This library has received no attention within the last three years. By design, UPnP is a security risk on any firewall, and and outdated version of a UPnP library definitely is.

This patch therefore drops libupnp completely.

Signed-off-by: Peter Müller peter.mueller@ipfire.org --- config/rootfiles/common/libupnp | 37 --------------- config/upnp/gatedesc.xml | 81 --------------------------------- lfs/configroot | 4 +- lfs/libupnp | 78 ------------------------------- make.sh | 1 - 5 files changed, 2 insertions(+), 199 deletions(-) delete mode 100644 config/rootfiles/common/libupnp delete mode 100755 config/upnp/gatedesc.xml delete mode 100644 lfs/libupnp

diff --git a/config/rootfiles/common/libupnp b/config/rootfiles/common/libupnp deleted file mode 100644 index 6b3f3e310..000000000 --- a/config/rootfiles/common/libupnp +++ /dev/null @@ -1,37 +0,0 @@ -#usr/include/upnp -#usr/include/upnp/Callback.h -#usr/include/upnp/UpnpActionComplete.h -#usr/include/upnp/UpnpActionRequest.h -#usr/include/upnp/UpnpDiscovery.h -#usr/include/upnp/UpnpEvent.h -#usr/include/upnp/UpnpEventSubscribe.h -#usr/include/upnp/UpnpExtraHeaders.h -#usr/include/upnp/UpnpFileInfo.h -#usr/include/upnp/UpnpGlobal.h -#usr/include/upnp/UpnpInet.h -#usr/include/upnp/UpnpIntTypes.h -#usr/include/upnp/UpnpStateVarComplete.h -#usr/include/upnp/UpnpStateVarRequest.h -#usr/include/upnp/UpnpStdInt.h -#usr/include/upnp/UpnpString.h -#usr/include/upnp/UpnpSubscriptionRequest.h -#usr/include/upnp/UpnpUniStd.h -#usr/include/upnp/ithread.h -#usr/include/upnp/ixml.h -#usr/include/upnp/ixmldebug.h -#usr/include/upnp/list.h -#usr/include/upnp/upnp.h -#usr/include/upnp/upnpconfig.h -#usr/include/upnp/upnpdebug.h -#usr/include/upnp/upnptools.h -#usr/lib/libixml.a -#usr/lib/libixml.la -#usr/lib/libixml.so -usr/lib/libixml.so.11 -usr/lib/libixml.so.11.0.1 -#usr/lib/libupnp.a -#usr/lib/libupnp.la -#usr/lib/libupnp.so -usr/lib/libupnp.so.17 -usr/lib/libupnp.so.17.0.6 -#usr/lib/pkgconfig/libupnp.pc diff --git a/config/upnp/gatedesc.xml b/config/upnp/gatedesc.xml deleted file mode 100755 index a0608bb53..000000000 --- a/config/upnp/gatedesc.xml +++ /dev/null @@ -1,81 +0,0 @@ -<?xml version="1.0"?> -<root xmlns="urn:schemas-upnp-org:device-1-0"> - <specVersion> - <major>1</major> - <minor>0</minor> - </specVersion> - <device> - <deviceType>urn:schemas-upnp-org:device:InternetGatewayDevice:1</deviceType> - <friendlyName>IPFire UPnP Device</friendlyName> - <manufacturer>IPFire Project</manufacturer> - <manufacturerURL>http://www.ipfire.org</manufacturerURL> - <modelName>IPFire 2.3</modelName> - <UDN>uuid:75802409-bccb-40e7-8e6c-fa095ecce13e</UDN> - <iconList> - <icon> - <mimetype>image/gif</mimetype> - <width>118</width> - <height>119</height> - <depth>8</depth> - <url>/ligd.gif</url> - </icon> - </iconList> - <serviceList> - <service> - <serviceType>urn:schemas-dummy-com:service:Dummy:1</serviceType> - <serviceId>urn:dummy-com:serviceId:dummy1</serviceId> - <controlURL>/dummy</controlURL> - <eventSubURL>/dummy</eventSubURL> - <SCPDURL>/dummy.xml</SCPDURL> - </service> - </serviceList> - <deviceList> - <device> - <deviceType>urn:schemas-upnp-org:device:WANDevice:1</deviceType> - <friendlyName>WANDevice</friendlyName> - <manufacturer>IPFire