public inbox for development@lists.ipfire.org
 help / color / mirror / Atom feed
* [PATCH 1/4] Drop libupnp
@ 2021-05-18 21:33 Peter Müller
  2021-05-18 21:34 ` [PATCH 2/4] Delete the remainings of libupnp and upnpd Peter Müller
  0 siblings, 1 reply; 4+ messages in thread
From: Peter Müller @ 2021-05-18 21:33 UTC (permalink / raw)
  To: development

[-- Attachment #1: Type: text/plain, Size: 10618 bytes --]

This library has received no attention within the last three years. By
design, UPnP is a security risk on any firewall, and and outdated
version of a UPnP library definitely is.

This patch therefore drops libupnp completely.

Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
---
 config/rootfiles/common/libupnp | 37 ---------------
 config/upnp/gatedesc.xml        | 81 ---------------------------------
 lfs/configroot                  |  4 +-
 lfs/libupnp                     | 78 -------------------------------
 make.sh                         |  1 -
 5 files changed, 2 insertions(+), 199 deletions(-)
 delete mode 100644 config/rootfiles/common/libupnp
 delete mode 100755 config/upnp/gatedesc.xml
 delete mode 100644 lfs/libupnp

diff --git a/config/rootfiles/common/libupnp b/config/rootfiles/common/libupnp
deleted file mode 100644
index 6b3f3e310..000000000
--- a/config/rootfiles/common/libupnp
+++ /dev/null
@@ -1,37 +0,0 @@
-#usr/include/upnp
-#usr/include/upnp/Callback.h
-#usr/include/upnp/UpnpActionComplete.h
-#usr/include/upnp/UpnpActionRequest.h
-#usr/include/upnp/UpnpDiscovery.h
-#usr/include/upnp/UpnpEvent.h
-#usr/include/upnp/UpnpEventSubscribe.h
-#usr/include/upnp/UpnpExtraHeaders.h
-#usr/include/upnp/UpnpFileInfo.h
-#usr/include/upnp/UpnpGlobal.h
-#usr/include/upnp/UpnpInet.h
-#usr/include/upnp/UpnpIntTypes.h
-#usr/include/upnp/UpnpStateVarComplete.h
-#usr/include/upnp/UpnpStateVarRequest.h
-#usr/include/upnp/UpnpStdInt.h
-#usr/include/upnp/UpnpString.h
-#usr/include/upnp/UpnpSubscriptionRequest.h
-#usr/include/upnp/UpnpUniStd.h
-#usr/include/upnp/ithread.h
-#usr/include/upnp/ixml.h
-#usr/include/upnp/ixmldebug.h
-#usr/include/upnp/list.h
-#usr/include/upnp/upnp.h
-#usr/include/upnp/upnpconfig.h
-#usr/include/upnp/upnpdebug.h
-#usr/include/upnp/upnptools.h
-#usr/lib/libixml.a
-#usr/lib/libixml.la
-#usr/lib/libixml.so
-usr/lib/libixml.so.11
-usr/lib/libixml.so.11.0.1
-#usr/lib/libupnp.a
-#usr/lib/libupnp.la
-#usr/lib/libupnp.so
-usr/lib/libupnp.so.17
-usr/lib/libupnp.so.17.0.6
-#usr/lib/pkgconfig/libupnp.pc
diff --git a/config/upnp/gatedesc.xml b/config/upnp/gatedesc.xml
deleted file mode 100755
index a0608bb53..000000000
--- a/config/upnp/gatedesc.xml
+++ /dev/null
@@ -1,81 +0,0 @@
-<?xml version="1.0"?>
-<root xmlns="urn:schemas-upnp-org:device-1-0">
-	<specVersion>
-		<major>1</major>
-		<minor>0</minor>
-	</specVersion>
-	<device>
-		<deviceType>urn:schemas-upnp-org:device:InternetGatewayDevice:1</deviceType>
-		<friendlyName>IPFire UPnP Device</friendlyName>
-		<manufacturer>IPFire Project</manufacturer>
-		<manufacturerURL>http://www.ipfire.org</manufacturerURL>
-		<modelName>IPFire 2.3</modelName>
-		<UDN>uuid:75802409-bccb-40e7-8e6c-fa095ecce13e</UDN>
-		<iconList>
-			<icon>
-				<mimetype>image/gif</mimetype>
-				<width>118</width>
-				<height>119</height>
-				<depth>8</depth>
-				<url>/ligd.gif</url>
-			</icon>
-		</iconList>
-		<serviceList>
-      <service>
-      	<serviceType>urn:schemas-dummy-com:service:Dummy:1</serviceType>
-        <serviceId>urn:dummy-com:serviceId:dummy1</serviceId>
-	      <controlURL>/dummy</controlURL>
