Commit Graph

6095 Commits

Author SHA1 Message Date
Arne Fitzenreiter
eba8e481e1 geoip: ship database 20191217
Maxmind has disabled the download so we ship the last free (creative commons)
database with the iso and core until we build an alternative.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2020-01-12 12:39:25 +01:00
Michael Tremer
cde41c2e6f Go: Cleanup Go Path after build
Go leaves temporary build files in the directory
which we do not need and we should clean up after
every build.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2020-01-12 08:19:17 +00:00
Michael Tremer
44cc9a3d57 amazon-ssm-agent: New package
AWS Systems Manager Agent (SSM Agent) is Amazon software that can be
installed and configured on an Amazon EC2 instance, an on-premises
server, or a virtual machine (VM). SSM Agent makes it possible for
Systems Manager to update, manage, and configure these resources. The
agent processes requests from the Systems Manager service in the AWS
Cloud, and then runs them as specified in the request. SSM Agent then
sends status and execution information back to the Systems Manager
service by using the Amazon Message Delivery Service.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2020-01-11 20:33:36 +00:00
Arne Fitzenreiter
590f879b34 python3: exclude __pycache__ from iso, core and packages
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2020-01-11 21:22:07 +01:00
Arne Fitzenreiter
29ea4ac2c4 elinks: move to core system.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2020-01-11 15:05:49 +01:00
Arne Fitzenreiter
6ede197501 pathon: update to 3.8 and move pyhton to core
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2020-01-11 14:35:11 +01:00
Peter Müller
96ac98a568 Tor: update to 0.4.2.5
Please refer to https://blog.torproject.org/new-release-0425-also-0417-0406-and-0359
for release notes.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2020-01-04 18:25:00 +00:00
Peter Müller
ae28d23d4d libseccomp: update to 2.4.2
Please refer to https://github.com/seccomp/libseccomp/releases/tag/v2.4.2
for release notes.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2020-01-04 18:24:49 +00:00
Michael Tremer
ac7ada2a15 openvmtools: Update to 11.0.0
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2020-01-04 18:24:29 +00:00
Michael Tremer
321c211528 glib: Fix compiling with GCC 9
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2020-01-04 18:24:15 +00:00
Michael Tremer
d04fb4ee34 efivar: Update to 37
This also fixes some build issues with GCC 9.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2020-01-04 18:23:54 +00:00
Michael Tremer
3e8dd2d3ed mdadm: Update to 4.1
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2020-01-04 18:23:52 +00:00
Michael Tremer
c63ba73e3a mpc: Update to 1.1.0
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2020-01-04 18:23:39 +00:00
Michael Tremer
d3e4320bed mpfr: Update to 4.0.2
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2020-01-04 18:23:28 +00:00
Michael Tremer
210b27e179 gcc: Update to 9.2.0
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2020-01-04 18:23:09 +00:00
Arne Fitzenreiter
592d3708fe Revert "bind: Update to 9.11.14"
build fails on armv5tel: https://nightly.ipfire.org/next/2020-01-02%2016:17:54%20+0000-c846ed16/armv5tel/

This reverts commit 7d9b0ab697.
2020-01-03 21:13:30 +00:00
Matthias Fischer
61a4972bc6 nano: Update to 4.7
For details see:
https://www.nano-editor.org/news.php

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-12-29 19:20:13 +00:00
Matthias Fischer
7d9b0ab697 bind: Update to 9.11.14
For details see:
https://downloads.isc.org/isc/bind9/9.11.14/RELEASE-NOTES-bind-9.11.14.html

"Bug Fixes

Fixed a bug that caused named to leak memory on reconfiguration when any
GeoIP2 database was in use. [GL #1445]

Fixed several possible race conditions discovered by Thread Sanitizer."

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-12-29 19:17:45 +00:00
Michael Tremer
1eb657a66c file: Update to 5.38
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-12-29 19:15:57 +00:00
Michael Tremer
edf221cbfc dehydrated: Update to 0.6.5
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-12-29 19:15:09 +00:00
Stefan Schantl
0db643ce38 rfkill: New package.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Acked-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-12-29 19:14:30 +00:00
Matthias Fischer
907874c4be libhtp: Update to 0.5.32
For details see:
https://github.com/OISF/libhtp/releases

Bundled with 'suricata 4.1.6'

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-12-29 19:09:27 +00:00
Matthias Fischer
ad6d02ccc0 suricata: Update to 4.1.6
Excerpt from 'ChangeLog':

