* [PATCH 1/4] Drop libupnp
@ 2021-05-18 21:33 Peter Müller
2021-05-18 21:34 ` [PATCH 2/4] Delete the remainings of libupnp and upnpd Peter Müller
0 siblings, 1 reply; 4+ messages in thread
From: Peter Müller @ 2021-05-18 21:33 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 10618 bytes --]
This library has received no attention within the last three years. By
design, UPnP is a security risk on any firewall, and and outdated
version of a UPnP library definitely is.
This patch therefore drops libupnp completely.
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
---
config/rootfiles/common/libupnp | 37 ---------------
config/upnp/gatedesc.xml | 81 ---------------------------------
lfs/configroot | 4 +-
lfs/libupnp | 78 -------------------------------
make.sh | 1 -
5 files changed, 2 insertions(+), 199 deletions(-)
delete mode 100644 config/rootfiles/common/libupnp
delete mode 100755 config/upnp/gatedesc.xml
delete mode 100644 lfs/libupnp
diff --git a/config/rootfiles/common/libupnp b/config/rootfiles/common/libupnp
deleted file mode 100644
index 6b3f3e310..000000000
--- a/config/rootfiles/common/libupnp
+++ /dev/null
@@ -1,37 +0,0 @@
-#usr/include/upnp
-#usr/include/upnp/Callback.h
-#usr/include/upnp/UpnpActionComplete.h
-#usr/include/upnp/UpnpActionRequest.h
-#usr/include/upnp/UpnpDiscovery.h
-#usr/include/upnp/UpnpEvent.h
-#usr/include/upnp/UpnpEventSubscribe.h
-#usr/include/upnp/UpnpExtraHeaders.h
-#usr/include/upnp/UpnpFileInfo.h
-#usr/include/upnp/UpnpGlobal.h
-#usr/include/upnp/UpnpInet.h
-#usr/include/upnp/UpnpIntTypes.h
-#usr/include/upnp/UpnpStateVarComplete.h
-#usr/include/upnp/UpnpStateVarRequest.h
-#usr/include/upnp/UpnpStdInt.h
-#usr/include/upnp/UpnpString.h
-#usr/include/upnp/UpnpSubscriptionRequest.h
-#usr/include/upnp/UpnpUniStd.h
-#usr/include/upnp/ithread.h
-#usr/include/upnp/ixml.h
-#usr/include/upnp/ixmldebug.h
-#usr/include/upnp/list.h
-#usr/include/upnp/upnp.h
-#usr/include/upnp/upnpconfig.h
-#usr/include/upnp/upnpdebug.h
-#usr/include/upnp/upnptools.h
-#usr/lib/libixml.a
-#usr/lib/libixml.la
-#usr/lib/libixml.so
-usr/lib/libixml.so.11
-usr/lib/libixml.so.11.0.1
-#usr/lib/libupnp.a
-#usr/lib/libupnp.la
-#usr/lib/libupnp.so
-usr/lib/libupnp.so.17
-usr/lib/libupnp.so.17.0.6
-#usr/lib/pkgconfig/libupnp.pc
diff --git a/config/upnp/gatedesc.xml b/config/upnp/gatedesc.xml
deleted file mode 100755
index a0608bb53..000000000
--- a/config/upnp/gatedesc.xml
+++ /dev/null
@@ -1,81 +0,0 @@
-<?xml version="1.0"?>
-<root xmlns="urn:schemas-upnp-org:device-1-0">
- <specVersion>
- <major>1</major>
- <minor>0</minor>
- </specVersion>
- <device>
- <deviceType>urn:schemas-upnp-org:device:InternetGatewayDevice:1</deviceType>
- <friendlyName>IPFire UPnP Device</friendlyName>
- <manufacturer>IPFire Project</manufacturer>
- <manufacturerURL>http://www.ipfire.org</manufacturerURL>
- <modelName>IPFire 2.3</modelName>
- <UDN>uuid:75802409-bccb-40e7-8e6c-fa095ecce13e</UDN>
- <iconList>
- <icon>
- <mimetype>image/gif</mimetype>
- <width>118</width>
- <height>119</height>
- <depth>8</depth>
- <url>/ligd.gif</url>
- </icon>
- </iconList>
- <serviceList>
- <service>
- <serviceType>urn:schemas-dummy-com:service:Dummy:1</serviceType>
- <serviceId>urn:dummy-com:serviceId:dummy1</serviceId>
- <controlURL>/dummy</controlURL>
- <eventSubURL>/dummy</eventSubURL>
- <SCPDURL>/dummy.xml</SCPDURL>
- </service>
- </serviceList>
- <deviceList>
- <device>
- <deviceType>urn:schemas-upnp-org:device:WANDevice:1</deviceType>
- <friendlyName>WANDevice</friendlyName>
- <manufacturer>IPFire Project</manufacturer>
- <manufacturerURL>http://www.ipfire.org</manufacturerURL>
- <modelDescription>WAN Device on Linux IGD</modelDescription>
- <modelName>IPFire</modelName>
- <modelNumber>2.3</modelNumber>
- <modelURL>http://linux-igd.sourceforge.net</modelURL>
- <serialNumber>2.3</serialNumber>
- <UDN>uuid:75802409-bccb-40e7-8e6c-fa095ecce13e</UDN>
- <UPC>Linux IGD</UPC>
- <serviceList>
- <service>
- <serviceType>urn:schemas-upnp-org:service:WANCommonInterfaceConfig:1</serviceType>
- <serviceId>urn:upnp-org:serviceId:WANCommonIFC1</serviceId>
- <controlURL>/upnp/control/WANCommonIFC1</controlURL>
- <eventSubURL>/upnp/control/WANCommonIFC1</eventSubURL>
- <SCPDURL>/gateicfgSCPD.xml</SCPDURL>
- </service>
- </serviceList>
- <deviceList>
- <device>
- <deviceType>urn:schemas-upnp-org:device:WANConnectionDevice:1</deviceType>
- <friendlyName>Internet Connection</friendlyName>
- <manufacturer>IPFire Project</manufacturer>
- <manufacturerURL>http://www.ipfire.org</manufacturerURL>
- <modelDescription>Internet connection on Linux IPFire Firewall</modelDescription>
- <modelName>IPFire</modelName>
- <modelNumber>2.3</modelNumber>
- <modelURL>http://www.ipfire.org</modelURL>
- <serialNumber>2.3</serialNumber>
- <UDN>uuid:75802409-bccb-40e7-8e6c-fa095ecce13e</UDN>
- <UPC>Linux IGD</UPC>
- <serviceList>
- <service>
- <serviceType>urn:schemas-upnp-org:service:WANIPConnection:1</serviceType>
- <serviceId>urn:upnp-org:serviceId:WANIPConn1</serviceId>
- <controlURL>/upnp/control/WANIPConn1</controlURL>
- <eventSubURL>/upnp/control/WANIPConn1</eventSubURL>
- <SCPDURL>/gateconnSCPD.xml</SCPDURL>
- </service>
- </serviceList>
- </device>
- </deviceList>
- </device>
- </deviceList>
- </device>
-</root>
diff --git a/lfs/configroot b/lfs/configroot
index a3e474d70..2ab9cc29b 100644
--- a/lfs/configroot
+++ b/lfs/configroot
@@ -55,7 +55,7 @@ $(TARGET) :
menu.d modem optionsfw \
ovpn patches pakfire portfw ppp private proxy/advanced/cre \
proxy/calamaris/bin qos/bin red remote sensors suricata time \
- updatexlrator/bin updatexlrator/autocheck urlfilter/autoupdate urlfilter/bin upnp vpn \
+ updatexlrator/bin updatexlrator/autocheck urlfilter/autoupdate urlfilter/bin vpn \
wakeonlan wireless ; do \
mkdir -p $(CONFIG_ROOT)/$$i; \
done
@@ -69,7 +69,7 @@ $(TARGET) :
isdn/settings mac/settings main/hosts main/routing main/security main/settings optionsfw/settings \
ovpn/ccd.conf ovpn/ccdroute ovpn/ccdroute2 pakfire/settings portfw/config ppp/settings-1 ppp/settings-2 ppp/settings-3 ppp/settings-4 \
ppp/settings-5 ppp/settings proxy/settings proxy/squid.conf proxy/advanced/settings proxy/advanced/cre/enable remote/settings qos/settings qos/classes qos/subclasses qos/level7config qos/portconfig \
- qos/tosconfig suricata/settings upnp/settings vpn/config vpn/settings vpn/ipsec.conf \
+ qos/tosconfig suricata/settings vpn/config vpn/settings vpn/ipsec.conf \
vpn/ipsec.secrets vpn/caconfig wakeonlan/clients.conf wireless/config wireless/settings; do \
touch $(CONFIG_ROOT)/$$i; \
done
diff --git a/lfs/libupnp b/lfs/libupnp
deleted file mode 100644
index 61856ff7b..000000000
--- a/lfs/libupnp
+++ /dev/null
@@ -1,78 +0,0 @@
-###############################################################################
