Otherwise the WUI is not allowed to put and release the nobeep file in
this folder and the desired functionality does not work.
Fixes#12385.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This patch disables the output of 'iptables' in 'summary.dat' by
modifying '/usr/share/conf/logwatch.conf'.
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
The package requires more libraries than libtalloc from
the samba package and therefore we need this dependency
again.
Fixes: #12538
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Added a backup/includes file for apcupsd to backup the
/etc/apcupsd/ directory where all the configuration files
are stored. Currently there is no backup available to
save the state of any changes carried out to the configuration
or action files.
Signed-off-by: Adolf Belka <ahb.ipfire@gmail.com>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Full changelog as per https://github.com/speed47/spectre-meltdown-checker/releases/tag/v0.44 :
feat: add support for SRBDS related vulnerabilities
feat: add zstd kernel decompression (#370)
enh: arm: add experimental support for binary arm images
enh: rsb filling: no longer need the 'strings' tool to check for kernel support in live mode
fix: fwdb: remove Intel extract tempdir on exit
fix: has_vmm: ignore kernel threads when looking for a hypervisor (fixes#278)
fix: fwdb: use the commit date as the intel fwdb version
fix: fwdb: update Intel's repository URL
fix: arm64: cve-2017-5753: kernels 4.19+ use a different nospec macro
fix: on CPU parse info under FreeBSD
chore: github: add check run on pull requests
chore: fwdb: update to v165.20201021+i20200616
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Full changelog obtained from: https://cisofy.com/changelog/lynis/#301
- Detection of Alpine Linux
- Detection of CloudLinux
- Detection of Kali Linux
- Detection of Linux Mint
- Detection of macOS Big Sur (11.0)
- Detection of Pop!_OS
- Detection of PHP 7.4
- Malware detection tool: Microsoft Defender ATP
- New flag: --slow-warning to allow tests more time before showing a
warning
- Test TIME-3185 to check systemd-timesyncd synchronized time
- rsh host file permissions
- AUTH-9229 - Added option for LOCKED accounts and bugfix for older bash
versions
- BOOT-5122 - Presence check for grub.d added
- CRYP-7902 - Added support for certificates in DER format
- CRYP-7931 - Added data to report
- CRYP-7931 - Redirect errors (e.g. when swap is not encrypted)
- FILE-6430 - Don't grep nonexistant modprobe.d files
- FIRE-4535 - Set initial firewall state
- INSE-8312 - Corrected text on screen
- KRNL-5728 - Handle zipped kernel configuration correctly
- KRNL-5830 - Improved version detection for non-symlinked kernel
- MALW-3280 - Extended detection of BitDefender
- TIME-3104 - Find more time synchronization commands
- TIME-3182 - Corrected detection of time peers
- Fix: hostid generation routine would sometimes show too short IDs
- Fix: language detection
- Generic improvements for macOS
- German translation updated
- End-of-life database updated
- Several minor code enhancements
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
The pacificnew file has been dropped by IANA. Adding the "factory" file
makes sense to have a reasonable default in case the time zone is
unknown, which, however, should not happen in case of IPFire 2.x - just
trying to be consistent here.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Those fix some unintentional behaviour regarding autocompletion I
stumbled across the other day. While there seems nothing security
relevant in this, it irons out a few bugs.
The full and up-to-date list of all Bash 5.0 patches can be obtained
from https://ftp.gnu.org/gnu/bash/bash-5.0-patches/ .
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This is a security release in order to address
CVE-2020-14318 (Missing handle permissions check in SMB1/2/3 ChangeNotify),
CVE-2020-14323 (Unprivileged user can crash winbind) and
CVE-2020-14383 (An authenticated user can crash the DCE/RPC DNS with easily
crafted records).
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This is a security release in order to address
CVE-2020-14318 (Missing handle permissions check in SMB1/2/3 ChangeNotify),
CVE-2020-14323 (Unprivileged user can crash winbind) and
CVE-2020-14383 (An authenticated user can crash the DCE/RPC DNS with easily
crafted records).
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
This add-on was solely needed as a dependency for Amavis and is
therefore no longer needed.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This package has not been maintained well and is thereof outdated. At
the time of writing, we neither
(a) have a maintainer for this nor
(b) believe it is wise to run a full-featured content scanner on a
firewall for security purposes. (We can make do with Postfix, as it
is known for being a very robust MTA and providess less attack
surface than something actually inspecting transferred messages.)
Thereof, this patch drops the SpamAssassin add-on. In case it is desired
in future versions of IPFire, it can be easily reverted, restoring the
functionality and behaviour before.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This package has not been maintained well and is thereof outdated. At
the time of writing, we neither
(a) have a maintainer for this nor
(b) believe it is wise to run a full-featured content scanner on a
firewall for security purposes. (We can make do with Postfix, as it
is known for being a very robust MTA and providess less attack
surface than something actually inspecting transferred messages.)
Thereof, this patch drops the Amavis add-on. In case it is desired in
future versions of IPFire, it can be easily reverted, restoring the
functionality and behaviour before.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