-        <eventSubURL>/dummy</eventSubURL>
-       	<SCPDURL>/dummy.xml</SCPDURL>
-      </service>
-    </serviceList>
-		<deviceList>
-			<device>
-				<deviceType>urn:schemas-upnp-org:device:WANDevice:1</deviceType>
-				<friendlyName>WANDevice</friendlyName>
-				<manufacturer>IPFire Project</manufacturer>
-				<manufacturerURL>http://www.ipfire.org</manufacturerURL>
-				<modelDescription>WAN Device on Linux IGD</modelDescription>
-				<modelName>IPFire</modelName>
-				<modelNumber>2.3</modelNumber>
-				<modelURL>http://linux-igd.sourceforge.net</modelURL>
-				<serialNumber>2.3</serialNumber>
-				<UDN>uuid:75802409-bccb-40e7-8e6c-fa095ecce13e</UDN>
-				<UPC>Linux IGD</UPC>
-				<serviceList>
-					<service>
-						<serviceType>urn:schemas-upnp-org:service:WANCommonInterfaceConfig:1</serviceType>
-						<serviceId>urn:upnp-org:serviceId:WANCommonIFC1</serviceId>
-						<controlURL>/upnp/control/WANCommonIFC1</controlURL>
-						<eventSubURL>/upnp/control/WANCommonIFC1</eventSubURL>
-						<SCPDURL>/gateicfgSCPD.xml</SCPDURL>
-					</service>
-				</serviceList>
-				<deviceList>
-					<device>
-						<deviceType>urn:schemas-upnp-org:device:WANConnectionDevice:1</deviceType>
-						<friendlyName>Internet Connection</friendlyName>
-						<manufacturer>IPFire Project</manufacturer>
-						<manufacturerURL>http://www.ipfire.org</manufacturerURL>
-						<modelDescription>Internet connection on Linux IPFire Firewall</modelDescription>
-						<modelName>IPFire</modelName>
-						<modelNumber>2.3</modelNumber>
-						<modelURL>http://www.ipfire.org</modelURL>
-						<serialNumber>2.3</serialNumber>
-						<UDN>uuid:75802409-bccb-40e7-8e6c-fa095ecce13e</UDN>
-						<UPC>Linux IGD</UPC>
-						<serviceList>
-							<service>
-								<serviceType>urn:schemas-upnp-org:service:WANIPConnection:1</serviceType>
-								<serviceId>urn:upnp-org:serviceId:WANIPConn1</serviceId>
-								<controlURL>/upnp/control/WANIPConn1</controlURL>
-								<eventSubURL>/upnp/control/WANIPConn1</eventSubURL>
-								<SCPDURL>/gateconnSCPD.xml</SCPDURL>
-							</service>
-						</serviceList>
-					</device>
-				</deviceList>
-			</device>
-		</deviceList>
-	</device>
-</root>
diff --git a/lfs/configroot b/lfs/configroot
index a3e474d70..2ab9cc29b 100644
--- a/lfs/configroot
+++ b/lfs/configroot
@@ -55,7 +55,7 @@ $(TARGET) :
 			menu.d modem optionsfw \
 			ovpn patches pakfire portfw ppp private proxy/advanced/cre \
 			proxy/calamaris/bin qos/bin red remote sensors suricata time \
-			updatexlrator/bin updatexlrator/autocheck urlfilter/autoupdate urlfilter/bin upnp vpn \
+			updatexlrator/bin updatexlrator/autocheck urlfilter/autoupdate urlfilter/bin vpn \
 			wakeonlan wireless ; do \
 	        mkdir -p $(CONFIG_ROOT)/$$i; \
 	done
@@ -69,7 +69,7 @@ $(TARGET) :
 	    isdn/settings mac/settings main/hosts main/routing main/security main/settings optionsfw/settings \
 	    ovpn/ccd.conf ovpn/ccdroute ovpn/ccdroute2 pakfire/settings portfw/config ppp/settings-1 ppp/settings-2 ppp/settings-3 ppp/settings-4 \
 	    ppp/settings-5 ppp/settings proxy/settings proxy/squid.conf proxy/advanced/settings proxy/advanced/cre/enable remote/settings qos/settings qos/classes qos/subclasses qos/level7config qos/portconfig \
-	    qos/tosconfig suricata/settings upnp/settings vpn/config vpn/settings vpn/ipsec.conf \
+	    qos/tosconfig suricata/settings vpn/config vpn/settings vpn/ipsec.conf \
 	    vpn/ipsec.secrets vpn/caconfig wakeonlan/clients.conf wireless/config wireless/settings; do \
