Includes a fix for a denial-of-service vulnerability among
many more various fixes.
Fixes#11281
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
For details see:
https://ftp.isc.org/isc/bind9/9.11.0-P2/RELEASE-NOTES-bind-9.11.0-P2.html
"BIND 9.11.0-P2 addresses the security issues described in CVE-2016-9131, CVE-2016-9147,
CVE-2016-9444 and CVE-2016-9778.
...
Security Fixes
A coding error in the nxdomain-redirect feature could lead to an assertion failure if the
redirection namespace was served from a local authoritative data source such as a local zone
or a DLZ instead of via recursive lookup. This flaw is disclosed in CVE-2016-9778. [RT
Named could mishandle authority sections that were missing RRSIGs triggering an assertion
failure. This flaw is disclosed in CVE-2016-9444. [RT # 43632]
Named mishandled some responses where covering RRSIG records are returned without the
requested data resulting in a assertion failure. This flaw is disclosed in CVE-2016-9147.
[RT #43548]
Named incorrectly tried to cache TKEY records which could trigger a assertion failure when
there was a class mismatch. This flaw is disclosed in CVE-2016-9131. [RT #43522]
It was possible to trigger assertions when processing a response. This flaw is disclosed in
CVE-2016-8864. [RT #43465]"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Sorry, they did it again...:
For details see:
https://www.nano-editor.org/news.php
"GNU nano 2.7.3 "Ontbijtkoek" wipes away a handful of bugs:
your editor is now able to handle filenames that contain
newlines, avoids a brief flash of color when switching
between buffers that are governed by different syntaxes,
makes the Shift+Ctrl+Arrow keys select text again on a
Linux console, is more resistant against malformations
in the positionlog file, and does not crash when ^C is
typed on systems where it produces the code KEY_CANCEL.
Oh, and it no longer mistakenly warns about editing an
unlocked file just after saving a new one. That's it.
Tastes great with thick butter."
Best,
Matthias
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This script is creating common bridges now, too and therefore
needs a more generic name.
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
These all fix a potential "NULL dereference" bug that has existed in libpng
since version 0.71 of June 26, 1995. To be vulnerable, an application
has to load a text chunk into the png structure, then delete all text, then
add another text chunk to the same png structure, which seems to be
an unlikely sequence, but it has happened.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
To keep the files in the right place, the files are installed into the build directory
and only the files which are useful are copied to the usual places in /usr.
Signed-off-by: Marcel Lorenz <marcel.lorenz@ipfire.org>
Reviewed-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
I did the following:
- Rearranged the fields on 'guardian.cgi' a bit - in a (hopefully) logical manner,
so that they don't need so much room.
- Added some translation-strings and explanations to (revised) 'guardian.cgi'.
- Added missing language string(s), deleted obsolete.
- Deleted all guardian entries from standard language files in
'/var/ipfire/langs'-directory.
- Added (upgraded) addon-specific language files to '/var/ipfire/addon-lang'-directory.
I hope, I didn't forget something...
Best,
Matthias
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Previously we copied the default configuration from the upstream
package and modified that. Unfortunately a patch and a sed command
changed the file which resulted in unwanted changes.
This patch removes the patch and sed command and adds a new set
of configuration files that just need to be copied to the system.
Fixes#11195
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
