From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: [PATCH] Clean up whatever remained from ALGs in userspace Date: Thu, 03 Jun 2021 10:20:37 +0100 Message-ID: In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============5949666435731879463==" List-Id: --===============5949666435731879463== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello, > On 2 Jun 2021, at 20:37, Peter M=C3=BCller wro= te: >=20 > This patch removes translations, directives in LFS files, and ALG shared > object files which all became orphaned after we disabled ALGs due to NAT > Slipstreaming vulnerability in Core Update 155. >=20 > Signed-off-by: Peter M=C3=BCller > --- > config/rootfiles/common/conntrack-tools | 18 +++++++++--------- > config/rootfiles/core/158/update.sh | 1 + > langs/de/cgi-bin/de.pl | 1 - > langs/en/cgi-bin/en.pl | 1 - > langs/fr/cgi-bin/fr.pl | 1 - > langs/tr/cgi-bin/tr.pl | 1 - > lfs/configroot | 5 ----- > 7 files changed, 10 insertions(+), 18 deletions(-) >=20 > diff --git a/config/rootfiles/common/conntrack-tools b/config/rootfiles/com= mon/conntrack-tools > index 27161b1fb..b6632ec07 100644 > --- a/config/rootfiles/common/conntrack-tools > +++ b/config/rootfiles/common/conntrack-tools > @@ -1,24 +1,24 @@ > #usr/lib/conntrack-tools > #usr/lib/conntrack-tools/ct_helper_amanda.la > -usr/lib/conntrack-tools/ct_helper_amanda.so > +#usr/lib/conntrack-tools/ct_helper_amanda.so > #usr/lib/conntrack-tools/ct_helper_dhcpv6.la > #usr/lib/conntrack-tools/ct_helper_dhcpv6.so > #usr/lib/conntrack-tools/ct_helper_ftp.la > -usr/lib/conntrack-tools/ct_helper_ftp.so > +#usr/lib/conntrack-tools/ct_helper_ftp.so > #usr/lib/conntrack-tools/ct_helper_mdns.la > -usr/lib/conntrack-tools/ct_helper_mdns.so > +#usr/lib/conntrack-tools/ct_helper_mdns.so > #usr/lib/conntrack-tools/ct_helper_rpc.la > -usr/lib/conntrack-tools/ct_helper_rpc.so > +#usr/lib/conntrack-tools/ct_helper_rpc.so > #usr/lib/conntrack-tools/ct_helper_sane.la > -usr/lib/conntrack-tools/ct_helper_sane.so > +#usr/lib/conntrack-tools/ct_helper_sane.so > #usr/lib/conntrack-tools/ct_helper_slp.la > -usr/lib/conntrack-tools/ct_helper_slp.so > +#usr/lib/conntrack-tools/ct_helper_slp.so > #usr/lib/conntrack-tools/ct_helper_ssdp.la > -usr/lib/conntrack-tools/ct_helper_ssdp.so > +#usr/lib/conntrack-tools/ct_helper_ssdp.so > #usr/lib/conntrack-tools/ct_helper_tftp.la > -usr/lib/conntrack-tools/ct_helper_tftp.so > +#usr/lib/conntrack-tools/ct_helper_tftp.so > #usr/lib/conntrack-tools/ct_helper_tns.la > -usr/lib/conntrack-tools/ct_helper_tns.so > +#usr/lib/conntrack-tools/ct_helper_tns.so I believe that these have a different job than those in the kernel. However, = I have merged the whole patch and we will see what is happening. There is a lot of outdated stuff in there as well (sane, Amanda, =E2=80=A6) a= nd I do not believe anyone will miss this. Best, -Michael > usr/sbin/conntrack > usr/sbin/conntrackd > usr/sbin/nfct > diff --git a/config/rootfiles/core/158/update.sh b/config/rootfiles/core/15= 8/update.sh > index 68fe116a9..2568ea836 100644 > --- a/config/rootfiles/core/158/update.sh > +++ b/config/rootfiles/core/158/update.sh > @@ -36,6 +36,7 @@ rm -vrf \ > /etc/rc.d/init.d/upnpd \ > /etc/rc.d/init.d/networking/red.down/10-miniupnpd \ > /etc/rc.d/init.d/networking/red.up/10-miniupnpd \ > + /usr/lib/conntrack-tools \ > /usr/lib/libixml.so.