mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 18:45:54 +02:00

Go to file

Adolf Belka 23e53133e2 openssl: Update to version 3.3.1

- Update from 3.3.0 to 3.3.1
- Update of rootfile not required
- This version has 2 CVE fixes both of which are classified as Low Severity so looks like
   they can wait for CU189
- Changelog
    3.3.1
	 * Fixed potential use after free after SSL_free_buffers() is called.
	   The SSL_free_buffers function is used to free the internal OpenSSL
	   buffer used when processing an incoming record from the network.
	   The call is only expected to succeed if the buffer is not currently
	   in use. However, two scenarios have been identified where the buffer
	   is freed even when still in use.
	   The first scenario occurs where a record header has been received
	   from the network and processed by OpenSSL, but the full record body
	   has not yet arrived. In this case calling SSL_free_buffers will succeed
	   even though a record has only been partially processed and the buffer
	   is still in use.
	   The second scenario occurs where a full record containing application
	   data has been received and processed by OpenSSL but the application has
	   only read part of this data. Again a call to SSL_free_buffers will
	   succeed even though the buffer is still in use.
	   ([CVE-2024-4741])
	 * Fixed an issue where checking excessively long DSA keys or parameters may
	   be very slow.
	   Applications that use the functions EVP_PKEY_param_check() or
	   EVP_PKEY_public_check() to check a DSA public key or DSA parameters may
	   experience long delays. Where the key or parameters that are being checked
	   have been obtained from an untrusted source this may lead to a Denial of
	   Service.
	   To resolve this issue DSA keys larger than OPENSSL_DSA_MAX_MODULUS_BITS
	   will now fail the check immediately with a DSA_R_MODULUS_TOO_LARGE error
	   reason.
	   ([CVE-2024-4603])
	 * Improved EC/DSA nonce generation routines to avoid bias and timing
	   side channel leaks.

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

2024-08-27 09:48:50 +00:00

config

core189: Ship ruby

2024-08-26 08:17:18 +00:00

doc

Run "./make.sh lang"

2024-08-23 09:22:17 +00:00

html

guardian.cgi: Use the new service widget

2024-08-21 16:14:40 +02:00

langs

index.cgi: Improve the warning box

2024-08-21 15:47:08 +02:00

lfs

openssl: Update to version 3.3.1

2024-08-27 09:48:50 +00:00

src

lua: Update to version 5.4.7

2024-08-26 08:14:53 +00:00

tests

initscripts fkt: Check that readhash returns 1 on a missing file

2024-08-24 12:19:56 +00:00

tools

make.sh: Integrate the rootfile consistency check

2024-08-23 09:50:39 +00:00

.gitignore

.gitignore: Ignore images_* directories

2024-07-22 15:21:20 +00:00

.mailmap

.mailmap: Add Adolf Belka

2021-03-10 14:42:37 +00:00

make.sh

bind: Update to version 9.20.1

2024-08-26 08:13:25 +00:00

README.md

README.md: fix minor typo

2024-03-30 12:12:42 +00:00

README.md

IPFire 2.x - The Open Source Firewall

What is IPFire?

IPFire is a hardened, versatile, state-of-the-art Open Source firewall based on Linux. Its ease of use, high performance in any scenario and extensibility make it usable for everyone. For a full list of features have a look here.

This repository contains the source code of IPFire 2.x which is used to build the whole distribution from scratch, since IPFire is not based on any other distribution.

Where can I get IPFire?

Just head over to https://www.ipfire.org/download

How do I use this software?

We have a long and detailed documentation located here which should answer most of your questions.

But I have some questions left. Where can I get support?

You can ask your question at our community located here. A complete list of our support channels can be found here.

How can I contribute?

We have another document for this. Please look here.

Languages

Perl 70.4%

Shell 23%

C 4%

Python 0.6%

Makefile 0.5%

Other 1.4%