-# #
-# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2018 IPFire Team <info(a)ipfire.org> #
-# #
-# This program is free software: you can redistribute it and/or modify #
-# it under the terms of the GNU General Public License as published by #
-# the Free Software Foundation, either version 3 of the License, or #
-# (at your option) any later version. #
-# #
-# This program is distributed in the hope that it will be useful, #
-# but WITHOUT ANY WARRANTY; without even the implied warranty of #
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
-# GNU General Public License for more details. #
-# #
-# You should have received a copy of the GNU General Public License #
-# along with this program. If not, see <http://www.gnu.org/licenses/>. #
-# #
-###############################################################################
-
-###############################################################################
-# Definitions
-###############################################################################
-
-include Config
-
-VER = 1.14.6
-
-THISAPP = libupnp-$(VER)
-DL_FILE = $(THISAPP).tar.bz2
-DL_FROM = $(URL_IPFIRE)
-DIR_APP = $(DIR_SRC)/$(THISAPP)
-TARGET = $(DIR_INFO)/$(THISAPP)
-
-###############################################################################
-# Top-level Rules
-###############################################################################
-
-objects = $(DL_FILE)
-
-$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-
-$(DL_FILE)_MD5 = 05c2393eee4fbf81c9e1b116b9554039
-
-install : $(TARGET)
-
-check : $(patsubst %,$(DIR_CHK)/%,$(objects))
-
-download :$(patsubst %,$(DIR_DL)/%,$(objects))
-
-md5 : $(subst %,%_MD5,$(objects))
-
-###############################################################################
-# Downloading, checking, md5sum
-###############################################################################
-
-$(patsubst %,$(DIR_CHK)/%,$(objects)) :
- @$(CHECK)
-
-$(patsubst %,$(DIR_DL)/%,$(objects)) :
- @$(LOAD)
-
-$(subst %,%_MD5,$(objects)) :
- @$(MD5)
-
-###############################################################################
-# Installation Details
-###############################################################################
-
-$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
- @$(PREBUILD)
- @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE)
- $(UPDATE_AUTOMAKE)
- cd $(DIR_APP) && ./configure --prefix=/usr
- cd $(DIR_APP) && make $(MAKETUNING)
- cd $(DIR_APP) && make install
- @rm -rf $(DIR_APP)
- @$(POSTBUILD)
diff --git a/make.sh b/make.sh
index 4af0081e9..9fba3977d 100755
--- a/make.sh
+++ b/make.sh
@@ -1306,7 +1306,6 @@ buildipfire() {
lfsmake2 whatmask
lfsmake2 libtirpc
lfsmake2 conntrack-tools
- lfsmake2 libupnp
lfsmake2 ipaddr
lfsmake2 iputils
lfsmake2 l7-protocols
--
2.26.2
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH 2/4] Delete the remainings of libupnp and upnpd
2021-05-18 21:33 [PATCH 1/4] Drop libupnp Peter Müller
@ 2021-05-18 21:34 ` Peter Müller
2021-05-18 21:34 ` [PATCH 3/4] mpd: build without UPnP support Peter Müller
0 siblings, 1 reply; 4+ messages in thread
From: Peter Müller @ 2021-05-18 21:34 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 5239 bytes --]
These include rootfiles, firewall menue entries that have been
unmaintained for a long time, and firewall chains which were never used
in recent time.
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
---
| 8 +--
config/rootfiles/common/armv5tel/initscripts | 1 -
config/rootfiles/common/configroot | 2 -
config/rootfiles/common/i586/initscripts | 1 -
config/rootfiles/common/x86_64/initscripts | 1 -
src/initscripts/system/firewall | 6 ---
src/initscripts/system/upnpd | 55 --------------------
7 files changed, 1 insertion(+), 73 deletions(-)
delete mode 100644 src/initscripts/system/upnpd
--git a/config/menu/50-firewall.menu b/config/menu/50-firewall.menu
index 7f654785b..6ae9687dc 100644
--- a/config/menu/50-firewall.menu
+++ b/config/menu/50-firewall.menu
@@ -39,13 +39,7 @@
'title' => "$Lang::tr{'blue access'}",
'enabled' => 1,
};
- $subfirewall->{'80.upnp'} = {
- 'caption' => 'UPnP',
- 'uri' => '/cgi-bin/upnp.cgi',
- 'title' => "Universal Plug and Play",
- 'enabled' => 0,
- };
- $subfirewall->{'90.iptables'} = {
+ $subfirewall->{'90.iptables'} = {
'caption' => $Lang::tr{'ipts'},
'uri' => '/cgi-bin/iptables.cgi',
'title' => "$Lang::tr{'ipts'}",
diff --git a/config/rootfiles/common/armv5tel/initscripts b/config/rootfiles/common/armv5tel/initscripts
index 800005966..ed32c155d 100644
--- a/config/rootfiles/common/armv5tel/initscripts
+++ b/config/rootfiles/common/armv5tel/initscripts
@@ -93,7 +93,6 @@ etc/rc.d/init.d/template
etc/rc.d/init.d/udev
etc/rc.d/init.d/udev_retry
etc/rc.d/init.d/unbound
-etc/rc.d/init.d/upnpd
etc/rc.d/init.d/vnstat
etc/rc.d/init.d/waitdrives
etc/rc.d/init.d/wlanclient
diff --git a/config/rootfiles/common/configroot b/config/rootfiles/common/configroot
index 8c91ca5d5..d496594bc 100644
--- a/config/rootfiles/common/configroot
+++ b/config/rootfiles/common/configroot
@@ -184,8 +184,6 @@ var/ipfire/time
var/ipfire/updatexlrator
var/ipfire/updatexlrator/autocheck
var/ipfire/updatexlrator/bin
-var/ipfire/upnp
-#var/ipfire/upnp/settings
var/ipfire/urlfilter
#var/ipfire/urlfilter/autoupdate
#var/ipfire/urlfilter/bin
diff --git a/config/rootfiles/common/i586/initscripts b/config/rootfiles/common/i586/initscripts
index 18c5a897a..8511ffa0b 100644
--- a/config/rootfiles/common/i586/initscripts
+++ b/config/rootfiles/common/i586/initscripts
@@ -92,7 +92,6 @@ etc/rc.d/init.d/template
etc/rc.d/init.d/udev
etc/rc.d/init.d/udev_retry
etc/rc.d/init.d/unbound
-etc/rc.d/init.d/upnpd
etc/rc.d/init.d/vnstat
etc/rc.d/init.d/waitdrives
etc/rc.d/init.d/wlanclient
diff --git a/config/rootfiles/common/x86_64/initscripts b/config/rootfiles/common/x86_64/initscripts
index 18c5a897a..8511ffa0b 100644
--- a/config/rootfiles/common/x86_64/initscripts
+++ b/config/rootfiles/common/x86_64/initscripts
@@ -92,7 +92,6 @@ etc/rc.d/init.d/template
etc/rc.d/init.d/udev
etc/rc.d/init.d/udev_retry
etc/rc.d/init.d/unbound
-etc/rc.d/init.d/upnpd
etc/rc.d/init.d/vnstat
etc/rc.d/init.d/waitdrives
etc/rc.d/init.d/wlanclient
diff --git a/src/initscripts/system/firewall b/src/initscripts/system/firewall
index 65f1c979b..dd9f1a484 100644
--- a/src/initscripts/system/firewall
+++ b/src/initscripts/system/firewall
@@ -363,12 +363,6 @@ iptables_init() {
-m mark --mark 3 -j SNAT --to-source "${ORANGE_ADDRESS}"
fi
- # upnp chain for our upnp daemon
- iptables -t nat -N UPNPFW
- iptables -t nat -A PREROUTING -j UPNPFW
- iptables -N UPNPFW
- iptables -A FORWARD -m conntrack --ctstate NEW -j UPNPFW
-
# RED chain, used for the red interface
iptables -N REDINPUT
iptables -A INPUT -j REDINPUT
diff --git a/src/initscripts/system/upnpd b/src/initscripts/system/upnpd
deleted file mode 100644
index ca05abf75..000000000
--- a/src/initscripts/system/upnpd
+++ /dev/null
@@ -1,55 +0,0 @@
-#!/bin/sh
-########################################################################
-# Begin $rc_base/init.d/
-#
-# Description : UPnP Starter
-#
-# Authors : Michael Tremer
-#
-# Version : 01.00
-#
-# Notes : for www.ipfire.org - GPLv2
-#
-########################################################################
-
-. /etc/sysconfig/rc
-. ${rc_functions}
-
-# defaults
-ALLOW_MULTICAST=no
-
-# configuration
-eval $(/usr/local/bin/readhash /var/ipfire/upnp/settings)
-
-case "$1" in
- start)
- boot_mesg "Starting Universal Plug'n'Play daemon..."
- loadproc /usr/sbin/upnpd $EXTIFACE $INTIFACE
- evaluate_retval
- [ "$ALLOW_MULTICAST" != "no" ] && route add -net 239.0.0.0 netmask 255.0.0.0 $INTIFACE
- ;;
-
- stop)
- boot_mesg "Stopping Universal Plug'n'Play daemon..."
- killproc /usr/sbin/upnpd
- evaluate_retval
- [ "$ALLOW_MULTICAST" != "no" ] && route del -net 239.0.0.0 netmask 255.0.0.0 $INTIFACE
- ;;
-
- restart)
- ${0} stop
- sleep 1
- ${0} start
-
- ;;
- status)
- statusproc
- ;;
-
- *)
- echo "Usage: ${0} {start|stop|reload|restart|status}"
- exit 1
- ;;
-esac
-
-# End $rc_base/init.d/
--
2.26.2
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH 3/4] mpd: build without UPnP support
2021-05-18 21:34 ` [PATCH 2/4] Delete the remainings of libupnp and upnpd Peter Müller
@ 2021-05-18 21:34 ` Peter Müller
2021-05-18 21:34 ` [PATCH 4/4] Delete UPnP initscript for ARM64 as well Peter Müller
0 siblings, 1 reply; 4+ messages in thread
From: Peter Müller @ 2021-05-18 21:34 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 835 bytes --]
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
---
lfs/mpd | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lfs/mpd b/lfs/mpd
index 25e3630e6..0a8b533d8 100644
--- a/lfs/mpd
+++ b/lfs/mpd
@@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/${THISAPP}
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = mpd
-PAK_VER = 21
+PAK_VER = 22
SUP_ARCH = aarch64 x86_64 i586
DEPS = alsa avahi faad2 ffmpeg flac lame libmad libshout libogg libid3tag libvorbis opus soxr
@@ -91,7 +91,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
-D ffmpeg=enabled \
-D flac=enabled \
-D lame=enabled \
- -D upnp=enabled \
+ -D upnp=disabled \
-D icu=disabled \
builddir/
cd $(DIR_APP) && ninja -C builddir/
--
2.26.2
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH 4/4] Delete UPnP initscript for ARM64 as well
2021-05-18 21:34 ` [PATCH 3/4] mpd: build without UPnP support Peter Müller
@ 2021-05-18 21:34 ` Peter Müller
0 siblings, 0 replies; 4+ messages in thread
From: Peter Müller @ 2021-05-18 21:34 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 633 bytes --]
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
---
config/rootfiles/common/aarch64/initscripts | 1 -
1 file changed, 1 deletion(-)
diff --git a/config/rootfiles/common/aarch64/initscripts b/config/rootfiles/common/aarch64/initscripts
index 800005966..ed32c155d 100644
--- a/config/rootfiles/common/aarch64/initscripts
+++ b/config/rootfiles/common/aarch64/initscripts
@@ -93,7 +93,6 @@ etc/rc.d/init.d/template
etc/rc.d/init.d/udev
etc/rc.d/init.d/udev_retry
etc/rc.d/init.d/unbound
-etc/rc.d/init.d/upnpd
etc/rc.d/init.d/vnstat
etc/rc.d/init.d/waitdrives
etc/rc.d/init.d/wlanclient
--
2.26.2
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-05-18 21:34 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-05-18 21:33 [PATCH 1/4] Drop libupnp Peter Müller
2021-05-18 21:34 ` [PATCH 2/4] Delete the remainings of libupnp and upnpd Peter Müller
2021-05-18 21:34 ` [PATCH 3/4] mpd: build without UPnP support Peter Müller
2021-05-18 21:34 ` [PATCH 4/4] Delete UPnP initscript for ARM64 as well Peter Müller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox