From 68aa7aa602afac230dc8f9d81f2b7f43993d24d5 Mon Sep 17 00:00:00 2001 From: Sascha Kilian Date: Fri, 15 Apr 2016 09:07:52 +0000 Subject: [PATCH 1/7] openssh: Update to 7.2p2 Signed-off-by: Sascha Kilian Signed-off-by: Michael Tremer --- lfs/openssh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lfs/openssh b/lfs/openssh index ab25d6233..c4dff4d09 100644 --- a/lfs/openssh +++ b/lfs/openssh @@ -24,7 +24,7 @@ include Config -VER = 7.2p1 +VER = 7.2p2 THISAPP = openssh-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = b984775f0cfff1f7ff18b8797fce8a28 +$(DL_FILE)_MD5 = 13009a9156510d8f27e752659075cced install : $(TARGET) From d25d7bfccf37fd008af43021ec5a18f135894699 Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Tue, 3 May 2016 21:28:28 +0200 Subject: [PATCH 2/7] openssl: security update to 1.0.2g see https://www.openssl.org/news/secadv/20160503.txt for details Signed-off-by: Arne Fitzenreiter --- lfs/openssl | 8 ++++---- src/patches/openssl-1.0.1m-weak-ciphers.patch | 11 ----------- src/patches/openssl-1.0.2h-weak-ciphers.patch | 12 ++++++++++++ 3 files changed, 16 insertions(+), 15 deletions(-) delete mode 100644 src/patches/openssl-1.0.1m-weak-ciphers.patch create mode 100644 src/patches/openssl-1.0.2h-weak-ciphers.patch diff --git a/lfs/openssl b/lfs/openssl index eb7352f8c..0a0b2cffd 100644 --- a/lfs/openssl +++ b/lfs/openssl @@ -24,7 +24,7 @@ include Config -VER = 1.0.2g +VER = 1.0.2h THISAPP = openssl-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -53,7 +53,7 @@ CONFIGURE_OPTIONS = \ zlib-dynamic \ enable-camellia \ enable-md2 \ - enable-ssl2 \ + disable-ssl2 \ enable-seed \ enable-tlsext \ enable-rfc3779 \ @@ -87,7 +87,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = f3c710c045cdee5fd114feb69feba7aa +$(DL_FILE)_MD5 = 9392e65072ce4b614c1392eefc1f23d0 install : $(TARGET) @@ -119,7 +119,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.0-beta5-enginesdir.patch cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2a-rpmbuild.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.1m-weak-ciphers.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2h-weak-ciphers.patch cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2g-disable-sslv2v3.patch # i586 specific patches diff --git a/src/patches/openssl-1.0.1m-weak-ciphers.patch b/src/patches/openssl-1.0.1m-weak-ciphers.patch deleted file mode 100644 index f57b97811..000000000 --- a/src/patches/openssl-1.0.1m-weak-ciphers.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- openssl-1.0.1m/ssl/ssl.h.old 2015-03-19 15:25:20.646533583 +0100 -+++ openssl-1.0.1m/ssl/ssl.h 2015-03-19 15:25:31.229875691 +0100 -@@ -334,7 +334,7 @@ - * The following cipher list is used by default. It also is substituted when - * an application-defined cipher list string starts with 'DEFAULT'. - */ --# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!aNULL:!eNULL:!SSLv2" -+# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!aNULL:!eNULL:!SSLv2:!RC2:!DES" - /* - * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always - * starts with a reasonable order, and all we have to do for DEFAULT is diff --git a/src/patches/openssl-1.0.2h-weak-ciphers.patch b/src/patches/openssl-1.0.2h-weak-ciphers.patch new file mode 100644 index 000000000..d1ec6a2af --- /dev/null +++ b/src/patches/openssl-1.0.2h-weak-ciphers.patch @@ -0,0 +1,12 @@ +diff -Naur openssl-1.0.2h.org/ssl/ssl.h openssl-1.0.2h/ssl/ssl.h +--- openssl-1.0.2h.org/ssl/ssl.h 2016-05-03 15:44:42.000000000 +0200 ++++ openssl-1.0.2h/ssl/ssl.h 2016-05-03 18:49:10.393302264 +0200 +@@ -338,7 +338,7 @@ + * The following cipher list is used by default. It also is substituted when + * an application-defined cipher list string starts with 'DEFAULT'. + */ +-# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2" ++# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2:!RC2:!DES" + /* + * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always + * starts with a reasonable order, and all we have to do for DEFAULT is From 3af3a6c5ee445d52bc31315ddaf734fbfa61f76e Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Tue, 3 May 2016 21:30:14 +0200 Subject: [PATCH 3/7] core102: ship openssl and openssl updates Signed-off-by: Arne Fitzenreiter --- config/rootfiles/core/{101 => 102}/exclude | 0 config/rootfiles/core/102/filelists/files | 2 + .../core/102/filelists/i586/openssl-sse2 | 1 + config/rootfiles/core/102/filelists/openssh | 1 + config/rootfiles/core/102/filelists/openssl | 1 + config/rootfiles/core/{101 => 102}/meta | 0 config/rootfiles/core/102/update.sh | 74 +++++++++++++++++++ config/rootfiles/oldcore/101/exclude | 28 +++++++ .../101/filelists/armv5tel/ath9k-module | 0 .../101/filelists/armv5tel/gmp | 0 .../101/filelists/armv5tel/linux-rpi | 0 .../{core => oldcore}/101/filelists/bind | 0 .../{core => oldcore}/101/filelists/dma | 0 .../{core => oldcore}/101/filelists/e2fsprogs | 0 .../{core => oldcore}/101/filelists/files | 0 .../{core => oldcore}/101/filelists/grep | 0 .../101/filelists/i586/ath9k-module | 0 .../101/filelists/i586/dmidecode | 0 .../{core => oldcore}/101/filelists/i586/gmp | 0 .../{core => oldcore}/101/filelists/libxml2 | 0 .../{core => oldcore}/101/filelists/mpfr | 0 .../{core => oldcore}/101/filelists/nettle | 0 .../{core => oldcore}/101/filelists/patch | 0 .../{core => oldcore}/101/filelists/paxctl | 0 .../{core => oldcore}/101/filelists/pciutils | 0 .../{core => oldcore}/101/filelists/pcre | 0 .../101/filelists/perl-Apache-Htpasswd | 0 .../{core => oldcore}/101/filelists/squid | 0 .../101/filelists/x86_64/ath9k-module | 0 .../101/filelists/x86_64/dmidecode | 0 .../101/filelists/x86_64/gmp | 0 config/rootfiles/oldcore/101/meta | 1 + .../rootfiles/{core => oldcore}/101/update.sh | 0 make.sh | 4 +- 34 files changed, 110 insertions(+), 2 deletions(-) rename config/rootfiles/core/{101 => 102}/exclude (100%) create mode 100644 config/rootfiles/core/102/filelists/files create mode 120000 config/rootfiles/core/102/filelists/i586/openssl-sse2 create mode 120000 config/rootfiles/core/102/filelists/openssh create mode 120000 config/rootfiles/core/102/filelists/openssl rename config/rootfiles/core/{101 => 102}/meta (100%) create mode 100644 config/rootfiles/core/102/update.sh create mode 100644 config/rootfiles/oldcore/101/exclude rename config/rootfiles/{core => oldcore}/101/filelists/armv5tel/ath9k-module (100%) rename config/rootfiles/{core => oldcore}/101/filelists/armv5tel/gmp (100%) rename config/rootfiles/{core => oldcore}/101/filelists/armv5tel/linux-rpi (100%) rename config/rootfiles/{core => oldcore}/101/filelists/bind (100%) rename config/rootfiles/{core => oldcore}/101/filelists/dma (100%) rename config/rootfiles/{core => oldcore}/101/filelists/e2fsprogs (100%) rename config/rootfiles/{core => oldcore}/101/filelists/files (100%) rename config/rootfiles/{core => oldcore}/101/filelists/grep (100%) rename config/rootfiles/{core => oldcore}/101/filelists/i586/ath9k-module (100%) rename config/rootfiles/{core => oldcore}/101/filelists/i586/dmidecode (100%) rename config/rootfiles/{core => oldcore}/101/filelists/i586/gmp (100%) rename config/rootfiles/{core => oldcore}/101/filelists/libxml2 (100%) rename config/rootfiles/{core => oldcore}/101/filelists/mpfr (100%) rename config/rootfiles/{core => oldcore}/101/filelists/nettle (100%) rename config/rootfiles/{core => oldcore}/101/filelists/patch (100%) rename config/rootfiles/{core => oldcore}/101/filelists/paxctl (100%) rename config/rootfiles/{core => oldcore}/101/filelists/pciutils (100%) rename config/rootfiles/{core => oldcore}/101/filelists/pcre (100%) rename config/rootfiles/{core => oldcore}/101/filelists/perl-Apache-Htpasswd (100%) rename config/rootfiles/{core => oldcore}/101/filelists/squid (100%) rename config/rootfiles/{core => oldcore}/101/filelists/x86_64/ath9k-module (100%) rename config/rootfiles/{core => oldcore}/101/filelists/x86_64/dmidecode (100%) rename config/rootfiles/{core => oldcore}/101/filelists/x86_64/gmp (100%) create mode 100644 config/rootfiles/oldcore/101/meta rename config/rootfiles/{core => oldcore}/101/update.sh (100%) diff --git a/config/rootfiles/core/101/exclude b/config/rootfiles/core/102/exclude similarity index 100% rename from config/rootfiles/core/101/exclude rename to config/rootfiles/core/102/exclude diff --git a/config/rootfiles/core/102/filelists/files b/config/rootfiles/core/102/filelists/files new file mode 100644 index 000000000..409e5fe8a --- /dev/null +++ b/config/rootfiles/core/102/filelists/files @@ -0,0 +1,2 @@ +etc/system-release +etc/issue diff --git a/config/rootfiles/core/102/filelists/i586/openssl-sse2 b/config/rootfiles/core/102/filelists/i586/openssl-sse2 new file mode 120000 index 000000000..f424713d6 --- /dev/null +++ b/config/rootfiles/core/102/filelists/i586/openssl-sse2 @@ -0,0 +1 @@ +../../../../common/i586/openssl-sse2 \ No newline at end of file diff --git a/config/rootfiles/core/102/filelists/openssh b/config/rootfiles/core/102/filelists/openssh new file mode 120000 index 000000000..d8c77fd8e --- /dev/null +++ b/config/rootfiles/core/102/filelists/openssh @@ -0,0 +1 @@ +../../../common/openssh \ No newline at end of file diff --git a/config/rootfiles/core/102/filelists/openssl b/config/rootfiles/core/102/filelists/openssl new file mode 120000 index 000000000..e011a9266 --- /dev/null +++ b/config/rootfiles/core/102/filelists/openssl @@ -0,0 +1 @@ +../../../common/openssl \ No newline at end of file diff --git a/config/rootfiles/core/101/meta b/config/rootfiles/core/102/meta similarity index 100% rename from config/rootfiles/core/101/meta rename to config/rootfiles/core/102/meta diff --git a/config/rootfiles/core/102/update.sh b/config/rootfiles/core/102/update.sh new file mode 100644 index 000000000..2f51d109e --- /dev/null +++ b/config/rootfiles/core/102/update.sh @@ -0,0 +1,74 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 3 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2016 IPFire-Team . # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh +/usr/local/bin/backupctrl exclude >/dev/null 2>&1 + +core=102 + +function exit_with_error() { + # Set last succesfull installed core. + echo $(($core-1)) > /opt/pakfire/db/core/mine + /usr/bin/logger -p syslog.emerg -t ipfire \ + "core-update-${core}: $1" + exit $2 +} + +# Remove old core updates from pakfire cache to save space... +for (( i=1; i<=$core; i++ )) +do + rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire +done + + +# Stop services + +# Extract files +extract_files + +# update linker config +ldconfig + +# Update Language cache +#/usr/local/bin/update-lang-cache + +# +# Start services +# + +sync +# This update need a reboot... +touch /var/run/need_reboot + +# Finish +/etc/init.d/fireinfo start +sendprofile + +# Update grub config to display new core version +if [ -e /boot/grub/grub.cfg ]; then + grub-mkconfig -o /boot/grub/grub.cfg +fi +sync + +# Don't report the exitcode last command +exit 0 diff --git a/config/rootfiles/oldcore/101/exclude b/config/rootfiles/oldcore/101/exclude new file mode 100644 index 000000000..7ddeae0ba --- /dev/null +++ b/config/rootfiles/oldcore/101/exclude @@ -0,0 +1,28 @@ +boot/config.txt +boot/grub/grub.cfg +boot/grub/grubenv +etc/alternatives +etc/collectd.custom +etc/default/grub +etc/ipsec.conf +etc/ipsec.secrets +etc/ipsec.user.conf +etc/ipsec.user.secrets +etc/localtime +etc/shadow +etc/snort/snort.conf +etc/ssh/ssh_config +etc/ssh/sshd_config +etc/ssl/openssl.cnf +etc/sudoers +etc/sysconfig/firewall.local +etc/sysconfig/rc.local +etc/udev/rules.d/30-persistent-network.rules +srv/web/ipfire/html/proxy.pac +var/ipfire/dma +var/ipfire/time +var/ipfire/ovpn +var/lib/alternatives +var/log/cache +var/state/dhcp/dhcpd.leases +var/updatecache diff --git a/config/rootfiles/core/101/filelists/armv5tel/ath9k-module b/config/rootfiles/oldcore/101/filelists/armv5tel/ath9k-module similarity index 100% rename from config/rootfiles/core/101/filelists/armv5tel/ath9k-module rename to config/rootfiles/oldcore/101/filelists/armv5tel/ath9k-module diff --git a/config/rootfiles/core/101/filelists/armv5tel/gmp b/config/rootfiles/oldcore/101/filelists/armv5tel/gmp similarity index 100% rename from config/rootfiles/core/101/filelists/armv5tel/gmp rename to config/rootfiles/oldcore/101/filelists/armv5tel/gmp diff --git a/config/rootfiles/core/101/filelists/armv5tel/linux-rpi b/config/rootfiles/oldcore/101/filelists/armv5tel/linux-rpi similarity index 100% rename from config/rootfiles/core/101/filelists/armv5tel/linux-rpi rename to config/rootfiles/oldcore/101/filelists/armv5tel/linux-rpi diff --git a/config/rootfiles/core/101/filelists/bind b/config/rootfiles/oldcore/101/filelists/bind similarity index 100% rename from config/rootfiles/core/101/filelists/bind rename to config/rootfiles/oldcore/101/filelists/bind diff --git a/config/rootfiles/core/101/filelists/dma b/config/rootfiles/oldcore/101/filelists/dma similarity index 100% rename from config/rootfiles/core/101/filelists/dma rename to config/rootfiles/oldcore/101/filelists/dma diff --git a/config/rootfiles/core/101/filelists/e2fsprogs b/config/rootfiles/oldcore/101/filelists/e2fsprogs similarity index 100% rename from config/rootfiles/core/101/filelists/e2fsprogs rename to config/rootfiles/oldcore/101/filelists/e2fsprogs diff --git a/config/rootfiles/core/101/filelists/files b/config/rootfiles/oldcore/101/filelists/files similarity index 100% rename from config/rootfiles/core/101/filelists/files rename to config/rootfiles/oldcore/101/filelists/files diff --git a/config/rootfiles/core/101/filelists/grep b/config/rootfiles/oldcore/101/filelists/grep similarity index 100% rename from config/rootfiles/core/101/filelists/grep rename to config/rootfiles/oldcore/101/filelists/grep diff --git a/config/rootfiles/core/101/filelists/i586/ath9k-module b/config/rootfiles/oldcore/101/filelists/i586/ath9k-module similarity index 100% rename from config/rootfiles/core/101/filelists/i586/ath9k-module rename to config/rootfiles/oldcore/101/filelists/i586/ath9k-module diff --git a/config/rootfiles/core/101/filelists/i586/dmidecode b/config/rootfiles/oldcore/101/filelists/i586/dmidecode similarity index 100% rename from config/rootfiles/core/101/filelists/i586/dmidecode rename to config/rootfiles/oldcore/101/filelists/i586/dmidecode