diff --git a/config/rootfiles/common/ddns b/config/rootfiles/common/ddns index 2f0bdf741..f93965cea 100644 --- a/config/rootfiles/common/ddns +++ b/config/rootfiles/common/ddns @@ -60,4 +60,7 @@ usr/lib/python2.7/site-packages/ddns/system.pyo #usr/share/locale/uz@Latn/LC_MESSAGES #usr/share/locale/uz@Latn/LC_MESSAGES/ddns.mo #usr/share/locale/vi/LC_MESSAGES/ddns.mo +#usr/share/locale/zh +#usr/share/locale/zh/LC_MESSAGES +#usr/share/locale/zh/LC_MESSAGES/ddns.mo #var/ipfire/ddns/ddns.conf.sample diff --git a/config/rootfiles/core/80/filelists/files b/config/rootfiles/core/80/filelists/files index a12048d7b..cdddaac16 100644 --- a/config/rootfiles/core/80/filelists/files +++ b/config/rootfiles/core/80/filelists/files @@ -8,6 +8,7 @@ etc/rc.d/init.d/firewall etc/rc.d/init.d/networking/red.up/30-ddns etc/rc.d/init.d/rngd srv/web/ipfire/cgi-bin/ddns.cgi +srv/web/ipfire/cgi-bin/ids.cgi srv/web/ipfire/cgi-bin/logs.cgi/firewalllogcountry.dat srv/web/ipfire/cgi-bin/logs.cgi/log.dat srv/web/ipfire/cgi-bin/netexternal.cgi diff --git a/config/rootfiles/core/81/exclude b/config/rootfiles/core/81/exclude new file mode 100644 index 000000000..18e9b4d24 --- /dev/null +++ b/config/rootfiles/core/81/exclude @@ -0,0 +1,20 @@ +boot/config.txt +etc/collectd.custom +etc/ipsec.conf +etc/ipsec.secrets +etc/ipsec.user.conf +etc/ipsec.user.secrets +etc/localtime +etc/shadow +etc/ssh/ssh_config +etc/ssh/sshd_config +etc/ssl/openssl.cnf +etc/sudoers +etc/sysconfig/firewall.local +etc/sysconfig/rc.local +etc/udev/rules.d/30-persistent-network.rules +srv/web/ipfire/html/proxy.pac +var/ipfire/ovpn +var/log/cache +var/state/dhcp/dhcpd.leases +var/updatecache diff --git a/config/rootfiles/core/81/filelists/ddns b/config/rootfiles/core/81/filelists/ddns new file mode 120000 index 000000000..739516420 --- /dev/null +++ b/config/rootfiles/core/81/filelists/ddns @@ -0,0 +1 @@ +../../../common/ddns \ No newline at end of file diff --git a/config/rootfiles/core/81/filelists/files b/config/rootfiles/core/81/filelists/files new file mode 100644 index 000000000..4b0ae1e75 --- /dev/null +++ b/config/rootfiles/core/81/filelists/files @@ -0,0 +1,5 @@ +etc/system-release +etc/issue +etc/rc.d/init.d/firewall +srv/web/ipfire/cgi-bin/ddns.cgi +srv/web/ipfire/cgi-bin/ovpnmain.cgi diff --git a/config/rootfiles/core/81/filelists/lzo b/config/rootfiles/core/81/filelists/lzo new file mode 120000 index 000000000..8e11e78d3 --- /dev/null +++ b/config/rootfiles/core/81/filelists/lzo @@ -0,0 +1 @@ +../../../common/lzo \ No newline at end of file diff --git a/config/rootfiles/core/81/filelists/openssh b/config/rootfiles/core/81/filelists/openssh new file mode 120000 index 000000000..d8c77fd8e --- /dev/null +++ b/config/rootfiles/core/81/filelists/openssh @@ -0,0 +1 @@ +../../../common/openssh \ No newline at end of file diff --git a/config/rootfiles/core/81/filelists/openssl b/config/rootfiles/core/81/filelists/openssl new file mode 120000 index 000000000..e011a9266 --- /dev/null +++ b/config/rootfiles/core/81/filelists/openssl @@ -0,0 +1 @@ +../../../common/openssl \ No newline at end of file diff --git a/config/rootfiles/core/81/meta b/config/rootfiles/core/81/meta new file mode 100644 index 000000000..d547fa86f --- /dev/null +++ b/config/rootfiles/core/81/meta @@ -0,0 +1 @@ +DEPS="" diff --git a/config/rootfiles/core/81/update.sh b/config/rootfiles/core/81/update.sh new file mode 100644 index 000000000..67244c654 --- /dev/null +++ b/config/rootfiles/core/81/update.sh @@ -0,0 +1,101 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 3 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2014 IPFire-Team . # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh +/usr/local/bin/backupctrl exclude >/dev/null 2>&1 + +# Remove old core updates from pakfire cache to save space... +core=80 +for (( i=1; i<=$core; i++ )) +do + rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire +done + +# Stop services +/etc/init.d/ipsec stop + +# Remove old strongswan files +rm -f \ + /etc/strongswan.d/charon/unity.conf \ + /usr/lib/ipsec/plugins/libstrongswan-unity.so \ + /usr/share/strongswan/templates/config/plugins/unity.conf + +rm -f /usr/local/bin/setddns.pl + +# Extract files +extract_files + +# Start services +/etc/init.d/dnsmasq restart +if [ `grep "ENABLED=on" /var/ipfire/vpn/settings` ]; then + /etc/init.d/ipsec start +fi + + +# Update Language cache +perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang" + +# Uninstall the libgpg-error package. +rm -f \ + /opt/pakfire/db/installed/meta-libgpg-error \ + /opt/pakfire/db/rootfiles/libgpg-error + +# Fix broken proxy configuration permissions +chown -R nobody.nobody \ + /var/ipfire/proxy/advanced \ + /var/ipfire/proxy/acl-1.4 \ + /var/ipfire/proxy/enable \ + /var/ipfire/proxy/settings \ + /var/ipfire/proxy/squid.conf \ + /var/ipfire/proxy/transparent + +# Regenerate squid configuration file +sudo -u nobody /srv/web/ipfire/cgi-bin/proxy.cgi + +# Generate ddns configuration file +sudo -u nobody /srv/web/ipfire/cgi-bin/ddns.cgi + +# Update crontab +sed -i /var/spool/cron/root.orig -e "/setddns.pl/d" + +grep -q /usr/bin/ddns /var/spool/cron/root.orig || cat <> /var/spool/cron/root.orig + +# Update dynamic DNS records every five minutes. +# Force an update once a month +*/5 * * * * [ -f "/var/ipfire/red/active" ] && /usr/bin/ddns update-all +3 2 1 * * [ -f "/var/ipfire/red/active" ] && /usr/bin/ddns update-all --force +EOF + +fcrontab -z &>/dev/null + +sync + +# This update need a reboot... +#touch /var/run/need_reboot + +# Finish +/etc/init.d/fireinfo start +sendprofile + +# Don't report the exitcode last command +exit 0 diff --git a/html/cgi-bin/ddns.cgi b/html/cgi-bin/ddns.cgi index aeb0cd733..55841b2b9 100644 --- a/html/cgi-bin/ddns.cgi +++ b/html/cgi-bin/ddns.cgi @@ -89,7 +89,6 @@ close (FILE); # Save General Settings. # if ($settings{'ACTION'} eq $Lang::tr{'save'}) { - # Open /var/ipfire/ddns/settings for writing. open(FILE, ">$settingsfile") or die "Unable to open $settingsfile."; @@ -104,9 +103,6 @@ if ($settings{'ACTION'} eq $Lang::tr{'save'}) { # Close file after writing. close(FILE); - # Unset given CGI parmas. - undef %settings; - # Update ddns config file. &GenerateDDNSConfigFile(); } @@ -115,7 +111,6 @@ if ($settings{'ACTION'} eq $Lang::tr{'save'}) { # Toggle enable/disable field. Field is in second position # if ($settings{'ACTION'} eq $Lang::tr{'toggle enable disable'}) { - # Open /var/ipfire/ddns/config for writing. open(FILE, ">$datafile") or die "Unable to open $datafile."; @@ -127,23 +122,19 @@ if ($settings{'ACTION'} eq $Lang::tr{'toggle enable disable'}) { # Read file line by line. foreach my $line (@current) { - # Remove newlines. chomp($line); if ($settings{'ID'} eq $id) { - # Splitt lines (splitting element is a single ",") and save values into temp array. @temp = split(/\,/,$line); # Check if we want to toggle ENABLED or WILDCARDS. if ($settings{'ENABLED'} ne '') { - # Update ENABLED. print FILE "$temp[0],$temp[1],$temp[2],$temp[3],$temp[4],$temp[5],$temp[6],$settings{'ENABLED'}\n"; } } else { - # Print unmodified line. print FILE "$line\n"; } @@ -151,13 +142,11 @@ if ($settings{'ACTION'} eq $Lang::tr{'toggle enable disable'}) { # Increase $id. $id++; } + undef $settings{'ID'}; # Close file after writing. close(FILE); - # Unset given CGI params. - undef %settings; - # Write out logging notice. &General::log($Lang::tr{'ddns hostname modified'}); @@ -169,7 +158,6 @@ if ($settings{'ACTION'} eq $Lang::tr{'toggle enable disable'}) { # Add new accounts, or edit existing ones. # if (($settings{'ACTION'} eq $Lang::tr{'add'}) || ($settings{'ACTION'} eq $Lang::tr{'update'})) { - # Check if a hostname has been given. if ($settings{'HOSTNAME'} eq '') { $errormessage = $Lang::tr{'hostname not set'}; @@ -187,19 +175,23 @@ if (($settings{'ACTION'} eq $Lang::tr{'add'}) || ($settings{'ACTION'} eq $Lang:: # Check if a password has been typed in. # freedns.afraid.org does not require this field. - if (($settings{'PASSWORD'} eq '') && ($settings{'SERVICE'} ne 'freedns.afraid.org')) { + if (($settings{'PASSWORD'} eq '') && ($settings{'SERVICE'} ne 'freedns.afraid.org') && ($settings{'SERVICE'} ne 'regfish.com')) { $errormessage = $Lang::tr{'password not set'}; } # Go furter if there was no error. - if ( ! $errormessage) { - + if (!$errormessage) { # Splitt hostname field into 2 parts for storrage. my($hostname, $domain) = split(/\./, $settings{'HOSTNAME'}, 2); + # Handle enabled checkbox. When the checkbox is selected a "on" will be returned, + # if the checkbox is not checked nothing is returned in this case we set the value to "off". + if ($settings{'ENABLED'} ne 'on') { + $settings{'ENABLED'} = 'off'; + } + # Handle adding new accounts. if ($settings{'ACTION'} eq $Lang::tr{'add'}) { - # Open /var/ipfire/ddns/config for writing. open(FILE, ">>$datafile") or die "Unable to open $datafile."; @@ -215,11 +207,8 @@ if (($settings{'ACTION'} eq $Lang::tr{'add'}) || ($settings{'ACTION'} eq $Lang:: # Write out notice to logfile. &General::log($Lang::tr{'ddns hostname added'}); - # Update ddns config file. - # Handle account edditing. } elsif ($settings{'ACTION'} eq $Lang::tr{'update'}) { - # Open /var/ipfire/ddns/config for writing. open(FILE, ">$datafile") or die "Unable to open $datafile."; @@ -230,7 +219,6 @@ if (($settings{'ACTION'} eq $Lang::tr{'add'}) || ($settings{'ACTION'} eq $Lang:: # Read file line by line. foreach my $line (@current) { - if ($settings{'ID'} eq $id) { print FILE "$settings{'SERVICE'},$hostname,$domain,$settings{'PROXY'},$settings{'WILDCARDS'},$settings{'LOGIN'},$settings{'PASSWORD'},$settings{'ENABLED'}\n"; } else { @@ -247,9 +235,7 @@ if (($settings{'ACTION'} eq $Lang::tr{'add'}) || ($settings{'ACTION'} eq $Lang:: # Write out notice to logfile. &General::log($Lang::tr{'ddns hostname modified'}); } - - # Unset given CGI params. - undef %settings; + undef $settings{'ID'}; # Update ddns config file. &GenerateDDNSConfigFile(); @@ -260,7 +246,6 @@ if (($settings{'ACTION'} eq $Lang::tr{'add'}) || ($settings{'ACTION'} eq $Lang:: # Remove existing accounts. # if ($settings{'ACTION'} eq $Lang::tr{'remove'}) { - # Open /var/ipfire/ddns/config for writing. open(FILE, ">$datafile") or die "Unable to open $datafile."; @@ -271,7 +256,6 @@ if ($settings{'ACTION'} eq $Lang::tr{'remove'}) { # Read file line by line. foreach my $line (@current) { - # Write back every line, except the one we want to drop # (identified by the ID) unless ($settings{'ID'} eq $id) { @@ -281,13 +265,11 @@ if ($settings{'ACTION'} eq $Lang::tr{'remove'}) { # Increase id. $id++; } + undef $settings{'ID'}; # Close file after writing. close(FILE); - # Unset given CGI params. - undef %settings; - # Write out notice to logfile. &General::log($Lang::tr{'ddns hostname removed'}); @@ -299,15 +281,12 @@ if ($settings{'ACTION'} eq $Lang::tr{'remove'}) { # Read items for editing. # if ($settings{'ACTION'} eq $Lang::tr{'edit'}) { - my $id = 0; my @temp; # Read file line by line. foreach my $line (@current) { - if ($settings{'ID'} eq $id) { - # Remove newlines. chomp($line); @@ -331,10 +310,12 @@ if ($settings{'ACTION'} eq $Lang::tr{'edit'}) { $settings{'PASSWORD'} = $temp[6]; $settings{'ENABLED'} = $temp[7]; } - # Increase $id. - $id++; + # Increase $id. + $id++; } + + &GenerateDDNSConfigFile(); } # @@ -347,9 +328,10 @@ if ($settings{'ACTION'} eq $Lang::tr{'instant update'}) { # # Set default values. # -if (! $settings{'ACTION'}) { +if (!$settings{'ACTION'}) { $settings{'SERVICE'} = 'dyndns.org'; $settings{'ENABLED'} = 'on'; + $settings{'ID'} = ''; } &Header::openpage($Lang::tr{'dynamic dns'}, 1, ''); @@ -363,7 +345,9 @@ $checked{'BEHINDROUTER'}{'RED_IP'} = ''; $checked{'BEHINDROUTER'}{'FETCH_IP'} = ''; $checked{'BEHINDROUTER'}{$settings{'BEHINDROUTER'}} = "checked='checked'"; -$checked{'ENABLED'}{'on'} = ($settings{'ENABLED'} eq '' ) ? '' : "checked='checked'"; +$checked{'ENABLED'}{'on'} = ''; +$checked{'ENABLED'}{'off'} = ''; +$checked{'ENABLED'}{$settings{'ENABLED'}} = "checked='checked'"; # Show box for errormessages.. if ($errormessage) { @@ -413,18 +397,15 @@ my $buttontext = $Lang::tr{'add'}; # Change buttontext and headline if we edit an account. if ($settings{'ACTION'} eq $Lang::tr{'edit'}) { - # Rename button and print headline for updating. $buttontext = $Lang::tr{'update'}; &Header::openbox('100%', 'left', $Lang::tr{'edit an existing host'}); } else { - # Otherwise use default button text and show headline for adding a new account. &Header::openbox('100%', 'left', $Lang::tr{'add a host'}); } print < @@ -440,7 +421,6 @@ END # Loop to print the providerlist. foreach my $provider (@providers) { - # Check if the current provider needs to be selected. if ($provider eq $settings{'SERVICE'}) { $selected = 'selected'; @@ -460,7 +440,7 @@ print < - + @@ -516,17 +496,32 @@ END chomp(@current); my @temp = split(/\,/,$line); + # Handle hostname details. Only connect the values with a dott if both are available. + my $hostname=""; + + if (($temp[1]) && ($temp[2])) { + $hostname="$temp[1].