Full changelog obtained from: https://cisofy.com/changelog/lynis/#301
- Detection of Alpine Linux
- Detection of CloudLinux
- Detection of Kali Linux
- Detection of Linux Mint
- Detection of macOS Big Sur (11.0)
- Detection of Pop!_OS
- Detection of PHP 7.4
- Malware detection tool: Microsoft Defender ATP
- New flag: --slow-warning to allow tests more time before showing a
warning
- Test TIME-3185 to check systemd-timesyncd synchronized time
- rsh host file permissions
- AUTH-9229 - Added option for LOCKED accounts and bugfix for older bash
versions
- BOOT-5122 - Presence check for grub.d added
- CRYP-7902 - Added support for certificates in DER format
- CRYP-7931 - Added data to report
- CRYP-7931 - Redirect errors (e.g. when swap is not encrypted)
- FILE-6430 - Don't grep nonexistant modprobe.d files
- FIRE-4535 - Set initial firewall state
- INSE-8312 - Corrected text on screen
- KRNL-5728 - Handle zipped kernel configuration correctly
- KRNL-5830 - Improved version detection for non-symlinked kernel
- MALW-3280 - Extended detection of BitDefender
- TIME-3104 - Find more time synchronization commands
- TIME-3182 - Corrected detection of time peers
- Fix: hostid generation routine would sometimes show too short IDs
- Fix: language detection
- Generic improvements for macOS
- German translation updated
- End-of-life database updated
- Several minor code enhancements
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
The pacificnew file has been dropped by IANA. Adding the "factory" file
makes sense to have a reasonable default in case the time zone is
unknown, which, however, should not happen in case of IPFire 2.x - just
trying to be consistent here.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Those fix some unintentional behaviour regarding autocompletion I
stumbled across the other day. While there seems nothing security
relevant in this, it irons out a few bugs.
The full and up-to-date list of all Bash 5.0 patches can be obtained
from https://ftp.gnu.org/gnu/bash/bash-5.0-patches/ .
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This is a security release in order to address
CVE-2020-14318 (Missing handle permissions check in SMB1/2/3 ChangeNotify),
CVE-2020-14323 (Unprivileged user can crash winbind) and
CVE-2020-14383 (An authenticated user can crash the DCE/RPC DNS with easily
crafted records).
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
This add-on was solely needed as a dependency for Amavis and is
therefore no longer needed.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This package has not been maintained well and is thereof outdated. At
the time of writing, we neither
(a) have a maintainer for this nor
(b) believe it is wise to run a full-featured content scanner on a
firewall for security purposes. (We can make do with Postfix, as it
is known for being a very robust MTA and providess less attack
surface than something actually inspecting transferred messages.)
Thereof, this patch drops the SpamAssassin add-on. In case it is desired
in future versions of IPFire, it can be easily reverted, restoring the
functionality and behaviour before.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This package has not been maintained well and is thereof outdated. At
the time of writing, we neither
(a) have a maintainer for this nor
(b) believe it is wise to run a full-featured content scanner on a
firewall for security purposes. (We can make do with Postfix, as it
is known for being a very robust MTA and providess less attack
surface than something actually inspecting transferred messages.)
Thereof, this patch drops the Amavis add-on. In case it is desired in
future versions of IPFire, it can be easily reverted, restoring the
functionality and behaviour before.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
* Enable RDP and SIP parsers.
* Enable new introduced parsers for RFB and DCERPC.
Because HTTP2 support and parser currently is experimental the suricata
developers decided to disable it at default - we keep this default
setting for now.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Complete changelog since version 0.93:
V0.94
Aaron Lipinski (10):
gtk_menu_append -> gtk_menu_shell_append
GTK_OBJECT -> G_OBJECT
gtk_button_new_from_stock -> gtk_button_new_with_label
gtk3
hbox/vbox -> gtk_box_new
gtk_menu_popup -> gtk_menu_popup_at_pointer
show resolved hostname in raw dnsline
rely on final return NULL
introduce libasan
avoid stack use after scope
Alejandro Leal (2):
few updates to manual page and README.md
Updating some comments
Chongyu Zhu (1):
probe: fix find_source_addr
Konrad Bucheli (1):
fix segmentation fault if there is no IP address on an interface (fixes#320)
Kulemin Alexander (1):
report: json: reworked with libjansson
Mark Egan-Fuller (1):
Add display of destination.
Markus Kötter (6):
simplification - remove sockaddrtop
simplification - remove addrcpy
simplification - remove rsa{4,6}
simplification - address addrcmp
simplification - improve readability
ip6 udp - fix probes with local or remote port
R.E. Wolff (29):
fix warning on recent compilers.
Merge branch 'master' of github.com:traviscross/mtr
net find local address fix by meingtsla
proposed patch for bsd compile error
fix closing brace
Added include errno --obouizi
Merge branch 'master' of github.com:traviscross/mtr
More compilation warning fixes from obouizi
Added extra help text to configure --yvs
Changed MAXPATH to MAX_PATH for AIX compatibility. -- aixtools
make the code for gtk2/3 a bit nicer.
Merge branch 'gtk3_with_fallback' of https://github.com/krisl/mtr
Merge branch 'master' of github.com:traviscross/mtr
in hindsight my previous patch wasn't so nice. And nobody told me.
Sean Wei (1):
Fix parameter in ui/net.c
Siyuan Miao (1):
show mpls information in raw output
atib (1):
Added code to print multiple addresses regitered on the same hop count
atibdialpad (2):
Change TTL dynamically to adjust for path changes
TODO list changes
meingtsla (2):
asn_{open,close}: Always initialize ipinfo hash table
Merge branch 'master' of https://github.com/traviscross/mtr into asn-open-always-hcreate
In addition, the "bootstrap.sh" script no longer exists and has
therefore been removed from the LFS file.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This variable is no longer being used and was only used to
assign IP addresses to the individual interfaces.
However, the kernel knows best which IP address to select
as broadcast address for each network. Therefore we depend
on the kernel which allows us to support RFC3021.
Fixes: #12486 - no /31 transfer net available on red
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
We already pass -fstack-protector-strong, which might be overridden
by -fstack-protector-all. We also know that SSP works in our version
of libc and do not need to link against libssp.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
We do not use the Python module and can therefore
only have one rootfile for all architectures.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
