people/pmueller/ipfire-2.x.git
5 years agoMerge branch 'kernel-test' into seventeen
Arne Fitzenreiter [Fri, 24 Oct 2014 10:00:34 +0000 (12:00 +0200)] 
Merge branch 'kernel-test' into seventeen

5 years agokernel: fix build on rpi.
Arne Fitzenreiter [Fri, 24 Oct 2014 09:58:00 +0000 (11:58 +0200)] 
kernel: fix build on rpi.

5 years agokernel: fix uInit ramdisk build.
Arne Fitzenreiter [Thu, 23 Oct 2014 19:58:23 +0000 (21:58 +0200)] 
kernel: fix uInit ramdisk build.

5 years agoglibc: fix build with new patches.
Michael Tremer [Thu, 23 Oct 2014 19:57:36 +0000 (21:57 +0200)] 
glibc: fix build with new patches.

5 years agoset toolchain to 8 and version to 2.17.
Arne Fitzenreiter [Wed, 22 Oct 2014 19:35:13 +0000 (21:35 +0200)] 
set toolchain to 8 and version to 2.17.

5 years agotzdata: fix build with new coreutils.
Arne Fitzenreiter [Wed, 22 Oct 2014 19:34:42 +0000 (21:34 +0200)] 
tzdata: fix build with new coreutils.

5 years agoRevert "Revert "toolchain: Fix compiling due to Stack Protector changes.""
Arne Fitzenreiter [Wed, 22 Oct 2014 11:49:54 +0000 (13:49 +0200)] 
Revert "Revert "toolchain: Fix compiling due to Stack Protector changes.""

This reverts commit 4ec728f840372f61d61c5019d766f453231eb706.

5 years agoMerge branch 'install-raid' into seventeen
Michael Tremer [Wed, 15 Oct 2014 21:39:20 +0000 (23:39 +0200)] 
Merge branch 'install-raid' into seventeen

Conflicts:
make.sh

5 years agoinstaller: Make restoring the backup interactive
Michael Tremer [Wed, 15 Oct 2014 21:38:05 +0000 (23:38 +0200)] 
installer: Make restoring the backup interactive

5 years agoMerge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next
Michael Tremer [Wed, 15 Oct 2014 20:55:54 +0000 (22:55 +0200)] 
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next

5 years agoapache: Disable SSLv3 by default for the IPFire webinterface
Michael Tremer [Wed, 15 Oct 2014 20:55:26 +0000 (22:55 +0200)] 
apache: Disable SSLv3 by default for the IPFire webinterface

5 years agoopenssl-compat: update to 0.9.8zc
Arne Fitzenreiter [Wed, 15 Oct 2014 19:44:29 +0000 (21:44 +0200)] 
openssl-compat: update to 0.9.8zc

5 years agokernel: fix build for rpi.
Arne Fitzenreiter [Wed, 15 Oct 2014 18:42:38 +0000 (20:42 +0200)] 
kernel: fix build for rpi.

the eMMC patch is also inside of the rpi patchset from rpi-foundation so it cannot applied again.

5 years agoCreate Core Update 85
Michael Tremer [Wed, 15 Oct 2014 17:48:16 +0000 (19:48 +0200)] 
Create Core Update 85

5 years agoopenssl: Update to version 1.0.1j
Michael Tremer [Wed, 15 Oct 2014 17:19:15 +0000 (19:19 +0200)] 
openssl: Update to version 1.0.1j

OpenSSL Security Advisory [15 Oct 2014]
=======================================

SRTP Memory Leak (CVE-2014-3513)
================================

Severity: High

A flaw in the DTLS SRTP extension parsing code allows an attacker, who
sends a carefully crafted handshake message, to cause OpenSSL to fail
to free up to 64k of memory causing a memory leak. This could be
exploited in a Denial Of Service attack. This issue affects OpenSSL
1.0.1 server implementations for both SSL/TLS and DTLS regardless of
whether SRTP is used or configured. Implementations of OpenSSL that
have been compiled with OPENSSL_NO_SRTP defined are not affected.

