From e603fd28b9485202326ec1ee2452538a4304f4a2 Mon Sep 17 00:00:00 2001 From: "peter.mueller@ipfire.org" Date: Tue, 29 Oct 2019 18:37:00 +0000 Subject: [PATCH 01/10] Tor: fix permissions of /var/ipfire/tor/torrc after installation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fixes #12220 Reported-by: Michael Tremer Signed-off-by: Peter Müller Signed-off-by: Arne Fitzenreiter --- lfs/tor | 2 +- src/paks/tor/install.sh | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/lfs/tor b/lfs/tor index ea07f6ce2..178f84be9 100644 --- a/lfs/tor +++ b/lfs/tor @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = tor -PAK_VER = 43 +PAK_VER = 44 DEPS = "libseccomp" diff --git a/src/paks/tor/install.sh b/src/paks/tor/install.sh index 4d0353155..369b65f71 100644 --- a/src/paks/tor/install.sh +++ b/src/paks/tor/install.sh @@ -36,10 +36,10 @@ extract_files restore_backup ${NAME} # Adjust some folder permission for new UID/GID -chown -R tor:tor /var/lib/tor /var/ipfire/tor +chown -R tor:tor /var/lib/tor +chown -R tor:nobody /var/ipfire/tor -# Tor settings file needs to be writeable by nobody group for WebUI -chown tor:nobody /var/ipfire/tor/settings -chmod 664 /var/ipfire/tor/settings +# Tor settings files needs to be writeable by nobody group for WebUI +chmod 664 /var/ipfire/tor/{settings,torrc} start_service --background ${NAME} From b0f2208425d62bd86729161c498c2de3215a558a Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Thu, 14 Nov 2019 01:55:46 +0000 Subject: [PATCH 02/10] intel-microcode: fix rootfile Signed-off-by: Arne Fitzenreiter --- config/rootfiles/common/x86_64/intel-microcode | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/config/rootfiles/common/x86_64/intel-microcode b/config/rootfiles/common/x86_64/intel-microcode index df05c2de5..2aa6f9301 100644 --- a/config/rootfiles/common/x86_64/intel-microcode +++ b/config/rootfiles/common/x86_64/intel-microcode @@ -63,8 +63,11 @@ lib/firmware/intel-ucode/06-46-01 lib/firmware/intel-ucode/06-47-01 lib/firmware/intel-ucode/06-4c-03 lib/firmware/intel-ucode/06-4c-04 +lib/firmware/intel-ucode/06-4d-08 lib/firmware/intel-ucode/06-4e-03 +lib/firmware/intel-ucode/06-55-03 lib/firmware/intel-ucode/06-55-04 +lib/firmware/intel-ucode/06-55-06 lib/firmware/intel-ucode/06-55-07 lib/firmware/intel-ucode/06-56-02 lib/firmware/intel-ucode/06-56-03 @@ -75,7 +78,10 @@ lib/firmware/intel-ucode/06-5c-09 lib/firmware/intel-ucode/06-5c-0a lib/firmware/intel-ucode/06-5e-03 lib/firmware/intel-ucode/06-5f-01 +lib/firmware/intel-ucode/06-66-03 lib/firmware/intel-ucode/06-7a-01 +lib/firmware/intel-ucode/06-7a-08 +lib/firmware/intel-ucode/06-7e-05 lib/firmware/intel-ucode/06-8e-09 lib/firmware/intel-ucode/06-8e-0a lib/firmware/intel-ucode/06-8e-0b @@ -83,8 +89,8 @@ lib/firmware/intel-ucode/06-8e-0c lib/firmware/intel-ucode/06-9e-09 lib/firmware/intel-ucode/06-9e-0a lib/firmware/intel-ucode/06-9e-0b -lib/firmware/intel-ucode/06-9e-0c lib/firmware/intel-ucode/06-9e-0d +lib/firmware/intel-ucode/06-a6-00 lib/firmware/intel-ucode/0f-00-07 lib/firmware/intel-ucode/0f-00-0a lib/firmware/intel-ucode/0f-01-02 From b1dc936cc60e651773095ceaadbfcbeed2666f84 Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Thu, 14 Nov 2019 17:28:38 +0000 Subject: [PATCH 03/10] rename core138 -> core139 to insert a emergency core update Signed-off-by: Arne Fitzenreiter --- .../core/137/filelists/IO-Socket-SSL | 1 - .../rootfiles/core/137/filelists/Net_SSLeay | 1 - .../core/137/filelists/aarch64/linux | 1 - .../core/137/filelists/aarch64/linux-initrd | 1 - .../filelists/armv5tel/linux-initrd-kirkwood | 1 - .../137/filelists/armv5tel/linux-initrd-multi | 1 - .../137/filelists/armv5tel/linux-kirkwood | 1 - .../core/137/filelists/armv5tel/linux-multi | 1 - config/rootfiles/core/137/filelists/bind | 1 - config/rootfiles/core/137/filelists/collectd | 1 - config/rootfiles/core/137/filelists/dhcpcd | 1 - config/rootfiles/core/137/filelists/files | 22 ----- .../rootfiles/core/137/filelists/i586/linux | 1 - .../core/137/filelists/i586/linux-initrd | 1 - config/rootfiles/core/137/filelists/iproute2 | 1 - config/rootfiles/core/137/filelists/ipset | 1 - config/rootfiles/core/137/filelists/iptables | 1 - config/rootfiles/core/137/filelists/knot | 1 - config/rootfiles/core/137/filelists/libhtp | 1 - .../core/137/filelists/libnetfilter_queue | 1 - config/rootfiles/core/137/filelists/libpcap | 1 - config/rootfiles/core/137/filelists/libssh | 1 - config/rootfiles/core/137/filelists/pcre | 1 - .../rootfiles/core/137/filelists/strongswan | 1 - config/rootfiles/core/137/filelists/suricata | 1 - config/rootfiles/core/137/filelists/tzdata | 1 - config/rootfiles/core/137/filelists/unbound | 1 - .../core/137/filelists/wpa_supplicant | 1 - .../rootfiles/core/137/filelists/x86_64/linux | 1 - .../core/137/filelists/x86_64/linux-initrd | 1 - config/rootfiles/core/{137 => 139}/exclude | 0 config/rootfiles/core/139/filelists/bash | 1 + .../core/139/filelists/ca-certificates | 1 + config/rootfiles/core/139/filelists/ddns | 1 + config/rootfiles/core/139/filelists/files | 16 ++++ .../core/139/filelists/i586/intel-microcode | 1 + .../core/139/filelists/i586/openssl-sse2 | 1 + config/rootfiles/core/139/filelists/logwatch | 1 + config/rootfiles/core/139/filelists/lz4 | 1 + config/rootfiles/core/139/filelists/openssl | 1 + config/rootfiles/core/139/filelists/openvpn | 1 + config/rootfiles/core/139/filelists/readline | 1 + .../core/139/filelists/readline-compat | 1 + config/rootfiles/core/139/filelists/squid | 1 + .../core/139/filelists/x86_64/intel-microcode | 1 + config/rootfiles/core/{137 => 139}/update.sh | 90 +------------------ 46 files changed, 32 insertions(+), 138 deletions(-) delete mode 120000 config/rootfiles/core/137/filelists/IO-Socket-SSL delete mode 120000 config/rootfiles/core/137/filelists/Net_SSLeay delete mode 120000 config/rootfiles/core/137/filelists/aarch64/linux delete mode 120000 config/rootfiles/core/137/filelists/aarch64/linux-initrd delete mode 120000 config/rootfiles/core/137/filelists/armv5tel/linux-initrd-kirkwood delete mode 120000 config/rootfiles/core/137/filelists/armv5tel/linux-initrd-multi delete mode 120000 config/rootfiles/core/137/filelists/armv5tel/linux-kirkwood delete mode 120000 config/rootfiles/core/137/filelists/armv5tel/linux-multi delete mode 120000 config/rootfiles/core/137/filelists/bind delete mode 120000 config/rootfiles/core/137/filelists/collectd delete mode 120000 config/rootfiles/core/137/filelists/dhcpcd delete mode 100644 config/rootfiles/core/137/filelists/files delete mode 120000 config/rootfiles/core/137/filelists/i586/linux delete mode 120000 config/rootfiles/core/137/filelists/i586/linux-initrd delete mode 120000 config/rootfiles/core/137/filelists/iproute2 delete mode 120000 config/rootfiles/core/137/filelists/ipset delete mode 120000 config/rootfiles/core/137/filelists/iptables delete mode 120000 config/rootfiles/core/137/filelists/knot delete mode 120000 config/rootfiles/core/137/filelists/libhtp delete mode 120000 config/rootfiles/core/137/filelists/libnetfilter_queue delete mode 120000 config/rootfiles/core/137/filelists/libpcap delete mode 120000 config/rootfiles/core/137/filelists/libssh delete mode 120000 config/rootfiles/core/137/filelists/pcre delete mode 120000 config/rootfiles/core/137/filelists/strongswan delete mode 120000 config/rootfiles/core/137/filelists/suricata delete mode 120000 config/rootfiles/core/137/filelists/tzdata delete mode 120000 config/rootfiles/core/137/filelists/unbound delete mode 120000 config/rootfiles/core/137/filelists/wpa_supplicant delete mode 120000 config/rootfiles/core/137/filelists/x86_64/linux delete mode 120000 config/rootfiles/core/137/filelists/x86_64/linux-initrd rename config/rootfiles/core/{137 => 139}/exclude (100%) create mode 120000 config/rootfiles/core/139/filelists/bash create mode 120000 config/rootfiles/core/139/filelists/ca-certificates create mode 120000 config/rootfiles/core/139/filelists/ddns create mode 100644 config/rootfiles/core/139/filelists/files create mode 120000 config/rootfiles/core/139/filelists/i586/intel-microcode create mode 120000 config/rootfiles/core/139/filelists/i586/openssl-sse2 create mode 120000 config/rootfiles/core/139/filelists/logwatch create mode 120000 config/rootfiles/core/139/filelists/lz4 create mode 120000 config/rootfiles/core/139/filelists/openssl create mode 120000 config/rootfiles/core/139/filelists/openvpn create mode 120000 config/rootfiles/core/139/filelists/readline create mode 120000 config/rootfiles/core/139/filelists/readline-compat create mode 120000 config/rootfiles/core/139/filelists/squid create mode 120000 config/rootfiles/core/139/filelists/x86_64/intel-microcode rename config/rootfiles/core/{137 => 139}/update.sh (51%) diff --git a/config/rootfiles/core/137/filelists/IO-Socket-SSL b/config/rootfiles/core/137/filelists/IO-Socket-SSL deleted file mode 120000 index d24492371..000000000 --- a/config/rootfiles/core/137/filelists/IO-Socket-SSL +++ /dev/null @@ -1 +0,0 @@ -../../../common/IO-Socket-SSL \ No newline at end of file diff --git a/config/rootfiles/core/137/filelists/Net_SSLeay b/config/rootfiles/core/137/filelists/Net_SSLeay deleted file mode 120000 index 13fe0560c..000000000 --- a/config/rootfiles/core/137/filelists/Net_SSLeay +++ /dev/null @@ -1 +0,0 @@ -../../../common/Net_SSLeay \ No newline at end of file diff --git a/config/rootfiles/core/137/filelists/aarch64/linux b/config/rootfiles/core/137/filelists/aarch64/linux deleted file mode 120000 index 3a2532bc7..000000000 --- a/config/rootfiles/core/137/filelists/aarch64/linux +++ /dev/null @@ -1 +0,0 @@ -../../../../common/aarch64/linux \ No newline at end of file diff --git