webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 18:45:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/master' into next

Browse Source 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
This commit is contained in:
Arne Fitzenreiter
2016-03-04 07:09:02 +01:00
parent 64835e022c 75ad2e4e88
commit 4a6cfe51a1
16 changed files with 126 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
config/backup/include
View File

@@ -33,7 +33,7 @@
/var/log/ip-acct/*
/var/log/rrd/*
/var/log/rrd/collectd
/var/log/rrd/vnstat
/var/log/vnstat
/etc/sysconfig/firewall.local
/etc/sysconfig/rc.local
/root/.gitconfig

1
config/rootfiles/common/openssh
View File

@@ -14,7 +14,6 @@ etc/ssh/ssh_config
etc/ssh/sshd_config
usr/bin/scp
usr/bin/sftp
usr/bin/slogin
usr/bin/ssh
usr/bin/ssh-add
usr/bin/ssh-agent

25
config/rootfiles/core/99/exclude Normal file
View File

@@ -0,0 +1,25 @@
boot/config.txt
etc/alternatives
etc/collectd.custom
etc/ipsec.conf
etc/ipsec.secrets
etc/ipsec.user.conf
etc/ipsec.user.secrets
etc/localtime
etc/shadow
etc/snort/snort.conf
etc/ssh/ssh_config
etc/ssh/sshd_config
etc/ssl/openssl.cnf
etc/sudoers
etc/sysconfig/firewall.local
etc/sysconfig/rc.local
etc/udev/rules.d/30-persistent-network.rules
srv/web/ipfire/html/proxy.pac
var/ipfire/dma
var/ipfire/time
var/ipfire/ovpn
var/lib/alternatives
var/log/cache
var/state/dhcp/dhcpd.leases
var/updatecache

3
config/rootfiles/core/99/filelists/files Normal file
View File

@@ -0,0 +1,3 @@
etc/system-release
etc/issue
var/ipfire/backup/include

1
config/rootfiles/core/99/filelists/i586/openssl-sse2 Symbolic link
View File

@@ -0,0 +1 @@
../../../../common/i586/openssl-sse2

1
config/rootfiles/core/99/filelists/openssh Symbolic link
View File

@@ -0,0 +1 @@
../../../common/openssh

1
config/rootfiles/core/99/filelists/openssl Symbolic link
View File

@@ -0,0 +1 @@
../../../common/openssl

1
config/rootfiles/core/99/meta Normal file
View File

@@ -0,0 +1 @@
DEPS=""

62
config/rootfiles/core/99/update.sh Normal file
View File

@@ -0,0 +1,62 @@
#!/bin/bash
############################################################################
# #
# This file is part of the IPFire Firewall. #
# #
# IPFire is free software; you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation; either version 3 of the License, or #
# (at your option) any later version. #
# #
# IPFire is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with IPFire; if not, write to the Free Software #
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
# #
# Copyright (C) 2016 IPFire-Team <info@ipfire.org>. #
# #
############################################################################
#
. /opt/pakfire/lib/functions.sh
/usr/local/bin/backupctrl exclude >/dev/null 2>&1
# Remove old core updates from pakfire cache to save space...
core=99
for (( i=1; i<=$core; i++ ))
do
rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire
done
# Stop services
# remove slogin which is not included in new OpenSSH
rm /usr/bin/slogin
# Extract files
extract_files
# Update Language cache
# /usr/local/bin/update-lang-cache
# Start services
/etc/init.d/sshd restart
/etc/init.d/apache restart
# This update need a reboot...
touch /var/run/need_reboot
# Finish
/etc/init.d/fireinfo start
sendprofile
# Update grub config to display new core version
if [ -e /boot/grub/grub.cfg ]; then
grub-mkconfig -o /boot/grub/grub.cfg
fi
sync
# Don't report the exitcode last command
exit 0