OpenSSL 1.0.1 users should upgrade to 1.0.1j.

This issue was reported to OpenSSL on 26th September 2014, based on an original
issue and patch developed by the LibreSSL project. Further analysis of the issue
was performed by the OpenSSL team.

The fix was developed by the OpenSSL team.

Session Ticket Memory Leak (CVE-2014-3567)
==========================================

Severity: Medium

When an OpenSSL SSL/TLS/DTLS server receives a session ticket the
integrity of that ticket is first verified. In the event of a session
ticket integrity check failing, OpenSSL will fail to free memory
causing a memory leak. By sending a large number of invalid session
tickets an attacker could exploit this issue in a Denial Of Service
attack.

OpenSSL 1.0.1 users should upgrade to 1.0.1j.
OpenSSL 1.0.0 users should upgrade to 1.0.0o.
OpenSSL 0.9.8 users should upgrade to 0.9.8zc.

This issue was reported to OpenSSL on 8th October 2014.

The fix was developed by Stephen Henson of the OpenSSL core team.

SSL 3.0 Fallback protection
===========================

Severity: Medium

OpenSSL has added support for TLS_FALLBACK_SCSV to allow applications
to block the ability for a MITM attacker to force a protocol
downgrade.

Some client applications (such as browsers) will reconnect using a
downgraded protocol to work around interoperability bugs in older
servers. This could be exploited by an active man-in-the-middle to
downgrade connections to SSL 3.0 even if both sides of the connection
support higher protocols. SSL 3.0 contains a number of weaknesses
including POODLE (CVE-2014-3566).

OpenSSL 1.0.1 users should upgrade to 1.0.1j.
OpenSSL 1.0.0 users should upgrade to 1.0.0o.
OpenSSL 0.9.8 users should upgrade to 0.9.8zc.

https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00
https://www.openssl.org/~bodo/ssl-poodle.pdf

Support for TLS_FALLBACK_SCSV was developed by Adam Langley and Bodo Moeller.

Build option no-ssl3 is incomplete (CVE-2014-3568)
==================================================

Severity: Low

When OpenSSL is configured with "no-ssl3" as a build option, servers
could accept and complete a SSL 3.0 handshake, and clients could be
configured to send them.

OpenSSL 1.0.1 users should upgrade to 1.0.1j.
OpenSSL 1.0.0 users should upgrade to 1.0.0o.
OpenSSL 0.9.8 users should upgrade to 0.9.8zc.

This issue was reported to OpenSSL by Akamai Technologies on 14th October 2014.

The fix was developed by Akamai and the OpenSSL team.

References
==========

URL for this Security Advisory:
https://www.openssl.org/news/secadv_20141015.txt

Note: the online version of the advisory may be updated with additional
details over time.

For details of OpenSSL severity classifications please see:
https://www.openssl.org/about/secpolicy.html

5 years agokernel: uodate to 3.10.58.
Arne Fitzenreiter [Wed, 15 Oct 2014 14:11:27 +0000 (16:11 +0200)] 
kernel: uodate to 3.10.58.

5 years agoUpdate Turkish translation
Ersan Yildirim [Mon, 13 Oct 2014 08:19:45 +0000 (10:19 +0200)] 
Update Turkish translation

5 years agoinstaller: Make networking and download functions more user-friendly
Michael Tremer [Sun, 12 Oct 2014 14:53:12 +0000 (16:53 +0200)] 
installer: Make networking and download functions more user-friendly

Allows to retry after a failed attempt or abort

5 years agoinstaller: Remove reading the path of the downloaded ISO
Michael Tremer [Sun, 12 Oct 2014 13:04:25 +0000 (15:04 +0200)] 
installer: Remove reading the path of the downloaded ISO