* \ > /usr/lib/libupnp.so.* \ > /var/ipfire/upnp > diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl > index 95af3155b..0bc579cd2 100644 > --- a/langs/de/cgi-bin/de.pl > +++ b/langs/de/cgi-bin/de.pl > @@ -437,7 +437,6 @@ > 'alt vpn' =3D> 'VPNs', > 'and' =3D> 'Und', > 'apcupsd' =3D> 'APC-UPS Status', > -'application layer gateways' =3D> 'Application-Layer-Gateways', > 'apply' =3D> 'Jetzt anwenden', > 'april' =3D> 'April', > 'archive not exist' =3D> 'Konfigurationsarchiv existiert nicht', > diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl > index d86705772..1c69b3798 100644 > --- a/langs/en/cgi-bin/en.pl > +++ b/langs/en/cgi-bin/en.pl > @@ -436,7 +436,6 @@ > 'and' =3D> 'And', > 'ansi t1.483' =3D> 'TO BE REMOVED', > 'apcupsd' =3D> 'APC-UPS status', > -'application layer gateways' =3D> 'Application Layer Gateways', > 'apply' =3D> 'Apply now', > 'april' =3D> 'April', > 'archive not exist' =3D> 'Configuration archive does not exist', > diff --git a/langs/fr/cgi-bin/fr.pl b/langs/fr/cgi-bin/fr.pl > index 301109477..7cabaccde 100644 > --- a/langs/fr/cgi-bin/fr.pl > +++ b/langs/fr/cgi-bin/fr.pl > @@ -442,7 +442,6 @@ > 'alt vpn' =3D> 'VPNs', > 'and' =3D> 'Et', > 'apcupsd' =3D> 'Statut UPS-APC', > -'application layer gateways' =3D> 'Passerelles de couche d\'application', > 'apply' =3D> 'Appliquer maintenant', > 'april' =3D> 'Avril', > 'archive not exist' =3D> 'L\'archive de configuration n\'existe pas', > diff --git a/langs/tr/cgi-bin/tr.pl b/langs/tr/cgi-bin/tr.pl > index 36c4782d6..e02320a58 100644 > --- a/langs/tr/cgi-bin/tr.pl > +++ b/langs/tr/cgi-bin/tr.pl > @@ -424,7 +424,6 @@ > 'and' =3D> 've', > 'ansi t1.483' =3D> 'KALDIRILACAK', > 'apcupsd' =3D> 'APC-UPS durumu', > -'application layer gateways' =3D> 'Uygulama Katman=C4=B1 A=C4=9F Ge=C3=A7i= tleri', > 'apply' =3D> '=C5=9Eimdi uygula', > 'april' =3D> 'Nisan', > 'archive not exist' =3D> 'Yap=C4=B1land=C4=B1rma ar=C5=9Fivi yok', > diff --git a/lfs/configroot b/lfs/configroot > index 02b2883ba..c528bd6d9 100644 > --- a/lfs/configroot > +++ b/lfs/configroot > @@ -138,11 +138,6 @@ $(TARGET) : > cp $(DIR_SRC)/config/suricata/convert-snort /usr/sbin/convert-snort > cp $(DIR_SRC)/config/suricata/convert-ids-modifysids-file /usr/sbin/conv= ert-ids-modifysids-file >=20 > - # Add conntrack helper default settings > - for proto in AMANDA FTP H323 IRC PPTP SIP TFTP; do \ > - echo "CONNTRACK_$${proto}=3Doff" >> $(CONFIG_ROOT)/optionsfw/settings; \ > - done > - > # set converters executable > chmod 755 /usr/sbin/convert-* >=20 > --=20 > 2.26.2 --===============5949666435731879463==--