From 1b8437340bc1c4b343640690692071795716ba80 Mon Sep 17 00:00:00 2001 From: Adolf Belka Date: Sat, 30 Mar 2024 09:14:58 +0100 Subject: [PATCH 01/17] xz: Revert back to version 5.4.5 due to backdoor issue - xz version 5.6.0 and 5.6.1 discovered to have been backdoored by what looks to have been one of the xz devs. - IPFire looks not to be affected by the problem as we don't patch openssh to be linked with liblzma - However due to question marks about what else might be in these 5.6.x versions it is better to revert back to a version that did not have the build-to-host.m4 file with the code that modifies the build if it meets certain criteria. Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer --- config/rootfiles/common/xz | 34 +++++++++++++++++++++++----------- lfs/xz | 6 ++++-- 2 files changed, 27 insertions(+), 13 deletions(-) diff --git a/config/rootfiles/common/xz b/config/rootfiles/common/xz index 73c0e4d24..f3818a083 100644 --- a/config/rootfiles/common/xz +++ b/config/rootfiles/common/xz @@ -41,18 +41,17 @@ usr/bin/xzmore #usr/lib/liblzma.la #usr/lib/liblzma.so usr/lib/liblzma.so.5 -usr/lib/liblzma.so.5.6.1 +usr/lib/liblzma.so.5.4.5 #usr/lib/pkgconfig/liblzma.pc #usr/share/doc/xz #usr/share/doc/xz/AUTHORS #usr/share/doc/xz/COPYING -#usr/share/doc/xz/COPYING.0BSD #usr/share/doc/xz/COPYING.GPLv2 #usr/share/doc/xz/NEWS #usr/share/doc/xz/README #usr/share/doc/xz/THANKS +#usr/share/doc/xz/TODO #usr/share/doc/xz/api -#usr/share/doc/xz/api/COPYING.CC-BY-SA-4.0 #usr/share/doc/xz/api/annotated.html #usr/share/doc/xz/api/base_8h.html #usr/share/doc/xz/api/bc_s.png @@ -121,15 +120,16 @@ usr/lib/liblzma.so.5.6.1 #usr/share/doc/xz/api/tabs.css #usr/share/doc/xz/api/version_8h.html #usr/share/doc/xz/api/vli_8h.html -#usr/share/doc/xz/api/xz-logo.png #usr/share/doc/xz/examples #usr/share/doc/xz/examples/00_README.txt #usr/share/doc/xz/examples/01_compress_easy.c #usr/share/doc/xz/examples/02_decompress.c #usr/share/doc/xz/examples/03_compress_custom.c #usr/share/doc/xz/examples/04_compress_easy_mt.c -#usr/share/doc/xz/examples/11_file_info.c #usr/share/doc/xz/examples/Makefile +#usr/share/doc/xz/examples_old +#usr/share/doc/xz/examples_old/xz_pipe_comp.c +#usr/share/doc/xz/examples_old/xz_pipe_decomp.c #usr/share/doc/xz/faq.txt #usr/share/doc/xz/history.txt #usr/share/doc/xz/lzma-file-format.txt @@ -168,7 +168,6 @@ usr/lib/liblzma.so.5.6.1 #usr/share/man/de/man1/lzless.1 #usr/share/man/de/man1/lzma.1 #usr/share/man/de/man1/lzmadec.1 -#usr/share/man/de/man1/lzmainfo.1 #usr/share/man/de/man1/lzmore.1 #usr/share/man/de/man1/unlzma.1 #usr/share/man/de/man1/unxz.1 @@ -185,16 +184,21 @@ usr/lib/liblzma.so.5.6.1 #usr/share/man/fr #usr/share/man/fr/man1 #usr/share/man/fr/man1/lzcat.1 +#usr/share/man/fr/man1/lzcmp.1 +#usr/share/man/fr/man1/lzdiff.1 #usr/share/man/fr/man1/lzless.1 #usr/share/man/fr/man1/lzma.1 #usr/share/man/fr/man1/lzmadec.1 -#usr/share/man/fr/man1/lzmainfo.1 +#usr/share/man/fr/man1/lzmore.1 #usr/share/man/fr/man1/unlzma.1 #usr/share/man/fr/man1/unxz.1 #usr/share/man/fr/man1/xz.1 #usr/share/man/fr/man1/xzcat.1 +#usr/share/man/fr/man1/xzcmp.1 #usr/share/man/fr/man1/xzdec.1 +#usr/share/man/fr/man1/xzdiff.1 #usr/share/man/fr/man1/xzless.1 +#usr/share/man/fr/man1/xzmore.1 #usr/share/man/ko #usr/share/man/ko/man1 #usr/share/man/ko/man1/lzcat.1 @@ -206,7 +210,6 @@ usr/lib/liblzma.so.5.6.1 #usr/share/man/ko/man1/lzless.1 #usr/share/man/ko/man1/lzma.1 #usr/share/man/ko/man1/lzmadec.1 -#usr/share/man/ko/man1/lzmainfo.1 #usr/share/man/ko/man1/lzmore.1 #usr/share/man/ko/man1/unlzma.1 #usr/share/man/ko/man1/unxz.1 @@ -246,16 +249,27 @@ usr/lib/liblzma.so.5.6.1 #usr/share/man/pt_BR #usr/share/man/pt_BR/man1 #usr/share/man/pt_BR/man1/lzcat.1 +#usr/share/man/pt_BR/man1/lzcmp.1 +#usr/share/man/pt_BR/man1/lzdiff.1 +#usr/share/man/pt_BR/man1/lzegrep.1 +#usr/share/man/pt_BR/man1/lzfgrep.1 +#usr/share/man/pt_BR/man1/lzgrep.1 #usr/share/man/pt_BR/man1/lzless.1 #usr/share/man/pt_BR/man1/lzma.1 #usr/share/man/pt_BR/man1/lzmadec.1 -#usr/share/man/pt_BR/man1/lzmainfo.1 +#usr/share/man/pt_BR/man1/lzmore.1 #usr/share/man/pt_BR/man1/unlzma.1 #usr/share/man/pt_BR/man1/unxz.1 #usr/share/man/pt_BR/man1/xz.1 #usr/share/man/pt_BR/man1/xzcat.1 +#usr/share/man/pt_BR/man1/xzcmp.1 #usr/share/man/pt_BR/man1/xzdec.1 +#usr/share/man/pt_BR/man1/xzdiff.1 +#usr/share/man/pt_BR/man1/xzegrep.1 +#usr/share/man/pt_BR/man1/xzfgrep.1 +#usr/share/man/pt_BR/man1/xzgrep.1 #usr/share/man/pt_BR/man1/xzless.1 +#usr/share/man/pt_BR/man1/xzmore.1 #usr/share/man/ro #usr/share/man/ro/man1 #usr/share/man/ro/man1/lzcat.1 @@ -267,7 +281,6 @@ usr/lib/liblzma.so.5.6.1 #usr/share/man/ro/man1/lzless.1 #usr/share/man/ro/man1/lzma.1 #usr/share/man/ro/man1/lzmadec.1 -#usr/share/man/ro/man1/lzmainfo.1 #usr/share/man/ro/man1/lzmore.1 #usr/share/man/ro/man1/unlzma.1 #usr/share/man/ro/man1/unxz.1 @@ -292,7 +305,6 @@ usr/lib/liblzma.so.5.6.1 #usr/share/man/uk/man1/lzless.1 #usr/share/man/uk/man1/lzma.1 #usr/share/man/uk/man1/lzmadec.1 -#usr/share/man/uk/man1/lzmainfo.1 #usr/share/man/uk/man1/lzmore.1 #usr/share/man/uk/man1/unlzma.1 #usr/share/man/uk/man1/unxz.1 diff --git a/lfs/xz b/lfs/xz