a/config/rootfiles/core/137/filelists/aarch64/linux-initrd b/config/rootfiles/core/137/filelists/aarch64/linux-initrd deleted file mode 120000 index 8acdb0f31..000000000 --- a/config/rootfiles/core/137/filelists/aarch64/linux-initrd +++ /dev/null @@ -1 +0,0 @@ -../../../../common/aarch64/linux-initrd \ No newline at end of file diff --git a/config/rootfiles/core/137/filelists/armv5tel/linux-initrd-kirkwood b/config/rootfiles/core/137/filelists/armv5tel/linux-initrd-kirkwood deleted file mode 120000 index 39c5591b7..000000000 --- a/config/rootfiles/core/137/filelists/armv5tel/linux-initrd-kirkwood +++ /dev/null @@ -1 +0,0 @@ -../../../../common/armv5tel/linux-initrd-kirkwood \ No newline at end of file diff --git a/config/rootfiles/core/137/filelists/armv5tel/linux-initrd-multi b/config/rootfiles/core/137/filelists/armv5tel/linux-initrd-multi deleted file mode 120000 index 0b1b4530a..000000000 --- a/config/rootfiles/core/137/filelists/armv5tel/linux-initrd-multi +++ /dev/null @@ -1 +0,0 @@ -../../../../common/armv5tel/linux-initrd-multi \ No newline at end of file diff --git a/config/rootfiles/core/137/filelists/armv5tel/linux-kirkwood b/config/rootfiles/core/137/filelists/armv5tel/linux-kirkwood deleted file mode 120000 index 72171071e..000000000 --- a/config/rootfiles/core/137/filelists/armv5tel/linux-kirkwood +++ /dev/null @@ -1 +0,0 @@ -../../../../common/armv5tel/linux-kirkwood \ No newline at end of file diff --git a/config/rootfiles/core/137/filelists/armv5tel/linux-multi b/config/rootfiles/core/137/filelists/armv5tel/linux-multi deleted file mode 120000 index 204eb4c43..000000000 --- a/config/rootfiles/core/137/filelists/armv5tel/linux-multi +++ /dev/null @@ -1 +0,0 @@ -../../../../common/armv5tel/linux-multi \ No newline at end of file diff --git a/config/rootfiles/core/137/filelists/bind b/config/rootfiles/core/137/filelists/bind deleted file mode 120000 index 48a0ebaef..000000000 --- a/config/rootfiles/core/137/filelists/bind +++ /dev/null @@ -1 +0,0 @@ -../../../common/bind \ No newline at end of file diff --git a/config/rootfiles/core/137/filelists/collectd b/config/rootfiles/core/137/filelists/collectd deleted file mode 120000 index 871b32f14..000000000 --- a/config/rootfiles/core/137/filelists/collectd +++ /dev/null @@ -1 +0,0 @@ -../../../common/collectd \ No newline at end of file diff --git a/config/rootfiles/core/137/filelists/dhcpcd b/config/rootfiles/core/137/filelists/dhcpcd deleted file mode 120000 index 1e799dabb..000000000 --- a/config/rootfiles/core/137/filelists/dhcpcd +++ /dev/null @@ -1 +0,0 @@ -../../../common/dhcpcd \ No newline at end of file diff --git a/config/rootfiles/core/137/filelists/files b/config/rootfiles/core/137/filelists/files deleted file mode 100644 index 3b7c8d23b..000000000 --- a/config/rootfiles/core/137/filelists/files +++ /dev/null @@ -1,22 +0,0 @@ -etc/system-release -etc/issue -srv/web/ipfire/cgi-bin/credits.cgi -usr/lib/firewall/rules.pl -usr/sbin/firewall-policy -var/ipfire/langs -etc/logrotate.conf -etc/rc.d/init.d/firewall -etc/rc.d/init.d/unbound -etc/rc.d/init.d/networking/red.up/99-geoip-database -etc/sysctl.conf -srv/web/ipfire/cgi-bin/dns.cgi -srv/web/ipfire/cgi-bin/ovpnmain.cgi -srv/web/ipfire/cgi-bin/qos.cgi -srv/web/ipfire/cgi-bin/vpnmain.cgi -usr/lib/firewall/rules.pl -usr/sbin/firewall-policy -usr/local/bin/xt_geoip_update -var/ipfire/backup/bin/backup.pl -var/ipfire/qos/bin/makeqosscripts.pl -var/ipfire/suricata/ruleset-sources -srv/web/ipfire/cgi-bin/ovpnmain.cgi diff --git a/config/rootfiles/core/137/filelists/i586/linux b/config/rootfiles/core/137/filelists/i586/linux deleted file mode 120000 index 693ec4bbf..000000000 --- a/config/rootfiles/core/137/filelists/i586/linux +++ /dev/null @@ -1 +0,0 @@ -../../../../common/i586/linux \ No newline at end of file diff --git a/config/rootfiles/core/137/filelists/i586/linux-initrd b/config/rootfiles/core/137/filelists/i586/linux-initrd deleted file mode 120000 index 32a03e6a9..000000000 --- a/config/rootfiles/core/137/filelists/i586/linux-initrd +++ /dev/null @@ -1 +0,0 @@ -../../../../common/i586/linux-initrd \ No newline at end of file diff --git a/config/rootfiles/core/137/filelists/iproute2 b/config/rootfiles/core/137/filelists/iproute2 deleted file mode 120000 index 05f0f71fb..000000000 --- a/config/rootfiles/core/137/filelists/iproute2 +++ /dev/null @@ -1 +0,0 @@ -../../../common/iproute2 \ No newline at end of file diff --git a/config/rootfiles/core/137/filelists/ipset b/config/rootfiles/core/137/filelists/ipset deleted file mode 120000 index 2b43691f2..000000000 --- a/config/rootfiles/core/137/filelists/ipset +++ /dev/null @@ -1 +0,0 @@ -../../../common/ipset \ No newline at end of file diff --git a/config/rootfiles/core/137/filelists/iptables b/config/rootfiles/core/137/filelists/iptables deleted file mode 120000 index 8caf12bcc..000000000 --- a/config/rootfiles/core/137/filelists/iptables +++ /dev/null @@ -1 +0,0 @@ -../../../common/iptables \ No newline at end of file diff --git a/config/rootfiles/core/137/filelists/knot b/config/rootfiles/core/137/filelists/knot deleted file mode 120000 index 28e96f878..000000000 --- a/config/rootfiles/core/137/filelists/knot +++ /dev/null @@ -1 +0,0 @@ -../../../common/knot \ No newline at end of file diff --git a/config/rootfiles/core/137/filelists/libhtp b/config/rootfiles/core/137/filelists/libhtp deleted file mode 120000 index 676e2c5e8..000000000 --- a/config/rootfiles/core/137/filelists/libhtp +++ /dev/null @@ -1 +0,0 @@ -../../../common/libhtp \ No newline at end of file diff --git a/config/rootfiles/core/137/filelists/libnetfilter_queue b/config/rootfiles/core/137/filelists/libnetfilter_queue deleted file mode 120000 index 9344b04bf..000000000 --- a/config/rootfiles/core/137/filelists/libnetfilter_queue +++ /dev/null @@ -1 +0,0 @@ -../../../common/libnetfilter_queue \ No newline at end of file diff --git a/config/rootfiles/core/137/filelists/libpcap b/config/rootfiles/core/137/filelists/libpcap deleted file mode 120000 index c7f9f52a8..000000000 --- a/config/rootfiles/core/137/filelists/libpcap +++ /dev/null @@ -1 +0,0 @@ -../../../common/libpcap \ No newline at end of file diff --git a/config/rootfiles/core/137/filelists/libssh b/config/rootfiles/core/137/filelists/libssh deleted file mode 120000 index ecbb67053..000000000 --- a/config/rootfiles/core/137/filelists/libssh +++ /dev/null @@ -1 +0,0 @@ -../../../common/libssh \ No newline at end of file diff --git a/config/rootfiles/core/137/filelists/pcre b/config/rootfiles/core/137/filelists/pcre deleted file mode 120000 index b390d9a36..000000000 --- a/config/rootfiles/core/137/filelists/pcre +++ /dev/null @@ -1 +0,0 @@ -../../../common/pcre \ No newline at end of file diff --git a/config/rootfiles/core/137/filelists/strongswan b/config/rootfiles/core/137/filelists/strongswan deleted file mode 120000 index 90c727e26..000000000 --- a/config/rootfiles/core/137/filelists/strongswan +++ /dev/null @@ -1 +0,0 @@ -../../../common/strongswan \ No newline at end of file diff --git a/config/rootfiles/core/137/filelists/suricata b/config/rootfiles/core/137/filelists/suricata deleted file mode 120000 index f671f6993..000000000 --- a/config/rootfiles/core/137/filelists/suricata +++ /dev/null @@ -1 +0,0 @@ -../../../common/suricata \ No newline at end of file diff --git a/config/rootfiles/core/137/filelists/tzdata b/config/rootfiles/core/137/filelists/tzdata deleted file mode 120000 index 5a6e3252f..000000000 --- a/config/rootfiles/core/137/filelists/tzdata +++ /dev/null @@ -1 +0,0 @@ -../../../common/tzdata \ No newline at end of file diff --git a/config/rootfiles/core/137/filelists/unbound b/config/rootfiles/core/137/filelists/unbound deleted file mode 120000 index 66adf0924..000000000 --- a/config/rootfiles/core/137/filelists/unbound +++ /dev/null @@ -1 +0,0 @@ -../../../common/unbound \ No newline at end of file diff --git a/config/rootfiles/core/137/filelists/wpa_supplicant b/config/rootfiles/core/137/filelists/wpa_supplicant deleted file mode 120000 index 1d04c03c0..000000000 --- a/config/rootfiles/core/137/filelists/wpa_supplicant +++ /dev/null @@ -1 +0,0 @@ -../../../common/wpa_supplicant \ No newline at end of file diff --git a/config/rootfiles/core/137/filelists/x86_64/linux b/config/rootfiles/core/137/filelists/x86_64/linux deleted file mode 120000 index 0615b5b9a..000000000 --- a/config/rootfiles/core/137/filelists/x86_64/linux +++ /dev/null @@ -1 +0,0 @@ -../../../../common/x86_64/linux \ No newline at end of file diff --git a/config/rootfiles/core/137/filelists/x86_64/linux-initrd b/config/rootfiles/core/137/filelists/x86_64/linux-initrd deleted file mode 120000 index 1b9fff70f..000000000 --- a/config/rootfiles/core/137/filelists/x86_64/linux-initrd +++ /dev/null @@ -1 +0,0 @@ -../../../../common/x86_64/linux-initrd \ No newline at end of file diff --git a/config/rootfiles/core/137/exclude b/config/rootfiles/core/139/exclude similarity index 100% rename from config/rootfiles/core/137/exclude rename to config/rootfiles/core/139/exclude diff --git a/config/rootfiles/core/139/filelists/bash b/config/rootfiles/core/139/filelists/bash new file mode 120000 index 000000000..de970cb1d --- /dev/null +++ b/config/rootfiles/core/139/filelists/bash @@ -0,0 +1 @@ +../../../common/bash \ No newline at end of file diff --git a/config/rootfiles/core/139/filelists/ca-certificates b/config/rootfiles/core/139/filelists/ca-certificates new file mode 120000 index 000000000..320fea8f4 --- /dev/null +++ b/config/rootfiles/core/139/filelists/ca-certificates @@ -0,0 +1 @@ +../../../common/ca-certificates \ No newline at end of file diff --git a/config/rootfiles/core/139/filelists/ddns