erik.kapfer [Sat, 24 Nov 2018 12:24:27 +0000 (13:24 +0100)]
dead_lang_strings: Deleted all unused lang string
langs_cleaner.sh and langs_cleaner_addon.sh has been used to search for unused strings in all CGIs,
which has been deleted.
Count of all deleted lines per language:
581 Lines has been deleted in langs/de/cgi-bin/de.pl
625 Lines has been deleted in langs/en/cgi-bin/en.pl
516 Lines has been deleted in langs/es/cgi-bin/es.pl
524 Lines has been deleted in langs/fr/cgi-bin/fr.pl
602 Lines has been deleted in langs/it/cgi-bin/it.pl
592 Lines has been deleted in langs/nl/cgi-bin/nl.pl
523 Lines has been deleted in langs/pl/cgi-bin/pl.pl
519 Lines has been deleted in langs/ru/cgi-bin/ru.pl
616 Lines has been deleted in langs/tr/cgi-bin/tr.pl
Michael Tremer [Wed, 21 Nov 2018 11:21:42 +0000 (11:21 +0000)]
openssl: Update to 1.1.0j
*) Timing vulnerability in DSA signature generation
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a
timing side channel attack. An attacker could use variations in the signing
algorithm to recover the private key.
This issue was reported to OpenSSL on 16th October 2018 by Samuel Weiser.
(CVE-2018-0734)
[Paul Dale]
*) Timing vulnerability in ECDSA signature generation
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a
timing side channel attack. An attacker could use variations in the signing
algorithm to recover the private key.
This issue was reported to OpenSSL on 25th October 2018 by Samuel Weiser.
(CVE-2018-0735)
[Paul Dale]
*) Add coordinate blinding for EC_POINT and implement projective
coordinate blinding for generic prime curves as a countermeasure to
chosen point SCA attacks.
[Sohaib ul Hassan, Nicola Tuveri, Billy Bob Brumley]
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 20 Nov 2018 16:28:52 +0000 (16:28 +0000)]
openssl-compat: Update to 1.0.2q
*) Microarchitecture timing vulnerability in ECC scalar multiplication
OpenSSL ECC scalar multiplication, used in e.g. ECDSA and ECDH, has been
shown to be vulnerable to a microarchitecture timing side channel attack.
An attacker with sufficient access to mount local timing attacks during
ECDSA signature generation could recover the private key.
This issue was reported to OpenSSL on 26th October 2018 by Alejandro
Cabrera Aldaya, Billy Brumley, Sohaib ul Hassan, Cesar Pereida Garcia and
Nicola Tuveri.
(CVE-2018-5407)
[Billy Brumley]
*) Timing vulnerability in DSA signature generation
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a
timing side channel attack. An attacker could use variations in the signing
algorithm to recover the private key.
This issue was reported to OpenSSL on 16th October 2018 by Samuel Weiser.
(CVE-2018-0734)
[Paul Dale]
*) Resolve a compatibility issue in EC_GROUP handling with the FIPS Object
Module, accidentally introduced while backporting security fixes from the
development branch and hindering the use of ECC in FIPS mode.
[Nicola Tuveri]
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 11 Nov 2018 17:26:35 +0000 (17:26 +0000)]
shairport-sync: New package
Shairport Sync is an AirPlay audio player - it plays audio streamed
from iTunes, iOS, Apple TV and macOS devices and AirPlay sources
such as Quicktime Player and ForkedDaapd, among others.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 11 Nov 2018 16:21:01 +0000 (16:21 +0000)]
soxr: New package (0.1.3)
The SoX Resampler library `libsoxr' performs one-dimensional sample-rate
conversion -- it may be used, for example, to resample PCM-encoded audio.
For higher-dimensional resampling, such as for visual-image processing, you
should look elsewhere.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
For details see:
http://ftp.isc.org/isc/bind9/9.11.5/RELEASE-NOTES-bind-9.11.5.html
Security fixes:
"named could crash during recursive processing of DNAME records when
deny-answer-aliases was in use. This flaw is disclosed in CVE-2018-5740. [GL #387]
When recursion is enabled but the allow-recursion and allow-query-cache ACLs are
not specified, they should be limited to local networks, but they were
inadvertently set to match the default allow-query, thus allowing
remote queries. This flaw is disclosed in CVE-2018-5738. [GL #309]"
Best,
Matthias
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
the grub on EFI serch the config on volume "IPFire 2.21 arch"
so the custom "ipfire backup ..." volume name is not working
anymore.
This is now fixed and a backup-version.media tag will added.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Peter Müller [Sat, 27 Oct 2018 13:44:02 +0000 (15:44 +0200)]
Unbound: output statistics daily instead of just on shutdown
Currently, Unbound only prints statistics if it is being shutdown
(mostly because of a machine reboot). This makes detecting DNS
anomalies hard as no intermediate statistic result is being logged.
This patch changes Unbound's behaviour in order to log statistics
every 86,400 seconds (i.e. 24 hours).
Signed-off-by: Peter Müller <peter.mueller@link38.eu> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Peter Müller [Mon, 29 Oct 2018 17:49:49 +0000 (18:49 +0100)]
fix downloading Snort rules if behind upstream proxy
Currently, the wget call only uses proxy information for HTTP.
Since rulesets are downloaded via HTTPS now, the same information
also needs to be applied for HTTPS.
Signed-off-by: Peter Müller <peter.mueller@link38.eu> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 29 Oct 2018 11:25:24 +0000 (11:25 +0000)]
clamav: Move database directory to /var partition
The clamav database is quite large and occupies valuable
space on the root partition that on older systems is only
2GB large. This change moves the virus definition database
to the /var partition which is larger and supposed to hold
data like this anyway.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
projects / people / ummeegge / ipfire-2.x.git / log