index cbec430d4..982392aa0 100644 --- a/lfs/xz +++ b/lfs/xz @@ -24,7 +24,7 @@ include Config -VER = 5.6.1 +VER = 5.4.5 THISAPP = xz-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -45,7 +45,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 3a1cf93d7223eb57e78eabe828a3d623acac5824ada299470e3126692ef89d1648293aef32468d70a5289611969d5299180c1b373dfbda002a49f3afc729d925 +$(DL_FILE)_BLAKE2 = 08d9afebd927ea5d155515a4c9eedda4d1a249f2b1ab6ada11f50e5b7a3c90b389b32378ab1c0872c7f4627de8dff37149d85e49f7f4d30614add37320ec4f3e install : $(TARGET) @@ -80,3 +80,5 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && make install @rm -rf $(DIR_APP) @$(POSTBUILD) + + From 16901fee6aa334a705cf67018277898f42834f5d Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Sat, 30 Mar 2024 11:58:24 +0000 Subject: [PATCH 02/17] xz: Remove excess whitespace Signed-off-by: Michael Tremer --- lfs/xz | 2 -- 1 file changed, 2 deletions(-) diff --git a/lfs/xz b/lfs/xz index 982392aa0..0a1763340 100644 --- a/lfs/xz +++ b/lfs/xz @@ -80,5 +80,3 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && make install @rm -rf $(DIR_APP) @$(POSTBUILD) - - From c283a6f615f5fe4bea63d5534bda8a0c6270b486 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Sat, 30 Mar 2024 12:07:22 +0000 Subject: [PATCH 03/17] core185: Ship everything that is linked against XZ This is a precautionary step to avoid that we have any issues to face because of a downgrade as new symbols have been added to liblzma 5.6.0. Furthermore, this should avoid shipping any traces of any other potential malware in XZ that has been added in 5.6.0 or after. Signed-off-by: Michael Tremer --- config/rootfiles/core/185/filelists/aarch64/boost | 1 + config/rootfiles/core/185/filelists/aarch64/grub | 1 + config/rootfiles/core/185/filelists/apache2 | 1 + config/rootfiles/core/185/filelists/collectd | 1 + config/rootfiles/core/185/filelists/files | 1 + config/rootfiles/core/185/filelists/kmod | 1 + config/rootfiles/core/185/filelists/libarchive | 1 + config/rootfiles/core/185/filelists/libtiff | 1 + config/rootfiles/core/185/filelists/libxml2 | 1 + config/rootfiles/core/185/filelists/riscv64/boost | 1 + config/rootfiles/core/185/filelists/riscv64/grub | 1 + config/rootfiles/core/185/filelists/x86_64/boost | 1 + config/rootfiles/core/185/filelists/x86_64/grub | 1 + config/rootfiles/core/185/update.sh | 3 +++ lfs/foomatic | 2 +- lfs/sarg | 2 +- lfs/tor | 2 +- 17 files changed, 19 insertions(+), 3 deletions(-) create mode 120000 config/rootfiles/core/185/filelists/aarch64/boost create mode 120000 config/rootfiles/core/185/filelists/aarch64/grub create mode 120000 config/rootfiles/core/185/filelists/apache2 create mode 120000 config/rootfiles/core/185/filelists/collectd create mode 120000 config/rootfiles/core/185/filelists/kmod create mode 120000 config/rootfiles/core/185/filelists/libarchive create mode 120000 config/rootfiles/core/185/filelists/libtiff create mode 120000 config/rootfiles/core/185/filelists/libxml2 create mode 120000 config/rootfiles/core/185/filelists/riscv64/boost create mode 120000 config/rootfiles/core/185/filelists/riscv64/grub create mode 120000 config/rootfiles/core/185/filelists/x86_64/boost create mode 120000 config/rootfiles/core/185/filelists/x86_64/grub diff --git a/config/rootfiles/core/185/filelists/aarch64/boost b/config/rootfiles/core/185/filelists/aarch64/boost new file mode 120000 index 000000000..807ad06be --- /dev/null +++ b/config/rootfiles/core/185/filelists/aarch64/boost @@ -0,0 +1 @@ +../../../../common/aarch64/boost \ No newline at end of file diff --git a/config/rootfiles/core/185/filelists/aarch64/grub b/config/rootfiles/core/185/filelists/aarch64/grub new file mode 120000 index 000000000..40ae85fb6 --- /dev/null +++ b/config/rootfiles/core/185/filelists/aarch64/grub @@ -0,0 +1 @@ +../../../../common/aarch64/grub \ No newline at end of file diff --git a/config/rootfiles/core/185/filelists/apache2 b/config/rootfiles/core/185/filelists/apache2 new file mode 120000 index 000000000..eef95efa7 --- /dev/null +++ b/config/rootfiles/core/185/filelists/apache2 @@ -0,0 +1 @@ +../../../common/apache2 \ No newline at end of file diff --git a/config/rootfiles/core/185/filelists/collectd b/config/rootfiles/core/185/filelists/collectd new file mode 120000 index 000000000..871b32f14 --- /dev/null +++ b/config/rootfiles/core/185/filelists/collectd @@ -0,0 +1 @@ +../../../common/collectd \ No newline at end of file diff --git a/config/rootfiles/core/185/filelists/files b/config/rootfiles/core/185/filelists/files index 09ce83886..53793fda1 100644 --- a/config/rootfiles/core/185/filelists/files +++ b/config/rootfiles/core/185/filelists/files @@ -50,6 +50,7 @@ srv/web/ipfire/cgi-bin/ids.cgi srv/web/ipfire/cgi-bin/index.cgi srv/web/ipfire/cgi-bin/ovpnmain.cgi srv/web/ipfire/cgi-bin/time.cgi +usr/lib/python3.10/lib-dynload/_lzma.cpython-310-xxxMACHINExxx-linux-gnu.so usr/local/bin/update-ids-ruleset var/ipfire/backup/bin/backup.pl var/ipfire/ids-functions.pl diff --git a/config/rootfiles/core/185/filelists/kmod b/config/rootfiles/core/185/filelists/kmod new file mode 120000 index 