webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-10 11:05:54 +02:00
Code Issues Packages Projects Releases Wiki Activity
10,642 Commits 2 Branches 1 Tag
91c35e4838b4e059c67240bb54cd32eefd105da3
Commit Graph

10642 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Matthias Fischer
91c35e4838 bind: Update to 9.11.0-P5 
For details see:
https://ftp.isc.org/isc/bind9/9.11.0-P5/RELEASE-NOTES-bind-9.11.0-P5.html

"BIND 9.11.0-P5 addresses the security issues described in CVE-2017-3136,
CVE-2017-3137, and CVE-2017-3138, and updates the built-in trusted keys for the root zone.

Security Fixes

rndc "" could trigger an assertion failure in named. This flaw is disclosed in
(CVE-2017-3138). [RT #44924]

Some chaining (i.e., type CNAME or DNAME) responses to upstream queries could
trigger assertion failures. This flaw is disclosed in CVE-2017-3137. [RT #44734]

dns64 with break-dnssec yes; can result in an assertion failure. This flaw is
disclosed in CVE-2017-3136. [RT #44653]

If a server is configured with a response policy zone (RPZ) that rewrites an
answer with local data, and is also configured for DNS64 address mapping, a NULL
pointer can be read triggering a server crash. This flaw is disclosed in CVE-2017-3135.
[RT #44434]

A coding error in the nxdomain-redirect feature could lead to an assertion failure if
the redirection namespace was served from a local authoritative data source such as a
local zone or a DLZ instead of via recursive lookup. This flaw is disclosed in
CVE-2016-9778. [RT #43837]

named could mishandle authority sections with missing RRSIGs, triggering an assertion
failure. This flaw is disclosed in CVE-2016-9444. [RT #43632]

named mishandled some responses where covering RRSIG records were returned without the
requested data, resulting in an assertion failure. This flaw is disclosed in
CVE-2016-9147. [RT #43548]

named incorrectly tried to cache TKEY records which could trigger an assertion failure
when there was a class mismatch. This flaw is disclosed in CVE-2016-9131. [RT #43522]

It was possible to trigger assertions when processing responses containing answers of
type DNAME. This flaw is disclosed in CVE-2016-8864. [RT #43465]

Bug Fixes

A synthesized CNAME record appearing in a response before the associated DNAME could be
cached, when it should not have been. This was a regression introduced while addressing
CVE-2016-8864. [RT #44318]

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-04-16 17:23:57 +01:00
Matthias Fischer
4d8d78169f cups-filters: Fix for lfs-file (dropped avahi package) 
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-04-13 12:00:37 +01:00
Michael Tremer
076ad71576 avahi: Drop package 
The daemon locks up when starting up in avahi_log_info() and
probably the other logging functions, too.

Since avahi is not really used a lot in the distribution,
has been in testing for four years and has virtually no users
I am going to drop it instead of wasting time on fixing this.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-04-12 17:49:45 +01:00
Michael Tremer
7cbdd31d6e graphs.pl: Fix HTML syntax error 
The missing ' caused that a different URL was called

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-04-11 14:26:57 +01:00
Matthias Fischer
30b980a84d kbd 1.12: Update for rootfile 
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-04-11 14:23:54 +01:00
Matthias Fischer
a696f57510 rrdtool 1.6.0: fix for rootfile 
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-04-11 14:23:54 +01:00
Michael Tremer
f0c71e72b0 ltrace: New package 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-04-11 14:23:54 +01:00
Michael Tremer
c4f3b29a9d elfutils: Update rootfile 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-04-11 14:23:54 +01:00
Michael Tremer
015640d671 elfutils: New package 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-04-11 14:23:54 +01:00
Michael Tremer
778979f630 dbus: Update to 1.11.12 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-04-11 14:23:54 +01:00
Timo Eissler
a0168f9fca nmap: remove uninstall_ndiff from rootfile 
Signed-off-by: Timo Eissler <timo.eissler@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-04-08 14:41:09 +01:00
Michael Tremer
b3ee263b07 QoS: Enable IMQ multi queueing 
This increases throughput when QoS is activated
since now all available CPU cores will be used

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-04-06 19:12:06 +01:00
Michael Tremer
d0755f4cb2 Rootfile update 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-04-06 19:00:45 +01:00
Michael Tremer
e4d7dc1ea4 dhcp: Fix extracting bundled BIND package 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-04-06 12:52:10 +01:00
Marcel Lorenz
4a3940a15f gcc: update to 4.9.4 
This is only a bugfix release
https://gcc.gnu.org/gcc-4.9/changes.html

Signed-off-by: Marcel Lorenz <marcel.lorenz@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-04-06 10:18:41 +01:00
Marcel Lorenz
a8c2aae946 mpfr: update to 3.1.5 
Signed-off-by: Marcel Lorenz <marcel.lorenz@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-04-06 10:16:37 +01:00
Marcel Lorenz
fcab4e5f18 gmp: update to 6.1.2 
Signed-off-by: Marcel Lorenz <marcel.lorenz@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-04-06 10:15:29 +01:00
Marcel Lorenz
a309f3b5c3 pcre: update to 8.40 
Signed-off-by: Marcel Lorenz <marcel.lorenz@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-04-06 10:14:13 +01:00
Marcel Lorenz
85ca3a529b rrdtool: update to 1.6.0 
Signed-off-by: Marcel Lorenz <marcel.lorenz@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-04-06 10:13:29 +01:00
Marcel Lorenz
e9dae64ea1 pkg-config: update to 0.29.1 
Signed-off-by: Marcel Lorenz <marcel.lorenz@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-04-06 10:12:13 +01:00
Marcel Lorenz
f4574da97a nmap: update to 7.40 
Signed-off-by: Marcel Lorenz <marcel.lorenz@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-04-06 10:11:23 +01:00
Marcel Lorenz
f155baa6f0 m4: update to 1.4.18 
Signed-off-by: Marcel Lorenz <marcel.lorenz@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-04-06 10:10:25 +01:00
Marcel Lorenz
e0e3f3a3e7 acpid: update to 2.0.28 
Signed-off-by: Marcel Lorenz <marcel.lorenz@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-04-06 10:06:46 +01:00
Marcel Lorenz
6c96150b45 unzip: update to 60 
Signed-off-by: Marcel Lorenz <marcel.lorenz@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-04-06 10:06:08 +01:00
Michael Tremer
49e3621c32 gzip: Drop patch that is no longer applied 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-04-06 10:04:34 +01:00
Marcel Lorenz
3b7a290523 gzip: update to 1.8 
Signed-off-by: Marcel Lorenz <marcel.lorenz@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-04-06 10:02:18 +01:00
Marcel Lorenz
361cc1bd0c file: update to 5.30 
Signed-off-by: Marcel Lorenz <marcel.lorenz@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-04-06 09:57:50 +01:00
Matthias Fischer
176ba83d49 logwatch 7.4.3: next fix, output for 'lm_sensors' was missing 
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-04-06 09:56:16 +01:00
Matthias Fischer
cd31b51ea5 logwatch 7.4.3: some more fixes for rootfile 
Hi,

'eximstats', 'zz-sys' and 'resolver'-files were missing.

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-04-05 14:10:48 +01:00
Daniel Weismüller
2dbfc4020d netsnmpd: added lmsensors and some other mibs 
Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-04-05 12:23:32 +01:00
Michael Tremer
9bc2e596d0 IPsec: Include Curve 25519 in default proposal 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-04-05 12:16:52 +01:00
Michael Tremer
64056cae46 IPsec: Allow selecting Curve 25519 as group type 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-04-05 12:16:20 +01:00
Michael Tremer
1ef80c4352 strongswan: Update to version 5.5.2 
Introduces support for Curve25519 for IKE as defined by RFC8031.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-04-05 12:08:39 +01:00
Michael Tremer
570d54fd84 IPsec: Drop SHA1 and MODP<=1536 from proposed ciphers 
IPsec is still proposing to use SHA1 and MODP-1536 or MODP-1024
when initiating a connection. These are considered weak although
many off-the-shelf hardware is still using this as defaults.

This patch disables those algorithms and additionally changes
default behaviour to only accept the configured cipher suites.

This might create some interoperability issues, but increases
security of IPFire-to-IPFire IPsec connections.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-04-05 11:42:55 +01:00
Michael Tremer
4f6790a7e4 ipsecctrl: Reload IPsec block rules after connection is deleted 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-04-05 10:33:49 +01:00
Matthias Fischer
3fa1cb5f35 logwatch: Update to 7.4.3 
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-04-05 10:08:24 +01:00
Matthias Fischer
9d8574996e logwatch 7.4.1: another fix for rootfile 
Hi,

similar to:

http://git.ipfire.org/?p=people/mfischer/ipfire-2.x.git;a=commit;h=9f46e637ac345509ff75248d1087b1bff117ff20

A missing '#' for "usr/share/logwatch/default.conf/services" in rootfile.

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-04-05 10:08:21 +01:00
Matthias Fischer
31b34f9509 logwatch 7.4.1: fix for rootfile 
Hi,

One missing '#' and all underlying 'services' in 'usr/share/logwatch/scripts/services'
are installed. 147 files are active, but it should be only 33.

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-04-05 10:08:20 +01:00
Arne Fitzenreiter
09f518fbb1 mpd: mpd needs opus libs 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2017-04-04 19:14:31 +02:00
Arne Fitzenreiter
af7e2f072f Merge branch 'next' 2017-04-03 23:04:59 +02:00
Arne Fitzenreiter
7ea716b46b core110: finish update 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2017-04-03 23:04:03 +02:00
Matthias Fischer
bffe0abd59 squid: Update to 3.5.25 
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-04-03 20:28:12 +01:00
Matthias Fischer
24a80f0c22 squid 3.5.24: latest patches (14149-14153) 
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-04-03 11:11:20 +01:00
Matthias Fischer
a5c0ef3679 squid 3.5.24: latest patches (14144-14148) 
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-04-03 11:11:13 +01:00
Matthias Fischer
39e7154976 squid 3.5.24: latest patch (14143) 
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-04-03 11:11:12 +01:00
Michael Tremer
183b23b5ca DNS: Show DNSSEC status on index page if deavtivated 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-04-02 19:48:20 +01:00
Michael Tremer
73b3a1264f core110: Ship updated ntp package 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-03-28 17:20:50 +01:00
Matthias Fischer
776363274f ntp: Update to 4.2.8p10 
"It addresses 6 medum- and 5 low-severity security issues, 4 informational security topics,
15 bugfixes, and contains other improvements over 4.2.8p9."

For a complete list, see:
http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-03-28 17:20:31 +01:00
Matthias Fischer
21094f574e mpd 0.20.6: fixes for lfs-file 
Package refused to build without initscript.

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-03-28 17:19:57 +01:00
Matthias Fischer
109b1914d1 motion 4.0.1: suggested new rootfile 
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-03-28 17:19:25 +01:00