5 years agoinstaller: Allow to start networking without ISO download
Michael Tremer [Sun, 12 Oct 2014 12:30:51 +0000 (14:30 +0200)] 
installer: Allow to start networking without ISO download

5 years agoinstaller: Remove Makefile of old build system
Michael Tremer [Sat, 11 Oct 2014 17:19:14 +0000 (19:19 +0200)] 
installer: Remove Makefile of old build system

5 years agoinstaller: Remove old unattended installation code
Michael Tremer [Sat, 11 Oct 2014 17:18:27 +0000 (19:18 +0200)] 
installer: Remove old unattended installation code

5 years agoinstaller: Enable new partitioning code to be run in unattended mode
Michael Tremer [Sat, 11 Oct 2014 16:59:31 +0000 (18:59 +0200)] 
installer: Enable new partitioning code to be run in unattended mode

The first disk of the system will automatically be used and
a standard installation will be done. After that is done, the
system will reboot into the freshly installed system and execute
setup.

5 years agokernel: add eMMC 5.x support.
Arne Fitzenreiter [Sat, 11 Oct 2014 07:26:57 +0000 (09:26 +0200)] 
kernel: add eMMC 5.x support.

5 years agokernel: update to 3.10.57.
Arne Fitzenreiter [Sat, 11 Oct 2014 07:14:04 +0000 (09:14 +0200)] 
kernel: update to 3.10.57.

5 years agoMerge branch 'master' into kernel-test
Arne Fitzenreiter [Sat, 11 Oct 2014 07:11:10 +0000 (09:11 +0200)] 
Merge branch 'master' into kernel-test

5 years agoMerge branch 'master' of ssh://git.ipfire.org/pub/git/ipfire-2.x into install-raid
Michael Tremer [Sat, 11 Oct 2014 05:18:03 +0000 (07:18 +0200)] 
Merge branch 'master' of ssh://git.ipfire.org/pub/git/ipfire-2.x into install-raid

5 years agoMerge branch 'next' v2.15-core84
Arne Fitzenreiter [Fri, 10 Oct 2014 16:13:13 +0000 (18:13 +0200)] 
Merge branch 'next'

5 years agocore84: add update-lang-cache.
Arne Fitzenreiter [Fri, 10 Oct 2014 16:11:52 +0000 (18:11 +0200)] 
core84: add update-lang-cache.

this file is missing on some machines.

5 years agoMerge remote-tracking branch 'ms/install-raid' into install-raid
Michael Tremer [Fri, 10 Oct 2014 13:03:45 +0000 (15:03 +0200)] 
Merge remote-tracking branch 'ms/install-raid' into install-raid

Conflicts:
lfs/bash

5 years agoMerge branch 'master' into install-raid
Michael Tremer [Fri, 10 Oct 2014 12:52:30 +0000 (14:52 +0200)] 
Merge branch 'master' into install-raid

Conflicts:
config/rootfiles/common/bash
lfs/bash

5 years agoMerge remote-tracking branch 'origin/next'
Arne Fitzenreiter [Tue, 7 Oct 2014 16:37:01 +0000 (18:37 +0200)] 
Merge remote-tracking branch 'origin/next'

5 years agofirewall: Use correct interface for RED
Michael Tremer [Tue, 7 Oct 2014 12:54:12 +0000 (14:54 +0200)] 
firewall: Use correct interface for RED

5 years agokernel: update to 3.10.56.
Arne Fitzenreiter [Mon, 6 Oct 2014 10:59:15 +0000 (12:59 +0200)] 
kernel: update to 3.10.56.

5 years agobash: Update to version 4.3.30
Michael Tremer [Mon, 6 Oct 2014 10:23:35 +0000 (12:23 +0200)] 
bash: Update to version 4.3.30

Fixes #10633.

5 years agoMerge remote-tracking branch 'origin/master' into kernel-test
Arne Fitzenreiter [Mon, 6 Oct 2014 08:11:13 +0000 (10:11 +0200)] 
Merge remote-tracking branch 'origin/master' into kernel-test

5 years agort2800usb: remove some queue warnings.
Arne Fitzenreiter [Sun, 5 Oct 2014 19:44:54 +0000 (21:44 +0200)] 
rt2800usb: remove some queue warnings.

5 years agop2pblock: fix flush rules if all p2p's are allowed.
Arne Fitzenreiter [Sun, 5 Oct 2014 13:12:44 +0000 (15:12 +0200)] 
p2pblock: fix flush rules if all p2p's are allowed.

5 years agop2pblock: ipp2p must run before CONNTRACK.
Arne Fitzenreiter [Sat, 4 Oct 2014 12:18:16 +0000 (14:18 +0200)] 
p2pblock: ipp2p must run before CONNTRACK.

And can only used for blocking, not for accept conenections bacause connections must already established for detecting protocol types.

5 years agoMerge branch 'next'
Arne Fitzenreiter [Sat, 4 Oct 2014 11:53:49 +0000 (13:53 +0200)] 
Merge branch 'next'

5 years agofirewall: fix rules.pl for old rules without ratelimiting.
Michael Tremer [Sat, 4 Oct 2014 11:52:15 +0000 (13:52 +0200)] 
firewall: fix rules.pl for old rules without ratelimiting.

5 years agosquid: Update to 3.4.8
Michael Tremer [Thu, 2 Oct 2014 16:21:51 +0000 (18:21 +0200)] 
squid: Update to 3.4.8

Contains some security fixes:

 * CVE-2014-6270
   http://www.squid-cache.org/Advisories/SQUID-2014_3.txt
 * CVE-2014-7141
   CVE-2014-7142
   http://www.squid-cache.org/Advisories/SQUID-2014_4.txt

5 years agoMerge remote-tracking branch 'origin/next'
Arne Fitzenreiter [Tue, 30 Sep 2014 21:53:00 +0000 (23:53 +0200)] 
Merge remote-tracking branch 'origin/next'

5 years agobash: rootfile update.
Arne Fitzenreiter [Tue, 30 Sep 2014 21:49:47 +0000 (23:49 +0200)] 
bash: rootfile update.

5 years agoMerge remote-tracking branch 'origin/next'
Arne Fitzenreiter [Tue, 30 Sep 2014 17:30:45 +0000 (19:30 +0200)] 
Merge remote-tracking branch 'origin/next'

5 years agoparted: Update to 3.1.
Michael Tremer [Sat, 26 Jul 2014 19:08:12 +0000 (21:08 +0200)] 
parted: Update to 3.1.

5 years agoset PAK_VER to core84.
Arne Fitzenreiter [Tue, 30 Sep 2014 07:33:27 +0000 (09:33 +0200)] 
set PAK_VER to core84.

5 years agoMerge remote-tracking branch 'origin/next'
Arne Fitzenreiter [Tue, 30 Sep 2014 07:32:01 +0000 (09:32 +0200)] 
Merge remote-tracking branch 'origin/next'

5 years agoreadline: Re-add accidentially deleted patches of -compat package
Michael Tremer [Sat, 26 Jul 2014 20:02:03 +0000 (22:02 +0200)] 
readline: Re-add accidentially deleted patches of -compat package

5 years agoreadline: Re-add accidentially deleted patches of -compat package
Michael Tremer [Sat, 26 Jul 2014 20:02:03 +0000 (22:02 +0200)] 
readline: Re-add accidentially deleted patches of -compat package

5 years agoMerge remote-tracking branch 'origin/next' into install-raid
Arne Fitzenreiter [Mon, 29 Sep 2014 20:02:42 +0000 (22:02 +0200)] 
Merge remote-tracking branch 'origin/next' into install-raid

Conflicts:
lfs/bash

5 years agoMerge branch 'install-raid' of git.ipfire.org:/pub/git/people/ms/ipfire-2.x into...
Arne Fitzenreiter [Mon, 29 Sep 2014 19:55:33 +0000 (21:55 +0200)] 
Merge branch 'install-raid' of git.ipfire.org:/pub/git/people/ms/ipfire-2.x into install-raid

