Commit Graph

6623 Commits

Author SHA1 Message Date
Matthias Fischer
5fd8c3e1f5 unbound: Update to 1.13.0
For details see:
https://lists.nlnetlabs.nl/pipermail/unbound-users/2020-December/007102.html

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2020-12-10 13:02:21 +00:00
Matthias Fischer
64dfe75142 dhcpcd: Update to 9.3.4
For details see:
https://roy.marples.name/blog/dhcpcd-9-3-4-released.html

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2020-12-10 13:01:05 +00:00
Matthias Fischer
fde5772fde bind: Update to 9.11.25
For details see:
https://downloads.isc.org/isc/bind9/9.11.25/RELEASE-NOTES-bind-9.11.25.html

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2020-12-10 13:00:29 +00:00
ummeegge
50752f1b61 kerberos: Update to version 1.18.3
Since version 1.15.2 several fixes and enhancements has been introduced.
For a full overview the release notes can be found in the next lines.

https://web.mit.edu/kerberos/krb5-1.16/
https://web.mit.edu/kerberos/krb5-1.17/
https://web.mit.edu/kerberos/krb5-1.18/

Signed-off-by: ummeegge <erik.kapfer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2020-12-10 12:32:11 +00:00
ummeegge
14baf8472a tshark: Update to version 3.4.0
- Since tshark uses since 3.4.0 an always enabled asynchronous DNS
resolution, c-ares is a needed dependency.
- Since the current actual version 3.2.6 a lot of bug fixes, fixed
vulnerabilities, updated features, new protocols but also updated
protocols has been integrated.
A full overview of all changes can be found in here -->
Update to version 3.2.7:
https://www.wireshark.org/docs/relnotes/wireshark-3.2.7.html
Update to version 3.2.8:
https://www.wireshark.org/docs/relnotes/wireshark-3.2.8.html
Update to version 3.4.0
https://www.wireshark.org/docs/relnotes/wireshark-3.4.0.html

Signed-off-by: ummeegge <erik.kapfer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2020-12-10 12:31:15 +00:00
ummeegge
d44ce7d4c2 c-ares: New package. Needed as tshark Dependency
- Since tshark uses with version 3.4.0 an always enabled asynchronous DNS
resolution c-ares is a needed dependency.
- Since curl can also use c-ares --> https://c-ares.haxx.se/ it has been
placed in make.sh before curl even no compiletime options has been set
to enable this. c-ares has also been placed in packages and not in common
which would be needed if it should be used for curl too.

Signed-off-by: ummeegge <erik.kapfer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2020-12-10 12:30:24 +00:00
Matthias Fischer
ca4ce96800 nano: Update to 5.4
For details see:
https://www.nano-editor.org/news.php

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2020-12-10 12:30:12 +00:00
Matthias Fischer
0f4d1a8e6b monit: Update to 5.27.1
For details see:
https://mmonit.com/monit/changes/

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2020-12-10 12:29:15 +00:00
Adolf Belka
c2f02d9d59 bacula: Update to use IPFire initscript
Bacula install used the bacula initscript for starting and stopping bacula.
This works fine but results in no pid or memory input in the addons table
under services.
Using the IPFire initscript also successfully starts and stops bacula with
no problems but also provides the pid and memory information in the services
addons table.
- rootfiles adjusted to remove the reference to bacula-ctl-fd
- lfs/bacula adjusted to remove the init.d/bacula link generation
             remove the "rm -f /root/.rnd" command. This file is not present
             and I have not seen this command in any other lfs file that I
             have looked at.
- new bacula initscript created

Signed-off-by: Adolf Belka <ahb.ipfire@gmail.com>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2020-12-10 12:28:58 +00:00
Arne Fitzenreiter
591738dc5c openssl: update to 1.1.1i
fix: EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971)

Severity: High

The X.509 GeneralName type is a generic type for representing different types
of names. One of those name types is known as EDIPartyName. OpenSSL provides a
function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME
to see if they are equal or not. This function behaves incorrectly when both
GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash
may occur leading to a possible denial of service attack.

OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes:
1) Comparing CRL distribution point names between an available CRL and a CRL
   distribution point embedded in an X509 certificate
2) When verifying that a timestamp response token signer matches the timestamp
   authority name (exposed via the API functions TS_RESP_verify_response and
   TS_RESP_verify_token)

If an attacker can control both items being compared then that attacker could
trigger a crash. For example if the attacker can trick a client or server into
checking a malicious certificate against a malicious CRL then this may occur.
Note that some applications automatically download CRLs based on a URL embedded
in a certificate. This checking happens prior to the signatures on the
certificate and CRL being verified. OpenSSL's s_server, s_client and verify
tools have support for the "-crl_download" option which implements automatic
CRL downloading and this attack has been demonstrated to work against those
tools.

Note that an unrelated bug means that affected versions of OpenSSL cannot parse
or construct correct encodings of EDIPARTYNAME. However it is possible to
construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence
trigger this attack.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2020-12-08 18:27:00 +01:00
Arne Fitzenreiter
4aae5f819a kernel: update to 4.14.211
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2020-12-08 18:26:37 +01:00
Arne Fitzenreiter
8372d89000 vdr: version 2.4.4 still use plugin API 2.4.3
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2020-12-05 10:09:03 +00:00
Arne Fitzenreiter
b689391f27 Merge branch 'next' of git.ipfire.org:/pub/git/ipfire-2.x into next 2020-12-02 23:43:15 +01:00
Arne Fitzenreiter
a11783096e intel-microcode: update to 20201118
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2020-12-02 23:42:29 +01:00
Arne Fitzenreiter
bb5dcf84b8 kernel: update to 4.14.210
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2020-12-02 23:42:04 +01:00
Michael Tremer
77b7668c9e aws-cli: Update to 1.18.188
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2020-12-02 17:55:51 +00:00
Michael Tremer
57a0aedb3e python3-botocore: Update to 1.19.28
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2020-12-02 17:55:22 +00:00
Michael Tremer
05be1c642a python3-urllib3: New package
Required by botocore

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2020-12-02 17:54:56 +00:00
Stefan Schantl
6dc6de4c4e ddns: Import upstream patch for provider DuckDNS.
Fixes #12415.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2020-12-02 14:56:46 +00:00
Stefan Schantl
882db5cd03 ddns: Import upstream patch for provider DDNSS.
Fixes #12328.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2020-12-02 14:56:44 +00:00
Stefan Schantl
31098f84ab configroot: Change ownership of "/var/ipfire/red" to nobody.
Otherwise the WUI is not allowed to put and release the nobeep file in
this folder and the desired functionality does not work.

Fixes #12385.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2020-12-01 16:14:48 +00:00
Erik Kapfer
820edb2374 OpenVPN: Update to version 2.5.0
Signed-off-by: Erik Kapfer <erik.kapfer@ipfire.org>
Tested-by: Adolf Belka <ahb.ipfire@gmail.com>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2020-12-01 16:10:32 +00:00
Matthias Fischer
e8ecc81a70 logwatch: Disable iptables output in summary.dat, fixes #12533
This patch disables the output of 'iptables' in 'summary.dat' by
modifying '/usr/share/conf/logwatch.conf'.

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2020-11-27 15:54:27 +00:00
Matthias Fischer
1e036ee90d knot: Update to 3.0.2
for details see:
https://www.knot-dns.cz/2020-11-11-version-302.html

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2020-11-27 15:50:29 +00:00
Matthias Fischer
c2773f2371 ghostscript: Update to 9.53.3
For details see:
https://www.ghostscript.com/doc/current/History9.htm#Version9.53.3

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2020-11-27 15:49:50 +00:00
Michael Tremer
4a388bc9f0 libloc: Import changes from upstream
This fixes the segmentation fault on 32 bit systems.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2020-11-27 15:46:39 +00:00
Michael Tremer
8a4495a41f gdb: Build package to be available in the build environment
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2020-11-27 15:19:53 +00:00
Arne Fitzenreiter
7adacda04c transmission: update to 3.00
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2020-11-26 16:15:48 +00:00
Peter Müller
ef99991370 Tor: update to 0.4.4.6
Full changelog can be obtained from https://gitweb.torproject.org/tor.git/plain/ChangeLog?h=tor-0.4.4.6 .