000000000..0020e197e --- /dev/null +++ b/config/rootfiles/core/185/filelists/kmod @@ -0,0 +1 @@ +../../../common/kmod \ No newline at end of file diff --git a/config/rootfiles/core/185/filelists/libarchive b/config/rootfiles/core/185/filelists/libarchive new file mode 120000 index 000000000..551f1f743 --- /dev/null +++ b/config/rootfiles/core/185/filelists/libarchive @@ -0,0 +1 @@ +../../../common/libarchive \ No newline at end of file diff --git a/config/rootfiles/core/185/filelists/libtiff b/config/rootfiles/core/185/filelists/libtiff new file mode 120000 index 000000000..dd89e3cda --- /dev/null +++ b/config/rootfiles/core/185/filelists/libtiff @@ -0,0 +1 @@ +../../../common/libtiff \ No newline at end of file diff --git a/config/rootfiles/core/185/filelists/libxml2 b/config/rootfiles/core/185/filelists/libxml2 new file mode 120000 index 000000000..242e69fa3 --- /dev/null +++ b/config/rootfiles/core/185/filelists/libxml2 @@ -0,0 +1 @@ +../../../common/libxml2 \ No newline at end of file diff --git a/config/rootfiles/core/185/filelists/riscv64/boost b/config/rootfiles/core/185/filelists/riscv64/boost new file mode 120000 index 000000000..cbc461c2b --- /dev/null +++ b/config/rootfiles/core/185/filelists/riscv64/boost @@ -0,0 +1 @@ +../../../../common/riscv64/boost \ No newline at end of file diff --git a/config/rootfiles/core/185/filelists/riscv64/grub b/config/rootfiles/core/185/filelists/riscv64/grub new file mode 120000 index 000000000..7013c0be5 --- /dev/null +++ b/config/rootfiles/core/185/filelists/riscv64/grub @@ -0,0 +1 @@ +../../../../common/riscv64/grub \ No newline at end of file diff --git a/config/rootfiles/core/185/filelists/x86_64/boost b/config/rootfiles/core/185/filelists/x86_64/boost new file mode 120000 index 000000000..9ed31e1d5 --- /dev/null +++ b/config/rootfiles/core/185/filelists/x86_64/boost @@ -0,0 +1 @@ +../../../../common/x86_64/boost \ No newline at end of file diff --git a/config/rootfiles/core/185/filelists/x86_64/grub b/config/rootfiles/core/185/filelists/x86_64/grub new file mode 120000 index 000000000..78d3bd784 --- /dev/null +++ b/config/rootfiles/core/185/filelists/x86_64/grub @@ -0,0 +1 @@ +../../../../common/x86_64/grub \ No newline at end of file diff --git a/config/rootfiles/core/185/update.sh b/config/rootfiles/core/185/update.sh index f86013c0d..28f18a7da 100644 --- a/config/rootfiles/core/185/update.sh +++ b/config/rootfiles/core/185/update.sh @@ -88,12 +88,15 @@ chmod -v 640 /etc/sudoers.d/* # Start services telinit u /etc/init.d/sshd restart +/etc/init.d/apache restart /etc/init.d/suricata restart /etc/init.d/unbound restart /etc/init.d/ntp start if [ -f /var/ipfire/proxy/enable ]; then /etc/init.d/squid start fi +/etc/init.d/collectd restart + ## Modify ovpnconfig according to bug 13548 for no-pass entry for N2N client connections # Check if ovpnconfig exists and is not empty if [ -s /var/ipfire/ovpn/ovpnconfig ]; then diff --git a/lfs/foomatic b/lfs/foomatic index d057505a9..21a5a589a 100644 --- a/lfs/foomatic +++ b/lfs/foomatic @@ -37,7 +37,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/foomatic-filters-$(VER_FILTERS) TARGET = $(DIR_INFO)/$(THISAPP) PROG = foomatic -PAK_VER = 9 +PAK_VER = 10 DEPS = cups ghostscript hplip diff --git a/lfs/sarg b/lfs/sarg index d38933fb0..1b8a077a6 100644 --- a/lfs/sarg +++ b/lfs/sarg @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = sarg -PAK_VER = 6 +PAK_VER = 7 DEPS = diff --git a/lfs/tor b/lfs/tor index 74b738512..aed30805f 100644 --- a/lfs/tor +++ b/lfs/tor @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = tor -PAK_VER = 83 +PAK_VER = 84 DEPS = libseccomp From cf94463c4c5c7f7eb71c1ac4bcef2160446fab79 Mon Sep 17 00:00:00 2001 From: Stefan Schantl Date: Sat, 30 Mar 2024 12:35:26 +0100 Subject: [PATCH 04/17] perl-Capture-Tiny: New package This is only a build dependency for perl-Config-AutoConf and will not be installed on a system Signed-off-by: Stefan Schantl Signed-off-by: Michael Tremer --- config/rootfiles/common/perl-Capture-Tiny | 6 ++ lfs/perl-Capture-Tiny | 77 +++++++++++++++++++++++ make.sh | 1 + 3 files changed, 84 insertions(+) create mode 100644 config/rootfiles/common/perl-Capture-Tiny create mode 100644 lfs/perl-Capture-Tiny diff --git a/config/rootfiles/common/perl-Capture-Tiny b/config/rootfiles/common/perl-Capture-Tiny new file mode 100644 index 000000000..4fb874d29 --- /dev/null +++ b/config/rootfiles/common/perl-Capture-Tiny @@ -0,0 +1,6 @@ +#usr/lib/perl5/site_perl/5.36.0/Capture +#usr/lib/perl5/site_perl/5.36.0/Capture/Tiny.pm +#usr/lib/perl5/site_perl/5.36.0/xxxMACHINExxx-linux-thread-multi/auto/Capture +#usr/lib/perl5/site_perl/5.36.0/xxxMACHINExxx-linux-thread-multi/auto/Capture/Tiny +#usr/lib/perl5/site_perl/5.36.0/xxxMACHINExxx-linux-thread-multi/auto/Capture/Tiny/.packlist +#usr/share/man/man3/Capture::Tiny.3 diff --git a/lfs/perl-Capture-Tiny b/lfs/perl-Capture-Tiny new file mode 100644 index 000000000..bb6b45e82 --- /dev/null +++ b/lfs/perl-Capture-Tiny @@ -0,0 +1,77 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007-2018 IPFire Team # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include Config + +VER = 0.48 + +THISAPP = Capture-Tiny-$(VER) +DL_FILE = $(THISAPP).tar.gz +DL_FROM = $(URL_IPFIRE) +DIR_APP = $(DIR_SRC)/$(THISAPP) +TARGET = $(DIR_INFO)/$(THISAPP) + +############################################################################### +# Top-level Rules +############################################################################### + +objects = $(DL_FILE) + +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) + +$(DL_FILE)_BLAKE2 = e6de05459478131c5129dd5ffc84744e2d3440c2e31545ed101c2986b2bc970106f126286dea50350f4b5ea330ffac423693d755e29850883bdc215437bf7488 + +install : $(TARGET) + +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) + +download :$(patsubst %,$(DIR_DL)/%,$(objects)) + +b2 : $(subst %,%_BLAKE2,$(objects)) + +############################################################################### +# Downloading, checking, b2sum +############################################################################### + +$(patsubst %,$(DIR_CHK)/%,$(objects)) : + @$(CHECK) + +$(patsubst %,$(DIR_DL)/%,$(objects)) : + @$(LOAD) + +$(subst %,%_BLAKE2,$(objects)) : + @$(B2SUM) + +############################################################################### +# Installation Details +############################################################################### + +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) + @$(PREBUILD) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && perl Makefile.PL + cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE) + cd $(DIR_APP) && make install + @rm -rf $(DIR_APP) + @$(POSTBUILD) diff --git a/make.sh b/make.sh index 64dbef5c4..c49602e32 100755 --- a/make.sh +++ b/make.sh @@ -1377,6 +1377,7 @@ buildipfire() { lfsmake2 perl-Crypt-PasswdMD5 lfsmake2 perl-Net-Telnet lfsmake2 perl-JSON + lfsmake2 perl-Capture-Tiny lfsmake2 python3-inotify lfsmake2 python3-docutils lfsmake2 python3-daemon From c85407615508fb5c62ddc92b7a6e83e4a278901d Mon Sep 17 00:00:00 2001 From: Stefan Schantl Date: Sat, 30 Mar 2024 12:35:27 +0100 Subject: [PATCH 05/17] perl-Config-AutoConf: New package This is only a build dependency for perl-Arhive-Peek-Libarchive and will not be installed on a system Signed-off-by: Stefan Schantl Signed-off-by: Michael Tremer --- config/rootfiles/common/perl-Config-AutoConf | 6 ++ lfs/perl-Config-AutoConf | 77 ++++++++++++++++++++ make.sh | 1 + 3 files changed, 84 insertions(+) create mode 100644 config/rootfiles/common/perl-Config-AutoConf create mode 100644 lfs/perl-Config-AutoConf diff --git a/config/rootfiles/common/perl-Config-AutoConf b/config/rootfiles/common/perl-Config-AutoConf new file mode 100644 index 000000000..e46d506cc --- /dev/null +++ b/config/rootfiles/common/perl-Config-AutoConf @@ -0,0 +1,6 @@ +#usr/lib/perl5/site_perl/5.36.0/Config +#usr/lib/perl5/site_perl/5.36.0/Config/AutoConf.pm +#usr/lib/perl5/site_perl/5.36.0/xxxMACHINExxx-linux-thread-multi/auto/Config +#usr/lib/perl5/site_perl/5.36.0/xxxMACHINExxx-linux-thread-multi/auto/Config/AutoConf +#usr/lib/perl5/site_perl/5.36.0/xxxMACHINExxx-linux-thread-multi/auto/Config/AutoConf/.packlist +#usr/share/man/man3/Config::AutoConf.3 diff --git a/lfs/perl-Config-AutoConf b/lfs/perl-Config-AutoConf new file mode 100644 index 000000000..ce12c295b --- /dev/null +++ b/lfs/perl-Config-AutoConf @@ -0,0 +1,77 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007-2018 IPFire Team # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include Config + +VER = 0.320 + +THISAPP = Config-AutoConf-$(VER) +DL_FILE = $(THISAPP).tar.gz +DL_FROM = $(URL_IPFIRE) +DIR_APP = $(DIR_SRC)/$(THISAPP) +TARGET = $(DIR_INFO)/$(THISAPP) + +############################################################################### +# Top-level Rules +############################################################################### + +objects = $(DL_FILE) + +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) + +$(DL_FILE)_BLAKE2 = 649ef56196a5984437f299f96b156f63560a247a35f0547145e3519648ba5fc86c057957570b45b696c2092a56deaf0595d9191b4fe389e0a0f183b79d6c500a + +install : $(TARGET) + +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) + +download :$(patsubst %,$(DIR_DL)/%,$(objects)) + +b2 : $(subst %,%_BLAKE2,$(objects)) + +############################################################################### +# Downloading, checking, b2sum +############################################################################### + +$(patsubst %,$(DIR_CHK)/%,$(objects)) : + @$(CHECK) + +$(patsubst %,$(DIR_DL)/%,$(objects)) : + @$(LOAD) + +$(subst %,%_BLAKE2,$(objects)) : + @$(B2SUM) + +############################################################################### +# Installation Details +############################################################################### + +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) + @$(PREBUILD) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && perl Makefile.PL + cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE) + cd $(DIR_APP) && make install + @rm -rf $(DIR_APP) + @$(POSTBUILD) diff --git a/make.sh b/make.sh index c49602e32..345e65899 100755 --- a/make.sh +++ b/make.sh @@ -1378,6 +1378,7 @@ buildipfire() { lfsmake2 perl-Net-Telnet lfsmake2 perl-JSON lfsmake2 perl-Capture-Tiny + lfsmake2 perl-Config-AutoConf lfsmake2 python3-inotify lfsmake2 python3-docutils lfsmake2 python3-daemon From d33b29e2b13de7730cd4a67f7aa2bde000776485 Mon Sep 17 00:00:00 2001 From: Stefan Schantl Date: Sat, 30 Mar 2024 12:35:28 +0100 Subject: [PATCH 06/17] perl-Object-Tiny: New package This is a runtime dependency of perl-Archive-Peek-Libarchive Signed-off-by: Stefan Schantl Signed-off-by: Michael Tremer --- config/rootfiles/common/perl-Object-Tiny | 6 ++ lfs/perl-Object-Tiny | 77 ++++++++++++++++++++++++ make.sh | 1 + 3 files changed, 84 insertions(+) create mode 100644 config/rootfiles/common/perl-Object-Tiny create mode 100644 lfs/perl-Object-Tiny diff --git a/config/rootfiles/common/perl-Object-Tiny b/config/rootfiles/common/perl-Object-Tiny new file mode 100644 index 000000000..3ec9488d8 --- /dev/null +++ b/config/rootfiles/common/perl-Object-Tiny @@ -0,0 +1,6 @@ +#usr/lib/perl5/site_perl/5.36.0/Object +usr/lib/perl5/site_perl/5.36.0/Object/Tiny.pm +#usr/lib/perl5/site_perl/5.36.0/xxxMACHINExxx-linux-thread-multi/auto/Object +#usr/lib/perl5/site_perl/5.36.0/xxxMACHINExxx-linux-thread-multi/auto/Object/Tiny +#usr/lib/perl5/site_perl/5.36.0/xxxMACHINExxx-linux-thread-multi/auto/Object/Tiny/.packlist +#usr/share/man/man3/Object::Tiny.3 diff --git a/lfs/perl-Object-Tiny b/lfs/perl-Object-Tiny new file mode 100644 index 000000000..db19a6a25 --- /dev/null +++ b/lfs/perl-Object-Tiny @@ -0,0 +1,77 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007-2018 IPFire Team # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include Config + +VER = 1.09 + +THISAPP = Object-Tiny-$(VER) +DL_FILE = $(THISAPP).tar.gz +DL_FROM = $(URL_IPFIRE) +DIR_APP = $(DIR_SRC)/$(THISAPP) +TARGET = $(DIR_INFO)/$(THISAPP) + +############################################################################### +# Top-level Rules +############################################################################### + +objects = $(DL_FILE) + +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) + +$(DL_FILE)_BLAKE2 = 0383d8af24d8c0d76dfc3cb6a65c6422f631d5ca4f9e083cf1077cc220b7aa27852c23ad5535bbcab74c7f5e9d1cba8f0f5c4d8da48c07a300d3b9e995b69d5c + +install : $(TARGET) + +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) + +download :$(patsubst %,$(DIR_DL)/%,$(objects)) + +b2 : $(subst %,%_BLAKE2,$(objects)) + +############################################################################### +# Downloading, checking, b2sum +############################################################################### + +$(patsubst %,$(DIR_CHK)/%,$(objects)) : + @$(CHECK) + +$(patsubst %,$(DIR_DL)/%,$(objects)) : + @$(LOAD) + +$(subst %,%_BLAKE2,$(objects)) : + @$(B2SUM) + +############################################################################### +# Installation Details +############################################################################### + +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) + @$(PREBUILD) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && perl Makefile.PL + cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE) + cd $(DIR_APP) && make install + @rm -rf $(DIR_APP) + @$(POSTBUILD) diff --git a/make.sh b/make.sh index 345e65899..567252fe4 100755 --- a/make.sh +++ b/make.sh @@ -1379,6 +1379,7 @@ buildipfire() { lfsmake2 perl-JSON lfsmake2 perl-Capture-Tiny lfsmake2 perl-Config-AutoConf + lfsmake2 perl-Object-Tiny lfsmake2 python3-inotify lfsmake2 python3-docutils lfsmake2 python3-daemon From 2ef62acc017de41ff59e0dd76b405374a2b55d18 Mon Sep 17 00:00:00 2001 From: Stefan Schantl Date: Sat, 30 Mar 2024 12:35:29 +0100 Subject: [PATCH 07/17] perl-Archive-Peek-Libarchive: New package As very simple XS based perl binding for libarchive to get header data and extract files. Signed-off-by: Stefan Schantl Signed-off-by: Michael Tremer --- .../common/perl-Archive-Peek-Libarchive | 8 ++ lfs/perl-Archive-Peek-Libarchive | 77 +++++++++++++++++++ make.sh | 1 + 3 files changed, 86 insertions(+) create mode 100644 config/rootfiles/common/perl-Archive-Peek-Libarchive create mode 100644 lfs/perl-Archive-Peek-Libarchive diff --git a/config/rootfiles/common/perl-Archive-Peek-Libarchive b/config/rootfiles/common/perl-Archive-Peek-Libarchive new file mode 100644 index 000000000..95e204562 --- /dev/null +++ b/config/rootfiles/common/perl-Archive-Peek-Libarchive @@ -0,0 +1,8 @@ +#usr/lib/perl5/site_perl/5.36.0/xxxMACHINExxx-linux-thread-multi/Archive +#usr/lib/perl5/site_perl/5.36.0/xxxMACHINExxx-linux-thread-multi/Archive/Peek +usr/lib/perl5/site_perl/5.36.0/xxxMACHINExxx-linux-thread-multi/Archive/Peek/Libarchive.pm +#usr/lib/perl5/site_perl/5.36.0/xxxMACHINExxx-linux-thread-multi/auto/Archive/Peek +#usr/lib/perl5/site_perl/5.36.0/xxxMACHINExxx-linux-thread-multi/auto/Archive/Peek/Libarchive +#usr/lib/perl5/site_perl/5.36.0/xxxMACHINExxx-linux-thread-multi/auto/Archive/Peek/Libarchive/.packlist +usr/lib/perl5/site_perl/5.36.0/xxxMACHINExxx-linux-thread-multi/auto/Archive/Peek/Libarchive/Libarchive.so +#usr/share/man/man3/Archive::Peek::Libarchive.3 