5 years agobash: Import patch for version 4.3.27
Michael Tremer [Mon, 29 Sep 2014 19:29:57 +0000 (21:29 +0200)] 
bash: Import patch for version 4.3.27

See #10633

5 years agocore84: Add updated readline
Michael Tremer [Mon, 29 Sep 2014 11:52:16 +0000 (13:52 +0200)] 
core84: Add updated readline

5 years agoreadline: Update to 6.3.
Michael Tremer [Sat, 26 Jul 2014 17:56:54 +0000 (19:56 +0200)] 
readline: Update to 6.3.

5 years agobash: Import upstream fixes
Michael Tremer [Fri, 26 Sep 2014 10:46:44 +0000 (12:46 +0200)] 
bash: Import upstream fixes

5 years agobash: Import fix for CVE-2014-7169
Michael Tremer [Thu, 25 Sep 2014 17:38:23 +0000 (19:38 +0200)] 
bash: Import fix for CVE-2014-7169

http://www.openwall.com/lists/oss-security/2014/09/25/10

Conflicts:
lfs/bash

5 years agobash: Fix for CVE-2014-6271
Michael Tremer [Wed, 24 Sep 2014 19:02:22 +0000 (21:02 +0200)] 
bash: Fix for CVE-2014-6271

A flaw was found in the way Bash evaluated certain specially crafted
environment variables. An attacker could use this flaw to override
or bypass environment restrictions to execute shell commands.
Certain services and applications allow remote unauthenticated
attackers to provide environment variables, allowing them to exploit
this issue.

5 years agobash: Update to 4.3.
Michael Tremer [Sat, 26 Jul 2014 18:00:17 +0000 (20:00 +0200)] 
bash: Update to 4.3.

Conflicts:
lfs/bash

5 years agoMerge branch 'master' into kernel-test
Arne Fitzenreiter [Mon, 29 Sep 2014 11:45:06 +0000 (13:45 +0200)] 
Merge branch 'master' into kernel-test

5 years agofix merge problem.
Arne Fitzenreiter [Mon, 29 Sep 2014 11:44:26 +0000 (13:44 +0200)] 
fix merge problem.

5 years agoe1000e: fix modul path.
Arne Fitzenreiter [Mon, 29 Sep 2014 11:40:12 +0000 (13:40 +0200)] 
e1000e: fix modul path.

5 years agoMerge branch 'master' into kernel-test
Arne Fitzenreiter [Mon, 29 Sep 2014 07:22:42 +0000 (09:22 +0200)] 
Merge branch 'master' into kernel-test

5 years agocore84: Add changed /etc/rc.d/init.d/network
Michael Tremer [Sun, 28 Sep 2014 11:32:17 +0000 (13:32 +0200)] 
core84: Add changed /etc/rc.d/init.d/network

5 years agoMerge remote-tracking branch 'teissler/bug_10454' into next
Michael Tremer [Sun, 28 Sep 2014 11:31:53 +0000 (13:31 +0200)] 
Merge remote-tracking branch 'teissler/bug_10454' into next

5 years agonetwork: move start of static-routes
Timo Eissler [Sat, 27 Sep 2014 21:28:04 +0000 (23:28 +0200)] 
network: move start of static-routes

Fixes #10454

Create static routes after network interfaces are initialised.

5 years agonetwork: fix coding style
Timo Eissler [Sat, 27 Sep 2014 21:16:57 +0000 (23:16 +0200)] 
network: fix coding style

5 years agoMerge remote-tracking branch 'teissler/bug_10535' into next
Michael Tremer [Sat, 27 Sep 2014 21:00:05 +0000 (23:00 +0200)] 
Merge remote-tracking branch 'teissler/bug_10535' into next

5 years agoFix wording. Remove "got".
Michael Tremer [Sat, 27 Sep 2014 20:59:05 +0000 (22:59 +0200)] 
Fix wording. Remove "got".