 	    touch $(CONFIG_ROOT)/$$i; \
 	done
diff --git a/lfs/libupnp b/lfs/libupnp
deleted file mode 100644
index 61856ff7b..000000000
--- a/lfs/libupnp
+++ /dev/null
@@ -1,78 +0,0 @@
-###############################################################################
-#                                                                             #
-# IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2018  IPFire Team  <info(a)ipfire.org>                     #
-#                                                                             #
-# This program is free software: you can redistribute it and/or modify        #
-# it under the terms of the GNU General Public License as published by        #
-# the Free Software Foundation, either version 3 of the License, or           #
-# (at your option) any later version.                                         #
-#                                                                             #
-# This program is distributed in the hope that it will be useful,             #
-# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
-# GNU General Public License for more details.                                #
-#                                                                             #
-# You should have received a copy of the GNU General Public License           #
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
-#                                                                             #
-###############################################################################
-
-###############################################################################
-# Definitions
-###############################################################################
-
-include Config
-
-VER        = 1.14.6
-
-THISAPP    = libupnp-$(VER)
-DL_FILE    = $(THISAPP).tar.bz2
-DL_FROM    = $(URL_IPFIRE)
-DIR_APP    = $(DIR_SRC)/$(THISAPP)
-TARGET     = $(DIR_INFO)/$(THISAPP)
-
-###############################################################################
-# Top-level Rules
-###############################################################################
-
-objects = $(DL_FILE)
-
-$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-
-$(DL_FILE)_MD5 = 05c2393eee4fbf81c9e1b116b9554039
-
-install : $(TARGET)
-
-check : $(patsubst %,$(DIR_CHK)/%,$(objects))
-
-download :$(patsubst %,$(DIR_DL)/%,$(objects))
-
-md5 : $(subst %,%_MD5,$(objects))
-
-###############################################################################
-# Downloading, checking, md5sum
-###############################################################################
-
-$(patsubst %,$(DIR_CHK)/%,$(objects)) :
-	@$(CHECK)
-
-$(patsubst %,$(DIR_DL)/%,$(objects)) :
-	@$(LOAD)
-
-$(subst %,%_MD5,$(objects)) :
-	@$(MD5)
-
-###############################################################################
-# Installation Details
-###############################################################################
-
-$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
-	@$(PREBUILD)
-	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE)
-	$(UPDATE_AUTOMAKE)
-	cd $(DIR_APP) && ./configure --prefix=/usr
-	cd $(DIR_APP) && make $(MAKETUNING)
-	cd $(DIR_APP) && make install
-	@rm -rf $(DIR_APP)
-	@$(POSTBUILD)
diff --git a/make.sh b/make.sh
index 4af0081e9..9fba3977d 100755
--- a/make.sh
+++ b/make.sh
@@ -1306,7 +1306,6 @@ buildipfire() {
   lfsmake2 whatmask
   lfsmake2 libtirpc
   lfsmake2 conntrack-tools
-  lfsmake2 libupnp
   lfsmake2 ipaddr
   lfsmake2 iputils
   lfsmake2 l7-protocols
-- 
2.26.2

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [PATCH 2/4] Delete the remainings of libupnp and upnpd
  2021-05-18 21:33 [PATCH 1/4] Drop libupnp Peter Müller
@ 2021-05-18 21:34 ` Peter Müller
  2021-05-18 21:34   ` [PATCH 3/4] mpd: build without UPnP support Peter Müller
  0 siblings, 1 reply; 4+ messages in thread
From: Peter Müller @ 2021-05-18 21:34 UTC (permalink / raw)
  To: development

[-- Attachment #1: Type: text/plain, Size: 5239 bytes --]

These include rootfiles, firewall menue entries that have been
unmaintained for a long time, and firewall chains which were never used
in recent time.

Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
---
 config/menu/50-firewall.menu                 |  8 +--
 config/rootfiles/common/armv5tel/initscripts |  1 -
 config/rootfiles/common/configroot           |  2 -
 config/rootfiles/common/i586/initscripts     |  1 -
 config/rootfiles/common/x86_64/initscripts   |  1 -
 src/initscripts/system/firewall              |  6 ---
 src/initscripts/system/upnpd                 | 55 --------------------
 7 files changed, 1 insertion(+), 73 deletions(-)
 delete mode 100644 src/initscripts/system/upnpd

diff --git a/config/menu/50-firewall.menu b/config/menu/50-firewall.menu
index 7f654785b..6ae9687dc 100644
--- a/config/menu/50-firewall.menu
+++ b/config/menu/50-firewall.menu
@@ -39,13 +39,7 @@
 				'title' => "$Lang::tr{'blue access'}",
 				'enabled' => 1,
 				 };			 
-    $subfirewall->{'80.upnp'} = {
-				'caption' => 'UPnP',
-				'uri' => '/cgi-bin/upnp.cgi',
-				'title' => "Universal Plug and Play",
-				'enabled' => 0,
-				};
-	$subfirewall->{'90.iptables'} = {
+    $subfirewall->{'90.iptables'} = {
 				'caption' => $Lang::tr{'ipts'},
 				'uri' => '/cgi-bin/iptables.cgi',
 				'title' => "$Lang::tr{'ipts'}",
diff --git a/config/rootfiles/common/armv5tel/initscripts b/config/rootfiles/common/armv5tel/initscripts
index 800005966..ed32c155d 100644
--- a/config/rootfiles/common/armv5tel/initscripts
+++ b/config/rootfiles/common/armv5tel/initscripts
@@ -93,7 +93,6 @@ etc/rc.d/init.d/template
 etc/rc.d/init.d/udev
 etc/rc.d/init.d/udev_retry
 etc/rc.d/init.d/unbound
-etc/rc.d/init.d/upnpd
 etc/rc.d/init.d/vnstat
 etc/rc.d/init.d/waitdrives
 etc/rc.d/init.d/wlanclient
diff --git a/config/rootfiles/common/configroot b/config/rootfiles/common/configroot
index 8c91ca5d5..d496594bc 100644
--- a/config/rootfiles/common/configroot
+++ b/config/rootfiles/common/configroot
@@ -184,8 +184,6 @@ var/ipfire/time
 var/ipfire/updatexlrator
 var/ipfire/updatexlrator/autocheck
 var/ipfire/updatexlrator/bin
-var/ipfire/upnp
-#var/ipfire/upnp/settings
 var/ipfire/urlfilter
 #var/ipfire/urlfilter/autoupdate
 #var/ipfire/urlfilter/bin
diff --git a/config/rootfiles/common/i586/initscripts b/config/rootfiles/common/i586/initscripts
index 18c5a897a..8511ffa0b 100644
--- a/config/rootfiles/common/i586/initscripts
+++ b/config/rootfiles/common/i586/initscripts
@@ -92,7 +92,6 @@ etc/rc.d/init.d/template
 etc/rc.d/init.d/udev
 etc/rc.d/init.d/udev_retry
 etc/rc.d/init.d/unbound
-etc/rc.d/init.d/upnpd
 etc/rc.d/init.d/vnstat
 etc/rc.d/init.d/waitdrives
 etc/rc.d/init.d/wlanclient
diff --git a/config/rootfiles/common/x86_64/initscripts b/config/rootfiles/common/x86_64/initscripts
index 18c5a897a..8511ffa0b 100644
--- a/config/rootfiles/common/x86_64/initscripts
+++ b/config/rootfiles/common/x86_64/initscripts
@@ -92,7 +92,6 @@ etc/rc.d/init.d/template
 etc/rc.d/init.d/udev
 etc/rc.d/init.d/udev_retry
 etc/rc.d/init.d/unbound
-etc/rc.d/init.d/upnpd
 etc/rc.d/init.d/vnstat
 etc/rc.d/init.d/waitdrives
 etc/rc.d/init.d/wlanclient
diff --git a/src/initscripts/system/firewall b/src/initscripts/system/firewall
index 65f1c979b..dd9f1a484 100644
--- a/src/initscripts/system/firewall
+++ b/src/initscripts/system/firewall
@@ -363,12 +363,6 @@ iptables_init() {
 			-m mark --mark 3 -j SNAT --to-source "${ORANGE_ADDRESS}"
 	fi
 