diff --git a/lfs/perl-Archive-Peek-Libarchive b/lfs/perl-Archive-Peek-Libarchive new file mode 100644 index 000000000..fd1ae85d6 --- /dev/null +++ b/lfs/perl-Archive-Peek-Libarchive @@ -0,0 +1,77 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007-2018 IPFire Team # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### + + +############################################################################### +# Definitions +############################################################################### + +include Config +VER = 0.38 + +THISAPP = Archive-Peek-Libarchive-$(VER) +DL_FILE = ${THISAPP}.tar.gz +DL_FROM = $(URL_IPFIRE) +DIR_APP = $(DIR_SRC)/$(THISAPP) +TARGET = $(DIR_INFO)/$(THISAPP) + +############################################################################### +# Top-level Rules +############################################################################### + +objects = $(DL_FILE) + +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) + +$(DL_FILE)_BLAKE2 = 142d54a6fe6b948129307ef7b0106905b2ddf858682d07a4f0815e6674f7fd425f462a800487949e18442884d6c743aeed049ebef7138fe0bfbbabac588dc3b3 + +install : $(TARGET) + +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) + +download :$(patsubst %,$(DIR_DL)/%,$(objects)) + +b2 : $(subst %,%_BLAKE2,$(objects)) + +############################################################################### +# Downloading, checking, b2sum +############################################################################### + +$(patsubst %,$(DIR_CHK)/%,$(objects)) : + @$(CHECK) + +$(patsubst %,$(DIR_DL)/%,$(objects)) : + @$(LOAD) + +$(subst %,%_BLAKE2,$(objects)) : + @$(B2SUM) + +############################################################################### +# Installation Details +############################################################################### + +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) + @$(PREBUILD) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && perl Makefile.PL + cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE) + cd $(DIR_APP) && make install + @rm -rf $(DIR_APP) + @$(POSTBUILD) diff --git a/make.sh b/make.sh index 567252fe4..605582672 100755 --- a/make.sh +++ b/make.sh @@ -1380,6 +1380,7 @@ buildipfire() { lfsmake2 perl-Capture-Tiny lfsmake2 perl-Config-AutoConf lfsmake2 perl-Object-Tiny + lfsmake2 perl-Archive-Peek-Libarchive lfsmake2 python3-inotify lfsmake2 python3-docutils lfsmake2 python3-daemon From ee16b227a55aa2ee61a906342ca322de3c0fcf67 Mon Sep 17 00:00:00 2001 From: Stefan Schantl Date: Sat, 30 Mar 2024 12:35:30 +0100 Subject: [PATCH 08/17] ids-functions.pl: Use libarchive to extract archives This gives us a lot of benefits: * Speed up the extraction process * More supported archive types due the power of libarchive * Support of passphrase protected archives It also fixes a problem with non extracted files next to a zero sized file inside an archive. Fixes #13632. Signed-off-by: Stefan Schantl Signed-off-by: Michael Tremer --- config/cfgroot/ids-functions.pl | 58 +++++++++++---------------------- 1 file changed, 19 insertions(+), 39 deletions(-) diff --git a/config/cfgroot/ids-functions.pl b/config/cfgroot/ids-functions.pl index c29a5151f..3eb883aa9 100644 --- a/config/cfgroot/ids-functions.pl +++ b/config/cfgroot/ids-functions.pl @@ -30,7 +30,7 @@ require "${General::swroot}/network-functions.pl"; require "${General::swroot}/suricata/ruleset-sources"; # Load perl module to deal with Archives. -use Archive::Tar; +use Archive::Peek::Libarchive; # Load perl module to deal with files and path. use File::Basename; @@ -515,9 +515,6 @@ sub downloadruleset ($) { sub extractruleset ($) { my ($provider) = @_; - # Disable chown functionality when uncompressing files. - $Archive::Tar::CHOWN = "0"; - # Get full path and downloaded rulesfile for the given provider. my $tarball = &_get_dl_rulesfile($provider); @@ -547,13 +544,11 @@ sub extractruleset ($) { } elsif ( $type eq "archive") { # Initialize the tar module. - my $tar = Archive::Tar->new($tarball); + my $tar = Archive::Peek::Libarchive->new(filename => $tarball); - # Get the filelist inside the tarball. - my @packed_files = $tar->list_files; - - # Loop through the filelist. - foreach my $packed_file (@packed_files) { + # Loop through the archive + $tar->iterate( sub { + my ($packed_file, $content) = @_; my $destination; # Splitt the packed file into chunks. @@ -572,13 +567,13 @@ sub extractruleset ($) { # Handle rules files. } elsif ($file =~ m/\.rules$/) { # Skip rule files which are not located in the rules directory or archive root. - next unless(($packed_file =~ /^rules\//) || ($packed_file =~ /^$provider-rules\//) || ($packed_file !~ /\//)); + return unless(($packed_file =~ /^rules\//) || ($packed_file =~ /^$provider-rules\//) || ($packed_file !~ /\//)); # Skip deleted.rules. # # Mostly they have been taken out for correctness or performance reasons and therfore # it is not a great idea to enable any of them. - next if($file =~ m/deleted.rules$/); + return if($file =~ m/deleted.rules$/); my $rulesfilename; @@ -615,39 +610,24 @@ sub extractruleset ($) { $destination = "$tmp_rules_directory/$rulesfilename"; } else { # Skip all other files. - next; + return; } # Check if the destination file exists. unless(-e "$destination") { - # Extract the file to the temporary directory. - $tar->extract_file("$packed_file", "$destination"); + # Open filehandle to write the content to a new file. + open(FILE, ">", "$destination") or die "Could not open $destination. $!\n"; } else { - # Generate temporary file name, located in the temporary rules directory and a suffix of ".tmp". - my $tmp = File::Temp->new( SUFFIX => ".tmp", DIR => "$tmp_rules_directory", UNLINK => 0 ); - my $tmpfile = $tmp->filename(); - - # Extract the file to the new temporary file name. - $tar->extract_file("$packed_file", "$tmpfile"); - - # Open the the existing file. - open(DESTFILE, ">>", "$destination") or die "Could not open $destination. $!\n"; - open(TMPFILE, "<", "$tmpfile") or die "Could not open $tmpfile. $!\n"; - - # Loop through the content of the temporary file. - while () { - # Append the content line by line to the destination file. - print DESTFILE "$_"; - } - - # Close the file handles. - close(TMPFILE); - close(DESTFILE); - - # Remove the temporary file. - unlink("$tmpfile"); + # Open filehandle to append the content to the existing file. + open(FILE, ">>", "$destination") or die "Could not open $destination. $!\n"; } - } + + # Write the extracted file content to the filehandle. + print FILE "$content" if ($content); + + # Close the file handle. + close(FILE); + }); } } From 21f467d65a7a4d3927601731f59dc6ab5f895142 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Sat, 30 Mar 2024 12:11:42 +0000 Subject: [PATCH 09/17] core185: Ship new perl modules for libarchive Signed-off-by: Michael Tremer --- config/rootfiles/core/185/filelists/perl-Archive-Peek-Libarchive | 1 + config/rootfiles/core/185/filelists/perl-Capture-Tiny | 1 + config/rootfiles/core/185/filelists/perl-Config-AutoConf | 1 + config/rootfiles/core/185/filelists/perl-Object-Tiny | 1 + 4 files changed, 4 insertions(+) create mode 120000 config/rootfiles/core/185/filelists/perl-Archive-Peek-Libarchive create mode 120000 config/rootfiles/core/185/filelists/perl-Capture-Tiny create mode 120000 config/rootfiles/core/185/filelists/perl-Config-AutoConf create mode 120000 config/rootfiles/core/185/filelists/perl-Object-Tiny diff --git a/config/rootfiles/core/185/filelists/perl-Archive-Peek-Libarchive b/config/rootfiles/core/185/filelists/perl-Archive-Peek-Libarchive new file mode 120000 index 000000000..328d7c70b --- /dev/null +++ b/config/rootfiles/core/185/filelists/perl-Archive-Peek-Libarchive @@ -0,0 +1 @@ +../../../common/perl-Archive-Peek-Libarchive \ No newline at end of file diff --git a/config/rootfiles/core/185/filelists/perl-Capture-Tiny b/config/rootfiles/core/185/filelists/perl-Capture-Tiny new file mode 120000 index 000000000..d1f2184c5 --- /dev/null +++ b/config/rootfiles/core/185/filelists/perl-Capture-Tiny @@ -0,0 +1 @@ +../../../common/perl-Capture-Tiny \ No newline at end of file diff --git a/config/rootfiles/core/185/filelists/perl-Config-AutoConf b/config/rootfiles/core/185/filelists/perl-Config-AutoConf new file mode 120000 index 000000000..d47aca341 --- /dev/null +++ b/config/rootfiles/core/185/filelists/perl-Config-AutoConf @@ -0,0 +1 @@ +../../../common/perl-Config-AutoConf \ No newline at end of file diff --git a/config/rootfiles/core/185/filelists/perl-Object-Tiny b/config/rootfiles/core/185/filelists/perl-Object-Tiny new file mode 120000 index 000000000..3beaee613 --- /dev/null +++ b/config/rootfiles/core/185/filelists/perl-Object-Tiny @@ -0,0 +1 @@ +../../../common/perl-Object-Tiny \ No newline at end of file From 64d6bbe5a37ea9fb0de816725e88e0692159b163 Mon Sep 17 00:00:00 2001 From: Rico Hoppe Date: Thu, 28 Mar 2024 09:51:52 +0000 Subject: [PATCH 10/17] README.md: update text & adjust links to new URLs - links for: about, documentation, help - wording: wiki to documentation Signed-off-by: Rico Hoppe Reviewed-by: Michael Tremer Signed-off-by: Michael Tremer --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index df3d35717..5e88d31dd 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ IPFire is a hardened, versatile, state-of-the-art Open Source firewall based on Linux. Its ease of use, high performance in any scenario and extensibility make -it usable for everyone. For a full list of features have a look [here](https://www.ipfire.org/features). +it usable for everyone. For a full list of features have a look [here](https://www.ipfire.org/about). This repository contains the source code of IPFire 2.x which is used to build the whole distribution from scratch, since IPFire is not based on any other @@ -16,13 +16,13 @@ Just head over to https://www.ipfire.org/download # How do I use this software? -We have a long and detailed wiki located [here](https://wiki.ipfire.org/) which +We have a long and detailed documentation located [here](https://ipfire.org/docs) which should answers most of your questions. # But I have some questions left. Where can I get support? You can ask your question at our community located [here](https://community.ipfire.org/). -A complete list of our support channels can be found [here](https://www.ipfire.org/support). +A complete list of our support channels can be found [here](https://www.ipfire.org/help). # How can I contribute? From 417182c49b3cceaea5925503fd772e66c37775bc Mon Sep 17 00:00:00 2001 From: Rico Hoppe Date: Thu, 28 Mar 2024 09:51:53 +0000 Subject: [PATCH 11/17] README.md: fix minor typo Signed-off-by: Rico Hoppe Reviewed-by: Michael Tremer Signed-off-by: Michael Tremer --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 5e88d31dd..03c3d79d1 100644 --- a/README.md +++ b/README.md @@ -17,7 +17,7 @@ Just head over to https://www.ipfire.org/download # How do I use this software? We have a long and detailed documentation located [here](https://ipfire.org/docs) which -should answers most of your questions. +should answer most of your questions. # But I have some questions left. Where can I get support? From bd49143228a4c79b8d70edb7ab3922b4d86336fc Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Sat, 30 Mar 2024 12:13:08 +0000 Subject: [PATCH 12/17] make.sh: Update contributors Signed-off-by: Michael Tremer --- html/cgi-bin/credits.cgi | 1 + 1 file changed, 1 insertion(+) diff --git a/html/cgi-bin/credits.cgi b/html/cgi-bin/credits.cgi index ae17b92d8..91b134cf4 100644 --- a/html/cgi-bin/credits.cgi +++ b/html/cgi-bin/credits.cgi @@ -117,6 +117,7 @@ Hans Horsten, Jakub Ratajczak, Jorrit de Jonge, Przemek Zdroik, +Rico Hoppe, Roberto Peña, Sebastien GISLAIN, Alexander Rudolf Gruber, From 0972da95bf50e4528d09097c23673779aaf7a634 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Thu, 28 Mar 2024 17:41:10 +0000 Subject: [PATCH 13/17] protobuf-c: Ship libraries FRR links against this and fails to start without. Signed-off-by: Michael Tremer --- config/rootfiles/common/protobuf-c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/config/rootfiles/common/protobuf-c b/config/rootfiles/common/protobuf-c index 56e6a2362..aed0319db 100644 --- a/config/rootfiles/common/protobuf-c +++ b/config/rootfiles/common/protobuf-c @@ -8,6 +8,6 @@ #usr/lib/libprotobuf-c.a #usr/lib/libprotobuf-c.la #usr/lib/libprotobuf-c.so -#usr/lib/libprotobuf-c.so.1 -#usr/lib/libprotobuf-c.so.1.0.0 +usr/lib/libprotobuf-c.so.1 +usr/lib/libprotobuf-c.so.1.0.0 #usr/lib/pkgconfig/libprotobuf-c.pc From 7c6b05dfb8a5270a8434f9304ea5b44f6d59da94 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Thu, 28 Mar 2024 17:41:11 +0000 Subject: [PATCH 14/17] frr: Start the management daemon, too This daemon is running the configuration validation and required to run at all times. Signed-off-by: Michael Tremer --- src/initscripts/packages/frr | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/initscripts/packages/frr b/src/initscripts/packages/frr index 867c4b98d..54e703623 100644 --- a/src/initscripts/packages/frr +++ b/src/initscripts/packages/frr @@ -22,7 +22,7 @@ . /etc/sysconfig/rc . ${rc_functions} -DAEMONS="zebra bgpd ospfd staticd" +DAEMONS="mgmtd zebra bgpd ospfd staticd" case "${1}" in start) From 56d32cbe9150302ec5516c0c66f8c36aaa0a38a2 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Thu, 28 Mar 2024 17:41:12 +0000 Subject: [PATCH 15/17] frr: Update reloading all services Signed-off-by: Michael Tremer --- src/initscripts/packages/frr | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/initscripts/packages/frr b/src/initscripts/packages/frr index 54e703623..22cf2f7aa 100644 --- a/src/initscripts/packages/frr +++ b/src/initscripts/packages/frr @@ -51,8 +51,11 @@ case "${1}" in ;; reload) - boot_mesg "Reloading FRRouting..." - reloadproc /usr/sbin/frr-reload + # Reload all daemons + for daemon in ${DAEMONS}; do + boot_mesg "Reloading FRRouting ${daemon}..." + reloadproc "/usr/sbin/${daemon}" + done ;; restart) From ee08f7aea1f9414bf13ff929a2236d747e7e6546 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Sat, 30 Mar 2024 12:14:51 +0000 Subject: [PATCH 16/17] frr: Bump release version Signed-off-by: Michael Tremer --- lfs/frr | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lfs/frr b/lfs/frr index f0954aae5..ea5a6b9e9 100644 --- a/lfs/frr +++ b/lfs/frr @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = frr -PAK_VER = 8 +PAK_VER = 9 DEPS = From bb46f3bef8445a0dba2e92bbb614113a9a4adcaf Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Sun, 31 Mar 2024 13:27:46 +0200 Subject: [PATCH 17/17] core185: excplicit erase liblzma.so.5.6.* because if this file exist the cleanap script will remove the older version after downgrade and the system still use the malewared version. Signed-off-by: Arne Fitzenreiter --- config/rootfiles/core/185/update.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/config/rootfiles/core/185/update.sh b/config/rootfiles/core/185/update.sh index 28f18a7da..5c76a97b9 100644 --- a/config/rootfiles/core/185/update.sh +++ b/config/rootfiles/core/185/update.sh @@ -67,7 +67,8 @@ rm -rvf \ /var/ipfire/geoip-functions.pl \ /var/ipfire/dhcpc/dhcpcd-hooks/00-linux \ /var/ipfire/dhcpc/dhcpcd-hooks/02-dump \ - /var/lib/location/tmp* + /var/lib/location/tmp* \ + /usr/lib/liblzma.so.5.6.* # update linker config ldconfig