Fixes #10632

5 years agourlfilter.cgi: enhance file extension blocking
Timo Eissler [Sat, 27 Sep 2014 20:24:26 +0000 (22:24 +0200)] 
urlfilter.cgi: enhance file extension blocking

Fixes #10535

Add flv, mkv and mp4 as audio/video file exentions.
Add 7z as archive file extension.

5 years agocore84: Add changed urlfilter.cgi
Michael Tremer [Sat, 27 Sep 2014 18:43:49 +0000 (20:43 +0200)] 
core84: Add changed urlfilter.cgi

5 years agoMerge remote-tracking branch 'teissler/Bug_10415' into next
Michael Tremer [Sat, 27 Sep 2014 18:43:23 +0000 (20:43 +0200)] 
Merge remote-tracking branch 'teissler/Bug_10415' into next

5 years agourlfilter.cgi: safe search enhancements
Timo Eissler [Fri, 26 Sep 2014 20:15:13 +0000 (22:15 +0200)] 
urlfilter.cgi: safe search enhancements

Fixes: #10415

Activate bing safe search.
Add nwshp to google url patterns.

5 years agosquid-accounting: set right permissions of html directory for graphs and logo
Alexander Marx [Wed, 17 Sep 2014 13:52:45 +0000 (15:52 +0200)] 
squid-accounting: set right permissions of html directory for graphs and logo

5 years agocore84: Add changed files from #10620
Michael Tremer [Fri, 26 Sep 2014 11:03:48 +0000 (13:03 +0200)] 
core84: Add changed files from #10620

5 years agoMerge remote-tracking branch 'amarx/BUG10620' into next
Michael Tremer [Fri, 26 Sep 2014 11:03:22 +0000 (13:03 +0200)] 
Merge remote-tracking branch 'amarx/BUG10620' into next

5 years agoMerge remote-tracking branch 'amarx/BUG10615' into next
Michael Tremer [Fri, 26 Sep 2014 11:02:28 +0000 (13:02 +0200)] 
Merge remote-tracking branch 'amarx/BUG10615' into next

5 years agocore84: Add changed files from fw-checksubnet branch
Michael Tremer [Fri, 26 Sep 2014 11:00:38 +0000 (13:00 +0200)] 
core84: Add changed files from fw-checksubnet branch

5 years agoMerge remote-tracking branch 'amarx/fw-checksubnet' into next
Michael Tremer [Fri, 26 Sep 2014 10:59:26 +0000 (12:59 +0200)] 
Merge remote-tracking branch 'amarx/fw-checksubnet' into next

5 years agocore84: Add changed files from the firewall-dnat branch
Michael Tremer [Fri, 26 Sep 2014 10:58:13 +0000 (12:58 +0200)] 
core84: Add changed files from the firewall-dnat branch

5 years agoMerge remote-tracking branch 'amarx/firewall-dnat' into next
Michael Tremer [Fri, 26 Sep 2014 10:55:55 +0000 (12:55 +0200)] 
Merge remote-tracking branch 'amarx/firewall-dnat' into next

Conflicts:
config/firewall/rules.pl

5 years agobash: Import upstream fixes
Michael Tremer [Fri, 26 Sep 2014 10:46:44 +0000 (12:46 +0200)] 
bash: Import upstream fixes

5 years agobash: Import upstream patches for CVE-2014-6271 and CVE-2014-7169
Michael Tremer [Fri, 26 Sep 2014 10:42:27 +0000 (12:42 +0200)] 
bash: Import upstream patches for CVE-2014-6271 and CVE-2014-7169

5 years agocore84: Add dnsmasq update
Michael Tremer [Fri, 26 Sep 2014 10:25:48 +0000 (12:25 +0200)] 
core84: Add dnsmasq update