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2020-11-25 17:17:35 +00:00
Arne Fitzenreiter
3198520570 kernel: update to 4.14.209
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2020-11-24 20:52:22 +01:00
Arne Fitzenreiter
76da59bba6 strongswan: update to 5.9.1
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2020-11-24 10:52:45 +01:00
Arne Fitzenreiter
e4f287a268 vdr: update to 2.4.4
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2020-11-23 18:15:48 +00:00
Michael Tremer
2cb220fd3c freeradius: Depend on samba again
The package requires more libraries than libtalloc from
the samba package and therefore we need this dependency
again.

Fixes: #12538
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2020-11-23 15:12:54 +00:00
Adolf Belka
d0d63bbbee apcupsd: addition of backup/includes definition
Added a backup/includes file for apcupsd to backup the
/etc/apcupsd/ directory where all the configuration files
are stored. Currently there is no backup available to
save the state of any changes carried out to the configuration
or action files.
Signed-off-by: Adolf Belka <ahb.ipfire@gmail.com>

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2020-11-23 15:12:54 +00:00
Arne Fitzenreiter
17a8437e82 pcengines-firmware: update to 4.12.0.6
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2020-11-23 15:12:54 +00:00
Arne Fitzenreiter
9e245967d2 kernel: update to 4.14.208
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2020-11-23 14:24:15 +01:00
Michael Tremer
6cab8977e0 amazon-ssm-agent: Package /usr/bin/ssm-agent-worker
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2020-11-19 18:35:36 +00:00
Arne Fitzenreiter
5929646842 kernel: update to 4.14.207
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2020-11-19 19:08:33 +01:00
Michael Tremer
05db64d0ea libloc: Import recent patches from upstream
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2020-11-18 19:18:40 +00:00
Arne Fitzenreiter
a832b5c2e6 Merge remote-tracking branch 'origin/master' into next
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2020-11-13 18:21:20 +00:00
Michael Tremer
ff69976021 amazon-ssm-agent: Update to 3.0.356.0
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2020-11-13 11:11:47 +00:00
Michael Tremer
64d6b06a6d go: Update to 1.15.4
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2020-11-13 11:11:47 +00:00
Arne Fitzenreiter
81e87afb7b intel-microcode: update to 20201112
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2020-11-13 09:03:00 +01:00
Arne Fitzenreiter
2e1bf458e2 kernel: update to 4.14.206
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2020-11-12 09:02:02 +01:00
Peter Müller
66c9d821d6 spectre-meltdown-checker: update to 0.44
Full changelog as per https://github.com/speed47/spectre-meltdown-checker/releases/tag/v0.44 :

    feat: add support for SRBDS related vulnerabilities
    feat: add zstd kernel decompression (#370)
    enh: arm: add experimental support for binary arm images
    enh: rsb filling: no longer need the 'strings' tool to check for kernel support in live mode
    fix: fwdb: remove Intel extract tempdir on exit
    fix: has_vmm: ignore kernel threads when looking for a hypervisor (fixes #278)
    fix: fwdb: use the commit date as the intel fwdb version
    fix: fwdb: update Intel's repository URL
    fix: arm64: cve-2017-5753: kernels 4.19+ use a different nospec macro
    fix: on CPU parse info under FreeBSD
    chore: github: add check run on pull requests
    chore: fwdb: update to v165.20201021+i20200616

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2020-11-11 15:50:33 +00:00
Arne Fitzenreiter
1c217406f2 intel-microcode: update to 20201110
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2020-11-11 11:50:14 +00:00
Michael Tremer
85c2e400ff git: Bump package version
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2020-11-10 11:17:46 +00:00
Michael Tremer
1e2c442c9e samba: Add support for custom configuration changes
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2020-11-09 18:43:15 +00:00
Michael Tremer
7b97337afb core153: Ship location changes
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2020-11-09 14:11:16 +00:00
Peter Müller
02489761db libseccomp: update to 2.4.4
Full changelog obtained from: https://github.com/seccomp/libseccomp/releases/tag/v2.4.4

Version 2.4.4 - August 21, 2020

    Update the syscall table for Linux v5.8-rc7
    Fix double free when BPF generation fails
    Add aarch64 support for clone3, getrlimit, and setrlimit

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2020-11-05 23:34:22 +00:00