$temp[2]"; + } else { + $hostname="$temp[1]"; + } + # Generate value for enable/disable checkbox. - my $sync = ""; + my $sync = ''; my $gif = ''; my $gdesc = ''; if ($temp[7] eq "on") { $gif = 'on.gif'; $gdesc = $Lang::tr{'click to disable'}; - $sync = (&General::DyndnsServiceSync ($ip,$temp[1], $temp[2]) ? "": "") ; + + # Check if the given hostname is a FQDN before doing a nslookup. + if (&General::validfqdn($hostname)) { + $sync = (&General::DyndnsServiceSync ($ip,$temp[1], $temp[2]) ? "": "") ; + } + $toggle_enabled = 'off'; } else { + $sync = ""; $gif = 'off.gif'; $gdesc = $Lang::tr{'click to enable'}; $toggle_enabled = 'on'; @@ -648,6 +643,7 @@ sub GenerateDDNSConfigFile { while () { my $line = $_; + chomp($line); # Generate array based on the line content (seperator is a single or multiple space's) my @settings = split(/,/, $line); @@ -657,7 +653,7 @@ sub GenerateDDNSConfigFile { next unless ($provider ~~ @providers); # Skip disabled entries. - next if ($enabled eq "off"); + next unless ($enabled eq "on"); # Handle hostname details. Only connect the values with a dott if both are available. if (($hostname) && ($domain)) { @@ -674,8 +670,8 @@ sub GenerateDDNSConfigFile { if ($provider ~~ ["dns.lightningwirelabs.com", "entrydns.net", "regfish.com"] && $username eq "token") { $use_token = 1; - # Handle token auth for freedns.afraid.org. - } elsif ($provider eq "freedns.afraid.org" && $password eq "") { + # Handle token auth for freedns.afraid.org and regfish.com. + } elsif ($provider ~~ ["freedns.afraid.org", "regfish.com"] && $password eq "") { $use_token = 1; $password = $username; diff --git a/html/cgi-bin/ids.cgi b/html/cgi-bin/ids.cgi index 5a28daaed..ff72b7894 100644 --- a/html/cgi-bin/ids.cgi +++ b/html/cgi-bin/ids.cgi @@ -263,11 +263,11 @@ if (-e "/etc/snort/snort.conf") { ####################### End added for snort rules control ################################# if ($snortsettings{'RULES'} eq 'subscripted') { - $url=" http://www.snort.org/sub-rules/snortrules-snapshot-2961.tar.gz/$snortsettings{'OINKCODE'}"; + $url=" https://www.snort.org/rules/snortrules-snapshot-2961.tar.gz?oinkcode=$snortsettings{'OINKCODE'}"; } elsif ($snortsettings{'RULES'} eq 'registered') { - $url=" http://www.snort.org/reg-rules/snortrules-snapshot-2960.tar.gz/$snortsettings{'OINKCODE'}"; + $url=" https://www.snort.org/rules/snortrules-snapshot-2961.tar.gz?oinkcode=$snortsettings{'OINKCODE'}"; } elsif ($snortsettings{'RULES'} eq 'community') { - $url=" http://s3.amazonaws.com/snort-org/www/rules/community/community-rules.tar.gz"; + $url=" https://www.snort.org/rules/community"; } else { $url="http://rules.emergingthreats.net/open/snort-2.9.0/emerging.rules.tar.gz"; } diff --git a/lfs/check_mk_agent b/lfs/check_mk_agent index 541d7d6a0..532647111 100644 --- a/lfs/check_mk_agent +++ b/lfs/check_mk_agent @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/check_mk-${VER} TARGET = $(DIR_INFO)/$(THISAPP) PROG = check_mk_agent -PAK_VER = 3 +PAK_VER = 4 DEPS = "" diff --git a/lfs/ddns b/lfs/ddns index 975c8c3ab..b94b3a124 100644 --- a/lfs/ddns +++ b/lfs/ddns @@ -24,7 +24,7 @@ include Config -VER = 003 +VER = 004 THISAPP = ddns-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = 9ff8ab5fa716859b51f63b0a241f1337 +$(DL_FILE)_MD5 = ff77cb72d0cb06c73bde70419b15bae8 install : $(TARGET) @@ -71,8 +71,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/ddns-003-Add-a-program-prefix-to-syslog-messages.patch - cd $(DIR_APP) && [ -x "configure" ] || sh ./autogen.sh cd $(DIR_APP) && ./configure --prefix=/usr --sysconfdir=/var/ipfire cd $(DIR_APP) && make $(MAKETUNING) diff --git a/lfs/lzo b/lfs/lzo index 1745f4cca..19ad0909c 100644 --- a/lfs/lzo +++ b/lfs/lzo @@ -24,7 +24,7 @@ include Config -VER = 2.08 +VER = 2.06 THISAPP = lzo-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = fcec64c26a0f4f4901468f360029678f +$(DL_FILE)_MD5 = 95380bd4081f85ef08c5209f4107e9f8 install : $(TARGET) @@ -70,6 +70,7 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/lzo-2.06-CVE-2014-4607.patch cd $(DIR_APP) && ./configure --prefix=/usr --enable-shared cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install diff --git a/lfs/openssl b/lfs/openssl index 12cea68b2..0f0b823a9 100644 --- a/lfs/openssl +++ b/lfs/openssl @@ -24,7 +24,7 @@ include Config -VER = 1.0.1h +VER = 1.0.1i THISAPP = openssl-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -51,7 +51,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = 8d6d684a9430d5cc98a62a5d8fbda8cf +$(DL_FILE)_MD5 = c8dc151a671b9b92ff3e4c118b174972 install : $(TARGET) diff --git a/lfs/tor b/lfs/tor index 6f9e50289..0cc2957ed 100644 --- a/lfs/tor +++ b/lfs/tor @@ -24,7 +24,7 @@ include Config -VER = 0.2.4.22 +VER = 0.2.4.23 THISAPP = tor-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = tor -PAK_VER = 7 +PAK_VER = 8 DEPS = "libevent2" @@ -44,7 +44,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = 5a7eee0d9df87233255d78b25c6f8270 +$(DL_FILE)_MD5 = 9e39928e310612c3bffee727f554c63f install : $(TARGET) diff --git a/make.sh b/make.sh index 88e710bf3..739fc5310 100755 --- a/make.sh +++ b/make.sh @@ -25,8 +25,8 @@ NAME="IPFire" # Software name SNAME="ipfire" # Short name VERSION="2.15" # Version number -CORE="80" # Core Level (Filename) -PAKFIRE_CORE="80" # Core Level (PAKFIRE) +CORE="81" # Core Level (Filename) +PAKFIRE_CORE="81" # Core Level (PAKFIRE) GIT_BRANCH=`git rev-parse --abbrev-ref HEAD` # Git Branch SLOGAN="www.ipfire.org" # Software slogan CONFIG_ROOT=/var/ipfire # Configuration rootdir diff --git a/src/paks/check_mk_agent/uninstall.sh b/src/paks/check_mk_agent/uninstall.sh index 3a0860afe..51449f55b 100644 --- a/src/paks/check_mk_agent/uninstall.sh +++ b/src/paks/check_mk_agent/uninstall.sh @@ -22,6 +22,7 @@ ############################################################################ # . /opt/pakfire/lib/functions.sh +extract_backup_includes make_backup ${NAME} remove_files diff --git a/src/patches/ddns-003-Add-a-program-prefix-to-syslog-messages.patch b/src/patches/ddns-003-Add-a-program-prefix-to-syslog-messages.patch deleted file mode 100644 index 978db85fc..000000000 --- a/src/patches/ddns-003-Add-a-program-prefix-to-syslog-messages.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 21fd4b8d26d01d622185ab8de971a9ee934220a3 Mon Sep 17 00:00:00 2001 -From: Michael Tremer -Date: Thu, 24 Jul 2014 13:23:36 +0200 -Subject: [PATCH] Add a program prefix to syslog messages. - ---- - src/ddns/__init__.py | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/src/ddns/__init__.py b/src/ddns/__init__.py -index 22764e6..6fe3a33 100644 ---- a/src/ddns/__init__.py -+++ b/src/ddns/__init__.py -@@ -42,6 +42,8 @@ def setup_logging(): - handler = logging.handlers.SysLogHandler(address="/dev/log", - facility=logging.handlers.SysLogHandler.LOG_DAEMON - ) -+ formatter = logging.Formatter("ddns[%(process)d]: %(message)s") -+ handler.setFormatter(formatter) - handler.setLevel(logging.INFO) - rootlogger.addHandler(handler) - --- -1.9.3 - diff --git a/src/patches/lzo-2.06-CVE-2014-4607.patch b/src/patches/lzo-2.06-CVE-2014-4607.patch new file mode 100755 index 000000000..d22c406e0 --- /dev/null +++ b/src/patches/lzo-2.06-CVE-2014-4607.patch @@ -0,0 +1,245 @@ +diff --git a/minilzo/minilzo.c b/minilzo/minilzo.c +index 34ce0f0..ecfdf66 100644 +--- a/minilzo/minilzo.c ++++ b/minilzo/minilzo.c +@@ -3547,6 +3547,8 @@ DO_COMPRESS ( const lzo_bytep in , lzo_uint in_len, + #undef TEST_LBO + #undef NEED_IP + #undef NEED_OP ++#undef TEST_IV ++#undef TEST_OV + #undef HAVE_TEST_IP + #undef HAVE_TEST_OP + #undef HAVE_NEED_IP +@@ -3561,6 +3563,7 @@ DO_COMPRESS ( const lzo_bytep in , lzo_uint in_len, + # if (LZO_TEST_OVERRUN_INPUT >= 2) + # define NEED_IP(x) \ + if ((lzo_uint)(ip_end - ip) < (lzo_uint)(x)) goto input_overrun ++# define TEST_IV(x) if ((x) > (lzo_uint)0 - (511)) goto input_overrun + # endif + #endif + +@@ -3572,6 +3575,7 @@ DO_COMPRESS ( const lzo_bytep in , lzo_uint in_len, + # undef TEST_OP + # define NEED_OP(x) \ + if ((lzo_uint)(op_end - op) < (lzo_uint)(x)) goto output_overrun ++# define TEST_OV(x) if ((x) > (lzo_uint)0 - (511)) goto output_overrun + # endif + #endif + +@@ -3602,11 +3606,13 @@ DO_COMPRESS ( const lzo_bytep in , lzo_uint in_len, + # define HAVE_NEED_IP 1 + #else + # define NEED_IP(x) ((void) 0) ++# define TEST_IV(x) ((void) 0) + #endif + #if defined(NEED_OP) + # define HAVE_NEED_OP 1 + #else + # define NEED_OP(x) ((void) 0) ++# define TEST_OV(x) ((void) 0) + #endif + + #if defined(HAVE_TEST_IP) || defined(HAVE_NEED_IP) +@@ -3687,6 +3693,7 @@ DO_DECOMPRESS ( const lzo_bytep in , lzo_uint in_len, + { + t += 255; + ip++; ++ TEST_IV(t); + NEED_IP(1); + } + t += 15 + *ip++; +@@ -3835,6 +3842,7 @@ match: + { + t += 255; + ip++; ++ TEST_OV(t); + NEED_IP(1); + } + t += 31 + *ip++; +@@ -3879,6 +3887,7 @@ match: + { + t += 255; + ip++; ++ TEST_OV(t); + NEED_IP(1); + } + t += 7 + *ip++; +@@ -4073,6 +4082,8 @@ lookbehind_overrun: + #undef TEST_LBO + #undef NEED_IP + #undef NEED_OP ++#undef TEST_IV ++#undef TEST_OV + #undef HAVE_TEST_IP + #undef HAVE_TEST_OP + #undef HAVE_NEED_IP +@@ -4087,6 +4098,7 @@ lookbehind_overrun: + # if (LZO_TEST_OVERRUN_INPUT >= 2) + # define NEED_IP(x) \ + if ((lzo_uint)(ip_end - ip) < (lzo_uint)(x)) goto input_overrun ++# define TEST_IV(x) if ((x) > (lzo_uint)0 - (511)) goto input_overrun + # endif + #endif + +@@ -4098,6 +4110,7 @@ lookbehind_overrun: + # undef TEST_OP + # define NEED_OP(x) \ + if ((lzo_uint)(op_end - op) < (lzo_uint)(x)) goto output_overrun ++# define TEST_OV(x) if ((x) > (lzo_uint)0 - (511)) goto output_overrun + # endif + #endif + +@@ -4128,11 +4141,13 @@ lookbehind_overrun: + # define HAVE_NEED_IP 1 + #else + # define NEED_IP(x) ((void) 0) ++# define TEST_IV(x) ((void) 0) + #endif + #if defined(NEED_OP) + # define HAVE_NEED_OP 1 + #else + # define NEED_OP(x) ((void) 0) ++# define TEST_OV(x) ((void) 0) + #endif + + #if defined(HAVE_TEST_IP) || defined(HAVE_NEED_IP) +@@ -4213,6 +4228,7 @@ DO_DECOMPRESS ( const lzo_bytep in , lzo_uint in_len, + { + t += 255; + ip++; ++ TEST_IV(t); + NEED_IP(1); + } + t += 15 + *ip++; +@@ -4361,6 +4377,7 @@ match: + { + t += 255; + ip++; ++ TEST_OV(t); + NEED_IP(1); + } + t += 31 + *ip++; +@@ -4405,6 +4422,7 @@ match: + { + t += 255; + ip++; ++ TEST_OV(t); + NEED_IP(1); + } + t += 7 + *ip++; +diff --git a/src/lzo1_d.ch b/src/lzo1_d.ch +index 40a5bfd..c442d9c 100644 +--- a/src/lzo1_d.ch ++++ b/src/lzo1_d.ch +@@ -76,6 +76,8 @@ + #undef TEST_LBO + #undef NEED_IP + #undef NEED_OP ++#undef TEST_IV ++#undef TEST_OV + #undef HAVE_TEST_IP + #undef HAVE_TEST_OP + #undef HAVE_NEED_IP +@@ -91,6 +93,7 @@ + # if (LZO_TEST_OVERRUN_INPUT >= 2) + # define NEED_IP(x) \ + if ((lzo_uint)(ip_end - ip) < (lzo_uint)(x)) goto input_overrun ++# define TEST_IV(x) if ((x) > (lzo_uint)0 - (511)) goto input_overrun + # endif + #endif + +@@ -102,6 +105,7 @@ + # undef TEST_OP /* don't need both of the tests here */ + # define NEED_OP(x) \ + if ((lzo_uint)(op_end - op) < (lzo_uint)(x)) goto output_overrun ++# define TEST_OV(x) if ((x) > (lzo_uint)0 - (511)) goto output_overrun + # endif + #endif + +@@ -135,11 +139,13 @@ + # define HAVE_NEED_IP 1 + #else + # define NEED_IP(x) ((void) 0) ++# define TEST_IV(x) ((void) 0) + #endif + #if defined(NEED_OP) + # define HAVE_NEED_OP 1 + #else + # define NEED_OP(x) ((void) 0) ++# define TEST_OV(x) ((void) 0) + #endif + + +diff --git a/src/lzo1b_d.ch b/src/lzo1b_d.ch +index fe5f361..36b4b6b 100644 +--- a/src/lzo1b_d.ch ++++ b/src/lzo1b_d.ch +@@ -187,6 +187,7 @@ match: + { + t += 255; + ip++; ++ TEST_OV(t); + NEED_IP(1); + } + t += (M4_MIN_LEN - M3_MIN_LEN) + *ip++; +diff --git a/src/lzo1f_d.ch b/src/lzo1f_d.ch +index 9e942f5..0c2199e 100644 +--- a/src/lzo1f_d.ch ++++ b/src/lzo1f_d.ch +@@ -84,6 +84,7 @@ DO_DECOMPRESS ( const lzo_bytep in , lzo_uint in_len, + { + t += 255; + ip++; ++ TEST_IV(t); + NEED_IP(1); + } + t += 31 + *ip++; +@@ -138,6 +139,7 @@ match: + { + t += 255; + ip++; ++ TEST_OV(t); + NEED_IP(1); + } + t += 31 + *ip++; +diff --git a/src/lzo1x_d.ch b/src/lzo1x_d.ch +index 49cf326..c804cc7 100644 +--- a/src/lzo1x_d.ch ++++ b/src/lzo1x_d.ch +@@ -120,6 +120,7 @@ DO_DECOMPRESS ( const lzo_bytep in , lzo_uint in_len, + { + t += 255; + ip++; ++ TEST_IV(t); + NEED_IP(1); + } + t += 15 + *ip++; +@@ -273,6 +274,7 @@ match: + { + t += 255; + ip++; ++ TEST_OV(t); + NEED_IP(1); + } + t += 31 + *ip++; +@@ -317,6 +319,7 @@ match: + { + t += 255; + ip++; ++ TEST_OV(t); + NEED_IP(1); + } + t += 7 + *ip++; +diff --git a/src/lzo2a_d.ch b/src/lzo2a_d.ch +index 48e51ca..954f07e 100644 +--- a/src/lzo2a_d.ch ++++ b/src/lzo2a_d.ch +@@ -131,6 +131,7 @@ DO_DECOMPRESS ( const lzo_bytep in , lzo_uint in_len, + { + t += 255; + ip++; ++ TEST_OV(t); + NEED_IP(1); + } + t += *ip++;
$Lang::tr{'enabled'} $Lang::tr{'username'}