From 8a19658294fc6207743641f09a150ccc65d30a44 Mon Sep 17 00:00:00 2001 From: Jan Paul Tuecking Date: Wed, 21 Jul 2010 17:46:10 +0200 Subject: [PATCH 01/12] Changed Update Booster (link) to Update Accelerator --- langs/de/cgi-bin/de.pl | 2 +- langs/en/cgi-bin/en.pl | 2 +- langs/fr/cgi-bin/fr.pl | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index 1cdd90489..479bd35e7 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -1705,7 +1705,7 @@ 'unknown' => 'Unbekannt', 'unnamed' => 'Unbenannt', 'update' => 'Aktualisieren', -'update accelerator' => 'Update-Booster', +'update accelerator' => 'Update-Accelerator', 'update time' => 'Aktualisiere die Uhrzeit:', 'update transcript' => 'Aktualisieren', 'updatedatabase' => 'Datenbank auf Stand der letzten Reports setzen', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 4ca14d486..5bfd356e7 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -1738,7 +1738,7 @@ 'unknown' => 'UNKNOWN', 'unnamed' => 'Unnamed', 'update' => 'Update', -'update accelerator' => 'Update Booster', +'update accelerator' => 'Update Accelerator', 'update time' => 'Update the time:', 'update transcript' => 'Update transcript', 'updatedatabase' => 'Update Database with last report', diff --git a/langs/fr/cgi-bin/fr.pl b/langs/fr/cgi-bin/fr.pl index 401172395..c18761fa5 100644 --- a/langs/fr/cgi-bin/fr.pl +++ b/langs/fr/cgi-bin/fr.pl @@ -1738,7 +1738,7 @@ 'unknown' => 'UNKNOWN', 'unnamed' => 'Unnamed', 'update' => 'Update', -'update accelerator' => 'Update Booster', +'update accelerator' => 'Update Accelerator', 'update time' => 'Update the time:', 'update transcript' => 'Update transcript', 'updatedatabase' => 'Update Database with last report', From 3bd3aa727fef40ff66935d8971c5a05e13e0baa0 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Wed, 21 Jul 2010 17:50:04 +0200 Subject: [PATCH 02/12] dhcp: Create local configuration file. --- config/rootfiles/common/configroot | 1 + html/cgi-bin/dhcp.cgi | 1 + lfs/configroot | 2 +- 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/config/rootfiles/common/configroot b/config/rootfiles/common/configroot index 12d3ddd61..d0471048b 100644 --- a/config/rootfiles/common/configroot +++ b/config/rootfiles/common/configroot @@ -22,6 +22,7 @@ var/ipfire/ddns var/ipfire/dhcp #var/ipfire/dhcp/advoptions #var/ipfire/dhcp/advoptions-list +#var/ipfire/dhcp/dhcpd.conf.local #var/ipfire/dhcp/fixleases #var/ipfire/dhcp/settings var/ipfire/dhcpc diff --git a/html/cgi-bin/dhcp.cgi b/html/cgi-bin/dhcp.cgi index 29f1a2806..fcf42deb8 100644 --- a/html/cgi-bin/dhcp.cgi +++ b/html/cgi-bin/dhcp.cgi @@ -1199,6 +1199,7 @@ sub buildconf { $key++; } } + print FILE "include ${General::swroot}/dhcp/dhcpd.conf.local\n"; close FILE; if ( $dhcpsettings{"ENABLE_GREEN"} eq 'on' || $dhcpsettings{"ENABLE_BLUE"} eq 'on' ) {system '/usr/local/bin/dhcpctrl enable >/dev/null 2>&1';} else {system '/usr/local/bin/dhcpctrl disable >/dev/null 2>&1';} diff --git a/lfs/configroot b/lfs/configroot index c337ab0a7..544bb2581 100644 --- a/lfs/configroot +++ b/lfs/configroot @@ -63,7 +63,7 @@ $(TARGET) : # Touch empty files for i in auth/users backup/include.user backup/exclude.user \ certs/index.txt ddns/config ddns/noipsettings ddns/settings ddns/ipcache dhcp/settings \ - dhcp/fixleases dhcp/advoptions dmzholes/config dns/settings ethernet/aliases ethernet/settings ethernet/known_nics ethernet/scanned_nics \ + dhcp/fixleases dhcp/advoptions dhcp/dhcpd.conf.local dmzholes/config dns/settings ethernet/aliases ethernet/settings ethernet/known_nics ethernet/scanned_nics \ extrahd/scan extrahd/devices extrahd/partitions extrahd/settings fwlogs/ipsettings fwlogs/portsettings \ isdn/settings mac/settings main/disable_nf_sip main/hosts main/settings net-traffic/settings optionsfw/settings outgoing/settings outgoing/rules \ pakfire/settings portfw/config ppp/settings-1 ppp/settings-2 ppp/settings-3 ppp/settings-4 \ From b64d57aac841cb0a569e9651cba629965d1e6783 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Wed, 30 Jun 2010 20:37:43 +0200 Subject: [PATCH 03/12] Default all processes to run with nice=0. This should work much better for the CFS --- src/initscripts/init.d/functions | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/src/initscripts/init.d/functions b/src/initscripts/init.d/functions index ea840d1a5..00cd6fa2a 100644 --- a/src/initscripts/init.d/functions +++ b/src/initscripts/init.d/functions @@ -438,7 +438,7 @@ loadproc() { local pidfile="" local forcestart="" - local nicelevel="10" + local nicelevel="" # This will ensure compatibility with previous LFS Bootscripts if [ -n "${PIDFILE}" ]; then @@ -500,7 +500,13 @@ loadproc() esac fi - nice -n "${nicelevel}" "${@}" + local cmd="${@}" + + if [ -n "${nicelevel}" ]; then + cmd="nice -n "${nicelevel}" ${cmd}" + fi + + ${cmd} evaluate_retval # This is "Probably" not LSB compliant, but required to be compatible with older bootscripts return 0 } From 55b2f2eb09419c3c7b2bffd2c4e8141e3a37a9de Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Wed, 21 Jul 2010 19:01:44 +0200 Subject: [PATCH 04/12] dhcp: Oops, this version of dhcpd is very strict. --- html/cgi-bin/dhcp.cgi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/html/cgi-bin/dhcp.cgi b/html/cgi-bin/dhcp.cgi index fcf42deb8..cde6065f5 100644 --- a/html/cgi-bin/dhcp.cgi +++ b/html/cgi-bin/dhcp.cgi @@ -1199,7 +1199,7 @@ sub buildconf { $key++; } } - print FILE "include ${General::swroot}/dhcp/dhcpd.conf.local\n"; + print FILE "include \"${General::swroot}/dhcp/dhcpd.conf.local\";\n"; close FILE; if ( $dhcpsettings{"ENABLE_GREEN"} eq 'on' || $dhcpsettings{"ENABLE_BLUE"} eq 'on' ) {system '/usr/local/bin/dhcpctrl enable >/dev/null 2>&1';} else {system '/usr/local/bin/dhcpctrl disable >/dev/null 2>&1';} From f4cb450fcf85a1adf2925733d06f70ee015f7289 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Sat, 17 Jul 2010 17:57:09 +0200 Subject: [PATCH 05/12] cpio: Update to 2.11. --- lfs/cpio | 7 +- src/patches/cpio-2.6-security_fixes-1.patch | 370 -------------------- 2 files changed, 2 insertions(+), 375 deletions(-) delete mode 100644 src/patches/cpio-2.6-security_fixes-1.patch diff --git a/lfs/cpio b/lfs/cpio index b2186fd81..48a4393e6 100644 --- a/lfs/cpio +++ b/lfs/cpio @@ -24,7 +24,7 @@ include Config -VER = 2.6 +VER = 2.11 THISAPP = cpio-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = 76b4145f33df088a5bade3bf4373d17d +$(DL_FILE)_MD5 = 1112bb6c45863468b5496ba128792f6c install : $(TARGET) @@ -70,12 +70,9 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && sed -i "s/invalid_arg/argmatch_invalid/" src/mt.c - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/$(THISAPP)-security_fixes-1.patch cd $(DIR_APP) && ./configure CPIO_MT_PROG=mt --prefix=/usr \ --bindir=/bin --libexecdir=/tmp \ --with-rmt=/usr/sbin/rmt - cd $(DIR_APP) && echo "#define HAVE_LSTAT 1" >> config.h cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install @rm -rf $(DIR_APP) diff --git a/src/patches/cpio-2.6-security_fixes-1.patch b/src/patches/cpio-2.6-security_fixes-1.patch deleted file mode 100644 index 083c7858d..000000000 --- a/src/patches/cpio-2.6-security_fixes-1.patch +++ /dev/null @@ -1,370 +0,0 @@ -Submitted By: Ken Moffat -Date: 2005-07-29 -Initial Package Version: 2.6 -Upstream Status: Unknown -Origin: from Mandrake -Description: Vulnerability fixes, rediffed so that they all apply with - -p1 and consolidated to single patch. Also applicable to earlier versions. -(1.) CAN-1999-1572 (still seems to apply to 2.6) cpio uses a 0 umask when -creating files with -O or -F options, which creates the files with mode 0666 -and allows local users to overwrite them. Fix originally fom debian. -(2.) CAN-2005-1111 Race condition in 2.6 and earlier allows local users to -modify permissions of arbitrary files via a hard-link attack. Fix -originally from fedora. -(3.) CAN-2005-1229 Directory traversal vulnerability allows remote -attackers to write to arbitrary directories via a dot dot in a cpio file. -Fix by Peter Vrabec at RedHat. - -diff -Naur cpio-2.6.vanilla/doc/cpio.1 cpio-2.6/doc/cpio.1 ---- cpio-2.6.vanilla/doc/cpio.1 2004-08-30 17:21:48.000000000 +0100 -+++ cpio-2.6/doc/cpio.1 2005-07-29 13:46:42.000000000 +0100 -@@ -20,7 +20,7 @@ - [\-\-unconditional] [\-\-verbose] [\-\-block-size=blocks] [\-\-swap-halfwords] - [\-\-io-size=bytes] [\-\-pattern-file=file] [\-\-format=format] - [\-\-owner=[user][:.][group]] [\-\-no-preserve-owner] [\-\-message=message] --[\-\-force\-local] [\-\-no\-absolute\-filenames] [\-\-sparse] -+[\-\-force\-local] [\-\-absolute\-filenames] [\-\-sparse] - [\-\-only\-verify\-crc] [\-\-quiet] [\-\-rsh-command=command] [\-\-help] - [\-\-version] [pattern...] [< archive] - -diff -Naur cpio-2.6.vanilla/doc/cpio.info cpio-2.6/doc/cpio.info ---- cpio-2.6.vanilla/doc/cpio.info 2004-02-27 12:42:01.000000000 +0000 -+++ cpio-2.6/doc/cpio.info 2005-07-29 13:46:42.000000000 +0100 -@@ -203,7 +203,7 @@ - [--swap-halfwords] [--io-size=bytes] [--pattern-file=file] - [--format=format] [--owner=[user][:.][group]] - [--no-preserve-owner] [--message=message] [--help] [--version] -- [-no-absolute-filenames] [--sparse] [-only-verify-crc] [-quiet] -+ [--absolute-filenames] [--sparse] [-only-verify-crc] [-quiet] - [--rsh-command=command] [pattern...] [< archive] - -  -@@ -358,9 +358,9 @@ - Show numeric UID and GID instead of translating them into names - when using the `--verbose option'. - --`--no-absolute-filenames' -- Create all files relative to the current directory in copy-in -- mode, even if they have an absolute file name in the archive. -+`--absolute-filenames' -+ Do not strip leading file name components that contain ".." -+ and leading slashes from file names in copy-in mode - - `--no-preserve-owner' - Do not change the ownership of the files; leave them owned by the -diff -Naur cpio-2.6.vanilla/src/copyin.c cpio-2.6/src/copyin.c ---- cpio-2.6.vanilla/src/copyin.c 2004-09-08 12:10:02.000000000 +0100 -+++ cpio-2.6/src/copyin.c 2005-07-29 13:46:42.000000000 +0100 -@@ -25,6 +25,7 @@ - #include "dstring.h" - #include "extern.h" - #include "defer.h" -+#include "dirname.h" - #include - #ifndef FNM_PATHNAME - #include -@@ -389,19 +390,26 @@ - continue; - } - -- if (close (out_file_des) < 0) -- error (0, errno, "%s", d->header.c_name); -- -+ /* -+ * Avoid race condition. -+ * Set chown and chmod before closing the file desc. -+ * pvrabec@redhat.com -+ */ -+ - /* File is now copied; set attributes. */ - if (!no_chown_flag) -- if ((chown (d->header.c_name, -+ if ((fchown (out_file_des, - set_owner_flag ? set_owner : d->header.c_uid, - set_group_flag ? set_group : d->header.c_gid) < 0) - && errno != EPERM) - error (0, errno, "%s", d->header.c_name); - /* chown may have turned off some permissions we wanted. */ -- if (chmod (d->header.c_name, (int) d->header.c_mode) < 0) -+ if (fchmod (out_file_des, (int) d->header.c_mode) < 0) - error (0, errno, "%s", d->header.c_name); -+ -+ if (close (out_file_des) < 0) -+ error (0, errno, "%s", d->header.c_name); -+ - if (retain_time_flag) - { - times.actime = times.modtime = d->header.c_mtime; -@@ -557,6 +565,25 @@ - write (out_file_des, "", 1); - delayed_seek_count = 0; - } -+ -+ /* -+ * Avoid race condition. -+ * Set chown and chmod before closing the file desc. -+ * pvrabec@redhat.com -+ */ -+ -+ /* File is now copied; set attributes. */ -+ if (!no_chown_flag) -+ if ((fchown (out_file_des, -+ set_owner_flag ? set_owner : file_hdr->c_uid, -+ set_group_flag ? set_group : file_hdr->c_gid) < 0) -+ && errno != EPERM) -+ error (0, errno, "%s", file_hdr->c_name); -+ -+ /* chown may have turned off some permissions we wanted. */ -+ if (fchmod (out_file_des, (int) file_hdr->c_mode) < 0) -+ error (0, errno, "%s", file_hdr->c_name); -+ - if (close (out_file_des) < 0) - error (0, errno, "%s", file_hdr->c_name); - -@@ -567,18 +594,6 @@ - file_hdr->c_name, crc, file_hdr->c_chksum); - } - -- /* File is now copied; set attributes. */ -- if (!no_chown_flag) -- if ((chown (file_hdr->c_name, -- set_owner_flag ? set_owner : file_hdr->c_uid, -- set_group_flag ? set_group : file_hdr->c_gid) < 0) -- && errno != EPERM) -- error (0, errno, "%s", file_hdr->c_name); -- -- /* chown may have turned off some permissions we wanted. */ -- if (chmod (file_hdr->c_name, (int) file_hdr->c_mode) < 0) -- error (0, errno, "%s", file_hdr->c_name); -- - if (retain_time_flag) - { - struct utimbuf times; /* For setting file times. */ -@@ -589,7 +604,7 @@ - if (utime (file_hdr->c_name, ×) < 0) - error (0, errno, "%s", file_hdr->c_name); - } -- -+ - tape_skip_padding (in_file_des, file_hdr->c_filesize); - if (file_hdr->c_nlink > 1 - && (archive_format == arf_newascii || archive_format == arf_crcascii) ) -@@ -1335,6 +1350,53 @@ - } - } - -+/* Return a safer suffix of FILE_NAME, or "." if it has no safer -+ suffix. Check for fully specified file names and other atrocities. */ -+ -+static const char * -+safer_name_suffix (char const *file_name) -+{ -+ char const *p; -+ -+ /* Skip file system prefixes, leading file name components that contain -+ "..", and leading slashes. */ -+ -+ size_t prefix_len = FILE_SYSTEM_PREFIX_LEN (file_name); -+ -+ for (p = file_name + prefix_len; *p;) -+ { -+ if (p[0] == '.' && p[1] == '.' && (ISSLASH (p[2]) || !p[2])) -+ prefix_len = p + 2 - file_name; -+ -+ do -+ { -+ char c = *p++; -+ if (ISSLASH (c)) -+ break; -+ } -+ while (*p); -+ } -+ -+ for (p = file_name + prefix_len; ISSLASH (*p); p++) -+ continue; -+ prefix_len = p - file_name; -+ -+ if (prefix_len) -+ { -+ char *prefix = alloca (prefix_len + 1); -+ memcpy (prefix, file_name, prefix_len); -+ prefix[prefix_len] = '\0'; -+ -+ -+ error (0, 0, _("Removing leading `%s' from member names"), prefix); -+ } -+ -+ if (!