this resolves problems that negative answers from
a forwarder was still used after setting new servers.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Fixes CVE-2017-11185:
Fixed a DoS vulnerability in the gmp plugin that was caused by insufficient input validation
when verifying RSA signatures, which requires decryption with the operation m^e mod n,
where m is the signature, and e and n are the exponent and modulus of the public key.
The value m is an integer between 0 and n-1, however, the gmp plugin did not verify this.
So if m equals n the calculation results in 0, in which case mpz_export() returns NULL.
This result wasn't handled properly causing a null-pointer dereference.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Changelog:
"21 Aug 2017: Wouter
- Fix install of trust anchor when two anchors are present, makes both
valid. Checks hash of DS but not signature of new key. This fixes installs between
sep11 and oct11 2017."
Best,
Matthias
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Changes from 9.50 to 9.52:
- add support for Jmicron USB-SATA bridges, courtesy Jan Friesse <jfriesse@gmail.com>.
- New --security-prompt-for-password flag for use with the various --security- actions.
- Makefile tweak from Mike Frysinger.
- fix spelling/typos in man page and "removable", courtesy of Alex Mestiashvili.
- fix spelling/typos in --sanitize-crypto-scramble, courtesy of Tom Yan.
- fix NULL password handling in --security-unlock, courtesy of Tom Yan.
Best,
Matthias
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
the ntp initskript will only run at first connection try. If this fails
and the connection can established later DNS will not work if the clock
is too far away.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
new versions of agetty missinterpretes the baudrate and set it as TERM
without the parameter agetty use the previous rate that was set by the
kernel via console=XXX,Baudrate parameter.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Changes (see: https://gnupg.org/download/release_notes.html):
"gpg: Sending very large keys to the keyservers works again.
gpg: Validity strings in key listings are now again translatable.
gpg: Emit FAILURE status lines to help GPGME.
gpg: Does not anymore link to Libksba to reduce dependencies.
gpgsm: Export of secret keys via Assuan is now possible.
agent: Raise the maximum passphrase length from 100 to 255 bytes.
agent: Fix regression using EdDSA keys with ssh.
Does not anymore use a build timestamp by default.
The fallback encoding for broken locale settings changed from Latin-1 to UTF-8.
Many code cleanups and improved internal documentation.
Various minor bug fixes."
Best,
Matthias
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
correct typo in wio.en.pl language file
add button in wio.cgi to change to systems logs (section wio)
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
this is needed to edit MAKTUNING in the lfs file
which is used by boost and cmake to build on
machines with less than 4GB Memory.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
