Acked-by: Bernhard Bitsch <bbitsch(a)ipfire.org>
Reviewed-by: Bernhard Bitsch <bbitsch(a)ipfire.org>


Am 15.01.2022 um 10:15 schrieb Peter Müller:
> At the time of writing, Fireinfo reports more 51.67% of all
> installations reporting back to us are running at least two Core Updates
> older than the latest one.
> 
> While I doubt we can expect our userbase to patch their systems within
> 24 hours (which is the recommended timespan given for critical
> infrastructures by multiple CERTs), if they the last Core Update was
> installed more than 90 days ago, we can safely consider the system in
> question being outdated and insecure.
> 
> Therefore, this patch displays a warning on index.cgi, in addition to
> the "an update is available" message - in the hope to nudge people to
> keep their IPFire machines up to date.
> 
> Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
> ---
>   html/cgi-bin/index.cgi | 10 +++++++++-
>   langs/de/cgi-bin/de.pl |  1 +
>   langs/en/cgi-bin/en.pl |  1 +
>   3 files changed, 11 insertions(+), 1 deletion(-)
> 
> diff --git a/html/cgi-bin/index.cgi b/html/cgi-bin/index.cgi
> index 2b7ccdb0f..fbd656988 100644
> --- a/html/cgi-bin/index.cgi
> +++ b/html/cgi-bin/index.cgi
> @@ -2,7 +2,7 @@
>   ###############################################################################
>   #                                                                             #
>   # IPFire.org - A linux based firewall                                         #
> -# Copyright (C) 2007-2014  IPFire Team  <info(a)ipfire.org>                     #
> +# Copyright (C) 2007-2022  IPFire Team  <info(a)ipfire.org>                     #
>   #                                                                             #
>   # This program is free software: you can redistribute it and/or modify        #
>   # it under the terms of the GNU General Public License as published by        #
> @@ -541,6 +541,14 @@ if ( ! -e "/var/ipfire/main/send_profile") {
>   	$warnmessage .= "<li><a style='color: white;' href='fireinfo.cgi'>$Lang::tr{'fireinfo please enable'}</a></li>";
>   }
>   
> +# Running on likely outdated Core Update (last update was more than 90 days ago)
> +my ($dev, $ino, $mode, $nlink, $uid, $gid, $rdev, $size, $atime, $mtime, $ctime, $blksize, $blocks) = stat "/opt/pakfire/db/core/mine";
> +my $core_update_age = time() - $mtime;
> +
> +if ( "$core_update_age" > "7776000" ) {
> +	$warnmessage .= "<li>$Lang::tr{'outdated installation warning'}</li>";
> +}
> +
>   # EOL architecture
>   my ($sysname, $nodename, $release, $version, $machine) = &POSIX::uname();
>   if ($machine =~ m/^i.86$/) {
> diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl
> index c81b28fea..2ae0f948c 100644
> --- a/langs/de/cgi-bin/de.pl
> +++ b/langs/de/cgi-bin/de.pl
> @@ -1878,6 +1878,7 @@
>   'otherport' => 'Anderer Port',
>   'our donors' => 'Unsere Unterstützer',
>   'out' => 'Aus',
> +'outdated installation warning' => 'Diese IPFire-Installation ist veraltet, was ein Sicherheitsrisiko darstellt. Bitte aktualisieren Sie das System schnellstmöglich.',
>   'outgoing' => 'ausgehend',
>   'outgoing compression in bytes per second' => 'Abgehende Kompression',
>   'outgoing firewall' => 'Ausgehende Firewall',
> diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
> index 2f7038fb1..8d1eb3e2d 100644
> --- a/langs/en/cgi-bin/en.pl
> +++ b/langs/en/cgi-bin/en.pl
> @@ -1914,6 +1914,7 @@
>   'otherport' => 'other Port',
>   'our donors' => 'Our donors',
>   'out' => 'Out',
> +'outdated installation warning' => 'This IPFire installation is outdated, which is a security risk. Please check for and install updates as soon as possible.',
>   'outgoing' => 'outgoing',
>   'outgoing compression in bytes per second' => 'Outgoing compression',
>   'outgoing firewall' => 'Outgoing Firewall',