-	# upnp chain for our upnp daemon
-	iptables -t nat -N UPNPFW
-	iptables -t nat -A PREROUTING -j UPNPFW
-	iptables -N UPNPFW
-	iptables -A FORWARD -m conntrack --ctstate NEW -j UPNPFW
-
 	# RED chain, used for the red interface
 	iptables -N REDINPUT
 	iptables -A INPUT -j REDINPUT
diff --git a/src/initscripts/system/upnpd b/src/initscripts/system/upnpd
deleted file mode 100644
index ca05abf75..000000000
--- a/src/initscripts/system/upnpd
+++ /dev/null
@@ -1,55 +0,0 @@
-#!/bin/sh
-########################################################################
-# Begin $rc_base/init.d/
-#
-# Description : UPnP Starter
-#
-# Authors     : Michael Tremer
-#
-# Version     : 01.00
-#
-# Notes       : for www.ipfire.org - GPLv2
-#
-########################################################################
-
-. /etc/sysconfig/rc
-. ${rc_functions}
-
-# defaults
-ALLOW_MULTICAST=no
-
-# configuration
-eval $(/usr/local/bin/readhash /var/ipfire/upnp/settings)
-
-case "$1" in
-	start)
-		boot_mesg "Starting Universal Plug'n'Play daemon..."
-		loadproc /usr/sbin/upnpd $EXTIFACE $INTIFACE
-		evaluate_retval
-		[ "$ALLOW_MULTICAST" != "no" ] && route add -net 239.0.0.0 netmask 255.0.0.0 $INTIFACE
-		;;
-
-	stop)
-		boot_mesg "Stopping Universal Plug'n'Play daemon..."
-		killproc /usr/sbin/upnpd
-		evaluate_retval
-		[ "$ALLOW_MULTICAST" != "no" ] && route del -net 239.0.0.0 netmask 255.0.0.0 $INTIFACE
-		;;
-
-	restart)
-		${0} stop
-		sleep 1
-		${0} start
-
-		;;
-	status)
-		statusproc
-		;;
-
-	*)
-		echo "Usage: ${0} {start|stop|reload|restart|status}"
-		exit 1
-		;;
-esac
-
-# End $rc_base/init.d/
-- 
2.26.2

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [PATCH 3/4] mpd: build without UPnP support
  2021-05-18 21:34 ` [PATCH 2/4] Delete the remainings of libupnp and upnpd Peter Müller
@ 2021-05-18 21:34   ` Peter Müller
  2021-05-18 21:34     ` [PATCH 4/4] Delete UPnP initscript for ARM64 as well Peter Müller
  0 siblings, 1 reply; 4+ messages in thread
From: Peter Müller @ 2021-05-18 21:34 UTC (permalink / raw)
  To: development

[-- Attachment #1: Type: text/plain, Size: 835 bytes --]

Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
---
 lfs/mpd | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lfs/mpd b/lfs/mpd
index 25e3630e6..0a8b533d8 100644
--- a/lfs/mpd
+++ b/lfs/mpd
@@ -32,7 +32,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/${THISAPP}
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = mpd
-PAK_VER    = 21
+PAK_VER    = 22
 SUP_ARCH   = aarch64 x86_64 i586
 
 DEPS       = alsa avahi faad2 ffmpeg flac lame libmad libshout libogg libid3tag libvorbis opus soxr
@@ -91,7 +91,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 				-D ffmpeg=enabled	\
 				-D flac=enabled		\
 				-D lame=enabled		\
-				-D upnp=enabled		\
+				-D upnp=disabled	\
 				-D icu=disabled		\
 				builddir/
 	cd $(DIR_APP) && ninja -C builddir/
-- 
2.26.2

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [PATCH 4/4] Delete UPnP initscript for ARM64 as well
  2021-05-18 21:34   ` [PATCH 3/4] mpd: build without UPnP support Peter Müller
@ 2021-05-18 21:34     ` Peter Müller
  0 siblings, 0 replies; 4+ messages in thread
From: Peter Müller @ 2021-05-18 21:34 UTC (permalink / raw)
  To: development

[-- Attachment #1: Type: text/plain, Size: 633 bytes --]

Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
---
 config/rootfiles/common/aarch64/initscripts | 1 -
 1 file changed, 1 deletion(-)

diff --git a/config/rootfiles/common/aarch64/initscripts b/config/rootfiles/common/aarch64/initscripts
index 800005966..ed32c155d 100644
--- a/config/rootfiles/common/aarch64/initscripts
+++ b/config/rootfiles/common/aarch64/initscripts
@@ -93,7 +93,6 @@ etc/rc.d/init.d/template
 etc/rc.d/init.d/udev
 etc/rc.d/init.d/udev_retry
 etc/rc.d/init.d/unbound
-etc/rc.d/init.d/upnpd
 etc/rc.d/init.d/vnstat
 etc/rc.d/init.d/waitdrives
 etc/rc.d/init.d/wlanclient
-- 
2.26.2

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2021-05-18 21:34 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-05-18 21:33 [PATCH 1/4] Drop libupnp Peter Müller
2021-05-18 21:34 ` [PATCH 2/4] Delete the remainings of libupnp and upnpd Peter Müller
2021-05-18 21:34   ` [PATCH 3/4] mpd: build without UPnP support Peter Müller
2021-05-18 21:34     ` [PATCH 4/4] Delete UPnP initscript for ARM64 as well Peter Müller

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox