This is a security release in order to address
CVE-2020-14318 (Missing handle permissions check in SMB1/2/3 ChangeNotify),
CVE-2020-14323 (Unprivileged user can crash winbind) and
CVE-2020-14383 (An authenticated user can crash the DCE/RPC DNS with easily
crafted records).
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
This add-on was solely needed as a dependency for Amavis and is
therefore no longer needed.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This package has not been maintained well and is thereof outdated. At
the time of writing, we neither
(a) have a maintainer for this nor
(b) believe it is wise to run a full-featured content scanner on a
firewall for security purposes. (We can make do with Postfix, as it
is known for being a very robust MTA and providess less attack
surface than something actually inspecting transferred messages.)
Thereof, this patch drops the SpamAssassin add-on. In case it is desired
in future versions of IPFire, it can be easily reverted, restoring the
functionality and behaviour before.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This package has not been maintained well and is thereof outdated. At
the time of writing, we neither
(a) have a maintainer for this nor
(b) believe it is wise to run a full-featured content scanner on a
firewall for security purposes. (We can make do with Postfix, as it
is known for being a very robust MTA and providess less attack
surface than something actually inspecting transferred messages.)
Thereof, this patch drops the Amavis add-on. In case it is desired in
future versions of IPFire, it can be easily reverted, restoring the
functionality and behaviour before.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
WPA3 mandates MFP, but many clients do not support it at all.
Therefore this can now be set to optional and clients will
fall back to WPA2.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This change removes a couple of removed options and adds
new ones. Notable changes are:
* Enable SAE (for WPA3)
* Enable Airtime Policy
* Enable Client Taxonomy
* Enable using the new getrandom() syscall
* Enable using epoll instead of select
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
* Enable RDP and SIP parsers.
* Enable new introduced parsers for RFB and DCERPC.
Because HTTP2 support and parser currently is experimental the suricata
developers decided to disable it at default - we keep this default
setting for now.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
The action was performed after the table has already been
rendered which required reloading the page to show a new
share.
This has now been moved to the top so that new changes
will be shown immediately.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Complete changelog since version 0.93:
V0.94
Aaron Lipinski (10):
gtk_menu_append -> gtk_menu_shell_append
GTK_OBJECT -> G_OBJECT
gtk_button_new_from_stock -> gtk_button_new_with_label
gtk3
hbox/vbox -> gtk_box_new
gtk_menu_popup -> gtk_menu_popup_at_pointer
show resolved hostname in raw dnsline
rely on final return NULL
introduce libasan
avoid stack use after scope
Alejandro Leal (2):
few updates to manual page and README.md
Updating some comments
Chongyu Zhu (1):
probe: fix find_source_addr
Konrad Bucheli (1):
fix segmentation fault if there is no IP address on an interface (fixes#320)
Kulemin Alexander (1):
report: json: reworked with libjansson
Mark Egan-Fuller (1):
Add display of destination.
Markus Kötter (6):
simplification - remove sockaddrtop
simplification - remove addrcpy
simplification - remove rsa{4,6}
simplification - address addrcmp
simplification - improve readability
ip6 udp - fix probes with local or remote port
R.E. Wolff (29):
fix warning on recent compilers.
Merge branch 'master' of github.com:traviscross/mtr
net find local address fix by meingtsla
proposed patch for bsd compile error
fix closing brace
Added include errno --obouizi
Merge branch 'master' of github.com:traviscross/mtr
More compilation warning fixes from obouizi
Added extra help text to configure --yvs
Changed MAXPATH to MAX_PATH for AIX compatibility. -- aixtools
make the code for gtk2/3 a bit nicer.
Merge branch 'gtk3_with_fallback' of https://github.com/krisl/mtr
Merge branch 'master' of github.com:traviscross/mtr
in hindsight my previous patch wasn't so nice. And nobody told me.
Sean Wei (1):
Fix parameter in ui/net.c
Siyuan Miao (1):
show mpls information in raw output
atib (1):
Added code to print multiple addresses regitered on the same hop count
atibdialpad (2):
Change TTL dynamically to adjust for path changes
TODO list changes
meingtsla (2):
asn_{open,close}: Always initialize ipinfo hash table
Merge branch 'master' of https://github.com/traviscross/mtr into asn-open-always-hcreate
In addition, the "bootstrap.sh" script no longer exists and has
therefore been removed from the LFS file.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Since libloc is built as a tree we cannot simply exclude any address
space in the middle of it. Therefore we create some firewall rules
which simply avoid checking non-globally routable address space.
Fixes: #12499
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