b/config/rootfiles/core/139/filelists/ddns new file mode 120000 index 000000000..739516420 --- /dev/null +++ b/config/rootfiles/core/139/filelists/ddns @@ -0,0 +1 @@ +../../../common/ddns \ No newline at end of file diff --git a/config/rootfiles/core/139/filelists/files b/config/rootfiles/core/139/filelists/files new file mode 100644 index 000000000..d22fb8314 --- /dev/null +++ b/config/rootfiles/core/139/filelists/files @@ -0,0 +1,16 @@ +etc/system-release +etc/issue +srv/web/ipfire/cgi-bin/credits.cgi +var/ipfire/langs +etc/httpd/conf/vhosts.d/ipfire-interface.conf +etc/httpd/conf/vhosts.d/ipfire-interface-ssl.conf +etc/rc.d/init.d/functions +etc/rc.d/init.d/networking/red.up/23-suricata +etc/rc.d/init.d/unbound +etc/suricata/suricata.yaml +srv/web/ipfire/cgi-bin/ids.cgi +srv/web/ipfire/cgi-bin/mail.cgi +srv/web/ipfire/cgi-bin/ovpnmain.cgi +usr/sbin/convert-snort +usr/lib/firewall/firewall-lib.pl +var/ipfire/ids-functions.pl diff --git a/config/rootfiles/core/139/filelists/i586/intel-microcode b/config/rootfiles/core/139/filelists/i586/intel-microcode new file mode 120000 index 000000000..f03e84778 --- /dev/null +++ b/config/rootfiles/core/139/filelists/i586/intel-microcode @@ -0,0 +1 @@ +../../../../common/i586/intel-microcode \ No newline at end of file diff --git a/config/rootfiles/core/139/filelists/i586/openssl-sse2 b/config/rootfiles/core/139/filelists/i586/openssl-sse2 new file mode 120000 index 000000000..f424713d6 --- /dev/null +++ b/config/rootfiles/core/139/filelists/i586/openssl-sse2 @@ -0,0 +1 @@ +../../../../common/i586/openssl-sse2 \ No newline at end of file diff --git a/config/rootfiles/core/139/filelists/logwatch b/config/rootfiles/core/139/filelists/logwatch new file mode 120000 index 000000000..f14eabda9 --- /dev/null +++ b/config/rootfiles/core/139/filelists/logwatch @@ -0,0 +1 @@ +../../../common/logwatch \ No newline at end of file diff --git a/config/rootfiles/core/139/filelists/lz4 b/config/rootfiles/core/139/filelists/lz4 new file mode 120000 index 000000000..65c31802e --- /dev/null +++ b/config/rootfiles/core/139/filelists/lz4 @@ -0,0 +1 @@ +../../../common/lz4 \ No newline at end of file diff --git a/config/rootfiles/core/139/filelists/openssl b/config/rootfiles/core/139/filelists/openssl new file mode 120000 index 000000000..e011a9266 --- /dev/null +++ b/config/rootfiles/core/139/filelists/openssl @@ -0,0 +1 @@ +../../../common/openssl \ No newline at end of file diff --git a/config/rootfiles/core/139/filelists/openvpn b/config/rootfiles/core/139/filelists/openvpn new file mode 120000 index 000000000..493f3f7a4 --- /dev/null +++ b/config/rootfiles/core/139/filelists/openvpn @@ -0,0 +1 @@ +../../../common/openvpn \ No newline at end of file diff --git a/config/rootfiles/core/139/filelists/readline b/config/rootfiles/core/139/filelists/readline new file mode 120000 index 000000000..84209f189 --- /dev/null +++ b/config/rootfiles/core/139/filelists/readline @@ -0,0 +1 @@ +../../../common/readline \ No newline at end of file diff --git a/config/rootfiles/core/139/filelists/readline-compat b/config/rootfiles/core/139/filelists/readline-compat new file mode 120000 index 000000000..f96bc808c --- /dev/null +++ b/config/rootfiles/core/139/filelists/readline-compat @@ -0,0 +1 @@ +../../../common/readline-compat \ No newline at end of file diff --git a/config/rootfiles/core/139/filelists/squid b/config/rootfiles/core/139/filelists/squid new file mode 120000 index 000000000..2dc8372a0 --- /dev/null +++ b/config/rootfiles/core/139/filelists/squid @@ -0,0 +1 @@ +../../../common/squid \ No newline at end of file diff --git a/config/rootfiles/core/139/filelists/x86_64/intel-microcode b/config/rootfiles/core/139/filelists/x86_64/intel-microcode new file mode 120000 index 000000000..d5ac074e2 --- /dev/null +++ b/config/rootfiles/core/139/filelists/x86_64/intel-microcode @@ -0,0 +1 @@ +../../../../common/x86_64/intel-microcode \ No newline at end of file diff --git a/config/rootfiles/core/137/update.sh b/config/rootfiles/core/139/update.sh similarity index 51% rename from config/rootfiles/core/137/update.sh rename to config/rootfiles/core/139/update.sh index f2e83fc77..fb3105aa0 100644 --- a/config/rootfiles/core/137/update.sh +++ b/config/rootfiles/core/139/update.sh @@ -24,7 +24,7 @@ . /opt/pakfire/lib/functions.sh /usr/local/bin/backupctrl exclude >/dev/null 2>&1 -core=137 +core=139 exit_with_error() { # Set last succesfull installed core. @@ -41,42 +41,6 @@ for (( i=1; i<=$core; i++ )); do rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire done -KVER="xxxKVERxxx" - -# Backup uEnv.txt if exist -if [ -e /boot/uEnv.txt ]; then - cp -vf /boot/uEnv.txt /boot/uEnv.txt.org -fi - -# Do some sanity checks. -case $(uname -r) in - *-ipfire*) - # Ok. - ;; - *) - exit_with_error "ERROR cannot update. No IPFire Kernel." 1 - ;; -esac - -# Check diskspace on root -ROOTSPACE=`df / -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1` - -if [ $ROOTSPACE -lt 80000 ]; then - exit_with_error "ERROR cannot update because not enough free space on root." 2 - exit 2 -fi - -# Remove the old kernel -rm -rf /boot/System.map-* -rm -rf /boot/config-* -rm -rf /boot/ipfirerd-* -rm -rf /boot/initramfs-* -rm -rf /boot/vmlinuz-* -rm -rf /boot/uImage-*-ipfire-* -rm -rf /boot/zImage-*-ipfire-* -rm -rf /boot/uInit-*-ipfire-* -rm -rf /boot/dtb-*-ipfire-* -rm -rf /lib/modules # Remove files @@ -92,57 +56,9 @@ ldconfig /usr/local/bin/update-lang-cache # Start services -/usr/local/bin/ipsecctrl S -/etc/init.d/suricata restart -/etc/init.d/unbound restart -/etc/init.d/collectd restart -# remove lm_sensor config after collectd was started -# to reserch sensors at next boot with updated kernel -rm -f /etc/sysconfig/lm_sensors - -# generate new qos script -/usr/local/bin/qosctrl generate - -# Search sensors again after reboot into the new kernel -rm -f /etc/sysconfig/lm_sensors - -# Upadate Kernel version uEnv.txt -if [ -e /boot/uEnv.txt ]; then - sed -i -e "s/KVER=.*/KVER=${KVER}/g" /boot/uEnv.txt -fi - -# call user update script (needed for some arm boards) -if [ -e /boot/pakfire-kernel-update ]; then - /boot/pakfire-kernel-update ${KVER} -fi - -case "$(uname -m)" in - i?86) - # Force (re)install pae kernel if pae is supported - rm -rf /opt/pakfire/db/installed/meta-linux-pae - rm -rf /opt/pakfire/db/rootfiles/linux-pae - if [ ! "$(grep "^flags.* pae " /proc/cpuinfo)" == "" ]; then - ROOTSPACE=`df / -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1` - BOOTSPACE=`df /boot -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1` - if [ $BOOTSPACE -lt 22000 -o $ROOTSPACE -lt 120000 ]; then - /usr/bin/logger -p syslog.emerg -t ipfire \ - "core-update-${core}: WARNING not enough space for pae kernel." - touch /var/run/need_reboot - else - echo "Name: linux-pae" > /opt/pakfire/db/installed/meta-linux-pae - echo "ProgVersion: 0" >> /opt/pakfire/db/installed/meta-linux-pae - echo "Release: 0" >> /opt/pakfire/db/installed/meta-linux-pae - fi - else - touch /var/run/need_reboot - fi - ;; - *) - # This update needs a reboot... - touch /var/run/need_reboot - ;; -esac +# This update needs a reboot... +#touch /var/run/need_reboot # Finish /etc/init.d/fireinfo start From 6fb52ca1e56bfa23e9d766160f861019dc3cdb68 Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Thu, 14 Nov 2019 22:10:04 +0100 Subject: [PATCH 04/10] vulnearabilities.cgi: add tsx async abort and itlb_multihit Signed-off-by: Arne Fitzenreiter --- html/cgi-bin/vulnerabilities.cgi | 2 ++ langs/en/cgi-bin/en.pl | 2 ++ 2 files changed, 4 insertions(+) diff --git a/html/cgi-bin/vulnerabilities.cgi b/html/cgi-bin/vulnerabilities.cgi index a8746c30c..333b03399 100644 --- a/html/cgi-bin/vulnerabilities.cgi +++ b/html/cgi-bin/vulnerabilities.cgi @@ -30,12 +30,14 @@ require "${General::swroot}/lang.pl"; require "${General::swroot}/header.pl"; my %VULNERABILITIES = ( + "itlb_multihit" => "$Lang::tr{'itlb multihit'} (CVE-2018-12207)", "l1tf" => "$Lang::tr{'foreshadow'} (CVE-2018-3620)", "mds" => "$Lang::tr{'fallout zombieload ridl'} (CVE-2018-12126, CVE-2018-12130, CVE-2018-12127, CVE-2019-11091)", "meltdown" => "$Lang::tr{'meltdown'} (CVE-2017-5754)", "spec_store_bypass" => "$Lang::tr{'spectre variant 4'} (CVE-2018-3639)", "spectre_v1" => "$Lang::tr{'spectre variant 1'} (CVE-2017-5753)", "spectre_v2" => "$Lang::tr{'spectre variant 2'} (CVE-2017-5715)", + "tsx_async_abort" => "$Lang::tr{'taa zombieload2'} (CVE-2019-11135)", ); my $errormessage = ""; diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 8b7e63cb8..b40ef9390 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -1542,6 +1542,7 @@ 'isdn settings' => 'Additional ISDN settings:', 'isdn1' => 'Single ISDN', 'isdn2' => 'Dual ISDN', +'itlb multihit' => 'iTLB MultiHit', 'january' => 'January', 'javascript menu error1' => 'If the drop down menus aren\'t working, disable javascript on the', 'javascript menu error2' => 'page.', @@ -2322,6 +2323,7 @@ 'system logs' => 'System Logs', 'system status information' => 'System Status Information', 'ta key' => 'TLS-Authentification-Key', +'taa zombieload2' => 'TSX Async Abort / ZombieLoad v2', 'tcp more reliable' => 'TCP (more reliable)', 'telephone not set' => 'Telephone not set.', 'template' => 'Preset', From bf671bb2ae7d631f3c5c5d7402ae47c6f5b45d98 Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Thu, 14 Nov 2019 22:12:12 +0100 Subject: [PATCH 05/10] kernel: update to 4.14.154 Signed-off-by: Arne Fitzenreiter --- config/kernel/kernel.config.aarch64-ipfire | 4 +++- config/kernel/kernel.config.armv5tel-ipfire-kirkwood | 3 ++- config/kernel/kernel.config.armv5tel-ipfire-multi | 3 ++- config/kernel/kernel.config.i586-ipfire | 6 +++++- config/kernel/kernel.config.i586-ipfire-pae | 6 +++++- config/kernel/kernel.config.x86_64-ipfire | 6 +++++- config/rootfiles/common/aarch64/linux | 2 ++ config/rootfiles/common/armv5tel/linux-kirkwood | 2 ++ config/rootfiles/common/armv5tel/linux-multi | 2 ++ config/rootfiles/common/i586/linux | 10 +++++----- config/rootfiles/common/x86_64/linux | 10 +++++----- config/rootfiles/packages/linux-pae | 10 +++++----- lfs/linux | 10 +++++----- 13 files changed, 48 insertions(+), 26 deletions(-) diff --git a/config/kernel/kernel.config.aarch64-ipfire b/config/kernel/kernel.config.aarch64-ipfire index 778b05a9a..e79403bc7 100644 --- a/config/kernel/kernel.config.aarch64-ipfire +++ b/config/kernel/kernel.config.aarch64-ipfire @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/arm64 4.14.150-ipfire Kernel Configuration +# Linux/arm64 4.14.154-ipfire Kernel Configuration # CONFIG_ARM64=y CONFIG_64BIT=y @@ -1456,6 +1456,7 @@ CONFIG_DEV_COREDUMP=y # CONFIG_SYS_HYPERVISOR is not set # CONFIG_GENERIC_CPU_DEVICES is not set CONFIG_GENERIC_CPU_AUTOPROBE=y +CONFIG_GENERIC_CPU_VULNERABILITIES=y CONFIG_SOC_BUS=y CONFIG_REGMAP=y CONFIG_REGMAP_I2C=y @@ -6822,6 +6823,7 @@ CONFIG_ASSOCIATIVE_ARRAY=y CONFIG_HAS_IOMEM=y CONFIG_HAS_IOPORT_MAP=y CONFIG_HAS_DMA=y +CONFIG_SGL_ALLOC=y # CONFIG_DMA_NOOP_OPS is not set # CONFIG_DMA_VIRT_OPS is not set CONFIG_CPU_RMAP=y diff --git a/config/kernel/kernel.config.armv5tel-ipfire-kirkwood b/config/kernel/kernel.config.armv5tel-ipfire-kirkwood index fcbac3bcd..2bfb7ff36 100644 --- a/config/kernel/kernel.config.armv5tel-ipfire-kirkwood +++ b/config/kernel/kernel.config.armv5tel-ipfire-kirkwood @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/arm 4.14.150-ipfire-kirkwood Kernel Configuration +# Linux/arm 4.14.154-ipfire-kirkwood Kernel Configuration # CONFIG_ARM=y CONFIG_ARM_HAS_SG_CHAIN=y @@ -6235,6 +6235,7 @@ CONFIG_ASSOCIATIVE_ARRAY=y CONFIG_HAS_IOMEM=y CONFIG_HAS_IOPORT_MAP=y CONFIG_HAS_DMA=y +CONFIG_SGL_ALLOC=y # CONFIG_DMA_NOOP_OPS is not set # CONFIG_DMA_VIRT_OPS is not set CONFIG_DQL=y diff --git a/config/kernel/kernel.config.armv5tel-ipfire-multi b/config/kernel/kernel.config.armv5tel-ipfire-multi index fc74eb142..7e9de39ea 100644 --- a/config/kernel/kernel.config.armv5tel-ipfire-multi +++ b/config/kernel/kernel.config.armv5tel-ipfire-multi @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/arm 4.14.150-ipfire-multi Kernel Configuration +# Linux/arm 4.14.154-ipfire-multi Kernel Configuration # CONFIG_ARM=y CONFIG_ARM_HAS_SG_CHAIN=y @@ -7318,6 +7318,7 @@ CONFIG_TEXTSEARCH_FSM=m CONFIG_ASSOCIATIVE_ARRAY=y CONFIG_HAS_IOMEM=y CONFIG_HAS_DMA=y +CONFIG_SGL_ALLOC=y # CONFIG_DMA_NOOP_OPS is not set # CONFIG_DMA_VIRT_OPS is not set CONFIG_CPU_RMAP=y diff --git a/config/kernel/kernel.config.i586-ipfire b/config/kernel/kernel.config.i586-ipfire index 4eaae6f74..2732bba42 100644 --- a/config/kernel/kernel.config.i586-ipfire +++ b/config/kernel/kernel.config.i586-ipfire @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 4.14.150-ipfire Kernel Configuration +# Linux/x86 4.14.154-ipfire-pae Kernel Configuration # # CONFIG_64BIT is not set CONFIG_X86_32=y @@ -601,6 +601,9 @@ CONFIG_X86_PAT=y CONFIG_ARCH_USES_PG_UNCACHED=y CONFIG_ARCH_RANDOM=y CONFIG_X86_SMAP=y +CONFIG_X86_INTEL_TSX_MODE_OFF=y +# CONFIG_X86_INTEL_TSX_MODE_ON is not set +# CONFIG_X86_INTEL_TSX_MODE_AUTO is not set CONFIG_EFI=y CONFIG_EFI_STUB=y CONFIG_SECCOMP=y @@ -7024,6 +7027,7 @@ CONFIG_ASSOCIATIVE_ARRAY=y CONFIG_HAS_IOMEM=y CONFIG_HAS_IOPORT_MAP=y CONFIG_HAS_DMA=y +CONFIG_SGL_ALLOC=y # CONFIG_DMA_NOOP_OPS is not set # CONFIG_DMA_VIRT_OPS is not set CONFIG_CHECK_SIGNATURE=y diff --git a/config/kernel/kernel.config.i586-ipfire-pae b/config/kernel/kernel.config.i586-ipfire-pae index 526adbbcb..9b53ab35c 100644 --- a/config/kernel/kernel.config.i586-ipfire-pae +++ b/config/kernel/kernel.config.i586-ipfire-pae @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 4.14.150-ipfire-pae Kernel Configuration +# Linux/x86 4.14.154-ipfire-pae Kernel Configuration # # CONFIG_64BIT is not set CONFIG_X86_32=y @@ -619,6 +619,9 @@ CONFIG_X86_PAT=y CONFIG_ARCH_USES_PG_UNCACHED=y CONFIG_ARCH_RANDOM=y CONFIG_X86_SMAP=y +CONFIG_X86_INTEL_TSX_MODE_OFF=y +# CONFIG_X86_INTEL_TSX_MODE_ON is not set +# CONFIG_X86_INTEL_TSX_MODE_AUTO is not set CONFIG_EFI=y CONFIG_EFI_STUB=y CONFIG_SECCOMP=y @@ -7029,6 +7032,7 @@ CONFIG_ASSOCIATIVE_ARRAY=y CONFIG_HAS_IOMEM=y CONFIG_HAS_IOPORT_MAP=y CONFIG_HAS_DMA=y +CONFIG_SGL_ALLOC=y # CONFIG_DMA_NOOP_OPS is not set # CONFIG_DMA_VIRT_OPS is not set CONFIG_CHECK_SIGNATURE=y diff --git a/config/kernel/kernel.config.x86_64-ipfire b/config/kernel/kernel.config.x86_64-ipfire index c9563234e..2fcf1e589 100644 --- a/config/kernel/kernel.config.x86_64-ipfire +++ b/config/kernel/kernel.config.x86_64-ipfire @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 4.14.150-ipfire Kernel Configuration +# Linux/x86 4.14.154-ipfire Kernel Configuration # CONFIG_64BIT=y CONFIG_X86_64=y @@ -611,6 +611,9 @@ CONFIG_ARCH_RANDOM=y CONFIG_X86_SMAP=y # CONFIG_X86_INTEL_MPX is not set CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS=y +CONFIG_X86_INTEL_TSX_MODE_OFF=y +# CONFIG_X86_INTEL_TSX_MODE_ON is not set +# CONFIG_X86_INTEL_TSX_MODE_AUTO is not set CONFIG_EFI=y CONFIG_EFI_STUB=y CONFIG_EFI_MIXED=y @@ -6909,6 +6912,7 @@ CONFIG_ASSOCIATIVE_ARRAY=y CONFIG_HAS_IOMEM=y CONFIG_HAS_IOPORT_MAP=y CONFIG_HAS_DMA=y +CONFIG_SGL_ALLOC=y # CONFIG_DMA_NOOP_OPS is not set # CONFIG_DMA_VIRT_OPS is not set CONFIG_CHECK_SIGNATURE=y diff --git a/config/rootfiles/common/aarch64/linux b/config/rootfiles/common/aarch64/linux index d8e93542d..f9dc8555b 100644 --- a/config/rootfiles/common/aarch64/linux +++ b/config/rootfiles/common/aarch64/linux @@ -9821,6 +9821,8 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/config/sg/pool.h #lib/modules/KVER-ipfire/build/include/config/sgetmask #lib/modules/KVER-ipfire/build/include/config/sgetmask/syscall.h +#lib/modules/KVER-ipfire/build/include/config/sgl +#lib/modules/KVER-ipfire/build/include/config/sgl/alloc.h #lib/modules/KVER-ipfire/build/include/config/shmem.h #lib/modules/KVER-ipfire/build/include/config/signalfd.h #lib/modules/KVER-ipfire/build/include/config/simple diff --git a/config/rootfiles/common/armv5tel/linux-kirkwood b/config/rootfiles/common/armv5tel/linux-kirkwood index 2269896d8..9ccc006b9 100644 --- a/config/rootfiles/common/armv5tel/linux-kirkwood +++ b/config/rootfiles/common/armv5tel/linux-kirkwood @@ -9329,6 +9329,8 @@ boot/vmlinuz-KVER-ipfire-kirkwood #lib/modules/KVER-ipfire-kirkwood/build/include/config/sg/pool.h #lib/modules/KVER-ipfire-kirkwood/build/include/config/sgetmask #lib/modules/KVER-ipfire-kirkwood/build/include/config/sgetmask/syscall.h +#lib/modules/KVER-ipfire-kirkwood/build/include/config/sgl +#lib/modules/KVER-ipfire-kirkwood/build/include/config/sgl/alloc.h #lib/modules/KVER-ipfire-kirkwood/build/include/config/shmem.h #lib/modules/KVER-ipfire-kirkwood/build/include/config/signalfd.h #lib/modules/KVER-ipfire-kirkwood/build/include/config/simple diff --git a/config/rootfiles/common/armv5tel/linux-multi b/config/rootfiles/common/armv5tel/linux-multi index 1e7a090d9..890e3be21 100644 --- a/config/rootfiles/common/armv5tel/linux-multi +++ b/config/rootfiles/common/armv5tel/linux-multi @@ -10752,6 +10752,8 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire-multi/build/include/config/sg/pool.h #lib/modules/KVER-ipfire-multi/build/include/config/sgetmask #lib/modules/KVER-ipfire-multi/build/include/config/sgetmask/syscall.h +#lib/modules/KVER-ipfire-multi/build/include/config/sgl +#lib/modules/KVER-ipfire-multi/build/include/config/sgl/alloc.h #lib/modules/KVER-ipfire-multi/build/include/config/shmem.h #lib/modules/KVER-ipfire-multi/build/include/config/signalfd.h #lib/modules/KVER-ipfire-multi/build/include/config/simple diff --git a/config/rootfiles/common/i586/linux b/config/rootfiles/common/i586/linux index 1fe01233f..684dbe07b 100644 --- a/config/rootfiles/common/i586/linux +++ b/config/rootfiles/common/i586/linux @@ -10838,6 +10838,8 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/config/sg/pool.h #lib/modules/KVER-ipfire/build/include/config/sgetmask #lib/modules/KVER-ipfire/build/include/config/sgetmask/syscall.h +#lib/modules/KVER-ipfire/build/include/config/sgl +#lib/modules/KVER-ipfire/build/include/config/sgl/alloc.h #lib/modules/KVER-ipfire/build/include/config/shmem.h #lib/modules/KVER-ipfire/build/include/config/signalfd.h #lib/modules/KVER-ipfire/build/include/config/sis190.h @@ -12164,6 +12166,9 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/config/x86/intel/mid.h #lib/modules/KVER-ipfire/build/include/config/x86/intel/pstate.h #lib/modules/KVER-ipfire/build/include/config/x86/intel/quark.h +#lib/modules/KVER-ipfire/build/include/config/x86/intel/tsx +#lib/modules/KVER-ipfire/build/include/config/x86/intel/tsx/mode +#lib/modules/KVER-ipfire/build/include/config/x86/intel/tsx/mode/off.h #lib/modules/KVER-ipfire/build/include/config/x86/intel/usercopy.h #lib/modules/KVER-ipfire/build/include/config/x86/internode #lib/modules/KVER-ipfire/build/include/config/x86/internode/cache @@ -14027,7 +14032,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/linux/net.h #lib/modules/KVER-ipfire/build/include/linux/netdev_features.h #lib/modules/KVER-ipfire/build/include/linux/netdevice.h -#lib/modules/KVER-ipfire/build/include/linux/netdevice.h.orig #lib/modules/KVER-ipfire/build/include/linux/netfilter #lib/modules/KVER-ipfire/build/include/linux/netfilter.h #lib/modules/KVER-ipfire/build/include/linux/netfilter/ipset @@ -14773,7 +14777,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/linux/sizes.h #lib/modules/KVER-ipfire/build/include/linux/skb_array.h #lib/modules/KVER-ipfire/build/include/linux/skbuff.h -#lib/modules/KVER-ipfire/build/include/linux/skbuff.h.orig #lib/modules/KVER-ipfire/build/include/linux/slab.h #lib/modules/KVER-ipfire/build/include/linux/slab_def.h #lib/modules/KVER-ipfire/build/include/linux/slub_def.h @@ -15587,7 +15590,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/net/route.h #lib/modules/KVER-ipfire/build/include/net/rtnetlink.h #lib/modules/KVER-ipfire/build/include/net/sch_generic.h -#lib/modules/KVER-ipfire/build/include/net/sch_generic.h.orig #lib/modules/KVER-ipfire/build/include/net/scm.h #lib/modules/KVER-ipfire/build/include/net/sctp #lib/modules/KVER-ipfire/build/include/net/sctp/auth.h @@ -17242,9 +17244,7 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/net/ncsi/Makefile #lib/modules/KVER-ipfire/build/net/netfilter #lib/modules/KVER-ipfire/build/net/netfilter/Kconfig -#lib/modules/KVER-ipfire/build/net/netfilter/Kconfig.orig #lib/modules/KVER-ipfire/build/net/netfilter/Makefile -#lib/modules/KVER-ipfire/build/net/netfilter/Makefile.orig #lib/modules/KVER-ipfire/build/net/netfilter/ipset #lib/modules/KVER-ipfire/build/net/netfilter/ipset/Kconfig #lib/modules/KVER-ipfire/build/net/netfilter/ipset/Makefile diff --git a/config/rootfiles/common/x86_64/linux b/config/rootfiles/common/x86_64/linux index 68f907faa..f44266e52 100644 --- a/config/rootfiles/common/x86_64/linux +++ b/config/rootfiles/common/x86_64/linux @@ -10850,6 +10850,8 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/config/sg/pool.h #lib/modules/KVER-ipfire/build/include/config/sgetmask #lib/modules/KVER-ipfire/build/include/config/sgetmask/syscall.h +#lib/modules/KVER-ipfire/build/include/config/sgl +#lib/modules/KVER-ipfire/build/include/config/sgl/alloc.h #lib/modules/KVER-ipfire/build/include/config/shmem.h #lib/modules/KVER-ipfire/build/include/config/signalfd.h #lib/modules/KVER-ipfire/build/include/config/sis190.h @@ -12122,6 +12124,9 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/config/x86/intel/memory/protection #lib/modules/KVER-ipfire/build/include/config/x86/intel/memory/protection/keys.h #lib/modules/KVER-ipfire/build/include/config/x86/intel/pstate.h +#lib/modules/KVER-ipfire/build/include/config/x86/intel/tsx +#lib/modules/KVER-ipfire/build/include/config/x86/intel/tsx/mode +#lib/modules/KVER-ipfire/build/include/config/x86/intel/tsx/mode/auto.h #lib/modules/KVER-ipfire/build/include/config/x86/internode #lib/modules/KVER-ipfire/build/include/config/x86/internode/cache #lib/modules/KVER-ipfire/build/include/config/x86/internode/cache/shift.h @@ -14042,7 +14047,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/linux/net.h #lib/modules/KVER-ipfire/build/include/linux/netdev_features.h #lib/modules/KVER-ipfire/build/include/linux/netdevice.h -#lib/modules/KVER-ipfire/build/include/linux/netdevice.h.orig #lib/modules/KVER-ipfire/build/include/linux/netfilter #lib/modules/KVER-ipfire/build/include/linux/netfilter.h #lib/modules/KVER-ipfire/build/include/linux/netfilter/ipset @@ -14788,7 +14792,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/linux/sizes.h #lib/modules/KVER-ipfire/build/include/linux/skb_array.h #lib/modules/KVER-ipfire/build/include/linux/skbuff.h -#lib/modules/KVER-ipfire/build/include/linux/skbuff.h.orig #lib/modules/KVER-ipfire/build/include/linux/slab.h #lib/modules/KVER-ipfire/build/include/linux/slab_def.h #lib/modules/KVER-ipfire/build/include/linux/slub_def.h @@ -15602,7 +15605,6 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/include/net/route.h #lib/modules/KVER-ipfire/build/include/net/rtnetlink.h #lib/modules/KVER-ipfire/build/include/net/sch_generic.h -#lib/modules/KVER-ipfire/build/include/net/sch_generic.h.orig #lib/modules/KVER-ipfire/build/include/net/scm.h #lib/modules/KVER-ipfire/build/include/net/sctp #lib/modules/KVER-ipfire/build/include/net/sctp/auth.h @@ -17257,9 +17259,7 @@ etc/modprobe.d/ipv6.conf #lib/modules/KVER-ipfire/build/net/ncsi/Makefile #lib/modules/KVER-ipfire/build/net/netfilter #lib/modules/KVER-ipfire/build/net/netfilter/Kconfig -#lib/modules/KVER-ipfire/build/net/netfilter/Kconfig.orig #lib/modules/KVER-ipfire/build/net/netfilter/Makefile -#lib/modules/KVER-ipfire/build/net/netfilter/Makefile.orig #lib/modules/KVER-ipfire/build/net/netfilter/ipset #lib/modules/KVER-ipfire/build/net/netfilter/ipset/Kconfig #lib/modules/KVER-ipfire/build/net/netfilter/ipset/Makefile diff --git a/config/rootfiles/packages/linux-pae b/config/rootfiles/packages/linux-pae index f3966ce75..c0894cd1f 100644 --- a/config/rootfiles/packages/linux-pae +++ b/config/rootfiles/packages/linux-pae @@ -10836,6 +10836,8 @@ boot/vmlinuz-KVER-ipfire-pae #lib/modules/KVER-ipfire-pae/build/include/config/sg/pool.h #lib/modules/KVER-ipfire-pae/build/include/config/sgetmask #lib/modules/KVER-ipfire-pae/build/include/config/sgetmask/syscall.h +#lib/modules/KVER-ipfire-pae/build/include/config/sgl +#lib/modules/KVER-ipfire-pae/build/include/config/sgl/alloc.h #lib/modules/KVER-ipfire-pae/build/include/config/shmem.h #lib/modules/KVER-ipfire-pae/build/include/config/signalfd.h #lib/modules/KVER-ipfire-pae/build/include/config/sis190.h @@ -12164,6 +12166,9 @@ boot/vmlinuz-KVER-ipfire-pae #lib/modules/KVER-ipfire-pae/build/include/config/x86/intel/lpss.h #lib/modules/KVER-ipfire-pae/build/include/config/x86/intel/pstate.h #lib/modules/KVER-ipfire-pae/build/include/config/x86/intel/quark.h +#lib/modules/KVER-ipfire-pae/build/include/config/x86/intel/tsx +#lib/modules/KVER-ipfire-pae/build/include/config/x86/intel/tsx/mode +#lib/modules/KVER-ipfire-pae/build/include/config/x86/intel/tsx/mode/off.h #lib/modules/KVER-ipfire-pae/build/include/config/x86/intel/usercopy.h #lib/modules/KVER-ipfire-pae/build/include/config/x86/internode #lib/modules/KVER-ipfire-pae/build/include/config/x86/internode/cache @@ -14097,7 +14102,6 @@ boot/vmlinuz-KVER-ipfire-pae #lib/modules/KVER-ipfire-pae/build/include/linux/net.h #lib/modules/KVER-ipfire-pae/build/include/linux/netdev_features.h #lib/modules/KVER-ipfire-pae/build/include/linux/netdevice.h -#lib/modules/KVER-ipfire-pae/build/include/linux/netdevice.h.orig #lib/modules/KVER-ipfire-pae/build/include/linux/netfilter #lib/modules/KVER-ipfire-pae/build/include/linux/netfilter.h #lib/modules/KVER-ipfire-pae/build/include/linux/netfilter/ipset @@ -14843,7 +14847,6 @@ boot/vmlinuz-KVER-ipfire-pae #lib/modules/KVER-ipfire-pae/build/include/linux/sizes.h #lib/modules/KVER-ipfire-pae/build/include/linux/skb_array.h #lib/modules/KVER-ipfire-pae/build/include/linux/skbuff.h -#lib/modules/KVER-ipfire-pae/build/include/linux/skbuff.h.orig #lib/modules/KVER-ipfire-pae/build/include/linux/slab.h #lib/modules/KVER-ipfire-pae/build/include/linux/slab_def.h #lib/modules/KVER-ipfire-pae/build/include/linux/slub_def.h @@ -15657,7 +15660,6 @@ boot/vmlinuz-KVER-ipfire-pae #lib/modules/KVER-ipfire-pae/build/include/net/route.h #lib/modules/KVER-ipfire-pae/build/include/net/rtnetlink.h #lib/modules/KVER-ipfire-pae/build/include/net/sch_generic.h -#lib/modules/KVER-ipfire-pae/build/include/net/sch_generic.h.orig #lib/modules/KVER-ipfire-pae/build/include/net/scm.h #lib/modules/KVER-ipfire-pae/build/include/net/sctp #lib/modules/KVER-ipfire-pae/build/include/net/sctp/auth.h @@ -17312,9 +17314,7 @@ boot/vmlinuz-KVER-ipfire-pae #lib/modules/KVER-ipfire-pae/build/net/ncsi/Makefile #lib/modules/KVER-ipfire-pae/build/net/netfilter #lib/modules/KVER-ipfire-pae/build/net/netfilter/Kconfig -#lib/modules/KVER-ipfire-pae/build/net/netfilter/Kconfig.orig #lib/modules/KVER-ipfire-pae/build/net/netfilter/Makefile -#lib/modules/KVER-ipfire-pae/build/net/netfilter/Makefile.orig #lib/modules/KVER-ipfire-pae/build/net/netfilter/ipset #lib/modules/KVER-ipfire-pae/build/net/netfilter/ipset/Kconfig #lib/modules/KVER-ipfire-pae/build/net/netfilter/ipset/Makefile diff --git a/lfs/linux b/lfs/linux index c8bcdbb97..aac2c4868 100644 --- a/lfs/linux +++ b/lfs/linux @@ -24,8 +24,8 @@ include Config -VER = 4.14.150 -ARM_PATCHES = 4.14.150-ipfire0 +VER = 4.14.154 +ARM_PATCHES = 4.14.154-ipfire0 THISAPP = linux-$(VER) DL_FILE = linux-$(VER).tar.xz @@ -34,7 +34,7 @@ DIR_APP = $(DIR_SRC)/$(THISAPP) CFLAGS = CXXFLAGS = -PAK_VER = 88 +PAK_VER = 89 DEPS = "" HEADERS_ARCH = $(BUILD_PLATFORM) @@ -82,8 +82,8 @@ objects =$(DL_FILE) \ $(DL_FILE) = $(URL_IPFIRE)/$(DL_FILE) arm-multi-patches-$(ARM_PATCHES).patch.xz = $(URL_IPFIRE)/arm-multi-patches-$(ARM_PATCHES).patch.xz -$(DL_FILE)_MD5 = 61358e7be9bfc17adb4c418355d957db -arm-multi-patches-$(ARM_PATCHES).patch.xz_MD5 = e4931541ffe21dd29ca2447620de6693 +$(DL_FILE)_MD5 = d6cf4b51c1cd10bc48bac50f4557a0d9 +arm-multi-patches-$(ARM_PATCHES).patch.xz_MD5 = 539737e07e5634565b3f4f1b932c269b install : $(TARGET) From 9c7adf49f341d61f4bf14b3a39c719e3630c504f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Peter=20M=C3=BCller?