Arne Fitzenreiter
9dafa28a1c
Revert "kernel: add patch against CVE-2020-14386"
...
This reverts commit f04023b1caarne_f@ipfire.org >
2020-09-11 22:16:27 +02:00
Arne Fitzenreiter
1d15fbd440
kernel: cleanup kirkwood patch apply lines
...
kirkwood support is removed long time ago and the patch already
removed from tree.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org >
2020-09-11 21:30:15 +02:00
Arne Fitzenreiter
f04023b1ca
kernel: add patch against CVE-2020-14386
...
fixes #12483
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org >
2020-09-11 21:27:15 +02:00
Arne Fitzenreiter
10d0489df2
kernel: update to 4.14.197
...
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org >
2020-09-10 20:20:28 +02:00
Arne Fitzenreiter
207b38f1da
Kernel: update to 4.14.196
...
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org >
2020-09-04 18:12:38 +02:00
Arne Fitzenreiter
0216f1ecdd
libvirt: add libtirpc to dependencies
...
libvirt is linked against libtirpc so this need to installed.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org >
2020-08-31 18:39:01 +02:00
Arne Fitzenreiter
eefe8acbea
core150: start core150 and add kernel
...
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org >
2020-08-31 07:06:41 +02:00
Arne Fitzenreiter
ce9f979c01
kernel: update to 4.14.195
...
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org >
2020-08-31 06:58:32 +02:00
Arne Fitzenreiter
305baacbb8
core149: add vim to update
...
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org >
2020-08-29 18:12:19 +00:00
Arne Fitzenreiter
2c8819992e
vim: update to 8.2 and fix crash with gcc-10
...
the configure.ac has a bug that detects gcc-10 as gcc-1 and so not use
some quirks. Also there is a bug with FORTIFY-SOURCE=2 that crash
if the matchparen plugin is used (enabled by default).
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org >
2020-08-29 18:08:57 +00:00
Arne Fitzenreiter
5300e13516
core149: add files to exclude from older updates
...
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org >
2020-08-26 13:58:02 +00:00
Stefan Schantl
0bb03f69ef
Core 148: Exclude location related settings files.
...
This prevents from overwriting existing files, with empty ones
and finally to lose the stored settings.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org >
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org >
2020-08-25 19:13:17 +00:00
Michael Tremer
6f60b0d271
core149: Restart squid
...
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org >
2020-08-24 09:48:36 +00:00
Matthias Fischer
9fa6a8d81d
squid: Update to 4.13
...
For details see:
http://www.squid-cache.org/Versions/v4/changesets/
and
http://lists.squid-cache.org/pipermail/squid-users/2020-August/022566.html
Fixes (excerpt):
"* SQUID-2020:8 HTTP(S) Request Splitting
(CVE-2020-15811)
This problem is serious because it allows any client, including
browser scripts, to bypass local security and poison the browser
cache and any downstream caches with content from an arbitrary
source.
* SQUID-2020:9 Denial of Service processing Cache Digest Response
(CVE pending allocation)
This problem allows a trusted peer to deliver to perform Denial
of Service by consuming all available CPU cycles on the machine
running Squid when handling a crafted Cache Digest response
message.
* SQUID-2020:10 HTTP(S) Request Smuggling
(CVE-2020-15810)
This problem is serious because it allows any client, including
browser scripts, to bypass local security and poison the proxy
cache and any downstream caches with content from an arbitrary
source.
* Bug 5051: Some collapsed revalidation responses never expire
* SSL-Bump: Support parsing GREASEd (and future) TLS handshakes
* Honor on_unsupported_protocol for intercepted https_port"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org >
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org >
2020-08-24 09:47:40 +00:00
Michael Tremer
0e457b13ea
smt: Fix check to detect if a system is running virtually
...
/sys/hypervisor exists when a host has loaded the kvm modules.
Fixes : #12472
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org >
2020-08-21 09:52:15 +00:00
Michael Tremer
087e302381
general-functions.pl: Do not check IPsec subnets for VTI/GRE connections
...
