pfBlockerNG L2TP VPN support. Implements #8332 #954
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
vktg
commented
Oct 3, 2020
vktg
commented
- Redmine Issue: https://redmine.pfsense.org/issues/8332
- Ready for review
|
The code looks ok to me, but I don't know that code well. I think the comment for the function is out of date now that it's "-devel" and settings have been moved. // Collect all Interfaces for General Tab and DNSBL Firewall Permit Rule |
jim-p
approved these changes
Oct 5, 2020
netgate-git-updates
pushed a commit
that referenced
this pull request
Jan 26, 2021
security/sudo - update 1.9.5p1 to 1.9.5p2 (text/plain) Sudo version 1.9.5p2 is now available which fixes CVE-2021-3156 (aka Baron Samedit), a severe security vulnerability in sudo versions 1.8.2 through 1.9.5p1. For more details, see: https://www.sudo.ws/alerts/unescape_overflow.html https://www.openwall.com/lists/oss-security/2021/01/26/3 Source: https://www.sudo.ws/dist/sudo-1.9.5p2.tar.gz ftp://ftp.sudo.ws/pub/sudo/sudo-1.9.5p2.tar.gz SHA256 539e2ef43c8a55026697fb0474ab6a925a11206b5aa58710cb42a0e1c81f0978 MD5 e6bc4c18c06346e6b3431637a2b5f3d5 Patch: https://www.sudo.ws/dist/sudo-1.9.5p2.patch.gz ftp://ftp.sudo.ws/pub/sudo/sudo-1.9.5p2.patch.gz SHA256 0dd80809c4061670a0b393445b2807be452caf5d5988f279e736040cef1c14dc MD5 2816f5fa537c61fb913046ef20b88e3b Binary packages: https://www.sudo.ws/download.html#binary https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_5p2 For a list of download mirror sites, see: https://www.sudo.ws/download_mirrors.html Sudo web site: https://www.sudo.ws/ Sudo web site mirrors: https://www.sudo.ws/mirrors.html Major changes between sudo 1.9.5p2 and 1.9.5p1 * Fixed sudo's setprogname(3) emulation on systems that don't provide it. * Fixed a problem with the sudoers log server client where a partial write to the server could result the sudo process consuming large amounts of CPU time due to a cycle in the buffer queue. Bug #954. * Added a missing dependency on libsudo_util in libsudo_eventlog. Fixes a link error when building sudo statically. * The user's KRB5CCNAME environment variable is now preserved when performing PAM authentication. This fixes GSSAPI authentication when the user has a non-default ccache. * When invoked as sudoedit, the same set of command line options are now accepted as for "sudo -e". The -H and -P options are now rejected for sudoedit and "sudo -e" which matches the sudo 1.7 behavior. This is part of the fix for CVE-2021-3156. * Fixed a potential buffer overflow when unescaping backslashes in the command's arguments. Normally, sudo escapes special characters when running a command via a shell (sudo -s or sudo -i). However, it was also possible to run sudoedit with the -s or -i flags in which case no escaping had actually been done, making a buffer overflow possible. This fixes CVE-2021-3156. Major changes between sudo 1.9.5p1 and 1.9.5 * Fixed a regression introduced in sudo 1.9.5 where the editor run by sudoedit was set-user-ID root unless SELinux RBAC was in use. The editor is now run with the user's real and effective user-IDs. Major changes between sudo 1.9.5 and 1.9.4p2 * Fixed a crash introduced in 1.9.4 when running "sudo -i" as an unknown user. This is related to but distinct from Bug #948. * If the "lecture_file" setting is enabled in sudoers, it must now refer to a regular file or a symbolic link to a regular file. * Fixed a potential use-after-free bug in sudo_logsrvd when the server shuts down if there are existing connections from clients that are only logging events and not session I/O data. * Fixed a buffer size mismatch when serializing the list of IP addresses for configured network interfaces. This bug is not actually exploitable since the allocated buffer is large enough to hold the list of addresses. * If sudo is executed with a name other than "sudo" or "sudoedit", it will now fall back to "sudo" as the program name. This affects warning, help and usage messages as well as the matching of Debug lines in the /etc/sudo.conf file. Previously, it was possible for the invoking user to manipulate the program name by setting argv[0] to an arbitrary value when executing sudo. * Sudo now checks for failure when setting the close-on-exec flag on open file descriptors. This should never fail but, if it were to, there is the possibility of a file descriptor leak to a child process (such as the command sudo runs). * Fixed CVE-2021-23239, a potential information leak in sudoedit that could be used to test for the existence of directories not normally accessible to the user in certain circumstances. When creating a new file, sudoedit checks to make sure the parent directory of the new file exists before running the editor. However, a race condition exists if the invoking user can replace (or create) the parent directory. If a symbolic link is created in place of the parent directory, sudoedit will run the editor as long as the target of the link exists. If the target of the link does not exist, an error message will be displayed. The race condition can be used to test for the existence of an arbitrary directory. However, it _cannot_ be used to write to an arbitrary location. * Fixed CVE-2021-23240, a flaw in the temporary file handling of sudoedit's SELinux RBAC support. On systems where SELinux is enabled, a user with sudoedit permissions may be able to set the owner of an arbitrary file to the user-ID of the target user. On Linux kernels that support "protected symlinks", setting /proc/sys/fs/protected_symlinks to 1 will prevent the bug from being exploited. For more information see https://www.sudo.ws/alerts/sudoedit_selinux.html. * Added writability checks for sudoedit when SELinux RBAC is in use. This makes sudoedit behavior consistent regardless of whether or not SELinux RBAC is in use. Previously, the "sudoedit_checkdir" setting had no effect for RBAC entries. * A new sudoers option "selinux" can be used to disable sudo's SELinux RBAC support. * Quieted warnings from PVS Studio, clang analyzer, and cppcheck. Added suppression annotations for PVS Studio false positives. PR: 253034 Submitted by: cy Reported by: cy Reviewed by: emaste Approved by: emaste Approved by: ports-secteam (delphij) Security: CVE-2021-3156, CVE-2021-3156 Differential Revision: https://reviews.freebsd.org/D28363
netgate-git-updates
pushed a commit
that referenced
this pull request
Jan 26, 2021
(text/plain) Sudo version 1.9.5p2 is now available which fixes CVE-2021-3156 (aka Baron Samedit), a severe security vulnerability in sudo versions 1.8.2 through 1.9.5p1. For more details, see: https://www.sudo.ws/alerts/unescape_overflow.html https://www.openwall.com/lists/oss-security/2021/01/26/3 Source: https://www.sudo.ws/dist/sudo-1.9.5p2.tar.gz ftp://ftp.sudo.ws/pub/sudo/sudo-1.9.5p2.tar.gz SHA256 539e2ef43c8a55026697fb0474ab6a925a11206b5aa58710cb42a0e1c81f0978 MD5 e6bc4c18c06346e6b3431637a2b5f3d5 Patch: https://www.sudo.ws/dist/sudo-1.9.5p2.patch.gz ftp://ftp.sudo.ws/pub/sudo/sudo-1.9.5p2.patch.gz SHA256 0dd80809c4061670a0b393445b2807be452caf5d5988f279e736040cef1c14dc MD5 2816f5fa537c61fb913046ef20b88e3b Binary packages: https://www.sudo.ws/download.html#binary https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_5p2 For a list of download mirror sites, see: https://www.sudo.ws/download_mirrors.html Sudo web site: https://www.sudo.ws/ Sudo web site mirrors: https://www.sudo.ws/mirrors.html Major changes between sudo 1.9.5p2 and 1.9.5p1 * Fixed sudo's setprogname(3) emulation on systems that don't provide it. * Fixed a problem with the sudoers log server client where a partial write to the server could result the sudo process consuming large amounts of CPU time due to a cycle in the buffer queue. Bug #954. * Added a missing dependency on libsudo_util in libsudo_eventlog. Fixes a link error when building sudo statically. * The user's KRB5CCNAME environment variable is now preserved when performing PAM authentication. This fixes GSSAPI authentication when the user has a non-default ccache. * When invoked as sudoedit, the same set of command line options are now accepted as for "sudo -e". The -H and -P options are now rejected for sudoedit and "sudo -e" which matches the sudo 1.7 behavior. This is part of the fix for CVE-2021-3156. * Fixed a potential buffer overflow when unescaping backslashes in the command's arguments. Normally, sudo escapes special characters when running a command via a shell (sudo -s or sudo -i). However, it was also possible to run sudoedit with the -s or -i flags in which case no escaping had actually been done, making a buffer overflow possible. This fixes CVE-2021-3156. Major changes between sudo 1.9.5p1 and 1.9.5 * Fixed a regression introduced in sudo 1.9.5 where the editor run by sudoedit was set-user-ID root unless SELinux RBAC was in use. The editor is now run with the user's real and effective user-IDs. Major changes between sudo 1.9.5 and 1.9.4p2 * Fixed a crash introduced in 1.9.4 when running "sudo -i" as an unknown user. This is related to but distinct from Bug #948. * If the "lecture_file" setting is enabled in sudoers, it must now refer to a regular file or a symbolic link to a regular file. * Fixed a potential use-after-free bug in sudo_logsrvd when the server shuts down if there are existing connections from clients that are only logging events and not session I/O data. * Fixed a buffer size mismatch when serializing the list of IP addresses for configured network interfaces. This bug is not actually exploitable since the allocated buffer is large enough to hold the list of addresses. * If sudo is executed with a name other than "sudo" or "sudoedit", it will now fall back to "sudo" as the program name. This affects warning, help and usage messages as well as the matching of Debug lines in the /etc/sudo.conf file. Previously, it was possible for the invoking user to manipulate the program name by setting argv[0] to an arbitrary value when executing sudo. * Sudo now checks for failure when setting the close-on-exec flag on open file descriptors. This should never fail but, if it were to, there is the possibility of a file descriptor leak to a child process (such as the command sudo runs). * Fixed CVE-2021-23239, a potential information leak in sudoedit that could be used to test for the existence of directories not normally accessible to the user in certain circumstances. When creating a new file, sudoedit checks to make sure the parent directory of the new file exists before running the editor. However, a race condition exists if the invoking user can replace (or create) the parent directory. If a symbolic link is created in place of the parent directory, sudoedit will run the editor as long as the target of the link exists. If the target of the link does not exist, an error message will be displayed. The race condition can be used to test for the existence of an arbitrary directory. However, it _cannot_ be used to write to an arbitrary location. * Fixed CVE-2021-23240, a flaw in the temporary file handling of sudoedit's SELinux RBAC support. On systems where SELinux is enabled, a user with sudoedit permissions may be able to set the owner of an arbitrary file to the user-ID of the target user. On Linux kernels that support "protected symlinks", setting /proc/sys/fs/protected_symlinks to 1 will prevent the bug from being exploited. For more information see https://www.sudo.ws/alerts/sudoedit_selinux.html. * Added writability checks for sudoedit when SELinux RBAC is in use. This makes sudoedit behavior consistent regardless of whether or not SELinux RBAC is in use. Previously, the "sudoedit_checkdir" setting had no effect for RBAC entries. * A new sudoers option "selinux" can be used to disable sudo's SELinux RBAC support. * Quieted warnings from PVS Studio, clang analyzer, and cppcheck. Added suppression annotations for PVS Studio false positives. PR: 253034 Submitted by: cy Reported by: cy Reviewed by: emaste Approved by: emaste MFH: 2020Q1 Security: CVE-2021-3156, CVE-2021-3156 Differential Revision: https://reviews.freebsd.org/D28363
netgate-git-updates
pushed a commit
that referenced
this pull request
Nov 13, 2023
ChangeLog: https://nlnetlabs.nl/news/2023/Nov/08/unbound-1.19.0-released/ Features * Fix #850: [FR] Ability to use specific database in Redis, with new redis-logical-db configuration option. * Merge #944: Disable EDNS DO. Disable the EDNS DO flag in upstream requests. This can be helpful for devices that cannot handle DNSSEC information. But it should not be enabled otherwise, because that would stop DNSSEC validation. The DNSSEC validation would not work for Unbound itself, and also not for downstream users. Default is no. The option is disable-edns-do: no * Expose the script filename in the Python module environment 'mod_env' instead of the config_file structure which includes the linked list of scripts in a multi Python module setup; fixes #79. * Expose the configured listening and outgoing interfaces, if any, as a list of strings in the Python 'config_file' class instead of the current Swig object proxy; fixes #79. * Mailing list patches from Daniel Gröber for DNS64 fallback to plain AAAA when no A record exists for synthesis, and minor DNS64 code refactoring for better readability. * Merge #951: Cachedb no store. The cachedb-no-store: yes option is used to stop cachedb from writing messages to the backend storage. It reads messages when data is available from the backend. The default is no. Bug Fixes * Fix for version generation race condition that ignored changes. * Fix #942: 1.18.0 libunbound DNS regression when built without OpenSSL. * Fix for WKS call to getservbyname that creates allocation on exit in unit test by testing numbers first and testing from the services list later. * Fix autoconf 2.69 warnings in configure. * Fix #927: unbound 1.18.0 make test error. Fix make test without SHA1. * Merge #931: Prevent warnings from -Wmissing-prototypes. * Fix to scrub resource records of type A and AAAA that have an inappropriate size. They are removed from responses. * Fix to move msgparse_rrset_remove_rr code to util/msgparse.c. * Fix to add EDE text when RRs have been removed due to length. * Fix to set ede match in unit test for rr length removal. * Fix to print EDE text in readable form in output logs. * Fix send of udp retries when ENOBUFS is returned. It stops looping and also waits for the condition to go away. Reported by Florian Obser. * Fix authority zone answers for obscured DNAMEs and delegations. * Merge #936: Check for c99 with autoconf versions prior to 2.70. * Fix to remove two c99 notations. * Fix rpz tcp-only action with rpz triggers nsdname and nsip. * Fix misplaced comment. * Merge #881: Generalise the proxy protocol code. * Fix #946: Forwarder returns servfail on upstream response noerror no data. * Fix edns subnet so that queries with a source prefix of zero cause the recursor send no edns subnet option to the upstream. * Fix that printout of EDNS options shows the EDNS cookie option by name. * Fix infinite loop when reading multiple lines of input on a broken remote control socket. Addesses #947 and #948. * Fix #949: "could not create control compt". * Fix that cachedb does not warn when serve-expired is disabled about use of serve-expired-reply-ttl and serve-expired-client-timeout. * Fix for #949: Fix pythonmod/ubmodule-tst.py for Python 3.x. * Better fix for infinite loop when reading multiple lines of input on a broken remote control socket, by treating a zero byte line the same as transmission end. Addesses #947 and #948. * For multi Python module setups, clean previously parsed module functions in __main__'s dictionary, if any, so that only current module functions are registered. * Fix #954: Inconsistent RPZ handling for A record returned along with CNAME. * Fixes for the DNS64 patches. * Update the dns64_lookup.rpl test for the DNS64 fallback patch. * Merge #955 from buevsan: fix ipset wrong behavior. * Update testdata/ipset.tdir test for ipset fix. * Fix to print detailed errors when an SSL IO routine fails via SSL_get_error. * Clearer configure text for missing protobuf-c development libraries. * autoconf. * Merge #930 from Stuart Henderson: add void to log_ident_revert_to_default declaration. * Fix #941: dnscrypt doesn't work after upgrade to 1.18 with suggestion by dukeartem to also fix the udp_ancil with dnscrypt. * Fix SSL compile failure for definition in log_crypto_err_io_code_arg. * Fix SSL compile failure for other missing definitions in log_crypto_err_io_code_arg. * Fix compilation without openssl, remove unused function warning. * Mention flex and bison in README.md when building from repository source. PR: 275012 Reported by: jaap@NLnetLabs.nl (maintainer)
netgate-git-updates
pushed a commit
that referenced
this pull request
Mar 4, 2024
ChangeLog: https://nlnetlabs.nl/news/2023/Nov/08/unbound-1.19.0-released/ Features * Fix #850: [FR] Ability to use specific database in Redis, with new redis-logical-db configuration option. * Merge #944: Disable EDNS DO. Disable the EDNS DO flag in upstream requests. This can be helpful for devices that cannot handle DNSSEC information. But it should not be enabled otherwise, because that would stop DNSSEC validation. The DNSSEC validation would not work for Unbound itself, and also not for downstream users. Default is no. The option is disable-edns-do: no * Expose the script filename in the Python module environment 'mod_env' instead of the config_file structure which includes the linked list of scripts in a multi Python module setup; fixes #79. * Expose the configured listening and outgoing interfaces, if any, as a list of strings in the Python 'config_file' class instead of the current Swig object proxy; fixes #79. * Mailing list patches from Daniel Gröber for DNS64 fallback to plain AAAA when no A record exists for synthesis, and minor DNS64 code refactoring for better readability. * Merge #951: Cachedb no store. The cachedb-no-store: yes option is used to stop cachedb from writing messages to the backend storage. It reads messages when data is available from the backend. The default is no. Bug Fixes * Fix for version generation race condition that ignored changes. * Fix #942: 1.18.0 libunbound DNS regression when built without OpenSSL. * Fix for WKS call to getservbyname that creates allocation on exit in unit test by testing numbers first and testing from the services list later. * Fix autoconf 2.69 warnings in configure. * Fix #927: unbound 1.18.0 make test error. Fix make test without SHA1. * Merge #931: Prevent warnings from -Wmissing-prototypes. * Fix to scrub resource records of type A and AAAA that have an inappropriate size. They are removed from responses. * Fix to move msgparse_rrset_remove_rr code to util/msgparse.c. * Fix to add EDE text when RRs have been removed due to length. * Fix to set ede match in unit test for rr length removal. * Fix to print EDE text in readable form in output logs. * Fix send of udp retries when ENOBUFS is returned. It stops looping and also waits for the condition to go away. Reported by Florian Obser. * Fix authority zone answers for obscured DNAMEs and delegations. * Merge #936: Check for c99 with autoconf versions prior to 2.70. * Fix to remove two c99 notations. * Fix rpz tcp-only action with rpz triggers nsdname and nsip. * Fix misplaced comment. * Merge #881: Generalise the proxy protocol code. * Fix #946: Forwarder returns servfail on upstream response noerror no data. * Fix edns subnet so that queries with a source prefix of zero cause the recursor send no edns subnet option to the upstream. * Fix that printout of EDNS options shows the EDNS cookie option by name. * Fix infinite loop when reading multiple lines of input on a broken remote control socket. Addesses #947 and #948. * Fix #949: "could not create control compt". * Fix that cachedb does not warn when serve-expired is disabled about use of serve-expired-reply-ttl and serve-expired-client-timeout. * Fix for #949: Fix pythonmod/ubmodule-tst.py for Python 3.x. * Better fix for infinite loop when reading multiple lines of input on a broken remote control socket, by treating a zero byte line the same as transmission end. Addesses #947 and #948. * For multi Python module setups, clean previously parsed module functions in __main__'s dictionary, if any, so that only current module functions are registered. * Fix #954: Inconsistent RPZ handling for A record returned along with CNAME. * Fixes for the DNS64 patches. * Update the dns64_lookup.rpl test for the DNS64 fallback patch. * Merge #955 from buevsan: fix ipset wrong behavior. * Update testdata/ipset.tdir test for ipset fix. * Fix to print detailed errors when an SSL IO routine fails via SSL_get_error. * Clearer configure text for missing protobuf-c development libraries. * autoconf. * Merge #930 from Stuart Henderson: add void to log_ident_revert_to_default declaration. * Fix #941: dnscrypt doesn't work after upgrade to 1.18 with suggestion by dukeartem to also fix the udp_ancil with dnscrypt. * Fix SSL compile failure for definition in log_crypto_err_io_code_arg. * Fix SSL compile failure for other missing definitions in log_crypto_err_io_code_arg. * Fix compilation without openssl, remove unused function warning. * Mention flex and bison in README.md when building from repository source. PR: 275012 Reported by: jaap@NLnetLabs.nl (maintainer) (cherry picked from commit bb5a92c)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.