diff --git a/config/backup/backup.pl b/config/backup/backup.pl index ce8911635..3accbcfff 100644 --- a/config/backup/backup.pl +++ b/config/backup/backup.pl @@ -1,4 +1,4 @@ -#!/usr/bin/perl +#!/bin/bash ############################################################################### # # # IPFire.org - A linux based firewall # @@ -19,148 +19,203 @@ # # ############################################################################### -require '/var/ipfire/general-functions.pl'; -require "${General::swroot}/lang.pl"; -require "${General::swroot}/header.pl"; -use File::Path; -my $debug = 1; -my @include = ""; -my ($Sekunden, $Minuten, $Stunden, $Monatstag, $Monat, $Jahr, $Wochentag, $Jahrestag, $Sommerzeit) = localtime(time); -$Jahr = $Jahr + 1900;$Monat = $Monat + 1; -$Monat = sprintf("%02d", $Monat); -$Monatstag = sprintf("%02d", $Monatstag); -$Stunden = sprintf("%02d", $Stunden); -$Minuten = sprintf("%02d", $Minuten); +NOW="$(date "+%Y-%m-%d-%H:%M")" -if (($ARGV[0] eq 'include') || ($ARGV[0] eq 'iso')) { - &createinclude; - my @files = `find / -name *.log* 2>/dev/null`; - foreach (@files){ - push(@include,$_); - } - my @files = `find /var/log/ -name *messages* 2>/dev/null`; - foreach (@files){ - push(@include,$_); - } - open(DATEI, ">/tmp/include") || die "Could not save temp include file"; - print DATEI @include; - print "/var/log/messages"; - close(DATEI); - system("tar -cvzf /var/ipfire/backup/$Jahr$Monat$Monatstag-$Stunden$Minuten.ipf --exclude-from='/var/ipfire/backup/exclude' --exclude-from='/var/ipfire/backup/exclude.user' --files-from='/tmp/include' --files-from='/var/ipfire/backup/include.user'"); - system("rm /tmp/include"); - if ($ARGV[0] eq 'iso') { - system("/usr/local/bin/backupiso $Jahr$Monat$Monatstag-$Stunden$Minuten &"); - } -} -elsif ($ARGV[0] eq 'exclude') { - &createinclude; - open(DATEI, ">/tmp/include") || die "Could not save temp include file"; - print DATEI @include; - close(DATEI); - system("tar -cvzf /var/ipfire/backup/$Jahr$Monat$Monatstag-$Stunden$Minuten.ipf --exclude-from='/var/ipfire/backup/exclude' --exclude-from='/var/ipfire/backup/exclude.user' --files-from='/tmp/include' --files-from='/var/ipfire/backup/include.user'"); - system("rm /tmp/include"); -} -elsif ($ARGV[0] eq 'restore') { - system("cd / && tar -xvz -p -f /tmp/restore.ipf"); - #Here some converter scripts to correct old Backups (before core 65) - system("/usr/sbin/ovpn-ccd-convert"); - #OUTGOINGFW CONVERTER - if( -d "${General::swroot}/outgoing"){ - if( -f "${General::swroot}/firewall/config" ){ - unlink("${General::swroot}/firewall/config"); - system("touch ${General::swroot}/firewall/config"); - chown 99,99,"${General::swroot}/firewall/config"; - } - if( -f "${General::swroot}/firewall/outgoing" ){ - unlink("${General::swroot}/firewall/outgoing"); - system("touch ${General::swroot}/firewall/outgoing"); - chown 99,99,"${General::swroot}/firewall/outgoing"; - } - unlink("${General::swroot}/fwhosts/customgroups"); - unlink("${General::swroot}/fwhosts/customhosts"); - unlink("${General::swroot}/fwhosts/customgroups"); - unlink("${General::swroot}/fwhosts/customnetworks"); - unlink("${General::swroot}/fwhosts/customservicegrp"); - unlink("${General::swroot}/fwhosts/customnetworks"); - system("touch ${General::swroot}/fwhosts/customgroups"); - system("touch ${General::swroot}/fwhosts/customhosts"); - system("touch ${General::swroot}/fwhosts/customnetworks"); - system("touch ${General::swroot}/fwhosts/customservicegrp"); - #START CONVERTER "OUTGOINGFW" - system("/usr/sbin/convert-outgoingfw"); - chown 99,99,"${General::swroot}/fwhosts/customgroups"; - chown 99,99,"${General::swroot}/fwhosts/customhosts"; - chown 99,99,"${General::swroot}/fwhosts/customnetworks"; - chown 99,99,"${General::swroot}/fwhosts/customservicegrp"; - #START CONVERTER "OUTGOINGFW" - rmtree("${General::swroot}/outgoing"); - } - #XTACCESS CONVERTER - if( -d "${General::swroot}/xtaccess"){ - if( -f "${General::swroot}/firewall/input" ){ - unlink("${General::swroot}/firewall/input"); - system("touch ${General::swroot}/firewall/input"); - } - #START CONVERTER "XTACCESS" - system("/usr/sbin/convert-xtaccess"); - chown 99,99,"${General::swroot}/firewall/input"; - rmtree("${General::swroot}/xtaccess"); - } - #DMZ-HOLES CONVERTER - if( -d "${General::swroot}/dmzholes" || -d "${General::swroot}/portfw"){ - if( -f "${General::swroot}/firewall/config" ){ - unlink("${General::swroot}/firewall/config"); - system("touch ${General::swroot}/firewall/config"); - } - #START CONVERTER "DMZ-HOLES" - system("/usr/sbin/convert-dmz"); - chown 99,99,"${General::swroot}/firewall/config"; - rmtree("${General::swroot}/dmzholes"); - } - #PORTFORWARD CONVERTER - if( -d "${General::swroot}/portfw"){ - #START CONVERTER "PORTFW" - system("/usr/sbin/convert-portfw"); - rmtree("${General::swroot}/portfw"); - } - system("/usr/local/bin/firewallctrl"); +list_addons() { + local file + for file in /var/ipfire/backup/addons/includes/*; do + if [ -f "${file}" ]; then + basename "${file}" + fi + done - # Convert old OpenVPN CCD files (CN change, core 75). - system("/usr/local/bin/convert-ovpn"); -} -elsif ($ARGV[0] eq 'restoreaddon') { - if ( -e "/tmp/$ARGV[1]" ){system("mv /tmp/$ARGV[1] /var/ipfire/backup/addons/backup/$ARGV[1]");} - system("cd / && tar -xvz -p -f /var/ipfire/backup/addons/backup/$ARGV[1]"); -} -elsif ($ARGV[0] eq 'cli') { - system("tar -cvzf /var/ipfire/backup/$Jahr$Monat$Monatstag-$Stunden$Minuten-$ARGV[1].ipf --files-from='$ARGV[2]' --exclude-from='$ARGV[3]'"); -} -elsif ($ARGV[0] eq 'addonbackup') { - system("tar -cvzf /var/ipfire/backup/addons/backup/$ARGV[1].ipf --files-from='/var/ipfire/backup/addons/includes/$ARGV[1]'"); -} -elsif ($ARGV[0] =~ /\.(iso|ipf)$/ ) { - unlink("$ARGV[0]"); -} -elsif ($ARGV[0] eq '') { - printf "No argument given, please use \n" -} -elsif ($ARGV[0] eq 'makedirs') { - system("mkdir -p /var/ipfire/backup/addons"); - system("mkdir -p /var/ipfire/backup/addons/backup"); - system("mkdir -p /var/ipfire/backup/addons/includes"); + return 0 } -sub createinclude(){ +process_includes() { + local include - open(DATEI, "<${General::swroot}/backup/include") || die "Can not open include file"; - my @Zeilen = ; - close(DATEI); - - foreach (@Zeilen){ - chomp($_); - my @files = `find $_ -maxdepth 0 2>/dev/null`; - foreach (@files){ - push(@include,$_); - } - } + for include in $@; do + local file + while read -r file; do + for file in ${file}; do + if [ -e "${file}" ]; then + echo "${file}" + fi + done + done < "${include}" + done | sort -u } + +make_backup() { + local filename="${1}" + shift + + # Backup all addons first + local addon + for addon in $(list_addons); do + make_addon_backup "${addon}" + done + + tar cvzf "${filename}" \ + --exclude-from="/var/ipfire/backup/exclude" \ + --exclude-from="/var/ipfire/backup/exclude.user" \ + $(process_includes "/var/ipfire/backup/include" "/var/ipfire/backup/include.user") \ + "$@" + + return 0 +} + +restore_backup() { + local filename="${1}" + + tar xvzpf "${filename}" -C / + + # Run converters + + # Outgoing Firewall + if [ -d "/var/ipfire/outgoing" ]; then + # Reset files + local file + for file in /var/ipfire/firewall/{config,outgoing} \ + /var/ipfire/fwhosts/custom{hosts,groups,networks}; do + : > "${file}" + chown nobody:nobody "${file}" + done + + # Run converter + convert-outgoingfw + + # Remove old configuration + rm -rf "/var/ipfire/outgoing" + fi + + # External Access + if [ -d "/var/ipfire/xtaccess" ]; then + : > /var/ipfire/firewall/config + chown nobody:nobody "/var/ipfire/firewall/config" + + # Run converter + convert-xtaccess + + # Remove old configuration + rm -rf "/var/ipfire/xtaccess" + fi + + # DMZ Holes + if [ -d "/var/ipfire/dmzholes" ] || [ -d "/var/ipfire/portfw" ]; then + : > /var/ipfire/firewall/config + chown nobody:nobody "/var/ipfire/firewall/config" + + # Run converter + convert-dmz + + # Remove old configuration + rm -rf "/var/ipfire/dmzholes" + fi + + # Port Forwardings + if [ -d "/var/ipfire/portfw" ]; then + # Run converter + convert-portfw + + # Remove old configuration + rm -rf "/var/ipfire/portfw" + fi + + # Reload firewall + firewallctrl + + # Convert old OpenVPN CCD files (CN change, Core Update 75) + convert-ovpn + + return 0 +} + +find_logfiles() { + local filelist=( /var/log/messages* /var/log/*.log /var/log/**/*.log ) + + echo "${filelist[@]}" +} + +make_addon_backup() { + local name="${1}" + shift + + if [ ! -f "/var/ipfire/backup/addons/includes/${name}" ]; then + echo "${name} does not have any backup includes" >&2 + return 1 + fi + + local filename="/var/ipfire/backup/addons/backup/${name}.ipf" + + tar cvzf "${filename}" \ + $(process_includes "/var/ipfire/backup/addons/includes/${name}") +} + +restore_addon_backup() { + local name="${1}" + + if [ -d "/tmp/${name}.ipf" ]; then + mv "/tmp/${name}.ipf" "/var/ipfire/backup/addons/backup/${name}.ipf" + fi + + tar xvzpf "/var/ipfire/backup/addons/backup/${name}.ipf" -C / +} + +main() { + local command="${1}" + shift + + # Desired backup filename + local filename="/var/ipfire/backup/${NOW}.ipf" + + case "${command}" in + include) + make_backup "${filename}" $(find_logfiles) + ;; + + exclude) + make_backup "${filename}" + ;; + + restore) + restore_backup "/tmp/restore.ipf" + ;; + + addonbackup) + make_addon_backup "$@" + ;; + + restoreaddon) + restore_addon_backup "${1/.ipf/}" + ;; + + iso) + if make_backup "${filename}"; then + /usr/local/bin/backupiso "${NOW}" & + fi + ;; + + makedirs) + mkdir -p /var/ipfire/backup/addons/{backup,includes} + ;; + + list) + process_includes "/var/ipfire/backup/include" "/var/ipfire/backup/include.user" + ;; + + /var/ipfire/backup/*.ipf|/var/ipfire/backup/addons/backup/*.ipf|/var/tmp/backupiso/*.iso) + unlink "${command}" + ;; + + *) + echo "${0}: [include|exclude|restore|addonbackup |restoreaddon |iso]" >&2 + return 2 + ;; + esac + + return $? +} + +main "$@" || exit $? diff --git a/config/backup/include b/config/backup/include index 6982b1c92..75bd85807 100644 --- a/config/backup/include +++ b/config/backup/include @@ -23,6 +23,9 @@ /root/.gitconfig /root/.ssh /var/ipfire/auth/users +/var/ipfire/backup/addons/backup +/var/ipfire/backup/exclude.user +/var/ipfire/backup/include.user /var/ipfire/captive/* /var/ipfire/*/*.conf /var/ipfire/*/config diff --git a/config/backup/includes/frr b/config/backup/includes/frr new file mode 100644 index 000000000..ca74d4891 --- /dev/null +++ b/config/backup/includes/frr @@ -0,0 +1 @@ +/etc/frr diff --git a/config/ca-certificates/certdata.txt b/config/ca-certificates/certdata.txt index 193cef38f..61c37a8bd 100644 --- a/config/ca-certificates/certdata.txt +++ b/config/ca-certificates/certdata.txt @@ -2144,146 +2144,6 @@ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE -# -# Certificate "Visa eCommerce Root" -# -# Issuer: CN=Visa eCommerce Root,OU=Visa International Service Association,O=VISA,C=US -# Serial Number:13:86:35:4d:1d:3f:06:f2:c1:f9:65:05:d5:90:1c:62 -# Subject: CN=Visa eCommerce Root,OU=Visa International Service Association,O=VISA,C=US -# Not Valid Before: Wed Jun 26 02:18:36 2002 -# Not Valid After : Fri Jun 24 00:16:12 2022 -# Fingerprint (MD5): FC:11:B8:D8:08:93:30:00:6D:23:F9:7E:EB:52:1E:02 -# Fingerprint (SHA1): 70:17:9B:86:8C:00:A4:FA:60:91:52:22:3F:9F:3E:32:BD:E0:05:62 -CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Visa eCommerce Root" -CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 -CKA_SUBJECT MULTILINE_OCTAL -\060\153\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\015\060\013\006\003\125\004\012\023\004\126\111\123\101\061\057 -\060\055\006\003\125\004\013\023\046\126\151\163\141\040\111\156 -\164\145\162\156\141\164\151\157\156\141\154\040\123\145\162\166 -\151\143\145\040\101\163\163\157\143\151\141\164\151\157\156\061 -\034\060\032\006\003\125\004\003\023\023\126\151\163\141\040\145 -\103\157\155\155\145\162\143\145\040\122\157\157\164 -END -CKA_ID UTF8 "0" -CKA_ISSUER MULTILINE_OCTAL -\060\153\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\015\060\013\006\003\125\004\012\023\004\126\111\123\101\061\057 -\060\055\006\003\125\004\013\023\046\126\151\163\141\040\111\156 -\164\145\162\156\141\164\151\157\156\141\154\040\123\145\162\166 -\151\143\145\040\101\163\163\157\143\151\141\164\151\157\156\061 -\034\060\032\006\003\125\004\003\023\023\126\151\163\141\040\145 -\103\157\155\155\145\162\143\145\040\122\157\157\164 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\023\206\065\115\035\077\006\362\301\371\145\005\325\220 -\034\142 -END -CKA_VALUE MULTILINE_OCTAL -\060\202\003\242\060\202\002\212\240\003\002\001\002\002\020\023 -\206\065\115\035\077\006\362\301\371\145\005\325\220\034\142\060 -\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\153 -\061\013\060\011\006\003\125\004\006\023\002\125\123\061\015\060 -\013\006\003\125\004\012\023\004\126\111\123\101\061\057\060\055 -\006\003\125\004\013\023\046\126\151\163\141\040\111\156\164\145 -\162\156\141\164\151\157\156\141\154\040\123\145\162\166\151\143 -\145\040\101\163\163\157\143\151\141\164\151\157\156\061\034\060 -\032\006\003\125\004\003\023\023\126\151\163\141\040\145\103\157 -\155\155\145\162\143\145\040\122\157\157\164\060\036\027\015\060 -\062\060\066\062\066\060\062\061\070\063\066\132\027\015\062\062 -\060\066\062\064\060\060\061\066\061\062\132\060\153\061\013\060 -\011\006\003\125\004\006\023\002\125\123\061\015\060\013\006\003 -\125\004\012\023\004\126\111\123\101\061\057\060\055\006\003\125 -\004\013\023\046\126\151\163\141\040\111\156\164\145\162\156\141 -\164\151\157\156\141\154\040\123\145\162\166\151\143\145\040\101 -\163\163\157\143\151\141\164\151\157\156\061\034\060\032\006\003 -\125\004\003\023\023\126\151\163\141\040\145\103\157\155\155\145 -\162\143\145\040\122\157\157\164\060\202\001\042\060\015\006\011 -\052\206\110\206\367\015\001\001\001\005\000\003\202\001\017\000 -\060\202\001\012\002\202\001\001\000\257\127\336\126\036\156\241 -\332\140\261\224\047\313\027\333\007\077\200\205\117\310\234\266 -\320\364\157\117\317\231\330\341\333\302\110\134\072\254\071\063 -\307\037\152\213\046\075\053\065\365\110\261\221\301\002\116\004 -\226\221\173\260\063\360\261\024\116\021\157\265\100\257\033\105 -\245\112\357\176\266\254\362\240\037\130\077\022\106\140\074\215 -\241\340\175\317\127\076\063\036\373\107\361\252\025\227\007\125 -\146\245\265\055\056\330\200\131\262\247\015\267\106\354\041\143 -\377\065\253\245\002\317\052\364\114\376\173\365\224\135\204\115 -\250\362\140\217\333\016\045\074\237\163\161\317\224\337\112\352 -\333\337\162\070\214\363\226\275\361\027\274\322\272\073\105\132 -\306\247\366\306\027\213\001\235\374\031\250\052\203\026\270\072 -\110\376\116\076\240\253\006\031\351\123\363\200\023\007\355\055 -\277\077\012\074\125\040\071\054\054\000\151\164\225\112\274\040 -\262\251\171\345\030\211\221\250\334\034\115\357\273\176\067\013 -\135\376\071\245\210\122\214\000\154\354\030\174\101\275\366\213 -\165\167\272\140\235\204\347\376\055\002\003\001\000\001\243\102 -\060\100\060\017\006\003\125\035\023\001\001\377\004\005\060\003 -\001\001\377\060\016\006\003\125\035\017\001\001\377\004\004\003 -\002\001\006\060\035\006\003\125\035\016\004\026\004\024\025\070 -\203\017\077\054\077\160\063\036\315\106\376\007\214\040\340\327 -\303\267\060\015\006\011\052\206\110\206\367\015\001\001\005\005 -\000\003\202\001\001\000\137\361\101\175\174\134\010\271\053\340 -\325\222\107\372\147\134\245\023\303\003\041\233\053\114\211\106 -\317\131\115\311\376\245\100\266\143\315\335\161\050\225\147\021 -\314\044\254\323\104\154\161\256\001\040\153\003\242\217\030\267 -\051\072\175\345\026\140\123\170\074\300\257\025\203\367\217\122 -\063\044\275\144\223\227\356\213\367\333\030\250\155\161\263\367 -\054\027\320\164\045\151\367\376\153\074\224\276\115\113\101\214 -\116\342\163\320\343\220\042\163\103\315\363\357\352\163\316\105 -\212\260\246\111\377\114\175\235\161\210\304\166\035\220\133\035 -\356\375\314\367\356\375\140\245\261\172\026\161\321\026\320\174 -\022\074\154\151\227\333\256\137\071\232\160\057\005\074\031\106 -\004\231\040\066\320\140\156\141\006\273\026\102\214\160\367\060 -\373\340\333\146\243\000\001\275\346\054\332\221\137\240\106\213 -\115\152\234\075\075\335\005\106\376\166\277\240\012\074\344\000 -\346\047\267\377\204\055\336\272\042\047\226\020\161\353\042\355 -\337\337\063\234\317\343\255\256\216\324\216\346\117\121\257\026 -\222\340\134\366\007\017 -END -CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE - -# Trust for Certificate "Visa eCommerce Root" -# Issuer: CN=Visa eCommerce Root,OU=Visa International Service Association,O=VISA,C=US -# Serial Number:13:86:35:4d:1d:3f:06:f2:c1:f9:65:05:d5:90:1c:62 -# Subject: CN=Visa eCommerce Root,OU=Visa International Service Association,O=VISA,C=US -# Not Valid Before: Wed Jun 26 02:18:36 2002 -# Not Valid After : Fri Jun 24 00:16:12 2022 -# Fingerprint (MD5): FC:11:B8:D8:08:93:30:00:6D:23:F9:7E:EB:52:1E:02 -# Fingerprint (SHA1): 70:17:9B:86:8C:00:A4:FA:60:91:52:22:3F:9F:3E:32:BD:E0:05:62 -CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST -CKA_TOKEN CK_BBOOL CK_TRUE -CKA_PRIVATE CK_BBOOL CK_FALSE -CKA_MODIFIABLE CK_BBOOL CK_FALSE -CKA_LABEL UTF8 "Visa eCommerce Root" -CKA_CERT_SHA1_HASH MULTILINE_OCTAL -\160\027\233\206\214\000\244\372\140\221\122\042\077\237\076\062 -\275\340\005\142 -END -CKA_CERT_MD5_HASH MULTILINE_OCTAL -\374\021\270\330\010\223\060\000\155\043\371\176\353\122\036\002 -END -CKA_ISSUER MULTILINE_OCTAL -\060\153\061\013\060\011\006\003\125\004\006\023\002\125\123\061 -\015\060\013\006\003\125\004\012\023\004\126\111\123\101\061\057 -\060\055\006\003\125\004\013\023\046\126\151\163\141\040\111\156 -\164\145\162\156\141\164\151\157\156\141\154\040\123\145\162\166 -\151\143\145\040\101\163\163\157\143\151\141\164\151\157\156\061 -\034\060\032\006\003\125\004\003\023\023\126\151\163\141\040\145 -\103\157\155\155\145\162\143\145\040\122\157\157\164 -END -CKA_SERIAL_NUMBER MULTILINE_OCTAL -\002\020\023\206\065\115\035\077\006\362\301\371\145\005\325\220 -\034\142 -END -CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST -CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE - # # Certificate "Certum Root CA" # diff --git a/config/rootfiles/common/bison b/config/rootfiles/common/bison index 2ecfc75fb..d56db029e 100644 --- a/config/rootfiles/common/bison +++ b/config/rootfiles/common/bison @@ -51,6 +51,8 @@ #usr/share/locale/ast #usr/share/locale/ast/LC_MESSAGES #usr/share/locale/ast/LC_MESSAGES/bison-runtime.mo +#usr/share/locale/ca/LC_MESSAGES/bison-runtime.mo +#usr/share/locale/ca/LC_MESSAGES/bison.mo #usr/share/locale/da/LC_MESSAGES/bison-runtime.mo #usr/share/locale/da/LC_MESSAGES/bison.mo #usr/share/locale/de/LC_MESSAGES/bison-runtime.mo diff --git a/config/rootfiles/common/json-c b/config/rootfiles/common/json-c new file mode 100644 index 000000000..6be4bbe68 --- /dev/null +++ b/config/rootfiles/common/json-c @@ -0,0 +1,21 @@ +#usr/include/json-c +#usr/include/json-c/arraylist.h +#usr/include/json-c/bits.h +#usr/include/json-c/debug.h +#usr/include/json-c/json.h +#usr/include/json-c/json_c_version.h +#usr/include/json-c/json_config.h +#usr/include/json-c/json_inttypes.h +#usr/include/json-c/json_object.h +#usr/include/json-c/json_object_iterator.h +#usr/include/json-c/json_pointer.h +#usr/include/json-c/json_tokener.h +#usr/include/json-c/json_util.h +#usr/include/json-c/json_visit.h +#usr/include/json-c/linkhash.h +#usr/include/json-c/printbuf.h +#usr/lib/libjson-c.la +#usr/lib/libjson-c.so +usr/lib/libjson-c.so.4 +usr/lib/libjson-c.so.4.0.0 +#usr/lib/pkgconfig/json-c.pc diff --git a/config/rootfiles/common/kmod b/config/rootfiles/common/kmod index b3d45e25d..4c9b448f7 100644 --- a/config/rootfiles/common/kmod +++ b/config/rootfiles/common/kmod @@ -5,7 +5,10 @@ sbin/lsmod sbin/modinfo sbin/modprobe sbin/rmmod +#usr/include/libkmod.h +#usr/lib/libkmod.la #usr/lib/libkmod.so usr/lib/libkmod.so.2 usr/lib/libkmod.so.2.3.3 +#usr/lib/pkgconfig/libkmod.pc #usr/share/bash-completion/completions/kmod diff --git a/config/rootfiles/core/125/filelists/ca-certificates b/config/rootfiles/core/125/filelists/ca-certificates new file mode 120000 index 000000000..320fea8f4 --- /dev/null +++ b/config/rootfiles/core/125/filelists/ca-certificates @@ -0,0 +1 @@ +../../../common/ca-certificates \ No newline at end of file diff --git a/config/rootfiles/core/125/filelists/files b/config/rootfiles/core/125/filelists/files index f2afb62fb..ab7eeee47 100644 --- a/config/rootfiles/core/125/filelists/files +++ b/config/rootfiles/core/125/filelists/files @@ -4,7 +4,10 @@ etc/ssh/sshd_config etc/sysctl.conf srv/web/ipfire/cgi-bin/credits.cgi srv/web/ipfire/cgi-bin/hardwaregraphs.cgi +srv/web/ipfire/cgi-bin/ids.cgi srv/web/ipfire/cgi-bin/media.cgi srv/web/ipfire/cgi-bin/pakfire.cgi usr/local/bin/makegraphs +var/ipfire/backup/bin/backup.pl +var/ipfire/backup/include var/ipfire/langs diff --git a/config/rootfiles/core/125/filelists/json-c b/config/rootfiles/core/125/filelists/json-c new file mode 120000 index 000000000..2da263e3d --- /dev/null +++ b/config/rootfiles/core/125/filelists/json-c @@ -0,0 +1 @@ +../../../common/json-c \ No newline at end of file diff --git a/config/rootfiles/core/125/filelists/squid b/config/rootfiles/core/125/filelists/squid new file mode 120000 index 000000000..2dc8372a0 --- /dev/null +++ b/config/rootfiles/core/125/filelists/squid @@ -0,0 +1 @@ +../../../common/squid \ No newline at end of file diff --git a/config/rootfiles/core/125/update.sh b/config/rootfiles/core/125/update.sh index 9d056f921..a4ae0993c 100644 --- a/config/rootfiles/core/125/update.sh +++ b/config/rootfiles/core/125/update.sh @@ -32,6 +32,7 @@ for (( i=1; i<=$core; i++ )); do done # Stop services +/etc/init.d/squid stop # Extract files extract_files @@ -46,6 +47,7 @@ ldconfig /etc/init.d/unbound restart /etc/init.d/apache restart /etc/init.d/sshd restart +/etc/init.d/squid start # Reload sysctl.conf sysctl -p diff --git a/config/rootfiles/packages/frr b/config/rootfiles/packages/frr new file mode 100644 index 000000000..8aafc7c6c --- /dev/null +++ b/config/rootfiles/packages/frr @@ -0,0 +1,129 @@ +#etc/frr +etc/frr/bgpd.conf.sample +etc/frr/bgpd.conf.sample2 +etc/frr/bgpd.conf.vnc.sample +etc/frr/ospfd.conf.sample +etc/frr/ripngd.conf.sample +etc/frr/staticd.conf.sample +etc/frr/vtysh.conf.sample +etc/frr/zebra.conf.sample +etc/rc.d/init.d/frr +usr/bin/bgp_btoa +usr/bin/vtysh +#usr/include/frr +#usr/include/frr/bfd.h +#usr/include/frr/bitfield.h +#usr/include/frr/buffer.h +#usr/include/frr/checksum.h +#usr/include/frr/command.h +#usr/include/frr/command_graph.h +#usr/include/frr/command_match.h +#usr/include/frr/compiler.h +#usr/include/frr/csv.h +#usr/include/frr/debug.h +#usr/include/frr/distribute.h +#usr/include/frr/eigrpd +#usr/include/frr/eigrpd/eigrp_dump.h +#usr/include/frr/eigrpd/eigrp_topology.h +#usr/include/frr/eigrpd/eigrpd.h +#usr/include/frr/event_counter.h +#usr/include/frr/ferr.h +#usr/include/frr/fifo.h +#usr/include/frr/filter.h +#usr/include/frr/freebsd-queue.h +#usr/include/frr/frr_pthread.h +#usr/include/frr/frratomic.h +#usr/include/frr/frrstr.h +#usr/include/frr/getopt.h +#usr/include/frr/graph.h +#usr/include/frr/hash.h +#usr/include/frr/hook.h +#usr/include/frr/if.h +#usr/include/frr/if_rmap.h +#usr/include/frr/imsg.h +#usr/include/frr/ipaddr.h +#usr/include/frr/jhash.h +#usr/include/frr/json.h +#usr/include/frr/keychain.h +#usr/include/frr/lib_errors.h +#usr/include/frr/libfrr.h +#usr/include/frr/libospf.h +#usr/include/frr/linklist.h +#usr/include/frr/log.h +#usr/include/frr/logicalrouter.h +#usr/include/frr/md5.h +#usr/include/frr/memory.h +#usr/include/frr/memory_vty.h +#usr/include/frr/module.h +#usr/include/frr/monotime.h +#usr/include/frr/mpls.h +#usr/include/frr/network.h +#usr/include/frr/nexthop.h +#usr/include/frr/nexthop_group.h +#usr/include/frr/ns.h +#usr/include/frr/openbsd-queue.h +#usr/include/frr/openbsd-tree.h +#usr/include/frr/ospfd +#usr/include/frr/ospfd/ospf_api.h +#usr/include/frr/ospfd/ospf_asbr.h +#usr/include/frr/ospfd/ospf_dump.h +#usr/include/frr/ospfd/ospf_dump_api.h +#usr/include/frr/ospfd/ospf_ism.h +#usr/include/frr/ospfd/ospf_lsa.h +#usr/include/frr/ospfd/ospf_lsdb.h +#usr/include/frr/ospfd/ospf_nsm.h +#usr/include/frr/ospfd/ospf_opaque.h +#usr/include/frr/ospfd/ospfd.h +#usr/include/frr/pbr.h +#usr/include/frr/plist.h +#usr/include/frr/pqueue.h +#usr/include/frr/prefix.h +#usr/include/frr/privs.h +#usr/include/frr/ptm_lib.h +#usr/include/frr/pw.h +#usr/include/frr/qobj.h +#usr/include/frr/queue.h +#usr/include/frr/ringbuf.h +#usr/include/frr/route_types.h +#usr/include/frr/routemap.h +#usr/include/frr/sbuf.h +#usr/include/frr/sha256.h +#usr/include/frr/sigevent.h +#usr/include/frr/skiplist.h +#usr/include/frr/sockopt.h +#usr/include/frr/sockunion.h +#usr/include/frr/spf_backoff.h +#usr/include/frr/srcdest_table.h +#usr/include/frr/stream.h +#usr/include/frr/systemd.h +#usr/include/frr/table.h +#usr/include/frr/termtable.h +#usr/include/frr/thread.h +#usr/include/frr/vector.h +#usr/include/frr/version.h +#usr/include/frr/vlan.h +#usr/include/frr/vrf.h +#usr/include/frr/vrf_int.h +#usr/include/frr/vty.h +#usr/include/frr/vxlan.h +#usr/include/frr/wheel.h +#usr/include/frr/workqueue.h +#usr/include/frr/zassert.h +#usr/include/frr/zclient.h +#usr/include/frr/zebra.h +#usr/lib/libfrr.a +#usr/lib/libfrr.la +#usr/lib/libfrr.so +usr/lib/libfrr.so.0 +usr/lib/libfrr.so.0.0.0 +usr/sbin/bgpd +usr/sbin/frr +usr/sbin/frr-reload +usr/sbin/frr-reload.py +usr/sbin/ospfd +usr/sbin/rfptest +usr/sbin/ssd +usr/sbin/staticd +usr/sbin/watchfrr +usr/sbin/zebra +var/ipfire/backup/addons/includes/frr diff --git a/config/rootfiles/packages/nfs b/config/rootfiles/packages/nfs index 048762650..f2637fec2 100644 --- a/config/rootfiles/packages/nfs +++ b/config/rootfiles/packages/nfs @@ -5,9 +5,26 @@ sbin/nfsdcltrack sbin/osd_login sbin/umount.nfs sbin/umount.nfs4 +#usr/include/nfsidmap.h #usr/include/nfsidmap_plugin.h +#usr/lib/libnfsidmap +#usr/lib/libnfsidmap.a +#usr/lib/libnfsidmap.la +#usr/lib/libnfsidmap.so +usr/lib/libnfsidmap.so.0 +usr/lib/libnfsidmap.so.0.3.0 usr/lib/libnfsidmap.so.1 usr/lib/libnfsidmap.so.1.0.0 +#usr/lib/libnfsidmap/nsswitch.a +#usr/lib/libnfsidmap/nsswitch.la +usr/lib/libnfsidmap/nsswitch.so +#usr/lib/libnfsidmap/static.a +#usr/lib/libnfsidmap/static.la +usr/lib/libnfsidmap/static.so +#usr/lib/libnfsidmap/umich_ldap.a +#usr/lib/libnfsidmap/umich_ldap.la +usr/lib/libnfsidmap/umich_ldap.so +#usr/lib/pkgconfig/libnfsidmap.pc usr/sbin/exportfs usr/sbin/mountstats usr/sbin/nfsconf @@ -22,7 +39,9 @@ usr/sbin/rpcdebug usr/sbin/showmount usr/sbin/sm-notify usr/sbin/start-statd +#usr/share/man/man3/nfs4_uid_to_name.3 #usr/share/man/man5/exports.5 +#usr/share/man/man5/idmapd.conf.5 #usr/share/man/man5/nfs.5 #usr/share/man/man5/nfs.conf.5 #usr/share/man/man5/nfsmount.conf.5 diff --git a/config/unbound/unbound.conf b/config/unbound/unbound.conf index cda591dab..2cc5bab8a 100644 --- a/config/unbound/unbound.conf +++ b/config/unbound/unbound.conf @@ -28,7 +28,7 @@ server: log-queries: no # Unbound Statistics - statistics-interval: 0 + statistics-interval: 86400 statistics-cumulative: yes extended-statistics: yes diff --git a/html/cgi-bin/ids.cgi b/html/cgi-bin/ids.cgi index d9d697deb..eddfc387c 100644 --- a/html/cgi-bin/ids.cgi +++ b/html/cgi-bin/ids.cgi @@ -692,7 +692,7 @@ sub downloadrulesfile { } if ($peer) { - system("wget -r --proxy=on --proxy-user=$proxysettings{'UPSTREAM_USER'} --proxy-passwd=$proxysettings{'UPSTREAM_PASSWORD'} -e http_proxy=http://$peer:$peerport/ -o /var/tmp/log --output-document=/var/tmp/snortrules.tar.gz $url"); + system("wget -r --proxy=on --proxy-user=$proxysettings{'UPSTREAM_USER'} --proxy-passwd=$proxysettings{'UPSTREAM_PASSWORD'} -e http_proxy=http://$peer:$peerport/ -e https_proxy=http://$peer:$peerport/ -o /var/tmp/log --output-document=/var/tmp/snortrules.tar.gz $url"); } else { system("wget -r -o /var/tmp/log --output-document=/var/tmp/snortrules.tar.gz $url"); } diff --git a/lfs/ca-certificates b/lfs/ca-certificates index e063b6439..6c684702a 100644 --- a/lfs/ca-certificates +++ b/lfs/ca-certificates @@ -24,7 +24,7 @@ include Config -VER = 20180910 +VER = 20181027 THISAPP = ca-certificates DIR_APP = $(DIR_SRC)/$(THISAPP) diff --git a/lfs/frr b/lfs/frr new file mode 100644 index 000000000..a14dc5981 --- /dev/null +++ b/lfs/frr @@ -0,0 +1,114 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007-2018 IPFire Team # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include Config + +VER = 6.0 + +THISAPP = frr-$(VER) +DL_FILE = $(THISAPP).tar.xz +DL_FROM = $(URL_IPFIRE) +DIR_APP = $(DIR_SRC)/$(THISAPP) +TARGET = $(DIR_INFO)/$(THISAPP) +PROG = frr +PAK_VER = 1 + +DEPS = "" + +############################################################################### +# Top-level Rules +############################################################################### + +objects = $(DL_FILE) + +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) + +$(DL_FILE)_MD5 = d725c08e0093f58e5fcac0969c781813 + +install : $(TARGET) + +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) + +download :$(patsubst %,$(DIR_DL)/%,$(objects)) + +md5 : $(subst %,%_MD5,$(objects)) + +dist: + @$(PAK) + +############################################################################### +# Downloading, checking, md5sum +############################################################################### + +$(patsubst %,$(DIR_CHK)/%,$(objects)) : + @$(CHECK) + +$(patsubst %,$(DIR_DL)/%,$(objects)) : + @$(LOAD) + +$(subst %,%_MD5,$(objects)) : + @$(MD5) + +############################################################################### +# Installation Details +############################################################################### + +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) + @$(PREBUILD) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && ./configure \ + --prefix=/usr \ + --sysconfdir=/etc/frr \ + --localstatedir=/var/run/frr \ + --enable-user="frr" \ + --enable-group="frr" \ + --enable-vty-group="frrvty" \ + --enable-multipath=64 \ + --disable-doc \ + --disable-babeld \ + --disable-bfdd \ + --disable-eigrpd \ + --disable-irdp \ + --disable-isisd \ + --disable-ldpd \ + --disable-nhrpd \ + --disable-ospf6d \ + --disable-ospfapi \ + --disable-pbrd \ + --disable-pimd \ + --disable-ripd \ + --disable-ripngd + cd $(DIR_APP) && make $(MAKETUNING) + cd $(DIR_APP) && make install + + # Install backup include + install -v -m 644 $(DIR_SRC)/config/backup/includes/frr \ + /var/ipfire/backup/addons/includes/frr + + # Install initscript + $(call INSTALL_INITSCRIPT,frr) + + @rm -rf $(DIR_APP) + @$(POSTBUILD) + diff --git a/lfs/json-c b/lfs/json-c new file mode 100644 index 000000000..51a20ccbf --- /dev/null +++ b/lfs/json-c @@ -0,0 +1,80 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007-2018 IPFire Team # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include Config + +VER = 0.13.1 + +THISAPP = json-c-$(VER) +DL_FILE = $(THISAPP).tar.gz +DL_FROM = $(URL_IPFIRE) +DIR_APP = $(DIR_SRC)/$(THISAPP) +TARGET = $(DIR_INFO)/$(THISAPP) + +############################################################################### +# Top-level Rules +############################################################################### + +objects = $(DL_FILE) + +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) + +$(DL_FILE)_MD5 = 04969ad59cc37bddd83741a08b98f350 + +install : $(TARGET) + +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) + +download :$(patsubst %,$(DIR_DL)/%,$(objects)) + +md5 : $(subst %,%_MD5,$(objects)) + +dist: + @$(PAK) + +############################################################################### +# Downloading, checking, md5sum +############################################################################### + +$(patsubst %,$(DIR_CHK)/%,$(objects)) : + @$(CHECK) + +$(patsubst %,$(DIR_DL)/%,$(objects)) : + @$(LOAD) + +$(subst %,%_MD5,$(objects)) : + @$(MD5) + +############################################################################### +# Installation Details +############################################################################### + +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) + @$(PREBUILD) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && ./configure --prefix=/usr --disable-static + cd $(DIR_APP) && make $(MAKETUNING) + cd $(DIR_APP) && make install + @rm -rf $(DIR_APP) + @$(POSTBUILD) diff --git a/lfs/squid b/lfs/squid index cae56407c..11b84d719 100644 --- a/lfs/squid +++ b/lfs/squid @@ -72,6 +72,8 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar xaf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/squid/01_Certificate_fields_injection_via_D_in_ERR_SECURE_CONNECT_FAIL_306.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/squid/02_Fix_memory_leak_when_parsing_SNMP_packet_313.patch cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5.28-fix-max-file-descriptors.patch cd $(DIR_APP) && autoreconf -vfi diff --git a/make.sh b/make.sh index c5cfab151..89ada4679 100755 --- a/make.sh +++ b/make.sh @@ -37,7 +37,7 @@ KVER=`grep --max-count=1 VER lfs/linux | awk '{ print $3 }'` GIT_TAG=$(git tag | tail -1) # Git Tag GIT_LASTCOMMIT=$(git log | head -n1 | cut -d" " -f2 |head -c8) # Last commit -TOOLCHAINVER=20181024 +TOOLCHAINVER=20181030 ############################################################################### # @@ -1176,6 +1176,7 @@ buildipfire() { lfsmake2 libgcrypt lfsmake2 libassuan lfsmake2 nettle + lfsmake2 json-c lfsmake2 libevent lfsmake2 libevent2 lfsmake2 expat @@ -1556,6 +1557,7 @@ buildipfire() { lfsmake2 lua lfsmake2 dnsdist lfsmake2 bird + lfsmake2 frr lfsmake2 dmidecode lfsmake2 mcelog lfsmake2 rtpproxy diff --git a/src/initscripts/packages/frr b/src/initscripts/packages/frr new file mode 100755 index 000000000..5fa4e9fa8 --- /dev/null +++ b/src/initscripts/packages/frr @@ -0,0 +1,63 @@ +#!/bin/sh +######################################################################## +# Begin $rc_base/init.d/frr +# +# Description : FRRouting Suite +# +######################################################################## + +. /etc/sysconfig/rc +. ${rc_functions} + +DAEMONS="zebra bgpd ospfd staticd" + +case "${1}" in + start) + # Fix permissions of configuration directory + if [ -d "/etc/frr" ]; then + chown root.frr /etc/frr + chmod 775 /etc/frr + fi + + for daemon in ${DAEMONS}; do + if [ -f "/etc/frr/${daemon}.conf" ]; then + # Set permissions + chown frr.frr "/etc/frr/${daemon}.conf" + + boot_mesg "Starting FRRouting ${daemon}..." + loadproc "/usr/sbin/${daemon}" --daemon + fi + done + ;; + + stop) + for daemon in ${DAEMONS}; do + boot_mesg "Stopping FRRouting ${daemon}..." + killproc "/usr/sbin/${daemon}" + done + ;; + + reload) + boot_mesg "Reloading FRRouting..." + reloadproc /usr/sbin/frr-reload + ;; + + restart) + ${0} stop + sleep 1 + ${0} start + ;; + + status) + for daemon in ${DAEMONS}; do + statusproc "/usr/sbin/${daemon}" + done + ;; + + *) + echo "Usage: ${0} {start|stop|reload|restart|status}" + exit 1 + ;; +esac + +# End $rc_base/init.d/frr diff --git a/src/paks/frr/install.sh b/src/paks/frr/install.sh new file mode 100644 index 000000000..7e0222246 --- /dev/null +++ b/src/paks/frr/install.sh @@ -0,0 +1,52 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 2 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2007 IPFire-Team . # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh + +if ! getent group frr &>/dev/null; then + groupadd -r frr +fi + +if ! getent group frrvty &>/dev/null; then + groupadd -r frrvty +fi + +if ! getent passwd frr &>/dev/null; then + useradd -r frr -g frr -s /bin/false -b /var/empty -G frrvty +fi + +# Extract files +extract_files + +# Restore any backups +restore_backup "${NAME}" + +# Start services +start_service "${NAME}" + +# Enable autostart +ln -svf ../init.d/frr /etc/rc.d/rc0.d/K40frr +ln -svf ../init.d/frr /etc/rc.d/rc3.d/S50frr +ln -svf ../init.d/frr /etc/rc.d/rc6.d/K40frr + +exit 0 diff --git a/src/paks/frr/uninstall.sh b/src/paks/frr/uninstall.sh new file mode 100644 index 000000000..49e3fdd7d --- /dev/null +++ b/src/paks/frr/uninstall.sh @@ -0,0 +1,35 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 2 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2007 IPFire-Team . # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh + +# Stop services +stop_service "${NAME}" + +# Create backup +extract_backup_includes +make_backup "${NAME}" + +# Remove all files +rm -rfv /etc/rc.d/rc*.d/*frr +remove_files diff --git a/src/paks/frr/update.sh b/src/paks/frr/update.sh new file mode 100644 index 000000000..89c40d0d7 --- /dev/null +++ b/src/paks/frr/update.sh @@ -0,0 +1,26 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 2 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2007 IPFire-Team . # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh +./uninstall.sh +./install.sh diff --git a/src/patches/squid/01_Certificate_fields_injection_via_D_in_ERR_SECURE_CONNECT_FAIL_306.patch b/src/patches/squid/01_Certificate_fields_injection_via_D_in_ERR_SECURE_CONNECT_FAIL_306.patch new file mode 100644 index 000000000..fadb1d48c --- /dev/null +++ b/src/patches/squid/01_Certificate_fields_injection_via_D_in_ERR_SECURE_CONNECT_FAIL_306.patch @@ -0,0 +1,72 @@ +commit f1657a9decc820f748fa3aff68168d3145258031 +Author: Christos Tsantilas +Date: 2018-10-17 15:14:07 +0000 + + Certificate fields injection via %D in ERR_SECURE_CONNECT_FAIL (#306) + + %ssl_subject, %ssl_ca_name, and %ssl_cn values were not properly escaped when %D code was expanded in HTML context of the ERR_SECURE_CONNECT_FAIL template. This bug affects all + ERR_SECURE_CONNECT_FAIL page templates containing %D, including the default template. + + Other error pages are not vulnerable because Squid does not populate %D with certificate details in other contexts (yet). + + Thanks to Nikolas Lohmann [eBlocker] for identifying the problem. + + TODO: If those certificate details become needed for ACL checks or other non-HTML purposes, make their HTML-escaping conditional. + + This is a Measurement Factory project. + +diff --git a/src/ssl/ErrorDetail.cc b/src/ssl/ErrorDetail.cc +index b5030e3..314e998 100644 +--- a/src/ssl/ErrorDetail.cc ++++ b/src/ssl/ErrorDetail.cc +@@ -8,6 +8,8 @@ + + #include "squid.h" + #include "errorpage.h" ++#include "fatal.h" ++#include "html_quote.h" + #include "ssl/ErrorDetail.h" + + #include +@@ -432,8 +434,11 @@ const char *Ssl::ErrorDetail::subject() const + { + if (broken_cert.get()) { + static char tmpBuffer[256]; // A temporary buffer +- if (X509_NAME_oneline(X509_get_subject_name(broken_cert.get()), tmpBuffer, sizeof(tmpBuffer))) +- return tmpBuffer; ++ if (X509_NAME_oneline(X509_get_subject_name(broken_cert.get()), tmpBuffer, sizeof(tmpBuffer))) { ++ // quote to avoid possible html code injection through ++ // certificate subject ++ return html_quote(tmpBuffer); ++ } + } + return "[Not available]"; + } +@@ -461,8 +466,11 @@ const char *Ssl::ErrorDetail::cn() const + static String tmpStr; ///< A temporary string buffer + tmpStr.clean(); + Ssl::matchX509CommonNames(broken_cert.get(), &tmpStr, copy_cn); +- if (tmpStr.size()) +- return tmpStr.termedBuf(); ++ if (tmpStr.size()) { ++ // quote to avoid possible html code injection through ++ // certificate subject ++ return html_quote(tmpStr.termedBuf()); ++ } + } + return "[Not available]"; + } +@@ -474,8 +482,11 @@ const char *Ssl::ErrorDetail::ca_name() const + { + if (broken_cert.get()) { + static char tmpBuffer[256]; // A temporary buffer +- if (X509_NAME_oneline(X509_get_issuer_name(broken_cert.get()), tmpBuffer, sizeof(tmpBuffer))) +- return tmpBuffer; ++ if (X509_NAME_oneline(X509_get_issuer_name(broken_cert.get()), tmpBuffer, sizeof(tmpBuffer))) { ++ // quote to avoid possible html code injection through ++ // certificate issuer subject ++ return html_quote(tmpBuffer); ++ } + } + return "[Not available]"; + } diff --git a/src/patches/squid/02_Fix_memory_leak_when_parsing_SNMP_packet_313.patch b/src/patches/squid/02_Fix_memory_leak_when_parsing_SNMP_packet_313.patch new file mode 100644 index 000000000..2ae034c20 --- /dev/null +++ b/src/patches/squid/02_Fix_memory_leak_when_parsing_SNMP_packet_313.patch @@ -0,0 +1,22 @@ +commit bc9786119f058a76ddf0625424bc33d36460b9a2 (refs/remotes/origin/v3.5) +Author: flozilla +Date: 2018-10-24 14:12:01 +0200 + + Fix memory leak when parsing SNMP packet (#313) + + SNMP queries denied by snmp_access rules and queries with certain + unsupported SNMPv2 commands were leaking a few hundred bytes each. Such + queries trigger "SNMP agent query DENIED from..." WARNINGs in cache.log. + +diff --git a/src/snmp_core.cc b/src/snmp_core.cc +index c4d21c1..16c2993 100644 +--- a/src/snmp_core.cc ++++ b/src/snmp_core.cc +@@ -409,6 +409,7 @@ snmpDecodePacket(SnmpRequest * rq) + snmpConstructReponse(rq); + } else { + debugs(49, DBG_IMPORTANT, "WARNING: SNMP agent query DENIED from : " << rq->from); ++ snmp_free_pdu(PDU); + } + xfree(Community); +