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org >
2020-08-20 17:56:03 +00:00
Michael Tremer
9a62b6daac
libvirt: Depend on ebtables
...
libvirtd requires this to create some custom firewall rules
Reported-by: Daniel Weismüller <daniel.weismueller@ipfire.org >
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org >
2020-08-19 14:08:54 +00:00
Michael Tremer
882ab515f9
libvirt: Ship all CPU maps
...
Reported-by: Daniel Weismüller <daniel.weismueller@ipfire.org >
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org >
2020-08-19 14:08:53 +00:00
Michael Tremer
17d01f0138
core149: Ship zstd which is now part of the base system
...
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org >
2020-08-19 12:12:08 +00:00
Michael Tremer
0e45bb1734
zstd: Do not ship libstd.so
...
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org >
2020-08-19 12:11:43 +00:00
Matthias Fischer
9a2685f326
rsync: Update to 3.2.3
...
For details see:
https://download.samba.org/pub/rsync/NEWS#3.2.3
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org >
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org >
2020-08-19 12:02:51 +00:00
Michael Tremer
f43ee38550
core149: Fix typo in apache initscript
...
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org >
2020-08-19 11:56:56 +00:00
Matthias Fischer
9ac5418613
zstd 1.4.5: Deleted obsolete files from '/src/paks/'
...
No longer needed => deleted because of:
https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=c67ff7d72c2232b6994e1ff97277d4040711f97d
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org >
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org >
2020-08-18 15:42:12 +00:00
Erik Kapfer
3caa418097
tshark: Update to version 3.2.6
...
The version jump from 3.2.3 to 3.2.6 includes several changes.
3.2.4 includes only bugfixes.
3.2.5 includes bugfixes and updated protocols.
3.2.6 includes also bugfixes and updated protocols.
For a full overview, the release notes can be found in here -->
https://www.wireshark.org/docs/relnotes/ .
Signed-off-by: Erik Kapfer <ummeegge@ipfire.org >
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org >
2020-08-18 15:42:05 +00:00
Peter Müller
10771d94ad
Postfix: update to 3.5.6
...
Please refer to http://www.postfix.org/announcements/postfix-3.5.6.html
for release announcements.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org >
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org >
2020-08-18 10:19:49 +00:00
Michael Tremer
c67ff7d72c
zstd: Make this part of the core distributions
...
Many packages link against it and we should make use of it
when we have it.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org >
2020-08-18 10:13:01 +00:00
Michael Tremer
f8a54e1961
qemu: Update rootfile
...
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org >
2020-08-18 10:11:33 +00:00
Michael Tremer
5a918d828f
rsync: Update rootfile
...
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org >
2020-08-18 10:10:13 +00:00
Michael Tremer
bef8b9c027
core149: Ship popt
...
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org >
2020-08-17 17:55:55 +00:00
Matthias Fischer
7dcea61621
popt: Update to 1.18
...
Recommended for 'rsync 3.2.1'.
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org >
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org >
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org >
2020-08-17 17:55:35 +00:00
Matthias Fischer
73202b3976
rsync: Update to 3.2.1
...
For details see:
https://download.samba.org/pub/rsync/NEWS#3.2.1
Although 3.2.2 is in "release testing", I decided to push this release now to get things running.
I activated zstd-support and added 'DEPS = zstd'.
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org >
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org >
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org >
2020-08-17 17:55:26 +00:00
Matthias Fischer
6b264af51b
zstd 1.4.5: New package
...
This packages adds a "lossless compression algorithm" - supported by 'rsync 3.2.1'.
For details see:
https://github.com/facebook/zstd/releases/tag/v1.4.5
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org >
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org >
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org >
2020-08-17 17:54:55 +00:00
Matthias Fischer
112d36f00e
qemu: Update to 5.0.0
...
For details see:
https://wiki.qemu.org/ChangeLog/5.0
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org >
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org >
2020-08-17 17:53:41 +00:00
Matthias Fischer
665261f56f
usbredir: Update to 0.8.0
...
For details see:
https://gitlab.freedesktop.org/spice/usbredir/-/blob/master/ChangeLog
"-Source code and bug tracker hosted in Freedesktop's instance of Gitlab
-https://gitlab.freedesktop.org/spice/usbredir
-usbredirfilter
-Fix busy wait due endless recursion when interface_count is zero
-usbredirhost:
-Fix leak on error
-usbredirserver:
-Use 'busnum-devnum' instead of 'usbbus-usbaddr'
-Add support for bind specific address -4 for ipv4, -6 for ipv6
-Reject empty vendorid from command line
-Enable TCP keepalive"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org >
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org >
2020-08-17 17:53:40 +00:00
Matthias Fischer
196cdadab8
libvirt: Update to 6.5.0
...