*p) -+ p = "."; -+ -+ return p; -+} -+ - /* Read the collection from standard input and create files - in the file system. */ - -@@ -1445,18 +1507,11 @@ - - /* Do we have to ignore absolute paths, and if so, does the filename - have an absolute path? */ -- if (no_abs_paths_flag && file_hdr.c_name && file_hdr.c_name [0] == '/') -+ if (!abs_paths_flag && file_hdr.c_name && file_hdr.c_name [0]) - { -- char *p; -+ const char *p = safer_name_suffix (file_hdr.c_name); - -- p = file_hdr.c_name; -- while (*p == '/') -- ++p; -- if (*p == '\0') -- { -- strcpy (file_hdr.c_name, "."); -- } -- else -+ if (p != file_hdr.c_name) - { - /* Debian hack: file_hrd.c_name is sometimes set to - point to static memory by code in tar.c. This -diff -Naur cpio-2.6.vanilla/src/copypass.c cpio-2.6/src/copypass.c ---- cpio-2.6.vanilla/src/copypass.c 2004-09-06 13:09:04.000000000 +0100 -+++ cpio-2.6/src/copypass.c 2005-07-29 13:46:07.000000000 +0100 -@@ -181,19 +181,25 @@ - } - if (close (in_file_des) < 0) - error (0, errno, "%s", input_name.ds_string); -- if (close (out_file_des) < 0) -- error (0, errno, "%s", output_name.ds_string); -- -+ /* -+ * Avoid race condition. -+ * Set chown and chmod before closing the file desc. -+ * pvrabec@redhat.com -+ */ - /* Set the attributes of the new file. */ - if (!no_chown_flag) -- if ((chown (output_name.ds_string, -+ if ((fchown (out_file_des, - set_owner_flag ? set_owner : in_file_stat.st_uid, - set_group_flag ? set_group : in_file_stat.st_gid) < 0) - && errno != EPERM) - error (0, errno, "%s", output_name.ds_string); - /* chown may have turned off some permissions we wanted. */ -- if (chmod (output_name.ds_string, in_file_stat.st_mode) < 0) -+ if (fchmod (out_file_des, in_file_stat.st_mode) < 0) -+ error (0, errno, "%s", output_name.ds_string); -+ -+ if (close (out_file_des) < 0) - error (0, errno, "%s", output_name.ds_string); -+ - if (reset_time_flag) - { - times.actime = in_file_stat.st_atime; -diff -Naur cpio-2.6.vanilla/src/extern.h cpio-2.6/src/extern.h ---- cpio-2.6.vanilla/src/extern.h 2004-09-08 11:49:57.000000000 +0100 -+++ cpio-2.6/src/extern.h 2005-07-29 13:47:34.000000000 +0100 -@@ -46,7 +46,7 @@ - extern int sparse_flag; - extern int quiet_flag; - extern int only_verify_crc_flag; --extern int no_abs_paths_flag; -+extern int abs_paths_flag; - extern unsigned int warn_option; - - /* Values for warn_option */ -@@ -91,6 +91,7 @@ - extern char input_is_seekable; - extern char output_is_seekable; - extern char *program_name; -+extern mode_t sys_umask; - extern int (*xstat) (); - extern void (*copy_function) (); - -diff -Naur cpio-2.6.vanilla/src/global.c cpio-2.6/src/global.c ---- cpio-2.6.vanilla/src/global.c 2004-09-08 11:23:44.000000000 +0100 -+++ cpio-2.6/src/global.c 2005-07-29 13:47:34.000000000 +0100 -@@ -100,7 +100,7 @@ - int only_verify_crc_flag = false; - - /* If true, don't use any absolute paths, prefix them by `./'. */ --int no_abs_paths_flag = false; -+int abs_paths_flag = false; - - #ifdef DEBUG_CPIO - /* If true, print debugging information. */ -@@ -195,6 +195,9 @@ - /* The name this program was run with. */ - char *program_name; - -+/* Debian hack to make the -d option honor the umask. */ -+mode_t sys_umask; -+ - /* A pointer to either lstat or stat, depending on whether - dereferencing of symlinks is done for input files. */ - int (*xstat) (); -diff -Naur cpio-2.6.vanilla/src/main.c cpio-2.6/src/main.c ---- cpio-2.6.vanilla/src/main.c 2004-11-23 00:42:18.000000000 +0000 -+++ cpio-2.6/src/main.c 2005-07-29 13:47:34.000000000 +0100 -@@ -41,6 +41,7 @@ - - enum cpio_options { - NO_ABSOLUTE_FILENAMES_OPTION=256, -+ ABSOLUTE_FILENAMES_OPTION, - NO_PRESERVE_OWNER_OPTION, - ONLY_VERIFY_CRC_OPTION, - RENAME_BATCH_FILE_OPTION, -@@ -134,6 +135,8 @@ - N_("In copy-in mode, read additional patterns specifying filenames to extract or list from FILE"), 210}, - {"no-absolute-filenames", NO_ABSOLUTE_FILENAMES_OPTION, 0, 0, - N_("Create all files relative to the current directory"), 210}, -+ {"absolute-filenames", ABSOLUTE_FILENAMES_OPTION, 0, 0, -+ N_("do not strip leading file name components that contain \"..\" and leading slashes from file names"), 210}, - {"only-verify-crc", ONLY_VERIFY_CRC_OPTION, 0, 0, - N_("When reading a CRC format archive in copy-in mode, only verify the CRC's of each file in the archive, don't actually extract the files"), 210}, - {"rename", 'r', 0, 0, -@@ -392,7 +395,11 @@ - break; - - case NO_ABSOLUTE_FILENAMES_OPTION: /* --no-absolute-filenames */ -- no_abs_paths_flag = true; -+ abs_paths_flag = false; -+ break; -+ -+ case ABSOLUTE_FILENAMES_OPTION: /* --absolute-filenames */ -+ abs_paths_flag = true; - break; - - case NO_PRESERVE_OWNER_OPTION: /* --no-preserve-owner */ -@@ -631,7 +638,7 @@ - _("--append is used but no archive file name is given (use -F or -O options"))); - - CHECK_USAGE(rename_batch_file, "--rename-batch-file", "--create"); -- CHECK_USAGE(no_abs_paths_flag, "--no-absolute-pathnames", "--create"); -+ CHECK_USAGE(abs_paths_flag, "--absolute-pathnames", "--create"); - CHECK_USAGE(input_archive_name, "-I", "--create"); - if (archive_name && output_archive_name) - USAGE_ERROR ((0, 0, _("Both -O and -F are used in copy-out mode"))); -@@ -658,7 +665,7 @@ - CHECK_USAGE(rename_flag, "--rename", "--pass-through"); - CHECK_USAGE(append_flag, "--append", "--pass-through"); - CHECK_USAGE(rename_batch_file, "--rename-batch-file", "--pass-through"); -- CHECK_USAGE(no_abs_paths_flag, "--no-absolute-pathnames", -+ CHECK_USAGE(abs_paths_flag, "--absolute-pathnames", - "--pass-through"); - CHECK_USAGE(to_stdout_option, "--to-stdout", "--pass-through"); - -@@ -740,7 +747,6 @@ - textdomain (PACKAGE); - - program_name = argv[0]; -- umask (0); - - #ifdef __TURBOC__ - _fmode = O_BINARY; /* Put stdin and stdout in binary mode. */ -@@ -751,6 +757,7 @@ - #endif - - process_args (argc, argv); -+ sys_umask = umask (0); - - initialize_buffers (); - From 0ff071f11c5216d9c0ff4526b7a42c47487c87be Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Sat, 17 Jul 2010 18:19:38 +0200 Subject: [PATCH 06/12] installer: Change format of initrd from squashfs to cpio. --- doc/packages-list.txt | 14 ++++++++++++++ lfs/initrd | 7 +++++-- 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/doc/packages-list.txt b/doc/packages-list.txt index 470bbc0f6..70e3b96f0 100644 --- a/doc/packages-list.txt +++ b/doc/packages-list.txt @@ -71,6 +71,7 @@ * compat-wireless-2.6.34-kmod-2.6.32.15-ipfire * compat-wireless-2.6.34-kmod-2.6.32.15-ipfire-xen * coreutils-5.96 +* cpio-2.11 * cpio-2.6 * cpufrequtils-007 * cryptodev-20091126-kmod-2.6.32.15-ipfire @@ -90,6 +91,8 @@ * diffutils-2.8.1 * dnsmasq-2.45 * dosfstools-3.0.9 +* dracut-006 +* dracut-006.save * e1000-8.0.19-kmod-2.6.32.15-ipfire * e1000-8.0.19-kmod-2.6.32.15-ipfire-xen * e1000e-1.1.19-kmod-2.6.32.15-ipfire @@ -150,6 +153,7 @@ * iftop-0.17 * igmpproxy-0.1 * inetutils-1.4.2 +* initrd_off * ipaddr-1.2 * iperf-2.0.4 * ipfireseeder-1.00 @@ -165,6 +169,7 @@ * klibc-1.5.14 * kqemu-1.4.0pre1-kmod-2.6.32.15-ipfire * kqemu-1.4.0pre1-kmod-2.6.32.15-ipfire-xen +* kqemu-1.4.0pre1-kmod-2.6.32.16-ipfire * kudzu-1.2.64 * kvm-kmod-2.6.33.1-kmod-2.6.32.15-ipfire * l7-protocols-2009-05-10 @@ -186,6 +191,7 @@ * libogg-1.1.4 * liboping-1.3.4 * libpcap-1.0.0 +* libpng-1.2.12 * libpng-1.2.44 * libpri-1.4.10.2 * libsafe_2.0-16 @@ -220,6 +226,7 @@ * man-db-2.4.3 * man-pages-2.34 * mbr-1.1.8 +* mc-4.7.0 * mc-4.7.3 * mdadm-3.1.1 * mechanize-0.1.8 @@ -251,6 +258,7 @@ * netcat-0.7.1 * netpbm-10.26.46 * newt-0.51.6 +* nfs-utils-1.1.1 * nfs-utils-1.2.2 * nmap-5.20 * noip_updater_v1.6 @@ -259,6 +267,7 @@ * nut-2.4.3 * ocaml-3.09.2 * oinkmaster-2.0 +* open-vm-tools-2009.05.22-167859 * open-vm-tools-8.4.2-261024 * openldap-2.3.20 * openmailadmin-1.0.0 @@ -279,6 +288,7 @@ * popt-1.10.4 * portmap_6.0 * postfix-2.6.5 +* ppp-2.4.4 * ppp-2.4.5 * pptp-1.7.2 * procps-3.2.6 @@ -294,6 +304,7 @@ * readline-5.1 * reiser4progs-1.0.6 * reiserfsprogs-3.6.21 +* rp-pppoe-3.8 * rrdtool-1.2.30 * rssdler-0.4.0a * rsync-3.0.7 @@ -334,6 +345,7 @@ * teamspeak-2.0.24.1 * texinfo-4.8 * tftp-hpa-0.48 +* tiff-3.8.2 * tiff-3.9.4 * traceroute-2.0.12 * tripwire-2.4.1.2 @@ -348,6 +360,7 @@ * v4l-dvb-b576509ea6d2-kmod-2.6.32.15-ipfire * v4l-dvb-b576509ea6d2-kmod-2.6.32.15-ipfire-xen * vdr-1.6.0 +* vdradmin-am-3.6.5 * vdradmin-am-3.6.7 * vim-7.0 * vlan.1.9 @@ -356,6 +369,7 @@ * vnstati-beta3 * vsftpd-2.1.2 * w_scan-20080105 +* watchdog-5.6 * watchdog-5.9 * wget-1.10.2 * whatmask-1.2 diff --git a/lfs/initrd b/lfs/initrd index ad8b135a6..824b40c76 100644 --- a/lfs/initrd +++ b/lfs/initrd @@ -89,8 +89,11 @@ $(TARGET) : # Remove binary depmod files rm -rf /install/initrd/lib/modules/$(KVER)-ipfire/modules.*.bin - - mksquashfs /install/initrd /install/images/initrd + + cd /install/initrd && strip --strip-all {,usr/}{,s}bin/* || true + cd /install/initrd && strip --strip-debug {,usr/}lib/* || true + + cd /install/initrd && find . | cpio -o -H newc | lzma -9 > /install/images/initrd cd /install/initrd && find ./ -ls > $(DIR_INFO)/_build.initrd.log @$(POSTBUILD) From d69c879e49632b2429a114737682c080bca96d30 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Tue, 20 Jul 2010 18:17:16 +0200 Subject: [PATCH 07/12] Make installer system bootable from initramfs. --- config/syslinux/syslinux.cfg | 8 ++++---- lfs/initrd | 2 ++ 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/config/syslinux/syslinux.cfg b/config/syslinux/syslinux.cfg index 15af66e4a..361a3168e 100644 --- a/config/syslinux/syslinux.cfg +++ b/config/syslinux/syslinux.cfg @@ -4,16 +4,16 @@ PROMPT 1 F1 boot.msg F2 options.msg DEFAULT vmlinuz - APPEND ide=nodma initrd=instroot root=/dev/ram0 ramdisk_size=16384 vga=791 splash=silent ro + APPEND ide=nodma initrd=instroot vga=791 splash=silent ro LABEL novga KERNEL vmlinuz - APPEND ide=nodma initrd=instroot root=/dev/ram0 ramdisk_size=16384 ro + APPEND ide=nodma initrd=instroot ro LABEL dma KERNEL vmlinuz - APPEND initrd=instroot root=/dev/ram0 ramdisk_size=16384 vga=791 splash=silent ro + APPEND initrd=instroot vga=791 splash=silent ro LABEL unattended KERNEL vmlinuz - APPEND ide=nodma initrd=instroot root=/dev/ram0 ramdisk_size=16384 vga=791 splash=silent unattended ro + APPEND ide=nodma initrd=instroot vga=791 splash=silent unattended ro LABEL memtest KERNEL memtest APPEND - diff --git a/lfs/initrd b/lfs/initrd index 824b40c76..896d78ecf 100644 --- a/lfs/initrd +++ b/lfs/initrd @@ -93,6 +93,8 @@ $(TARGET) : cd /install/initrd && strip --strip-all {,usr/}{,s}bin/* || true cd /install/initrd && strip --strip-debug {,usr/}lib/* || true + cd /install/initrd && ln -svf sbin/init init + cd /install/initrd && find . | cpio -o -H newc | lzma -9 > /install/images/initrd cd /install/initrd && find ./ -ls > $(DIR_INFO)/_build.initrd.log From ab8d438fdda2b682b9e08a25fd1710312e35d1f5 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Thu, 22 Jul 2010 00:47:33 +0200 Subject: [PATCH 08/12] initrd: Reset compression to normal level. -9 will require more than 100M to decompress + kernel + initramfs content >= 150M. --- lfs/initrd | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lfs/initrd b/lfs/initrd index 896d78ecf..cf4f28085 100644 --- a/lfs/initrd +++ b/lfs/initrd @@ -95,7 +95,7 @@ $(TARGET) : cd /install/initrd && ln -svf sbin/init init - cd /install/initrd && find . | cpio -o -H newc | lzma -9 > /install/images/initrd + cd /install/initrd && find . | cpio -o -H newc | lzma > /install/images/initrd cd /install/initrd && find ./ -ls > $(DIR_INFO)/_build.initrd.log @$(POSTBUILD) From c679f3711abd468e8d9afa906b95f148be125fe8 Mon Sep 17 00:00:00 2001 From: Jan Paul Tuecking Date: Thu, 22 Jul 2010 17:44:55 +0200 Subject: [PATCH 09/12] Some cosmetic changes on time.cgi --- html/cgi-bin/time.cgi | 28 ++++++++++++++++++---------- langs/de/cgi-bin/de.pl | 4 +++- langs/en/cgi-bin/en.pl | 2 ++ langs/es/cgi-bin/es.pl | 2 ++ langs/fr/cgi-bin/fr.pl | 20 +++++++++++--------- 5 files changed, 36 insertions(+), 20 deletions(-) diff --git a/html/cgi-bin/time.cgi b/html/cgi-bin/time.cgi index fb69aa39e..c68eb999f 100644 --- a/html/cgi-bin/time.cgi +++ b/html/cgi-bin/time.cgi @@ -236,6 +236,10 @@ print "
\n"; &Header::openbox('100%', 'left', $Lang::tr{'network time'}); print < + + $Lang::tr{'ntp common settings'} + + $Lang::tr{'network time from'} @@ -272,22 +276,19 @@ print <  $Lang::tr{'clenabled'} + +   + $Lang::tr{'Set time on boot'} + - - - - - - - - + - - + + + + + + + + END ; diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index 479bd35e7..0394315e4 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -761,7 +761,7 @@ 'esp integrity' => 'ESP Integrität:', 'esp keylife' => 'Lebensdauer des ESP Schlüssels:', 'esp keylife should be between 1 and 24 hours' => 'ESP Schlüssel-Lebensdauer sollte zwischen 1 und 24 Stunden betragen.', -'every' => 'Jeden', +'every' => 'Alle', 'exampel' => 'Beispiel', 'exclude logfiles' => 'ohne Logdateien', 'excluding buffers and cache' => '-/+ Puffer/Zwischenspeicher', @@ -1227,6 +1227,8 @@ 'not running' => 'nicht gestartet', 'not set' => 'nicht gesetzt', 'november' => 'November', +'ntp common settings' => 'Allgemeine Einstellungen', +'ntp sync' => 'Synchronisation', 'ntp configuration' => 'NTP-Konfiguration', 'ntp must be enabled to have clients' => 'Um Clients annehmen zu können, muß NTP vorher aktiviert sein.', 'ntp server' => 'NTP-Server', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 5bfd356e7..55d24c488 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -1256,6 +1256,8 @@ 'not set' => 'not set', 'notes' => 'Notes', 'november' => 'November', +'ntp common settings' => 'Common settings', +'ntp sync' => 'Synchronization', 'ntp configuration' => 'NTP configuration', 'ntp must be enabled to have clients' => 'NTP must be enabled to have clients.', 'ntp server' => 'NTP Server', diff --git a/langs/es/cgi-bin/es.pl b/langs/es/cgi-bin/es.pl index 347705379..5edbade56 100644 --- a/langs/es/cgi-bin/es.pl +++ b/langs/es/cgi-bin/es.pl @@ -1254,6 +1254,8 @@ 'not set' => 'no configurado', 'notes' => 'Notas', 'november' => 'Noviembre', +'ntp common settings' => 'Configuraciones comunes', +'ntp sync' => 'Sincronización', 'ntp configuration' => 'Configuración NTP', 'ntp must be enabled to have clients' => 'NTP debe estar configurado para tener clientes', 'ntp server' => 'Servidor NTP', diff --git a/langs/fr/cgi-bin/fr.pl b/langs/fr/cgi-bin/fr.pl index c18761fa5..55d24c488 100644 --- a/langs/fr/cgi-bin/fr.pl +++ b/langs/fr/cgi-bin/fr.pl @@ -4,7 +4,7 @@ 'Act as' => 'Act as:', 'Add Port Rule' => 'Add port rule', 'Add Rule' => 'Add rule', -'Async logging enabled' => 'Activer écriture asynchrone de syslogs', +'Async logging enabled' => 'Enable asynchronous writing of the syslog file', 'optional at cmd' => 'optional AT command', 'Choose Rule' => 'Choose one of the following rules.', 'Class' => 'Class', @@ -15,7 +15,6 @@ 'ConnSched change profile title' => 'Change to profile:', 'ConnSched days' => 'Days:', 'ConnSched down' => 'Down', -'Set time on boot' => 'Fixe l heure en botte', 'ConnSched ipsecstart' => 'IPSec (re)start', 'ConnSched ipsecstop' => 'IPSec stop', 'ConnSched reconnect' => 'Reconnect', @@ -48,6 +47,7 @@ 'mpfire search' => 'MPFire Search', 'repeat' => 'Repeat', 'shuffle' => 'Shuffle', +'Set time on boot' => 'Force setting the system clock on boot', 'Port Rule' => 'Port-Rule', 'qos add subclass' => 'Add subclass', 'The source IP address is invalid.' => 'The source IP address is invalid.', @@ -805,7 +805,7 @@ 'external access rule removed' => ' External access rule removed; restarting access controller', 'external aliases configuration' => 'External aliases configuration', 'extrahd' => 'ExtraHD', -'extrahd detected drives' => 'founded drives', +'extrahd detected drives' => 'detected drives', 'false classnumber' => 'The Class-Number does not match the interface.', 'false max bandwith' => 'Maximum bandwith is false.', 'false min bandwith' => 'Minimum bandwith is false.', @@ -1256,6 +1256,8 @@ 'not set' => 'not set', 'notes' => 'Notes', 'november' => 'November', +'ntp common settings' => 'Common settings', +'ntp sync' => 'Synchronization', 'ntp configuration' => 'NTP configuration', 'ntp must be enabled to have clients' => 'NTP must be enabled to have clients.', 'ntp server' => 'NTP Server', @@ -1297,12 +1299,12 @@ 'otherip' => 'other IP', 'otherport' => 'other Port', 'out' => 'Out', -'outgoing' => 'sortant', -'outgoing firewall' => 'Sortant Firewall', -'outgoing firewall groups' => 'Firewall Groupe', -'outgoing firewall add ip group' => 'Ajouter IP Address Group', -'outgoing firewall ip groups' => 'Sortant Firewall IP Groupe', -'outgoing firewall view group' => 'Montrer groupe', +'outgoing' => 'outgoing', +'outgoing firewall' => 'Outgoing Firewall', +'outgoing firewall groups' => 'Firewall Groups', +'outgoing firewall add ip group' => 'Add IP Address Group', +'outgoing firewall ip groups' => 'Outgoing Firewall IP Adress Groups', +'outgoing firewall view group' => 'View group', 'outgoing traffic in bytes per second' => 'Outgoing Traffic', 'outgoingfw mode0' => 'Using this mode, all clients are able to access the internet without any restrictions.', 'outgoingfw mode1' => 'Using this mode, only connections based on the defined rules are allowed.', From d9690aea6d81e23004c7ccd68e6cadb492131153 Mon Sep 17 00:00:00 2001 From: Jan Paul Tuecking Date: Thu, 22 Jul 2010 17:51:38 +0200 Subject: [PATCH 10/12] Fixed fr.pl to latest version --- langs/fr/cgi-bin/fr.pl | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/langs/fr/cgi-bin/fr.pl b/langs/fr/cgi-bin/fr.pl index 55d24c488..2924cb7f6 100644 --- a/langs/fr/cgi-bin/fr.pl +++ b/langs/fr/cgi-bin/fr.pl @@ -4,7 +4,7 @@ 'Act as' => 'Act as:', 'Add Port Rule' => 'Add port rule', 'Add Rule' => 'Add rule', -'Async logging enabled' => 'Enable asynchronous writing of the syslog file', +'Async logging enabled' => 'Activer écriture asynchrone de syslogs', 'optional at cmd' => 'optional AT command', 'Choose Rule' => 'Choose one of the following rules.', 'Class' => 'Class', @@ -15,6 +15,7 @@ 'ConnSched change profile title' => 'Change to profile:', 'ConnSched days' => 'Days:', 'ConnSched down' => 'Down', +'Set time on boot' => 'Fixe l heure en botte', 'ConnSched ipsecstart' => 'IPSec (re)start', 'ConnSched ipsecstop' => 'IPSec stop', 'ConnSched reconnect' => 'Reconnect', @@ -47,7 +48,6 @@ 'mpfire search' => 'MPFire Search', 'repeat' => 'Repeat', 'shuffle' => 'Shuffle', -'Set time on boot' => 'Force setting the system clock on boot', 'Port Rule' => 'Port-Rule', 'qos add subclass' => 'Add subclass', 'The source IP address is invalid.' => 'The source IP address is invalid.', @@ -805,7 +805,7 @@ 'external access rule removed' => ' External access rule removed; restarting access controller', 'external aliases configuration' => 'External aliases configuration', 'extrahd' => 'ExtraHD', -'extrahd detected drives' => 'detected drives', +'extrahd detected drives' => 'founded drives', 'false classnumber' => 'The Class-Number does not match the interface.', 'false max bandwith' => 'Maximum bandwith is false.', 'false min bandwith' => 'Minimum bandwith is false.', @@ -1299,12 +1299,12 @@ 'otherip' => 'other IP', 'otherport' => 'other Port', 'out' => 'Out', -'outgoing' => 'outgoing', -'outgoing firewall' => 'Outgoing Firewall', -'outgoing firewall groups' => 'Firewall Groups', -'outgoing firewall add ip group' => 'Add IP Address Group', -'outgoing firewall ip groups' => 'Outgoing Firewall IP Adress Groups', -'outgoing firewall view group' => 'View group', +'outgoing' => 'sortant', +'outgoing firewall' => 'Sortant Firewall', +'outgoing firewall groups' => 'Firewall Groupe', +'outgoing firewall add ip group' => 'Ajouter IP Address Group', +'outgoing firewall ip groups' => 'Sortant Firewall IP Groupe', +'outgoing firewall view group' => 'Montrer groupe', 'outgoing traffic in bytes per second' => 'Outgoing Traffic', 'outgoingfw mode0' => 'Using this mode, all clients are able to access the internet without any restrictions.', 'outgoingfw mode1' => 'Using this mode, only connections based on the defined rules are allowed.', From 90874a8a3a372b334ed71d0664b5b11b0f79e255 Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Thu, 22 Jul 2010 18:07:12 +0200 Subject: [PATCH 11/12] Mkinitcpio: Reduce initrd size by removing unneeded filesystems. --- lfs/mkinitcpio | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lfs/mkinitcpio b/lfs/mkinitcpio index 47de3ea68..8a415eb86 100644 --- a/lfs/mkinitcpio +++ b/lfs/mkinitcpio @@ -73,8 +73,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && ./install.sh "" cp $(DIR_SRC)/config/mkinitcpio/virtio /lib/initcpio/install/ sed -i 's|^FILELIST=.*|FILELIST="$$(mktemp)"|g' /sbin/mkinitcpio - sed -i 's|^HOOKS=.*|HOOKS="base udev autodetect ide usb scsi pata sata virtio filesystems"|g' /etc/mkinitcpio.conf - sed -i 's|^MODULES=.*|MODULES="reiser4 reiserfs ext3 ehci_hcd"|g' /etc/mkinitcpio.conf + sed -i 's|^HOOKS=.*|HOOKS="base udev autodetect ide usb scsi pata sata virtio"|g' /etc/mkinitcpio.conf + sed -i 's|^MODULES=.*|MODULES="reiser4 reiserfs ext3 est2 ehci_hcd"|g' /etc/mkinitcpio.conf sed -i 's|ide-cd|ide-cd ide-generic|g' /lib/initcpio/install/ide sed -i 's| gzip -9 | lzma |g' /sbin/mkinitcpio @rm -rf $(DIR_APP) From 9254944067a862d84fc1762d2b919bb13801d8a5 Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Thu, 22 Jul 2010 19:36:04 +0200 Subject: [PATCH 12/12] Mkinitcpio: fix typo. --- lfs/mkinitcpio | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lfs/mkinitcpio b/lfs/mkinitcpio index 8a415eb86..bce7db052 100644 --- a/lfs/mkinitcpio +++ b/lfs/mkinitcpio @@ -74,7 +74,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cp $(DIR_SRC)/config/mkinitcpio/virtio /lib/initcpio/install/ sed -i 's|^FILELIST=.*|FILELIST="$$(mktemp)"|g' /sbin/mkinitcpio sed -i 's|^HOOKS=.*|HOOKS="base udev autodetect ide usb scsi pata sata virtio"|g' /etc/mkinitcpio.conf - sed -i 's|^MODULES=.*|MODULES="reiser4 reiserfs ext3 est2 ehci_hcd"|g' /etc/mkinitcpio.conf + sed -i 's|^MODULES=.*|MODULES="reiser4 reiserfs ext3 ext2 ehci_hcd"|g' /etc/mkinitcpio.conf sed -i 's|ide-cd|ide-cd ide-generic|g' /lib/initcpio/install/ide sed -i 's| gzip -9 | lzma |g' /sbin/mkinitcpio @rm -rf $(DIR_APP)
$Lang::tr{'update time'}
 $Lang::tr{'set time now help'}
$Lang::tr{'Set time on boot'}
$Lang::tr{'ntp sync'}
$Lang::tr{'every'}: + $Lang::tr{'every'} $Lang::tr{'manually'}
$Lang::tr{'update time'}
 $Lang::tr{'set time now help'}