5
config/rootfiles/oldcore/98/update.sh
View File

@@ -39,7 +39,10 @@ extract_files
# Bugfixes for core96 updater bugs...
if [ -e /boot/grub/grub.conf ]; then
# legacy grub config on xen or citrix conflicts with grub2 config
rm /boot/grub/grub.cfg
# and core96 contains an empty file
if [ ! -s /boot/grub/grub.cfg ]; then
rm /boot/grub/grub.cfg
fi
fi
if [ -e /boot/grub/grub.cfg ]; then

6
lfs/openssh
View File

@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2007-2015 IPFire Team <info@ipfire.org> #
# Copyright (C) 2007-2016 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,7 +24,7 @@
include Config
VER = 7.1p2
VER = 7.2p1
THISAPP = openssh-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
$(DL_FILE)_MD5 = 4d8547670e2a220d5ef805ad9e47acf2
$(DL_FILE)_MD5 = b984775f0cfff1f7ff18b8797fce8a28
install : $(TARGET)

7
lfs/openssl
View File

@@ -24,7 +24,7 @@
include Config
VER = 1.0.2f
VER = 1.0.2g
THISAPP = openssl-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -53,6 +53,7 @@ CONFIGURE_OPTIONS = \
zlib-dynamic \
enable-camellia \
enable-md2 \
enable-ssl2 \
enable-seed \
enable-tlsext \
enable-rfc3779 \
@@ -86,7 +87,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
$(DL_FILE)_MD5 = b3bf73f507172be9292ea2a8c28b659d
$(DL_FILE)_MD5 = f3c710c045cdee5fd114feb69feba7aa
install : $(TARGET)
@@ -119,7 +120,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.0-beta5-enginesdir.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2a-rpmbuild.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.1m-weak-ciphers.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-disable-sslv2-sslv3.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2g-disable-sslv2v3.patch
# i586 specific patches
ifeq "$(MACHINE)" "i586"

2
lfs/stunnel
View File

@@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = stunnel
PAK_VER = 1
PAK_VER = 2
DEPS = ""

2
make.sh
View File

@@ -26,7 +26,7 @@ NAME="IPFire" # Software name
SNAME="ipfire" # Short name
VERSION="2.17" # Version number
CORE="100" # Core Level (Filename)
PAKFIRE_CORE="98" # Core Level (PAKFIRE)
PAKFIRE_CORE="99" # Core Level (PAKFIRE)
GIT_BRANCH=`git rev-parse --abbrev-ref HEAD` # Git Branch
SLOGAN="www.ipfire.org" # Software slogan
CONFIG_ROOT=/var/ipfire # Configuration rootdir

18
src/patches/openssl-1.0.2g-disable-sslv2v3.patch Normal file
View File

@@ -0,0 +1,18 @@
diff -up openssl-1.0.2g/ssl/ssl_lib.c.v2v3 openssl-1.0.2g/ssl/ssl_lib.c
--- openssl-1.0.2g/ssl/ssl_lib.c.v2v3 2016-03-01 16:38:26.879142021 +0100
+++ openssl-1.0.2g/ssl/ssl_lib.c 2016-03-01 16:41:32.977353769 +0100
@@ -2055,11 +2055,11 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
/*
- * Disable SSLv2 by default, callers that want to enable SSLv2 will have to
- * explicitly clear this option via either of SSL_CTX_clear_options() or
+ * Disable SSLv2 and SSLv3 by default, callers that want to enable these will have to
+ * explicitly clear these options via either of SSL_CTX_clear_options() or
* SSL_clear_options().
*/
- ret->options |= SSL_OP_NO_SSLv2;
+ ret->options |= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
return (ret);
err:

12
src/patches/openssl-disable-sslv2-sslv3.patch
View File

@@ -1,12 +0,0 @@
--- openssl-1.0.1m/ssl/ssl_lib.c.old 2015-03-19 15:56:40.966287977 +0100
+++ openssl-1.0.1m/ssl/ssl_lib.c 2015-03-19 15:57:07.976160846 +0100
@@ -1892,6 +1892,9 @@
*/
ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
+ /* Disable SSLv2 and SSLv3 by default (affects the SSLv23_method() only) */
+ ret->options |= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
+
return (ret);
err:
SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE);