diff --git a/config/cfgroot/lang.pl b/config/cfgroot/lang.pl index 3b001ad9d..c77e0a066 100644 --- a/config/cfgroot/lang.pl +++ b/config/cfgroot/lang.pl @@ -169,6 +169,9 @@ sub FindWebLanguage() { my ($language, $country) = split(/_/, $shortlang); push(@options, $language); + # Add English as fallback + push(@options, "en"); + foreach my $option (@options) { return $option if (-e "${General::swroot}/langs/$option.pl"); } diff --git a/config/rootfiles/common/armv5tel/initscripts b/config/rootfiles/common/armv5tel/initscripts old mode 100755 new mode 100644 index 05b8ceebe..8ddf34ae8 --- a/config/rootfiles/common/armv5tel/initscripts +++ b/config/rootfiles/common/armv5tel/initscripts @@ -34,6 +34,7 @@ etc/rc.d/init.d/firstsetup etc/rc.d/init.d/functions #etc/rc.d/init.d/gnump3d etc/rc.d/init.d/halt +#etc/rc.d/init.d/haproxy #etc/rc.d/init.d/hostapd #etc/rc.d/init.d/imspector etc/rc.d/init.d/ipsec diff --git a/config/rootfiles/common/i586/initscripts b/config/rootfiles/common/i586/initscripts old mode 100755 new mode 100644 index d4779ab05..3d4dd62ff --- a/config/rootfiles/common/i586/initscripts +++ b/config/rootfiles/common/i586/initscripts @@ -36,6 +36,7 @@ etc/rc.d/init.d/firstsetup etc/rc.d/init.d/functions #etc/rc.d/init.d/gnump3d etc/rc.d/init.d/halt +#etc/rc.d/init.d/haproxy #etc/rc.d/init.d/hostapd #etc/rc.d/init.d/imspector etc/rc.d/init.d/ipsec diff --git a/config/rootfiles/core/88/filelists/files b/config/rootfiles/core/88/filelists/files index 0251b5d6b..409e5fe8a 100644 --- a/config/rootfiles/core/88/filelists/files +++ b/config/rootfiles/core/88/filelists/files @@ -1,6 +1,2 @@ etc/system-release etc/issue -srv/web/ipfire/cgi-bin/fwhosts.cgi -srv/web/ipfire/cgi-bin/ovpnmain.cgi -var/ipfire/backup/bin/backup.pl -var/ipfire/langs diff --git a/config/rootfiles/core/88/filelists/openssh b/config/rootfiles/core/88/filelists/openssh new file mode 120000 index 000000000..d8c77fd8e --- /dev/null +++ b/config/rootfiles/core/88/filelists/openssh @@ -0,0 +1 @@ +../../../common/openssh \ No newline at end of file diff --git a/config/rootfiles/core/88/filelists/openssl b/config/rootfiles/core/88/filelists/openssl new file mode 120000 index 000000000..e011a9266 --- /dev/null +++ b/config/rootfiles/core/88/filelists/openssl @@ -0,0 +1 @@ +../../../common/openssl \ No newline at end of file diff --git a/config/rootfiles/core/88/filelists/openssl-compat b/config/rootfiles/core/88/filelists/openssl-compat new file mode 120000 index 000000000..c9fa42132 --- /dev/null +++ b/config/rootfiles/core/88/filelists/openssl-compat @@ -0,0 +1 @@ +../../../common/openssl-compat \ No newline at end of file diff --git a/config/rootfiles/core/88/update.sh b/config/rootfiles/core/88/update.sh index 18dd9af52..6ef1f483e 100644 --- a/config/rootfiles/core/88/update.sh +++ b/config/rootfiles/core/88/update.sh @@ -41,15 +41,8 @@ extract_files # Start services # Update Language cache -perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang" +#perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang" -# Uninstall the sqlite package. -rm -f \ - /opt/pakfire/db/installed/meta-sqlite \ - /opt/pakfire/db/rootfiles/sqlite - -# Fix #10625 -mkdir -p /etc/logrotate.d sync diff --git a/config/rootfiles/core/89/exclude b/config/rootfiles/core/89/exclude new file mode 100644 index 000000000..18e9b4d24 --- /dev/null +++ b/config/rootfiles/core/89/exclude @@ -0,0 +1,20 @@ +boot/config.txt +etc/collectd.custom +etc/ipsec.conf +etc/ipsec.secrets +etc/ipsec.user.conf +etc/ipsec.user.secrets +etc/localtime +etc/shadow +etc/ssh/ssh_config +etc/ssh/sshd_config +etc/ssl/openssl.cnf +etc/sudoers +etc/sysconfig/firewall.local +etc/sysconfig/rc.local +etc/udev/rules.d/30-persistent-network.rules +srv/web/ipfire/html/proxy.pac +var/ipfire/ovpn +var/log/cache +var/state/dhcp/dhcpd.leases +var/updatecache diff --git a/config/rootfiles/core/89/filelists/collectd b/config/rootfiles/core/89/filelists/collectd new file mode 120000 index 000000000..871b32f14 --- /dev/null +++ b/config/rootfiles/core/89/filelists/collectd @@ -0,0 +1 @@ +../../../common/collectd \ No newline at end of file diff --git a/config/rootfiles/core/88/filelists/daq b/config/rootfiles/core/89/filelists/daq similarity index 100% rename from config/rootfiles/core/88/filelists/daq rename to config/rootfiles/core/89/filelists/daq diff --git a/config/rootfiles/core/88/filelists/ddns b/config/rootfiles/core/89/filelists/ddns similarity index 100% rename from config/rootfiles/core/88/filelists/ddns rename to config/rootfiles/core/89/filelists/ddns diff --git a/config/rootfiles/core/88/filelists/dnsmasq b/config/rootfiles/core/89/filelists/dnsmasq similarity index 100% rename from config/rootfiles/core/88/filelists/dnsmasq rename to config/rootfiles/core/89/filelists/dnsmasq diff --git a/config/rootfiles/core/88/filelists/ethtool b/config/rootfiles/core/89/filelists/ethtool similarity index 100% rename from config/rootfiles/core/88/filelists/ethtool rename to config/rootfiles/core/89/filelists/ethtool diff --git a/config/rootfiles/core/88/filelists/fcron b/config/rootfiles/core/89/filelists/fcron similarity index 100% rename from config/rootfiles/core/88/filelists/fcron rename to config/rootfiles/core/89/filelists/fcron diff --git a/config/rootfiles/core/88/filelists/file b/config/rootfiles/core/89/filelists/file similarity index 100% rename from config/rootfiles/core/88/filelists/file rename to config/rootfiles/core/89/filelists/file diff --git a/config/rootfiles/core/89/filelists/files b/config/rootfiles/core/89/filelists/files new file mode 100644 index 000000000..5ed719449 --- /dev/null +++ b/config/rootfiles/core/89/filelists/files @@ -0,0 +1,18 @@ +etc/system-release +etc/issue +etc/collectd.conf +etc/collectd.vpn +etc/rc.d/init.d/dnsmasq +srv/web/ipfire/cgi-bin/ddns.cgi +srv/web/ipfire/cgi-bin/firewall.cgi +srv/web/ipfire/cgi-bin/fwhosts.cgi +srv/web/ipfire/cgi-bin/ids.cgi +srv/web/ipfire/cgi-bin/netovpnrw.cgi +srv/web/ipfire/cgi-bin/netovpnsrv.cgi +srv/web/ipfire/cgi-bin/ovpnmain.cgi +srv/web/ipfire/cgi-bin/vpnmain.cgi +var/ipfire/backup/bin/backup.pl +var/ipfire/graphs.pl +var/ipfire/langs +var/ipfire/lang.pl +var/ipfire/menu.d/20-status.menu diff --git a/config/rootfiles/core/89/filelists/fuse b/config/rootfiles/core/89/filelists/fuse new file mode 120000 index 000000000..570edaade --- /dev/null +++ b/config/rootfiles/core/89/filelists/fuse @@ -0,0 +1 @@ +../../../common/fuse \ No newline at end of file diff --git a/config/rootfiles/core/88/filelists/gnupg b/config/rootfiles/core/89/filelists/gnupg similarity index 100% rename from config/rootfiles/core/88/filelists/gnupg rename to config/rootfiles/core/89/filelists/gnupg diff --git a/config/rootfiles/core/88/filelists/grep b/config/rootfiles/core/89/filelists/grep similarity index 100% rename from config/rootfiles/core/88/filelists/grep rename to config/rootfiles/core/89/filelists/grep diff --git a/config/rootfiles/core/88/filelists/hdparm b/config/rootfiles/core/89/filelists/hdparm similarity index 100% rename from config/rootfiles/core/88/filelists/hdparm rename to config/rootfiles/core/89/filelists/hdparm diff --git a/config/rootfiles/core/88/filelists/libart b/config/rootfiles/core/89/filelists/libart similarity index 100% rename from config/rootfiles/core/88/filelists/libart rename to config/rootfiles/core/89/filelists/libart diff --git a/config/rootfiles/core/88/filelists/libcap b/config/rootfiles/core/89/filelists/libcap similarity index 100% rename from config/rootfiles/core/88/filelists/libcap rename to config/rootfiles/core/89/filelists/libcap diff --git a/config/rootfiles/core/88/filelists/libffi b/config/rootfiles/core/89/filelists/libffi similarity index 100% rename from config/rootfiles/core/88/filelists/libffi rename to config/rootfiles/core/89/filelists/libffi diff --git a/config/rootfiles/core/88/filelists/libpcap b/config/rootfiles/core/89/filelists/libpcap similarity index 100% rename from config/rootfiles/core/88/filelists/libpcap rename to config/rootfiles/core/89/filelists/libpcap diff --git a/config/rootfiles/core/89/filelists/ntfs-3g b/config/rootfiles/core/89/filelists/ntfs-3g new file mode 120000 index 000000000..d93adc2a1 --- /dev/null +++ b/config/rootfiles/core/89/filelists/ntfs-3g @@ -0,0 +1 @@ +../../../common/ntfs-3g \ No newline at end of file diff --git a/config/rootfiles/core/89/filelists/openssh b/config/rootfiles/core/89/filelists/openssh new file mode 120000 index 000000000..d8c77fd8e --- /dev/null +++ b/config/rootfiles/core/89/filelists/openssh @@ -0,0 +1 @@ +../../../common/openssh \ No newline at end of file diff --git a/config/rootfiles/core/89/filelists/openssl b/config/rootfiles/core/89/filelists/openssl new file mode 120000 index 000000000..e011a9266 --- /dev/null +++ b/config/rootfiles/core/89/filelists/openssl @@ -0,0 +1 @@ +../../../common/openssl \ No newline at end of file diff --git a/config/rootfiles/core/89/filelists/openssl-compat b/config/rootfiles/core/89/filelists/openssl-compat new file mode 120000 index 000000000..c9fa42132 --- /dev/null +++ b/config/rootfiles/core/89/filelists/openssl-compat @@ -0,0 +1 @@ +../../../common/openssl-compat \ No newline at end of file diff --git a/config/rootfiles/core/88/filelists/pcre b/config/rootfiles/core/89/filelists/pcre similarity index 100% rename from config/rootfiles/core/88/filelists/pcre rename to config/rootfiles/core/89/filelists/pcre diff --git a/config/rootfiles/core/88/filelists/screen b/config/rootfiles/core/89/filelists/screen similarity index 100% rename from config/rootfiles/core/88/filelists/screen rename to config/rootfiles/core/89/filelists/screen diff --git a/config/rootfiles/core/89/filelists/setup b/config/rootfiles/core/89/filelists/setup new file mode 120000 index 000000000..209374bbc --- /dev/null +++ b/config/rootfiles/core/89/filelists/setup @@ -0,0 +1 @@ +../../../common/setup \ No newline at end of file diff --git a/config/rootfiles/core/88/filelists/smartmontools b/config/rootfiles/core/89/filelists/smartmontools similarity index 100% rename from config/rootfiles/core/88/filelists/smartmontools rename to config/rootfiles/core/89/filelists/smartmontools diff --git a/config/rootfiles/core/88/filelists/snort b/config/rootfiles/core/89/filelists/snort similarity index 100% rename from config/rootfiles/core/88/filelists/snort rename to config/rootfiles/core/89/filelists/snort diff --git a/config/rootfiles/core/88/filelists/sqlite b/config/rootfiles/core/89/filelists/sqlite similarity index 100% rename from config/rootfiles/core/88/filelists/sqlite rename to config/rootfiles/core/89/filelists/sqlite diff --git a/config/rootfiles/core/88/filelists/squid b/config/rootfiles/core/89/filelists/squid similarity index 100% rename from config/rootfiles/core/88/filelists/squid rename to config/rootfiles/core/89/filelists/squid diff --git a/config/rootfiles/core/89/filelists/strongswan b/config/rootfiles/core/89/filelists/strongswan new file mode 120000 index 000000000..90c727e26 --- /dev/null +++ b/config/rootfiles/core/89/filelists/strongswan @@ -0,0 +1 @@ +../../../common/strongswan \ No newline at end of file diff --git a/config/rootfiles/core/88/filelists/tar b/config/rootfiles/core/89/filelists/tar similarity index 100% rename from config/rootfiles/core/88/filelists/tar rename to config/rootfiles/core/89/filelists/tar diff --git a/config/rootfiles/core/89/filelists/tzdata b/config/rootfiles/core/89/filelists/tzdata new file mode 120000 index 000000000..5a6e3252f --- /dev/null +++ b/config/rootfiles/core/89/filelists/tzdata @@ -0,0 +1 @@ +../../../common/tzdata \ No newline at end of file diff --git a/config/rootfiles/core/88/filelists/wget b/config/rootfiles/core/89/filelists/wget similarity index 100% rename from config/rootfiles/core/88/filelists/wget rename to config/rootfiles/core/89/filelists/wget diff --git a/config/rootfiles/core/88/filelists/zlib b/config/rootfiles/core/89/filelists/zlib similarity index 100% rename from config/rootfiles/core/88/filelists/zlib rename to config/rootfiles/core/89/filelists/zlib diff --git a/config/rootfiles/core/89/meta b/config/rootfiles/core/89/meta new file mode 100644 index 000000000..d547fa86f --- /dev/null +++ b/config/rootfiles/core/89/meta @@ -0,0 +1 @@ +DEPS="" diff --git a/config/rootfiles/core/89/update.sh b/config/rootfiles/core/89/update.sh new file mode 100644 index 000000000..f3de863ec --- /dev/null +++ b/config/rootfiles/core/89/update.sh @@ -0,0 +1,72 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 3 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2014 IPFire-Team . # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh +/usr/local/bin/backupctrl exclude >/dev/null 2>&1 + +# Remove old core updates from pakfire cache to save space... +core=89 +for (( i=1; i<=$core; i++ )) +do + rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire +done + +# Stop services +/etc/init.d/ipsec stop + +# Remove old files + +# Extract files +extract_files + +# Generate ddns configuration file +sudo -u nobody /srv/web/ipfire/cgi-bin/ddns.cgi + +# Start services +/etc/init.d/dnsmasq restart +if [ `grep "ENABLED=on" /var/ipfire/vpn/settings` ]; then + /etc/init.d/ipsec start +fi + +# Update Language cache +perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang" + +# Prevent uninstall sqlite (now common package). +rm -f \ + /opt/pakfire/db/*/meta-sqlite \ + /opt/pakfire/db/rootfiles/sqlite + +# Fix #10625 +mkdir -p /etc/logrotate.d + +sync + +# This update need a reboot... +#touch /var/run/need_reboot + +# Finish +/etc/init.d/fireinfo start +sendprofile + +# Don't report the exitcode last command +exit 0 diff --git a/html/cgi-bin/ddns.cgi b/html/cgi-bin/ddns.cgi index ea3031936..044aa9718 100644 --- a/html/cgi-bin/ddns.cgi +++ b/html/cgi-bin/ddns.cgi @@ -667,7 +667,8 @@ sub GenerateDDNSConfigFile { my $use_token = 0; # Handle token based auth for various providers. - if ($provider ~~ ["dns.lightningwirelabs.com", "entrydns.net", "regfish.com", "spdns.de"] && $username eq "token") { + if ($provider ~~ ["dns.lightningwirelabs.com", "entrydns.net", "regfish.com", + "spdns.de", "zzzz.io"] && $username eq "token") { $use_token = 1; # Handle token auth for freedns.afraid.org and regfish.com. diff --git a/lfs/crda b/lfs/crda index 2b1aff816..8bee2584b 100644 --- a/lfs/crda +++ b/lfs/crda @@ -71,7 +71,6 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/crda-3.13-crypto_use_optional.patch cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install @rm -rf $(DIR_APP) diff --git a/lfs/openssl b/lfs/openssl index 82f26bd25..df068f3a7 100644 --- a/lfs/openssl +++ b/lfs/openssl @@ -86,6 +86,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.1e-cryptodev.patch cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.1e-fix_parallel_build-1.patch cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.1e-weak-ciphers.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-disable-sslv2-sslv3.patch cd $(DIR_APP) && find crypto/ -name Makefile -exec \ sed 's/^ASFLAGS=/&-Wa,--noexecstack /' -i {} \; @@ -105,8 +106,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) no-mdc2 \ no-rc5 \ no-srp \ - no-ssl2 \ - no-ssl3 \ $(CONFIGURE_ARGS) \ -DSSL_FORBID_ENULL \ -DHAVE_CRYPTODEV \ diff --git a/lfs/openssl-compat b/lfs/openssl-compat index d2f52ae2a..a722f592b 100644 --- a/lfs/openssl-compat +++ b/lfs/openssl-compat @@ -72,6 +72,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-0.9.8u-cryptodev.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-disable-sslv2-sslv3.patch cd $(DIR_APP) && sed -i -e 's/mcpu/march/' config cd $(DIR_APP) && sed -i -e 's/-O3/-O2/' -e 's/-march=i486/-march=i586/' Configure diff --git a/make.sh b/make.sh index 7d41b591c..d04988815 100755 --- a/make.sh +++ b/make.sh @@ -25,8 +25,8 @@ NAME="IPFire" # Software name SNAME="ipfire" # Short name VERSION="2.17" # Version number -CORE="87" # Core Level (Filename) -PAKFIRE_CORE="87" # Core Level (PAKFIRE) +CORE="88" # Core Level (Filename) +PAKFIRE_CORE="88" # Core Level (PAKFIRE) GIT_BRANCH=`git rev-parse --abbrev-ref HEAD` # Git Branch SLOGAN="www.ipfire.org" # Software slogan CONFIG_ROOT=/var/ipfire # Configuration rootdir diff --git a/src/patches/crda-3.13-crypto_use_optional.patch b/src/patches/crda-3.13-crypto_use_optional.patch deleted file mode 100644 index 56ad6b768..000000000 --- a/src/patches/crda-3.13-crypto_use_optional.patch +++ /dev/null @@ -1,22 +0,0 @@ -Submitted By: hauke from OpenWRT -Date: 2009-04-17 -Initial Package Version: 1.0.2 -Origin: https://dev.openwrt.org/changeset/15405/trunk/package/crda/patches/101-make_crypto_use_optional.patch -Description: The patch was modified for version crda-3.13 by Erik Kapfer .. -This patch provides the following improvements: - * Crypto usage is optional. - -diff -Nur crda-3.13.orig/Makefile crda-3.13/Makefile ---- crda-3.13.orig/Makefile 2015-01-12 07:55:08.791183765 +0100 -+++ crda-3.13/Makefile 2015-01-12 07:56:35.437381029 +0100 -@@ -43,7 +43,9 @@ - - $(LIBREG): keys-ssl.c - --else -+endif -+ -+ifeq ($(USE_GCRYPT),1) - CFLAGS += -DUSE_GCRYPT - LDLIBS += -lgcrypt - diff --git a/src/patches/openssl-disable-sslv2-sslv3.patch b/src/patches/openssl-disable-sslv2-sslv3.patch new file mode 100644 index 000000000..ebf542907 --- /dev/null +++ b/src/patches/openssl-disable-sslv2-sslv3.patch @@ -0,0 +1,13 @@ +diff -up openssl-1.0.1h/ssl/ssl_lib.c.v2v3 openssl-1.0.1h/ssl/ssl_lib.c +--- openssl-1.0.1h/ssl/ssl_lib.c.v2v3 2014-06-11 16:02:52.000000000 +0200 ++++ openssl-1.0.1h/ssl/ssl_lib.c 2014-06-30 14:18:04.290248080 +0200 +@@ -1875,6 +1875,9 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m + */ + ret->options |= SSL_OP_LEGACY_SERVER_CONNECT; + ++ /* Disable SSLv2 and SSLv3 by default (affects the SSLv23_method() only) */ ++ ret->options |= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3; ++ + return(ret); + err: + SSLerr(SSL_F_SSL_CTX_NEW,ERR_R_MALLOC_FAILURE);