= Date: Wed, 13 Nov 2019 19:18:00 +0000 Subject: [PATCH 06/10] intel-microcode: update to 20191112 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit For release notes, refer to: - https://blogs.intel.com/technology/2019/11/ipas-november-2019-intel-platform-update-ipu/ - https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20191112 Signed-off-by: Peter Müller Signed-off-by: Arne Fitzenreiter --- lfs/intel-microcode | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lfs/intel-microcode b/lfs/intel-microcode index e01ea9934..c50e73d11 100644 --- a/lfs/intel-microcode +++ b/lfs/intel-microcode @@ -24,10 +24,10 @@ include Config -VER = 20190618 +VER = 20191112 THISAPP = Intel-Linux-Processor-Microcode-Data-Files-microcode-$(VER) -DL_FILE = $(THISAPP).tar.xz +DL_FILE = $(THISAPP).tar.gz DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) @@ -41,7 +41,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = 18af9bd8b6c7164f0cd917080a387244 +$(DL_FILE)_MD5 = b215c5a8fd438afd867d8a42d01e27f6 install : $(TARGET) From 699381b6993b9428e99a0055dae03e7a222ea9f9 Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Fri, 15 Nov 2019 06:10:37 +0000 Subject: [PATCH 07/10] core138: insert emergency core update for new intel vulnarabilities. Signed-off-by: Arne Fitzenreiter --- config/rootfiles/core/138/exclude | 28 ++++ .../core/138/filelists/aarch64/linux | 1 + .../core/138/filelists/aarch64/linux-initrd | 1 + .../filelists/armv5tel/linux-initrd-kirkwood | 1 + .../138/filelists/armv5tel/linux-initrd-multi | 1 + .../138/filelists/armv5tel/linux-kirkwood | 1 + .../core/138/filelists/armv5tel/linux-multi | 1 + config/rootfiles/core/138/filelists/files | 5 + .../core/138/filelists/i586/intel-microcode | 1 + .../rootfiles/core/138/filelists/i586/linux | 1 + .../core/138/filelists/i586/linux-initrd | 1 + .../core/138/filelists/x86_64/intel-microcode | 1 + .../rootfiles/core/138/filelists/x86_64/linux | 1 + .../core/138/filelists/x86_64/linux-initrd | 1 + config/rootfiles/core/138/update.sh | 151 ++++++++++++++++++ make.sh | 4 +- 16 files changed, 198 insertions(+), 2 deletions(-) create mode 100644 config/rootfiles/core/138/exclude create mode 120000 config/rootfiles/core/138/filelists/aarch64/linux create mode 120000 config/rootfiles/core/138/filelists/aarch64/linux-initrd create mode 120000 config/rootfiles/core/138/filelists/armv5tel/linux-initrd-kirkwood create mode 120000 config/rootfiles/core/138/filelists/armv5tel/linux-initrd-multi create mode 120000 config/rootfiles/core/138/filelists/armv5tel/linux-kirkwood create mode 120000 config/rootfiles/core/138/filelists/armv5tel/linux-multi create mode 100644 config/rootfiles/core/138/filelists/files create mode 120000 config/rootfiles/core/138/filelists/i586/intel-microcode create mode 120000 config/rootfiles/core/138/filelists/i586/linux create mode 120000 config/rootfiles/core/138/filelists/i586/linux-initrd create mode 120000 config/rootfiles/core/138/filelists/x86_64/intel-microcode create mode 120000 config/rootfiles/core/138/filelists/x86_64/linux create mode 120000 config/rootfiles/core/138/filelists/x86_64/linux-initrd create mode 100644 config/rootfiles/core/138/update.sh diff --git a/config/rootfiles/core/138/exclude b/config/rootfiles/core/138/exclude new file mode 100644 index 000000000..b22159878 --- /dev/null +++ b/config/rootfiles/core/138/exclude @@ -0,0 +1,28 @@ +boot/config.txt +boot/grub/grub.cfg +boot/grub/grubenv +etc/alternatives +etc/collectd.custom +etc/default/grub +etc/ipsec.conf +etc/ipsec.secrets +etc/ipsec.user.conf +etc/ipsec.user.secrets +etc/localtime +etc/shadow +etc/snort/snort.conf +etc/ssl/openssl.cnf +etc/sudoers +etc/sysconfig/firewall.local +etc/sysconfig/rc.local +etc/udev/rules.d/30-persistent-network.rules +srv/web/ipfire/html/proxy.pac +var/ipfire/dma +var/ipfire/time +var/ipfire/ovpn +var/lib/alternatives +var/log/cache +var/log/dhcpcd.log +var/log/messages +var/state/dhcp/dhcpd.leases +var/updatecache diff --git a/config/rootfiles/core/138/filelists/aarch64/linux b/config/rootfiles/core/138/filelists/aarch64/linux new file mode 120000 index 000000000..3a2532bc7 --- /dev/null +++ b/config/rootfiles/core/138/filelists/aarch64/linux @@ -0,0 +1 @@ +../../../../common/aarch64/linux \ No newline at end of file diff --git a/config/rootfiles/core/138/filelists/aarch64/linux-initrd b/config/rootfiles/core/138/filelists/aarch64/linux-initrd new file mode 120000 index 000000000..8acdb0f31 --- /dev/null +++ b/config/rootfiles/core/138/filelists/aarch64/linux-initrd @@ -0,0 +1 @@ +../../../../common/aarch64/linux-initrd \ No newline at end of file diff --git a/config/rootfiles/core/138/filelists/armv5tel/linux-initrd-kirkwood b/config/rootfiles/core/138/filelists/armv5tel/linux-initrd-kirkwood new file mode 120000 index 000000000..39c5591b7 --- /dev/null +++ b/config/rootfiles/core/138/filelists/armv5tel/linux-initrd-kirkwood @@ -0,0 +1 @@ +../../../../common/armv5tel/linux-initrd-kirkwood \ No newline at end of file diff --git a/config/rootfiles/core/138/filelists/armv5tel/linux-initrd-multi b/config/rootfiles/core/138/filelists/armv5tel/linux-initrd-multi new file mode 120000 index 000000000..0b1b4530a --- /dev/null +++ b/config/rootfiles/core/138/filelists/armv5tel/linux-initrd-multi @@ -0,0 +1 @@ +../../../../common/armv5tel/linux-initrd-multi \ No newline at end of file diff --git a/config/rootfiles/core/138/filelists/armv5tel/linux-kirkwood b/config/rootfiles/core/138/filelists/armv5tel/linux-kirkwood new file mode 120000 index 000000000..72171071e --- /dev/null +++ b/config/rootfiles/core/138/filelists/armv5tel/linux-kirkwood @@ -0,0 +1 @@ +../../../../common/armv5tel/linux-kirkwood \ No newline at end of file diff --git a/config/rootfiles/core/138/filelists/armv5tel/linux-multi b/config/rootfiles/core/138/filelists/armv5tel/linux-multi new file mode 120000 index 000000000..204eb4c43 --- /dev/null +++ b/config/rootfiles/core/138/filelists/armv5tel/linux-multi @@ -0,0 +1 @@ +../../../../common/armv5tel/linux-multi \ No newline at end of file diff --git a/config/rootfiles/core/138/filelists/files b/config/rootfiles/core/138/filelists/files new file mode 100644 index 000000000..393ad7227 --- /dev/null +++ b/config/rootfiles/core/138/filelists/files @@ -0,0 +1,5 @@ +etc/system-release +etc/issue +srv/web/ipfire/cgi-bin/credits.cgi +var/ipfire/langs +srv/web/ipfire/cgi-bin/vulnerabilities.cgi diff --git a/config/rootfiles/core/138/filelists/i586/intel-microcode b/config/rootfiles/core/138/filelists/i586/intel-microcode new file mode 120000 index 000000000..f03e84778 --- /dev/null +++ b/config/rootfiles/core/138/filelists/i586/intel-microcode @@ -0,0 +1 @@ +../../../../common/i586/intel-microcode \ No newline at end of file diff --git a/config/rootfiles/core/138/filelists/i586/linux b/config/rootfiles/core/138/filelists/i586/linux new file mode 120000 index 000000000..693ec4bbf --- /dev/null +++ b/config/rootfiles/core/138/filelists/i586/linux @@ -0,0 +1 @@ +../../../../common/i586/linux \ No newline at end of file diff --git a/config/rootfiles/core/138/filelists/i586/linux-initrd b/config/rootfiles/core/138/filelists/i586/linux-initrd new file mode 120000 index 000000000..32a03e6a9 --- /dev/null +++ b/config/rootfiles/core/138/filelists/i586/linux-initrd @@ -0,0 +1 @@ +../../../../common/i586/linux-initrd \ No newline at end of file diff --git a/config/rootfiles/core/138/filelists/x86_64/intel-microcode b/config/rootfiles/core/138/filelists/x86_64/intel-microcode new file mode 120000 index 000000000..d5ac074e2 --- /dev/null +++ b/config/rootfiles/core/138/filelists/x86_64/intel-microcode @@ -0,0 +1 @@ +../../../../common/x86_64/intel-microcode \ No newline at end of file diff --git a/config/rootfiles/core/138/filelists/x86_64/linux b/config/rootfiles/core/138/filelists/x86_64/linux new file mode 120000 index 000000000..0615b5b9a --- /dev/null +++ b/config/rootfiles/core/138/filelists/x86_64/linux @@ -0,0 +1 @@ +../../../../common/x86_64/linux \ No newline at end of file diff --git a/config/rootfiles/core/138/filelists/x86_64/linux-initrd b/config/rootfiles/core/138/filelists/x86_64/linux-initrd new file mode 120000 index 000000000..1b9fff70f --- /dev/null +++ b/config/rootfiles/core/138/filelists/x86_64/linux-initrd @@ -0,0 +1 @@ +../../../../common/x86_64/linux-initrd \ No newline at end of file diff --git a/config/rootfiles/core/138/update.sh b/config/rootfiles/core/138/update.sh new file mode 100644 index 000000000..e65955501 --- /dev/null +++ b/config/rootfiles/core/138/update.sh @@ -0,0 +1,151 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 3 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2019 IPFire-Team . # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh +/usr/local/bin/backupctrl exclude >/dev/null 2>&1 + +core=138 + +exit_with_error() { + # Set last succesfull installed core. + echo $(($core-1)) > /opt/pakfire/db/core/mine + # don't start pakfire again at error + killall -KILL pak_update + /usr/bin/logger -p syslog.emerg -t ipfire \ + "core-update-${core}: $1" + exit $2 +} + +# Remove old core updates from pakfire cache to save space... +for (( i=1; i<=$core; i++ )); do + rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire +done + +KVER="xxxKVERxxx" + +# Backup uEnv.txt if exist +if [ -e /boot/uEnv.txt ]; then + cp -vf /boot/uEnv.txt /boot/uEnv.txt.org +fi + +# Do some sanity checks. +case $(uname -r) in + *-ipfire*) + # Ok. + ;; + *) + exit_with_error "ERROR cannot update. No IPFire Kernel." 1 + ;; +esac + +# Check diskspace on root +ROOTSPACE=`df / -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1` + +if [ $ROOTSPACE -lt 80000 ]; then + exit_with_error "ERROR cannot update because not enough free space on root." 2 + exit 2 +fi + +# Remove the old kernel +rm -rf /boot/System.map-* +rm -rf /boot/config-* +rm -rf /boot/ipfirerd-* +rm -rf /boot/initramfs-* +rm -rf /boot/vmlinuz-* +rm -rf /boot/uImage-*-ipfire-* +rm -rf /boot/zImage-*-ipfire-* +rm -rf /boot/uInit-*-ipfire-* +rm -rf /boot/dtb-*-ipfire-* +rm -rf /lib/modules +rm -f /etc/sysconfig/lm_sensors + +# Remove files + +# Stop services + +# Extract files +extract_files + +# update dhcpcd.conf + +# update linker config +ldconfig + +# Update Language cache +/usr/local/bin/update-lang-cache + +# Start services + +# Search sensors again after reboot into the new kernel +rm -f /etc/sysconfig/lm_sensors + +# Upadate Kernel version uEnv.txt +if [ -e /boot/uEnv.txt ]; then + sed -i -e "s/KVER=.*/KVER=${KVER}/g" /boot/uEnv.txt +fi + +# call user update script (needed for some arm boards) +if [ -e /boot/pakfire-kernel-update ]; then + /boot/pakfire-kernel-update ${KVER} +fi + +case "$(uname -m)" in + i?86) + # Force (re)install pae kernel if pae is supported + rm -rf /opt/pakfire/db/installed/meta-linux-pae + rm -rf /opt/pakfire/db/rootfiles/linux-pae + if [ ! "$(grep "^flags.* pae " /proc/cpuinfo)" == "" ]; then + ROOTSPACE=`df / -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1` + BOOTSPACE=`df /boot -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1` + if [ $BOOTSPACE -lt 22000 -o $ROOTSPACE -lt 120000 ]; then + /usr/bin/logger -p syslog.emerg -t ipfire \ + "core-update-${core}: WARNING not enough space for pae kernel." + touch /var/run/need_reboot + else + echo "Name: linux-pae" > /opt/pakfire/db/installed/meta-linux-pae + echo "ProgVersion: 0" >> /opt/pakfire/db/installed/meta-linux-pae + echo "Release: 0" >> /opt/pakfire/db/installed/meta-linux-pae + fi + else + touch /var/run/need_reboot + fi + ;; + *) + # This update needs a reboot... + touch /var/run/need_reboot + ;; +esac + +# Finish +/etc/init.d/fireinfo start +sendprofile + +# Update grub config to display new core version +if [ -e /boot/grub/grub.cfg ]; then + grub-mkconfig -o /boot/grub/grub.cfg +fi + +sync + +# Don't report the exitcode last command +exit 0 diff --git a/make.sh b/make.sh index 170b16504..2377c40ce 100755 --- a/make.sh +++ b/make.sh @@ -26,8 +26,8 @@ NAME="IPFire" # Software name SNAME="ipfire" # Short name # If you update the version don't forget to update backupiso and add it to core update VERSION="2.23" # Version number -CORE="137" # Core Level (Filename) -PAKFIRE_CORE="137" # Core Level (PAKFIRE) +CORE="138" # Core Level (Filename) +PAKFIRE_CORE="138" # Core Level (PAKFIRE) GIT_BRANCH=`git rev-parse --abbrev-ref HEAD` # Git Branch SLOGAN="www.ipfire.org" # Software slogan CONFIG_ROOT=/var/ipfire # Configuration rootdir From dd12d8c54c4ae52a8e334440c579bbf053429ce4 Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Sun, 8 Dec 2019 22:55:26 +0100 Subject: [PATCH 08/10] leds: use new APUx ACPI Bios leds if exist. Signed-off-by: Arne Fitzenreiter --- config/rootfiles/core/139/filelists/files | 1 + src/initscripts/system/leds | 33 ++++++++++++++++++----- 2 files changed, 27 insertions(+), 7 deletions(-) diff --git a/config/rootfiles/core/139/filelists/files b/config/rootfiles/core/139/filelists/files index 7a05c13fe..8a16facad 100644 --- a/config/rootfiles/core/139/filelists/files +++ b/config/rootfiles/core/139/filelists/files @@ -5,6 +5,7 @@ var/ipfire/langs etc/httpd/conf/vhosts.d/ipfire-interface.conf etc/httpd/conf/vhosts.d/ipfire-interface-ssl.conf etc/rc.d/init.d/functions +etc/rc.d/init.d/leds etc/rc.d/init.d/networking/dhcpcd.exe etc/rc.d/init.d/networking/red etc/rc.d/init.d/networking/functions.network diff --git a/src/initscripts/system/leds b/src/initscripts/system/leds index 3c3b4204a..08a73f6ba 100644 --- a/src/initscripts/system/leds +++ b/src/initscripts/system/leds @@ -60,6 +60,25 @@ enable_led () fi } +#Handle new APU ACPI Leds introduced on APU2 with bios 4.10.0.0 +if [ -e /sys/class/leds/apu1:green:led1 ]; then + APULED="apu1:green:led"; +else if [ -e /sys/class/leds/apu2:green:led1 ]; then + APULED="apu2:green:led"; +else if [ -e /sys/class/leds/apu3:green:led1 ]; then + APULED="apu3:green:led"; +else if [ -e /sys/class/leds/apu4:green:led1 ]; then + APULED="apu4:green:led"; +else if [ -e /sys/class/leds/apu5:green:led1 ]; then + APULED="apu5:green:led"; +else + APULED="apu:"; +fi +fi +fi +fi +fi + case "${1}" in start) # Alix LED start @@ -68,9 +87,9 @@ case "${1}" in setup_netdev_trigger alix:3 ${RED_DEV} tx # Apu LED start - setup_heartbeat_trigger apu:1 - setup_netdev_trigger apu:2 ${RED_DEV} rx - setup_netdev_trigger apu:3 ${RED_DEV} tx + setup_heartbeat_trigger ${APULED}1 + setup_netdev_trigger ${APULED}2 ${RED_DEV} rx + setup_netdev_trigger ${APULED}3 ${RED_DEV} tx # Geos LED start setup_heartbeat_trigger geos:1 @@ -115,10 +134,10 @@ case "${1}" in disable_led_trigger alix:3 # Apu LED stop - disable_led_trigger apu:1 - enable_led apu:1 - disable_led_trigger apu:2 - disable_led_trigger apu:3 + disable_led_trigger ${APULED}1 + enable_led ${APULED}1 + disable_led_trigger ${APULED}2 + disable_led_trigger ${APULED}3 # Geos LED stop disable_led_trigger geos:1 From f23b944ecbdbcea349129f90850f961264fc1873 Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Mon, 9 Dec 2019 18:48:07 +0100 Subject: [PATCH 09/10] core139: finish Signed-off-by: Arne Fitzenreiter --- html/cgi-bin/credits.cgi | 6 +++--- make.sh | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/html/cgi-bin/credits.cgi b/html/cgi-bin/credits.cgi index bf3d6f4cd..a132b0a4a 100644 --- a/html/cgi-bin/credits.cgi +++ b/html/cgi-bin/credits.cgi @@ -76,15 +76,15 @@ Alf Høgemark, Ben Schweikert, Peter Pfeiffer, Daniel Glanzmann, -Heiner Schmeling, Daniel Weismüller, +Heiner Schmeling, Timo Eissler, Jan Lentfer, Marcus Scholz, Ersan Yildirim, +Stephan Feddersen, Joern-Ingo Weigert, Alexander Koch, -Stephan Feddersen, Wolfgang Apolinarski, Alfred Haas, Lars Schuhmacher, @@ -100,6 +100,7 @@ Alex Koch, Dominik Hassler, Larsen, Gabriel Rolland, +Tim FitzGeorge, Anton D. Seliverstov, Bernhard Bittner, David Kleuker, @@ -109,7 +110,6 @@ Jorrit de Jonge, Jörn-Ingo Weigert, Przemek Zdroik, Ramax Lo, -Tim FitzGeorge, Alexander Rudolf Gruber, Andrew Bellows, Axel Gembe, diff --git a/make.sh b/make.sh index 771c5ff89..94fd9679f 100755 --- a/make.sh +++ b/make.sh @@ -27,7 +27,7 @@ SNAME="ipfire" # Short name # If you update the version don't forget to update backupiso and add it to core update VERSION="2.23" # Version number CORE="139" # Core Level (Filename) -PAKFIRE_CORE="138" # Core Level (PAKFIRE) +PAKFIRE_CORE="139" # Core Level (PAKFIRE) GIT_BRANCH=`git rev-parse --abbrev-ref HEAD` # Git Branch SLOGAN="www.ipfire.org" # Software slogan CONFIG_ROOT=/var/ipfire # Configuration rootdir From 6a3acff9348cb755250ef9d763c73a73142f46e3 Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Mon, 9 Dec 2019 19:50:03 +0100 Subject: [PATCH 10/10] core140: start Signed-off-by: Arne Fitzenreiter --- config/rootfiles/core/{139 => 140}/exclude | 0 config/rootfiles/core/140/filelists/files | 4 + config/rootfiles/core/{139 => 140}/meta | 0 config/rootfiles/core/140/update.sh | 75 +++++++++++++++++++ config/rootfiles/oldcore/139/exclude | 28 +++++++ .../139/filelists/aarch64/python | 0 .../139/filelists/armv5tel/python | 0 .../{core => oldcore}/139/filelists/bash | 0 .../139/filelists/ca-certificates | 0 .../{core => oldcore}/139/filelists/cpio | 0 .../{core => oldcore}/139/filelists/ddns | 0 .../{core => oldcore}/139/filelists/files | 0 .../{core => oldcore}/139/filelists/hwdata | 0 .../139/filelists/i586/intel-microcode | 0 .../139/filelists/i586/openssl-sse2 | 0 .../139/filelists/i586/python | 0 .../139/filelists/linux-firmware-new_files | 0 .../{core => oldcore}/139/filelists/logwatch | 0 .../{core => oldcore}/139/filelists/lz4 | 0 .../{core => oldcore}/139/filelists/openssh | 0 .../{core => oldcore}/139/filelists/openssl | 0 .../{core => oldcore}/139/filelists/openvpn | 0 .../{core => oldcore}/139/filelists/readline | 0 .../139/filelists/readline-compat | 0 .../{core => oldcore}/139/filelists/squid | 0 .../{core => oldcore}/139/filelists/unbound | 0 .../139/filelists/x86_64/intel-microcode | 0 .../139/filelists/x86_64/python | 0 config/rootfiles/oldcore/139/meta | 1 + .../rootfiles/{core => oldcore}/139/update.sh | 0 make.sh | 2 +- 31 files changed, 109 insertions(+), 1 deletion(-) rename config/rootfiles/core/{139 => 140}/exclude (100%) create mode 100644 config/rootfiles/core/140/filelists/files rename config/rootfiles/core/{139 => 140}/meta (100%) create mode 100644 config/rootfiles/core/140/update.sh create mode 100644 config/rootfiles/oldcore/139/exclude rename config/rootfiles/{core => oldcore}/139/filelists/aarch64/python (100%) rename config/rootfiles/{core => oldcore}/139/filelists/armv5tel/python (100%) rename config/rootfiles/{core => oldcore}/139/filelists/bash (100%) rename config/rootfiles/{core => oldcore}/139/filelists/ca-certificates (100%) rename config/rootfiles/{core => oldcore}/139/filelists/cpio (100%) rename config/rootfiles/{core => oldcore}/139/filelists/ddns (100%) rename config/rootfiles/{core => oldcore}/139/filelists/files (100%) rename config/rootfiles/{core => oldcore}/139/filelists/hwdata (100%) rename config/rootfiles/{core => oldcore}/139/filelists/i586/intel-microcode (100%) rename config/rootfiles/{core => oldcore}/139/filelists/i586/openssl-sse2 (100%) rename config/rootfiles/{core => oldcore}/139/filelists/i586/python (100%) rename config/rootfiles/{core => oldcore}/139/filelists/linux-firmware-new_files (100%) rename config/rootfiles/{core => oldcore}/139/filelists/logwatch (100%) rename config/rootfiles/{core => oldcore}/139/filelists/lz4 (100%) rename config/rootfiles/{core => oldcore}/139/filelists/openssh (100%) rename config/rootfiles/{core => oldcore}/139/filelists/openssl (100%) rename config/rootfiles/{core => oldcore}/139/filelists/openvpn (100%) rename config/rootfiles/{core => oldcore}/139/filelists/readline (100%) rename config/rootfiles/{core => oldcore}/139/filelists/readline-compat (100%) rename config/rootfiles/{core => oldcore}/139/filelists/squid (100%) rename config/rootfiles/{core => oldcore}/139/filelists/unbound (100%) rename config/rootfiles/{core => oldcore}/139/filelists/x86_64/intel-microcode (100%) rename config/rootfiles/{core => oldcore}/139/filelists/x86_64/python (100%) create mode 100644 config/rootfiles/oldcore/139/meta rename config/rootfiles/{core => oldcore}/139/update.sh (100%) diff --git a/config/rootfiles/core/139/exclude b/config/rootfiles/core/140/exclude similarity index 100% rename from config/rootfiles/core/139/exclude rename to config/rootfiles/core/140/exclude diff --git a/config/rootfiles/core/140/filelists/files b/config/rootfiles/core/140/filelists/files new file mode 100644 index 000000000..ce4e51768 --- /dev/null +++ b/config/rootfiles/core/140/filelists/files @@ -0,0 +1,4 @@ +etc/system-release +etc/issue +srv/web/ipfire/cgi-bin/credits.cgi +var/ipfire/langs diff --git a/config/rootfiles/core/139/meta b/config/rootfiles/core/140/meta similarity index 100% rename from config/rootfiles/core/139/meta rename to config/rootfiles/core/140/meta diff --git a/config/rootfiles/core/140/update.sh b/config/rootfiles/core/140/update.sh new file mode 100644 index 000000000..27b032966 --- /dev/null +++ b/config/rootfiles/core/140/update.sh @@ -0,0 +1,75 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 3 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2019 IPFire-Team . # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh +/usr/local/bin/backupctrl exclude >/dev/null 2>&1 + +core=140 + +exit_with_error() { + # Set last succesfull installed core. + echo $(($core-1)) > /opt/pakfire/db/core/mine + # don't start pakfire again at error + killall -KILL pak_update + /usr/bin/logger -p syslog.emerg -t ipfire \ + "core-update-${core}: $1" + exit $2 +} + +# Remove old core updates from pakfire cache to save space... +for (( i=1; i<=$core; i++ )); do + rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire +done + + +# Remove files + +# Stop services + +# Extract files +extract_files + +# update linker config +ldconfig + +# Update Language cache +/usr/local/bin/update-lang-cache + +# Start services + +# This update needs a reboot... +#touch /var/run/need_reboot + +# Finish +/etc/init.d/fireinfo start +sendprofile + +# Update grub config to display new core version +if [ -e /boot/grub/grub.cfg ]; then + grub-mkconfig -o /boot/grub/grub.cfg +fi + +sync + +# Don't report the exitcode last command +exit 0 diff --git a/config/rootfiles/oldcore/139/exclude b/config/rootfiles/oldcore/139/exclude new file mode 100644 index 000000000..b22159878 --- /dev/null +++ b/config/rootfiles/oldcore/139/exclude @@ -0,0 +1,28 @@ +boot/config.txt +boot/grub/grub.cfg +boot/grub/grubenv +etc/alternatives +etc/collectd.custom +etc/default/grub +etc/ipsec.conf +etc/ipsec.secrets +etc/ipsec.user.conf +etc/ipsec.user.secrets +etc/localtime +etc/shadow +etc/snort/snort.conf +etc/ssl/openssl.cnf +etc/sudoers +etc/sysconfig/firewall.local +etc/sysconfig/rc.local +etc/udev/rules.d/30-persistent-network.rules +srv/web/ipfire/html/proxy.pac +var/ipfire/dma +var/ipfire/time +var/ipfire/ovpn +var/lib/alternatives +var/log/cache +var/log/dhcpcd.log +var/log/messages +var/state/dhcp/dhcpd.leases +var/updatecache diff --git a/config/rootfiles/core/139/filelists/aarch64/python b/config/rootfiles/oldcore/139/filelists/aarch64/python similarity index 100% rename from config/rootfiles/core/139/filelists/aarch64/python rename to config/rootfiles/oldcore/139/filelists/aarch64/python diff --git a/config/rootfiles/core/139/filelists/armv5tel/python b/config/rootfiles/oldcore/139/filelists/armv5tel/python similarity index 100% rename from config/rootfiles/core/139/filelists/armv5tel/python rename to config/rootfiles/oldcore/139/filelists/armv5tel/python diff --git a/config/rootfiles/core/139/filelists/bash b/config/rootfiles/oldcore/139/filelists/bash similarity index 100% rename from config/rootfiles/core/139/filelists/bash rename to config/rootfiles/oldcore/139/filelists/bash diff --git a/config/rootfiles/core/139/filelists/ca-certificates b/config/rootfiles/oldcore/139/filelists/ca-certificates similarity index 100% rename from config/rootfiles/core/139/filelists/ca-certificates rename to config/rootfiles/oldcore/139/filelists/ca-certificates diff --git a/config/rootfiles/core/139/filelists/cpio b/config/rootfiles/oldcore/139/filelists/cpio similarity index 100% rename from config/rootfiles/core/139/filelists/cpio rename to config/rootfiles/oldcore/139/filelists/cpio diff --git a/config/rootfiles/core/139/filelists/ddns b/config/rootfiles/oldcore/139/filelists/ddns similarity index 100% rename from config/rootfiles/core/139/filelists/ddns rename to config/rootfiles/oldcore/139/filelists/ddns diff --git a/config/rootfiles/core/139/filelists/files b/config/rootfiles/oldcore/139/filelists/files similarity index 100% rename from config/rootfiles/core/139/filelists/files rename to config/rootfiles/oldcore/139/filelists/files diff --git a/config/rootfiles/core/139/filelists/hwdata b/config/rootfiles/oldcore/139/filelists/hwdata similarity index 100% rename from config/rootfiles/core/139/filelists/hwdata rename to config/rootfiles/oldcore/139/filelists/hwdata diff --git a/config/rootfiles/core/139/filelists/i586/intel-microcode b/config/rootfiles/oldcore/139/filelists/i586/intel-microcode similarity index 100% rename from config/rootfiles/core/139/filelists/i586/intel-microcode rename to config/rootfiles/oldcore/139/filelists/i586/intel-microcode diff --git a/config/rootfiles/core/139/filelists/i586/openssl-sse2 b/config/rootfiles/oldcore/139/filelists/i586/openssl-sse2 similarity index 100% rename from config/rootfiles/core/139/filelists/i586/openssl-sse2 rename to config/rootfiles/oldcore/139/filelists/i586/openssl-sse2 diff --git a/config/rootfiles/core/139/filelists/i586/python b/config/rootfiles/oldcore/139/filelists/i586/python similarity index 100% rename from config/rootfiles/core/139/filelists/i586/python rename to config/rootfiles/oldcore/139/filelists/i586/python diff --git a/config/rootfiles/core/139/filelists/linux-firmware-new_files b/config/rootfiles/oldcore/139/filelists/linux-firmware-new_files similarity index 100% rename from config/rootfiles/core/139/filelists/linux-firmware-new_files rename to config/rootfiles/oldcore/139/filelists/linux-firmware-new_files diff --git a/config/rootfiles/core/139/filelists/logwatch b/config/rootfiles/oldcore/139/filelists/logwatch similarity index 100% rename from config/rootfiles/core/139/filelists/logwatch rename to config/rootfiles/oldcore/139/filelists/logwatch diff --git a/config/rootfiles/core/139/filelists/lz4 b/config/rootfiles/oldcore/139/filelists/lz4 similarity index 100% rename from config/rootfiles/core/139/filelists/lz4 rename to config/rootfiles/oldcore/139/filelists/lz4 diff --git a/config/rootfiles/core/139/filelists/openssh b/config/rootfiles/oldcore/139/filelists/openssh similarity index 100% rename from config/rootfiles/core/139/filelists/openssh rename to config/rootfiles/oldcore/139/filelists/openssh diff --git a/config/rootfiles/core/139/filelists/openssl b/config/rootfiles/oldcore/139/filelists/openssl similarity index 100% rename from config/rootfiles/core/139/filelists/openssl rename to config/rootfiles/oldcore/139/filelists/openssl diff --git a/config/rootfiles/core/139/filelists/openvpn b/config/rootfiles/oldcore/139/filelists/openvpn similarity index 100% rename from config/rootfiles/core/139/filelists/openvpn rename to config/rootfiles/oldcore/139/filelists/openvpn diff --git a/config/rootfiles/core/139/filelists/readline b/config/rootfiles/oldcore/139/filelists/readline similarity index 100% rename from config/rootfiles/core/139/filelists/readline rename to config/rootfiles/oldcore/139/filelists/readline diff --git a/config/rootfiles/core/139/filelists/readline-compat b/config/rootfiles/oldcore/139/filelists/readline-compat similarity index 100% rename from config/rootfiles/core/139/filelists/readline-compat rename to config/rootfiles/oldcore/139/filelists/readline-compat diff --git a/config/rootfiles/core/139/filelists/squid b/config/rootfiles/oldcore/139/filelists/squid similarity index 100% rename from config/rootfiles/core/139/filelists/squid rename to config/rootfiles/oldcore/139/filelists/squid diff --git a/config/rootfiles/core/139/filelists/unbound b/config/rootfiles/oldcore/139/filelists/unbound similarity index 100% rename from config/rootfiles/core/139/filelists/unbound rename to config/rootfiles/oldcore/139/filelists/unbound diff --git a/config/rootfiles/core/139/filelists/x86_64/intel-microcode b/config/rootfiles/oldcore/139/filelists/x86_64/intel-microcode similarity index 100% rename from config/rootfiles/core/139/filelists/x86_64/intel-microcode rename to config/rootfiles/oldcore/139/filelists/x86_64/intel-microcode diff --git a/config/rootfiles/core/139/filelists/x86_64/python b/config/rootfiles/oldcore/139/filelists/x86_64/python similarity index 100% rename from config/rootfiles/core/139/filelists/x86_64/python rename to config/rootfiles/oldcore/139/filelists/x86_64/python diff --git a/config/rootfiles/oldcore/139/meta b/config/rootfiles/oldcore/139/meta new file mode 100644 index 000000000..d547fa86f --- /dev/null +++ b/config/rootfiles/oldcore/139/meta @@ -0,0 +1 @@ +DEPS="" diff --git a/config/rootfiles/core/139/update.sh b/config/rootfiles/oldcore/139/update.sh similarity index 100% rename from config/rootfiles/core/139/update.sh rename to config/rootfiles/oldcore/139/update.sh diff --git a/make.sh b/make.sh index 94fd9679f..64b08b7d9 100755 --- a/make.sh +++ b/make.sh @@ -26,7 +26,7 @@ NAME="IPFire" # Software name SNAME="ipfire" # Short name # If you update the version don't forget to update backupiso and add it to core update VERSION="2.23" # Version number -CORE="139" # Core Level (Filename) +CORE="140" # Core Level (Filename) PAKFIRE_CORE="139" # Core Level (PAKFIRE) GIT_BRANCH=`git rev-parse --abbrev-ref HEAD` # Git Branch SLOGAN="www.ipfire.org" # Software slogan