5 years agoCreate core update 84
Michael Tremer [Fri, 26 Sep 2014 10:24:16 +0000 (12:24 +0200)] 
Create core update 84

5 years agoMerge branch 'master' into next
Michael Tremer [Fri, 26 Sep 2014 10:21:18 +0000 (12:21 +0200)] 
Merge branch 'master' into next

5 years agobash: Import fix for CVE-2014-7169
Michael Tremer [Thu, 25 Sep 2014 17:38:23 +0000 (19:38 +0200)] 
bash: Import fix for CVE-2014-7169

http://www.openwall.com/lists/oss-security/2014/09/25/10

Conflicts:
lfs/bash

5 years agodnsmasq: Update to 2.72
Michael Tremer [Thu, 25 Sep 2014 19:16:01 +0000 (21:16 +0200)] 
dnsmasq: Update to 2.72

5 years agocore83: set version to core83.
Arne Fitzenreiter [Thu, 25 Sep 2014 18:37:55 +0000 (20:37 +0200)] 
core83: set version to core83.

5 years agocore83: reload init at update because glibc changes.
Arne Fitzenreiter [Thu, 25 Sep 2014 18:36:06 +0000 (20:36 +0200)] 
core83: reload init at update because glibc changes.

5 years agokernel: update to 3.10.55.
Arne Fitzenreiter [Thu, 25 Sep 2014 18:28:27 +0000 (20:28 +0200)] 
kernel: update to 3.10.55.

5 years agobash: Import fix for CVE-2014-7169
Michael Tremer [Thu, 25 Sep 2014 17:38:23 +0000 (19:38 +0200)] 
bash: Import fix for CVE-2014-7169

http://www.openwall.com/lists/oss-security/2014/09/25/10

5 years agobash: Fix for CVE-2014-6271
Michael Tremer [Wed, 24 Sep 2014 19:02:22 +0000 (21:02 +0200)] 
bash: Fix for CVE-2014-6271

A flaw was found in the way Bash evaluated certain specially crafted
environment variables. An attacker could use this flaw to override
or bypass environment restrictions to execute shell commands.
Certain services and applications allow remote unauthenticated
attackers to provide environment variables, allowing them to exploit
this issue.

5 years agoMerge branch 'master' into next
Michael Tremer [Wed, 24 Sep 2014 18:39:43 +0000 (20:39 +0200)] 
Merge branch 'master' into next

5 years agocore83: add changed files
Michael Tremer [Wed, 24 Sep 2014 18:38:59 +0000 (20:38 +0200)] 
core83: add changed files

5 years agoCreate core update 83
Michael Tremer [Wed, 24 Sep 2014 18:31:55 +0000 (20:31 +0200)] 
Create core update 83

5 years agobash: Fix for CVE-2014-6271
Michael Tremer [Wed, 24 Sep 2014 16:48:35 +0000 (18:48 +0200)] 
bash: Fix for CVE-2014-6271

A flaw was found in the way Bash evaluated certain specially crafted
environment variables. An attacker could use this flaw to override
or bypass environment restrictions to execute shell commands.
Certain services and applications allow remote unauthenticated
attackers to provide environment variables, allowing them to exploit
this issue.

5 years agourlfilter.cgi: Fix path to squidGuard binary when converting custom blacklists.
Stefan Schantl [Sat, 20 Sep 2014 09:49:39 +0000 (11:49 +0200)] 
urlfilter.cgi: Fix path to squidGuard binary when converting custom blacklists.

Fixes #10626.

5 years agofw-groups: fix language strings
Alexander Marx [Fri, 5 Sep 2014 06:12:44 +0000 (08:12 +0200)] 
fw-groups: fix language strings

5 years agoinstaller: Fix typo
Michael Tremer [Tue, 16 Sep 2014 18:45:50 +0000 (20:45 +0200)] 
installer: Fix typo

You -> Your

Reported-by: https://www.transifex.com/accounts/profile/luX78/