"4.1.6 -- 2019-12-13

Bug #3276: address parsing: memory leak in error path (4.1.x)
Bug #3278: segfault when test a nfs pcap file (4.1.x)
Bug #3279: ikev2 enabled in config even if Rust is disabled
Bug #3325: lua issues on arm (fedora:29) (4.1.x)
Bug #3326: Static build with pcap fails (4.1.x)
Bug #3327: tcp: empty SACK option leads to decoder event (4.1.x)
Bug #3347: BPF filter on command line not honored for pcap file (4.1.x)
Bug #3355: DNS: DNS over TCP transactions logged with wrong direction. (4.1.x)
Bug #3356: DHCP: Slow down over time due to lack of detect flags (4.1.x)
Bug #3369: byte_extract does not work in some situations (4.1.x)
Bug #3385: fast-log: icmp type prints wrong value (4.1.x)
Bug #3387: suricata is logging tls log repeatedly if custom mode is enabled (4.1.x)
Bug #3388: TLS Lua output does not work without TLS log (4.1.x)
Bug #3391: Suricata is unable to get MTU from NIC after 4.1.0 (4.1.x)
Bug #3393: http: pipelining tx id handling broken (4.1.x)
Bug #3394: TCP evasion technique by overlapping a TCP segment with a fake packet (4.1.x)
Bug #3395: TCP evasion technique by faking a closed TCP session (4.1.x)
Bug #3402: smb: post-GAP some transactions never close (4.1.x)
Bug #3403: smb1: 'event only' transactions for bad requests never close (4.1.x)
Bug #3404: smtp: file tracking issues when more than one attachment in a tx (4.1.x)
Bug #3405: Filehash rule does not fire without filestore keyword
Bug #3410: intermittent abort()s at shutdown and in unix-socket (4.1.x)
Bug #3412: detect/asn1: crashes on packets smaller than offset setting (4.1.x)
Task #3367: configure: Rust 1.37+ has cargo-vendor support bundled into cargo (4.1.x)"

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-12-29 19:09:25 +00:00
Matthias Fischer
68e83070e2 knot: Update to 2.9.2
For details see:
https://www.knot-dns.cz/2019-12-12-version-292.html

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-12-29 18:01:05 +00:00
Matthias Fischer
726037c6ee unbound: Update to 1.9.6
For details see:
https://nlnetlabs.nl/pipermail/unbound-users/2019-December/011941.html

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-12-29 17:58:21 +00:00
Erik Kapfer
fb7226d0a6 tshark: Update to version 3.0.7
Several bugfixes are included in this version, some protocol support has been added.
For a complete overview of the changelog, take a look in here -->
https://www.wireshark.org/docs/relnotes/wireshark-3.0.6.html
https://www.wireshark.org/docs/relnotes/wireshark-3.0.7.html .

Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-12-29 13:46:32 +00:00
Stéphane Pautrel
1ec1e499d0 Update of French translations
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-12-29 08:50:52 +00:00
Stefan Schantl
5bc042df2f rust: Update to 1.39
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-12-29 08:50:31 +00:00
Peter Müller
81502fe6f3 OpenSSH: update to 8.1p1
Please refer to https://www.openssh.com/txt/release-8.1 for release notes.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-12-05 18:00:11 +00:00
Arne Fitzenreiter
43fa700e11 pcengines-firmware: update to 4.10.0.3
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-12-05 18:53:16 +01:00
Arne Fitzenreiter
6fb7936c16 intel-microcode: update to 20191115
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-12-05 12:48:13 +01:00
Arne Fitzenreiter
0894092e2c linux-firmware: update to 20191022
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-12-05 12:44:45 +01:00
Matthias Fischer
01493f7a44 cpio: Update to 2.13
For details see:
https://www.gnu.org/software/cpio/

Fix CVE-2015-1197
Fix CVE-2016-2037
Fix CVE-2019-14866

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-12-02 17:10:15 +00:00
Matthias Fischer
9d6e22e3fc nano: Update to 4.6
For details see:
https://www.nano-editor.org/news.php

... and a long list of other changes in https://www.nano-editor.org/dist/latest/ChangeLog ...

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-12-02 17:09:55 +00:00
Peter Müller
18f1b46e1a spectre-meltdown-checker: update to 0.42
See https://github.com/speed47/spectre-meltdown-checker/releases/tag/v0.42
for release announcements.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-12-02 17:09:41 +00:00
Peter Müller
6d0a2f8b1e Postfix: update to 3.4.8
See http://www.postfix.org/announcements/postfix-3.4.8.html for release
announcements.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-12-02 17:09:09 +00:00
Peter Müller
c701ddcba5 update ca-certificates CA bundle
Update the CA certificates list to what Mozilla NSS ships currently.

The original file can be retrieved from:
https://hg.mozilla.org/mozilla-central/raw-file/tip/security/nss/lib/ckfw/builtins/certdata.txt

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-12-02 17:07:00 +00:00
Peter Müller
bf9fa6d864 hwdata: update PCI/USB databases
PCI IDs: 2019-11-26 03:15:03
USB IDs: 2019-11-05 20:34:06

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-12-02 17:02:20 +00:00
Matthias Fischer
78756496c9 bind: Update to 9.11.13
For details see:

https://downloads.isc.org/isc/bind9/9.11.13/RELEASE-NOTES-bind-9.11.13.html

"Security Fixes

    Set a limit on the number of concurrently served pipelined TCP queries.
    This flaw is disclosed in CVE-2019-6477. [GL #1264]"

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-11-30 09:57:49 +00:00
Matthias Fischer
1f1c2f4364 clamav: Update to 0.102.1
For details see:
https://blog.clamav.net/2019/11/clamav-01021-and-01015-patches-have.html

"Fix for the following vulnerability affecting 0.102.0 and 0.101.4 and prior:

CVE-2019-15961:
A Denial-of-Service (DoS) vulnerability may occur when scanning
a specially crafted email file as a result of excessively long scan
times. The issue is resolved by implementing several maximums in parsing
MIME messages and by optimizing use of memory allocation.

Build system fixes to build clamav-milter, to correctly link with
libxml2 when detected, and to correctly detect fanotify for on-access
scanning feature support.

Signature load time is significantly reduced by changing to a more
efficient algorithm for loading signature patterns and allocating the AC
trie. Patch courtesy of Alberto Wu.

Introduced a new configure option to statically link libjson-c with
libclamav. Static linking with libjson is highly recommended to prevent
crashes in applications that use libclamav alongside another JSON
parsing library.

Null-dereference fix in email parser when using the --gen-json metadata
option.

Fixes for Authenticode parsing and certificate signature (.crb database)
bugs."

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-11-30 09:57:25 +00:00
Matthias Fischer
0786c686ea unbound: Update to 1.9.5
For details see:
https://nlnetlabs.nl/pipermail/unbound-users/2019-November/011897.html

"This release is a fix for vulnerability CVE-2019-18934, that can cause
shell execution in ipsecmod.

Bug Fixes:
- Fix for the reported vulnerability.

The CVE number for this vulnerability is CVE-2019-18934"

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-11-30 09:55:22 +00:00
Michael Tremer
1a23cf7324 bird: Fix path of configuration file in backup
The backup did not pack the configuration file
due to an incorrect path.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-11-30 09:51:23 +00:00
Matthias Fischer
ee506d5027 calamaris: Bug fix for proxy reports staying empty after Core 136 upgrade
After upgrading to Core 136, 'calamaris' "Proxy reports" stayed empty.
GUI always show "No reports available".

Tested manually on console stops and throws an error:

...
root@ipfire: ~ # /usr/bin/perl /var/ipfire/proxy/calamaris/bin/mkreport
1 0 2019 8 10 2019 -d 10 -P 30 -t 10 -D 2 -u -r -1 -R 100 -s
Can't use 'defined(%hash)' (Maybe you should just omit the defined()?)
at /var/ipfire/proxy/calamaris/bin/calamaris line 2609.
...

Line 2609 was changed and reports are built again.

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-11-30 09:46:19 +00:00
Arne Fitzenreiter
e557cecbdd python: update to 2.7.17
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-11-28 18:41:18 +01:00
Arne Fitzenreiter
44b227b102 kernel: update to 4.14.154
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-11-14 22:12:12 +01:00
Peter Müller
1ec32691e9 intel-microcode: update to 20191112
For release notes, refer to:
- https://blogs.intel.com/technology/2019/11/ipas-november-2019-intel-platform-update-ipu/
- https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20191112

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-11-13 19:58:08 +00:00
Arne Fitzenreiter
510a670253 qemu: remove sdl from dependency list
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-11-13 19:56:11 +00:00
Arne Fitzenreiter
d8bef72e76 qemu: switch to xz compressed source
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-11-13 19:55:17 +00:00
Peter Müller
415fb8b5bd bash: update to 5.0 (patchlevel 11)
The third version of this patch also includes patches 1-11
for version 5.0, drops orphaned 4.3 patches, and fixes rootfile
mistakes reported by Arne.

Please refer to https://tiswww.case.edu/php/chet/bash/bashtop.html
for release notes.

Cc: Michael Tremer <michael.tremer@ipfire.org>
Cc: Arne Fitzenreiter <arne_f@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-11-13 19:42:59 +00:00
Peter Müller
c82aa03e2c readline: update to 8.0 (patchlevel 1)
The third version of this patch fixes missing rootfile changes, drops
orphaned readline 5.2 patches (as they became obsolete due to
readline-compat changes), includes readline 8.0 upstream patch, and
keeps the for-loop in LFS file (as commented by Michael).

Cc: Michael Tremer <michael.tremer@ipfire.org>
Cc: Arne Fitzenreiter <arne_f@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
2019-11-13 19:42:43 +00:00