diff --git a/config/rootfiles/core/101/filelists/i586/gmp b/config/rootfiles/oldcore/101/filelists/i586/gmp similarity index 100% rename from config/rootfiles/core/101/filelists/i586/gmp rename to config/rootfiles/oldcore/101/filelists/i586/gmp diff --git a/config/rootfiles/core/101/filelists/libxml2 b/config/rootfiles/oldcore/101/filelists/libxml2 similarity index 100% rename from config/rootfiles/core/101/filelists/libxml2 rename to config/rootfiles/oldcore/101/filelists/libxml2 diff --git a/config/rootfiles/core/101/filelists/mpfr b/config/rootfiles/oldcore/101/filelists/mpfr similarity index 100% rename from config/rootfiles/core/101/filelists/mpfr rename to config/rootfiles/oldcore/101/filelists/mpfr diff --git a/config/rootfiles/core/101/filelists/nettle b/config/rootfiles/oldcore/101/filelists/nettle similarity index 100% rename from config/rootfiles/core/101/filelists/nettle rename to config/rootfiles/oldcore/101/filelists/nettle diff --git a/config/rootfiles/core/101/filelists/patch b/config/rootfiles/oldcore/101/filelists/patch similarity index 100% rename from config/rootfiles/core/101/filelists/patch rename to config/rootfiles/oldcore/101/filelists/patch diff --git a/config/rootfiles/core/101/filelists/paxctl b/config/rootfiles/oldcore/101/filelists/paxctl similarity index 100% rename from config/rootfiles/core/101/filelists/paxctl rename to config/rootfiles/oldcore/101/filelists/paxctl diff --git a/config/rootfiles/core/101/filelists/pciutils b/config/rootfiles/oldcore/101/filelists/pciutils similarity index 100% rename from config/rootfiles/core/101/filelists/pciutils rename to config/rootfiles/oldcore/101/filelists/pciutils diff --git a/config/rootfiles/core/101/filelists/pcre b/config/rootfiles/oldcore/101/filelists/pcre similarity index 100% rename from config/rootfiles/core/101/filelists/pcre rename to config/rootfiles/oldcore/101/filelists/pcre diff --git a/config/rootfiles/core/101/filelists/perl-Apache-Htpasswd b/config/rootfiles/oldcore/101/filelists/perl-Apache-Htpasswd similarity index 100% rename from config/rootfiles/core/101/filelists/perl-Apache-Htpasswd rename to config/rootfiles/oldcore/101/filelists/perl-Apache-Htpasswd diff --git a/config/rootfiles/core/101/filelists/squid b/config/rootfiles/oldcore/101/filelists/squid similarity index 100% rename from config/rootfiles/core/101/filelists/squid rename to config/rootfiles/oldcore/101/filelists/squid diff --git a/config/rootfiles/core/101/filelists/x86_64/ath9k-module b/config/rootfiles/oldcore/101/filelists/x86_64/ath9k-module similarity index 100% rename from config/rootfiles/core/101/filelists/x86_64/ath9k-module rename to config/rootfiles/oldcore/101/filelists/x86_64/ath9k-module diff --git a/config/rootfiles/core/101/filelists/x86_64/dmidecode b/config/rootfiles/oldcore/101/filelists/x86_64/dmidecode similarity index 100% rename from config/rootfiles/core/101/filelists/x86_64/dmidecode rename to config/rootfiles/oldcore/101/filelists/x86_64/dmidecode diff --git a/config/rootfiles/core/101/filelists/x86_64/gmp b/config/rootfiles/oldcore/101/filelists/x86_64/gmp similarity index 100% rename from config/rootfiles/core/101/filelists/x86_64/gmp rename to config/rootfiles/oldcore/101/filelists/x86_64/gmp diff --git a/config/rootfiles/oldcore/101/meta b/config/rootfiles/oldcore/101/meta new file mode 100644 index 000000000..d547fa86f --- /dev/null +++ b/config/rootfiles/oldcore/101/meta @@ -0,0 +1 @@ +DEPS="" diff --git a/config/rootfiles/core/101/update.sh b/config/rootfiles/oldcore/101/update.sh similarity