissions check in SMB1/2/3 ChangeNotify),
CVE-2020-14323 (Unprivileged user can crash winbind) and
CVE-2020-14383 (An authenticated user can crash the DCE/RPC DNS with easily
crafted records).
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 27 Oct 2020 13:20:56 +0000 (14:20 +0100)]
OpenSSH: Fix initscript to actually kill the daemon
The SSH daemon was not terminated properly because killproc
tried to terminate all processes with that name. That caused
that the master daemon respawned some processed which were
therefore not killed because killproc determined a list of
PIDs only once before starting sending signals.
This patch only kills the master process which is being
determined by using sshd's pid file.
That results in all established connections not being
interrupted any more.
Furthermore, the loadproc function checks if any processes
with the given name are already running which could be true
if there are any connections still open.
That check is being disabled with the -f switch and sshd
will always be launched.
"/etc/init.d/sshd stop" might now print FAIL if only the
master process, but no connection processes were terminated.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
We already pass -fstack-protector-strong, which might be overridden
by -fstack-protector-all. We also know that SSP works in our version
of libc and do not need to link against libssp.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Fri, 23 Oct 2020 17:26:24 +0000 (19:26 +0200)]
mtr: update to 0.94
Complete changelog since version 0.93:
V0.94
Aaron Lipinski (10):
gtk_menu_append -> gtk_menu_shell_append
GTK_OBJECT -> G_OBJECT
gtk_button_new_from_stock -> gtk_button_new_with_label
gtk3
hbox/vbox -> gtk_box_new
gtk_menu_popup -> gtk_menu_popup_at_pointer
show resolved hostname in raw dnsline
rely on final return NULL
introduce libasan
avoid stack use after scope
Alejandro Leal (2):
few updates to manual page and README.md
Updating some comments
Chongyu Zhu (1):
probe: fix find_source_addr
Konrad Bucheli (1):
fix segmentation fault if there is no IP address on an interface (fixes #320)
Kulemin Alexander (1):
report: json: reworked with libjansson
Mark Egan-Fuller (1):
Add display of destination.
Markus Kötter (6):
simplification - remove sockaddrtop
simplification - remove addrcpy
simplification - remove rsa{4,6}
simplification - address addrcmp
simplification - improve readability
ip6 udp - fix probes with local or remote port
R.E. Wolff (29):
fix warning on recent compilers.
Merge branch 'master' of github.com:traviscross/mtr
net find local address fix by meingtsla
proposed patch for bsd compile error
fix closing brace
Added include errno --obouizi
Merge branch 'master' of github.com:traviscross/mtr
More compilation warning fixes from obouizi
Added extra help text to configure --yvs
Changed MAXPATH to MAX_PATH for AIX compatibility. -- aixtools
make the code for gtk2/3 a bit nicer.
Merge branch 'gtk3_with_fallback' of https://github.com/krisl/mtr
Merge branch 'master' of github.com:traviscross/mtr
in hindsight my previous patch wasn't so nice. And nobody told me.
Sean Wei (1):
Fix parameter in ui/net.c
Siyuan Miao (1):
show mpls information in raw output
atib (1):
Added code to print multiple addresses regitered on the same hop count
atibdialpad (2):
Change TTL dynamically to adjust for path changes
TODO list changes
meingtsla (2):
asn_{open,close}: Always initialize ipinfo hash table
Merge branch 'master' of https://github.com/traviscross/mtr into asn-open-always-hcreate
In addition, the "bootstrap.sh" script no longer exists and has
therefore been removed from the LFS file.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Improve DHCP dynamic leases list usability. Active and expired leases are now grouped and the list is divided by a horizontal line. Sorting and creating static leases remains unchanged.
Signed-off-by: Leo-Andres Hofmann <hofmann@leo-andres.de> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Steffen Klammer [Fri, 16 Oct 2020 08:08:52 +0000 (10:08 +0200)]
modified proxy.cgi to make it possible that all subnets declared in "network access control" will be translated from cidr to subnet notation in proxy.pac
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 14 Oct 2020 10:32:05 +0000 (11:32 +0100)]
firewall: Filter only on RED and exclude any private address space
Since libloc is built as a tree we cannot simply exclude any address
space in the middle of it. Therefore we create some firewall rules
which simply avoid checking non-globally routable address space.
Fixes: #12499 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 9 Oct 2020 14:39:21 +0000 (15:39 +0100)]
samba: Drop refresh page hack
This is very invalid HTML, very often inserted into spaces where
it should not be, and the page does not even need to be reloaded
after any action has been performed.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
The second version of this patch avoids re-defining $db_handle.
Fixes: #12492 Cc: Stefan Schantl <stefan.schantl@ipfire.org Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Acked-By: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
The second version of this patch avoids re-defining $db_handle.
Fixes: #12492 Cc: Stefan Schantl <stefan.schantl@ipfire.org Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Acked-By: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>