For details see:
https://libvirt.org/news.html
This update "just came my way" - I hope its somehow useful.
I also checked updates for dependencies - 'libusbredir 0.8.0' and 'qemu 5.0.0' follow.
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org >
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org >
2020-08-17 17:53:38 +00:00
Peter Müller
454a21d8b0
Postfix: update to 3.5.4
...
Please refer to http://www.postfix.org/announcements/postfix-3.5.4.html
for release announcements.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org >
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org >
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org >
2020-08-17 17:53:14 +00:00
Peter Müller
4591f94bc5
Tor: update to 0.4.3.6
...
Please refer to https://blog.torproject.org/new-release-tor-03511-0428-0436-security-fixes
for release announcements.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org >
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org >
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org >
2020-08-17 17:53:03 +00:00
Matthias Fischer
2ebd7ec758
clamav: Update to 0.102.4
...
Fixes CVE-2020-3350, CVE-2020-3327, CVE-2020-3481
For details see:
https://blog.clamav.net/2020/07/clamav-01024-security-patch-released.html
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org >
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org >
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org >
2020-08-17 17:52:28 +00:00
Michael Tremer
e65a3be3ef
core149: Ship bind
...
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org >
2020-08-17 17:52:18 +00:00
Matthias Fischer
d690f2a7ce
bind: Update to 9.11.21
...
For details see:
https://downloads.isc.org/isc/bind9/9.11.21/RELEASE-NOTES-bind-9.11.21.html
"Bug Fixes
named could crash when cleaning dead nodes in lib/dns/rbtdb.c that
were being reused. [GL #1968 ]
Properly handle missing kyua command so that make check does not
fail unexpectedly when CMocka is installed, but Kyua is not. [GL
#1950 ]
The validator could fail to accept a properly signed RRset if an
unsupported algorithm appeared earlier in the DNSKEY RRset than
a supported algorithm. It could also stop if it detected a malformed
public key. [GL #1689 ]"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org >
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org >
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org >
2020-08-17 17:52:06 +00:00
Michael Tremer
1701a7097a
core149: Ship intel microcode
...
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org >
2020-08-17 17:51:52 +00:00
Peter Müller
04b39060f7
intel-microcode: update to 20200616
...
Ice Lake Intel CPUs have been found of being vulnerable to MDS, thus
requiring new microcodes for them. <sarcasm>Yay!</sarcasm> Please refer to
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20200616
for further information.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org >
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org >
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org >
2020-08-17 17:49:24 +00:00
Michael Tremer
63de1d010f
core149: Ship updated unbound
...
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org >
2020-08-17 17:48:21 +00:00
Matthias Fischer
53e1abbb57
unbound: Update to 1.11.0
...
For details see:
https://lists.nlnetlabs.nl/pipermail/unbound-users/2020-July/006921.html
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org >
Reviewed-by: Peter Müller <peter.mueller@ipfire.org >
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org >
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org >
2020-08-17 17:47:36 +00:00
Michael Tremer
c2607bc492
7zip: Move files to /usr
...
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org >
2020-08-17 17:23:37 +00:00
Michael Tremer
6168163681
u-boot: Fix build with GCC 10
...
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org >
2020-08-17 15:09:51 +00:00
Michael Tremer
9b34655840
grub: Run autoreconf after applying patches
...
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org >
2020-08-17 15:09:24 +00:00
Michael Tremer
8d25e59811
core149: Ship everything that was recently updated
...
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org >
2020-08-17 10:21:40 +00:00
Marcel Follert
6992457365
socat: New package
...
Signed-off-by: Marcel Follert (Smooky) <smooky@v16.de >
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org >
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org >
2020-08-17 10:10:11 +00:00
Matthias Fischer
db376b5895
iproute2: Update to 5.8.0
...
For details see:
https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/log/?h=v5.8.0
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org >
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org >
2020-08-17 10:09:25 +00:00