index 100% rename from config/rootfiles/core/101/update.sh rename to config/rootfiles/oldcore/101/update.sh diff --git a/make.sh b/make.sh index 960b45d6e..d2d3e14a4 100755 --- a/make.sh +++ b/make.sh @@ -25,8 +25,8 @@ NAME="IPFire" # Software name SNAME="ipfire" # Short name VERSION="2.19" # Version number -CORE="101" # Core Level (Filename) -PAKFIRE_CORE="101" # Core Level (PAKFIRE) +CORE="102" # Core Level (Filename) +PAKFIRE_CORE="102" # Core Level (PAKFIRE) GIT_BRANCH=`git rev-parse --abbrev-ref HEAD` # Git Branch SLOGAN="www.ipfire.org" # Software slogan CONFIG_ROOT=/var/ipfire # Configuration rootdir From fe6e5e03d53d80117abde47c9965c82cbc25ddcc Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Wed, 4 May 2016 16:21:58 +0200 Subject: [PATCH 4/7] clamav: update to 0.99.2 Signed-off-by: Arne Fitzenreiter --- lfs/clamav | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lfs/clamav b/lfs/clamav index 3c778c3c3..a28601773 100644 --- a/lfs/clamav +++ b/lfs/clamav @@ -24,7 +24,7 @@ include Config -VER = 0.99.1 +VER = 0.99.2 THISAPP = clamav-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = clamav -PAK_VER = 31 +PAK_VER = 32 DEPS = "" @@ -48,7 +48,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = cf1f3cbe62a08c9165801f79239166ff +$(DL_FILE)_MD5 = 61b51a04619aeafd965892a53f86d192 install : $(TARGET) From 4558108c4d1ed68b7f47287239b529b0cf909109 Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Fri, 6 May 2016 11:22:05 +0200 Subject: [PATCH 5/7] clamav: rework initskript display download wait, increase time to 15min and remove tmp files at freshclam terminate. Signed-off-by: Arne Fitzenreiter --- lfs/clamav | 2 +- src/initscripts/init.d/clamav | 25 ++++++++++++++++++++----- 2 files changed, 21 insertions(+), 6 deletions(-) diff --git a/lfs/clamav b/lfs/clamav index a28601773..891161919 100644 --- a/lfs/clamav +++ b/lfs/clamav @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = clamav -PAK_VER = 32 +PAK_VER = 33 DEPS = "" diff --git a/src/initscripts/init.d/clamav b/src/initscripts/init.d/clamav index 5b31e0289..fa080a67b 100644 --- a/src/initscripts/init.d/clamav +++ b/src/initscripts/init.d/clamav @@ -9,17 +9,31 @@ case "$1" in if [ $(basename $0) == "clamav" ]; then boot_mesg "Starting Clamav Definition Updater..." loadproc /usr/bin/freshclam -d -c 10 - - boot_mesg "Starting Clamav Daemon..." + COUNTER=0 - while [ "$COUNTER" -lt "30" ]; do + while [ "$COUNTER" -lt "61" ]; do [ -e "/usr/share/clamav/main.cvd" ] && \ [ -e "/usr/share/clamav/daily.cvd" ] || \ [ -e "/usr/share/clamav/daily.cld" ] && \ break - sleep 5 + if [ "$COUNTER" -lt "1" ]; then + boot_mesg -n "Download db " + else + boot_mesg -n "." + fi + sleep 15 COUNTER=$(($COUNTER + 1)) done + if [ "$COUNTER" -gt "0" ]; then + boot_mesg + fi + if [ "$COUNTER" -gt "60" ]; then + boot_mesg "Download takes longer than 15min check freshclam status!" + echo_failure; + exit 1; + fi + + boot_mesg "Starting Clamav Daemon..." loadproc /usr/sbin/clamd else boot_mesg "Starting Clamav in background..." @@ -32,7 +46,8 @@ case "$1" in stop) boot_mesg "Stopping Clamav Definition Updater..." killproc /usr/bin/freshclam - + rm -rf /usr/share/clamav/*.tmp + boot_mesg "Stopping Clamav Daemon..." killproc /usr/sbin/clamd ;; From f61b838fb0842bf76e7cf12f3eaa6e86bfd275be Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Fri, 6 May 2016 15:16:12 +0200 Subject: [PATCH 6/7] linux-pae: prevent install on non pae systems Signed-off-by: Arne Fitzenreiter --- src/paks/linux-pae/install.sh | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/src/paks/linux-pae/install.sh b/src/paks/linux-pae/install.sh index 58a9c1c8d..ef271f352 100644 --- a/src/paks/linux-pae/install.sh +++ b/src/paks/linux-pae/install.sh @@ -17,7 +17,7 @@ # along with IPFire; if not, write to the Free Software # # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # # # -# Copyright (C) 2007-2014 IPFire-Team . # +# Copyright (C) 2007-2016 IPFire-Team . # # # ############################################################################ # @@ -42,6 +42,13 @@ function find_partition() { return 0 } +if [ "$(grep "^flags.* pae " /proc/cpuinfo)" == "" ]; then + rm -f /opt/pakfire/db/instelled/meta-linux-pae + /usr/bin/logger -p syslog.emerg -i pakfire \ + "linux-pae: no pae support found, aborted!" + exit 1 +fi + extract_files # KVER=xxxKVERxxx @@ -75,8 +82,6 @@ else ln -s grub.conf $MNThdd/boot/grub/menu.lst fi -# request a reboot if pae is supported -if [ ! "$(grep "^flags.* pae " /proc/cpuinfo)" == "" ]; then - touch /var/run/need_reboot -fi +# request a reboot +touch /var/run/need_reboot sync && sync \ No newline at end of file From be700f1806ed83225923dbd85b4574b8220db698 Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Fri, 6 May 2016 15:32:01 +0200 Subject: [PATCH 7/7] core103: start Signed-off-by: Arne Fitzenreiter --- config/rootfiles/core/{102 => 103}/exclude | 0 .../core/{102 => 103}/filelists/files | 0 config/rootfiles/core/{102 => 103}/meta | 0 config/rootfiles/core/103/update.sh | 74 +++++++++++++++++++ config/rootfiles/oldcore/102/exclude | 28 +++++++ config/rootfiles/oldcore/102/filelists/files | 2 + .../102/filelists/i586/openssl-sse2 | 0 .../{core => oldcore}/102/filelists/openssh | 0 .../{core => oldcore}/102/filelists/openssl | 0 config/rootfiles/oldcore/102/meta | 1 + .../rootfiles/{core => oldcore}/102/update.sh | 0 make.sh | 2 +- 12 files changed, 106 insertions(+), 1 deletion(-) rename config/rootfiles/core/{102 => 103}/exclude (100%) rename config/rootfiles/core/{102 => 103}/filelists/files (100%) rename config/rootfiles/core/{102 => 103}/meta (100%) create mode 100644 config/rootfiles/core/103/update.sh create mode 100644 config/rootfiles/oldcore/102/exclude create mode 100644 config/rootfiles/oldcore/102/filelists/files rename config/rootfiles/{core => oldcore}/102/filelists/i586/openssl-sse2 (100%) rename config/rootfiles/{core => oldcore}/102/filelists/openssh (100%) rename config/rootfiles/{core => oldcore}/102/filelists/openssl (100%) create mode 100644 config/rootfiles/oldcore/102/meta rename config/rootfiles/{core => oldcore}/102/update.sh (100%) diff --git a/config/rootfiles/core/102/exclude b/config/rootfiles/core/103/exclude similarity index 100% rename from config/rootfiles/core/102/exclude rename to config/rootfiles/core/103/exclude diff --git a/config/rootfiles/core/102/filelists/files b/config/rootfiles/core/103/filelists/files similarity index 100% rename from config/rootfiles/core/102/filelists/files rename to config/rootfiles/core/103/filelists/files diff --git a/config/rootfiles/core/102/meta b/config/rootfiles/core/103/meta similarity index 100% rename from config/rootfiles/core/102/meta rename to config/rootfiles/core/103/meta diff --git a/config/rootfiles/core/103/update.sh b/config/rootfiles/core/103/update.sh new file mode 100644 index 000000000..924cab343 --- /dev/null +++ b/config/rootfiles/core/103/update.sh @@ -0,0 +1,74 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 3 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2016 IPFire-Team . # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh +/usr/local/bin/backupctrl exclude >/dev/null 2>&1 + +core=103 + +function exit_with_error() { + # Set last succesfull installed core. + echo $(($core-1)) > /opt/pakfire/db/core/mine + /usr/bin/logger -p syslog.emerg -t ipfire \ + "core-update-${core}: $1" + exit $2 +} + +# Remove old core updates from pakfire cache to save space... +for (( i=1; i<=$core; i++ )) +do + rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire +done + + +# Stop services + +# Extract files +extract_files + +# update linker config +ldconfig + +# Update Language cache +#/usr/local/bin/update-lang-cache + +# +# Start services +# + +sync +# This update need a reboot... +touch /var/run/need_reboot + +# Finish +/etc/init.d/fireinfo start +sendprofile + +# Update grub config to display new core version +if [ -e /boot/grub/grub.cfg ]; then + grub-mkconfig -o /boot/grub/grub.cfg +fi +sync + +# Don't report the exitcode last command +exit 0 diff --git a/config/rootfiles/oldcore/102/exclude b/config/rootfiles/oldcore/102/exclude new file mode 100644 index 000000000..7ddeae0ba --- /dev/null +++ b/config/rootfiles/oldcore/102/exclude @@ -0,0 +1,28 @@ +boot/config.txt +boot/grub/grub.cfg +boot/grub/grubenv +etc/alternatives +etc/collectd.custom +etc/default/grub +etc/ipsec.conf +etc/ipsec.secrets +etc/ipsec.user.conf +etc/ipsec.user.secrets +etc/localtime +etc/shadow +etc/snort/snort.conf +etc/ssh/ssh_config +etc/ssh/sshd_config +etc/ssl/openssl.cnf +etc/sudoers +etc/sysconfig/firewall.local +etc/sysconfig/rc.local +etc/udev/rules.d/30-persistent-network.rules +srv/web/ipfire/html/proxy.pac +var/ipfire/dma +var/ipfire/time +var/ipfire/ovpn +var/lib/alternatives +var/log/cache +var/state/dhcp/dhcpd.leases +var/updatecache diff --git a/config/rootfiles/oldcore/102/filelists/files b/config/rootfiles/oldcore/102/filelists/files new file mode 100644 index 000000000..409e5fe8a --- /dev/null +++ b/config/rootfiles/oldcore/102/filelists/files @@ -0,0 +1,2 @@ +etc/system-release +etc/issue diff --git a/config/rootfiles/core/102/filelists/i586/openssl-sse2 b/config/rootfiles/oldcore/102/filelists/i586/openssl-sse2 similarity index 100% rename from config/rootfiles/core/102/filelists/i586/openssl-sse2 rename to config/rootfiles/oldcore/102/filelists/i586/openssl-sse2 diff --git a/config/rootfiles/core/102/filelists/openssh b/config/rootfiles/oldcore/102/filelists/openssh similarity index 100% rename from config/rootfiles/core/102/filelists/openssh rename to config/rootfiles/oldcore/102/filelists/openssh diff --git a/config/rootfiles/core/102/filelists/openssl b/config/rootfiles/oldcore/102/filelists/openssl similarity index 100% rename from config/rootfiles/core/102/filelists/openssl rename to config/rootfiles/oldcore/102/filelists/openssl diff --git a/config/rootfiles/oldcore/102/meta b/config/rootfiles/oldcore/102/meta new file mode 100644 index 000000000..d547fa86f --- /dev/null +++ b/config/rootfiles/oldcore/102/meta @@ -0,0 +1 @@ +DEPS="" diff --git a/config/rootfiles/core/102/update.sh b/config/rootfiles/oldcore/102/update.sh similarity index 100% rename from config/rootfiles/core/102/update.sh rename to config/rootfiles/oldcore/102/update.sh diff --git a/make.sh b/make.sh index bdf58b9e0..fee4edd82 100755 --- a/make.sh +++ b/make.sh @@ -25,7 +25,7 @@ NAME="IPFire" # Software name SNAME="ipfire" # Short name VERSION="2.19" # Version number -CORE="102" # Core Level (Filename) +CORE="103" # Core Level (Filename) PAKFIRE_CORE="102" # Core Level (PAKFIRE) GIT_BRANCH=`git rev-parse --abbrev-ref HEAD` # Git Branch SLOGAN="www.ipfire.org" # Software slogan