Project</manufacturer> - <manufacturerURL>http://www.ipfire.org</manufacturerURL> - <modelDescription>WAN Device on Linux IGD</modelDescription> - <modelName>IPFire</modelName> - <modelNumber>2.3</modelNumber> - <modelURL>http://linux-igd.sourceforge.net</modelURL> - <serialNumber>2.3</serialNumber> - <UDN>uuid:75802409-bccb-40e7-8e6c-fa095ecce13e</UDN> - <UPC>Linux IGD</UPC> - <serviceList> - <service> - <serviceType>urn:schemas-upnp-org:service:WANCommonInterfaceConfig:1</serviceType> - <serviceId>urn:upnp-org:serviceId:WANCommonIFC1</serviceId> - <controlURL>/upnp/control/WANCommonIFC1</controlURL> - <eventSubURL>/upnp/control/WANCommonIFC1</eventSubURL> - <SCPDURL>/gateicfgSCPD.xml</SCPDURL> - </service> - </serviceList> - <deviceList> - <device> - <deviceType>urn:schemas-upnp-org:device:WANConnectionDevice:1</deviceType> - <friendlyName>Internet Connection</friendlyName> - <manufacturer>IPFire Project</manufacturer> - <manufacturerURL>http://www.ipfire.org</manufacturerURL> - <modelDescription>Internet connection on Linux IPFire Firewall</modelDescription> - <modelName>IPFire</modelName> - <modelNumber>2.3</modelNumber> - <modelURL>http://www.ipfire.org</modelURL> - <serialNumber>2.3</serialNumber> - <UDN>uuid:75802409-bccb-40e7-8e6c-fa095ecce13e</UDN> - <UPC>Linux IGD</UPC> - <serviceList> - <service> - <serviceType>urn:schemas-upnp-org:service:WANIPConnection:1</serviceType> - <serviceId>urn:upnp-org:serviceId:WANIPConn1</serviceId> - <controlURL>/upnp/control/WANIPConn1</controlURL> - <eventSubURL>/upnp/control/WANIPConn1</eventSubURL> - <SCPDURL>/gateconnSCPD.xml</SCPDURL> - </service> - </serviceList> - </device> - </deviceList> - </device> - </deviceList> - </device> -</root> diff --git a/lfs/configroot b/lfs/configroot index a3e474d70..2ab9cc29b 100644 --- a/lfs/configroot +++ b/lfs/configroot @@ -55,7 +55,7 @@ $(TARGET) : menu.d modem optionsfw \ ovpn patches pakfire portfw ppp private proxy/advanced/cre \ proxy/calamaris/bin qos/bin red remote sensors suricata time \ - updatexlrator/bin updatexlrator/autocheck urlfilter/autoupdate urlfilter/bin upnp vpn \ + updatexlrator/bin updatexlrator/autocheck urlfilter/autoupdate urlfilter/bin vpn \ wakeonlan wireless ; do \ mkdir -p $(CONFIG_ROOT)/$$i; \ done @@ -69,7 +69,7 @@ $(TARGET) : isdn/settings mac/settings main/hosts main/routing main/security main/settings optionsfw/settings \ ovpn/ccd.conf ovpn/ccdroute ovpn/ccdroute2 pakfire/settings portfw/config ppp/settings-1 ppp/settings-2 ppp/settings-3 ppp/settings-4 \ ppp/settings-5 ppp/settings proxy/settings proxy/squid.conf proxy/advanced/settings proxy/advanced/cre/enable remote/settings qos/settings qos/classes qos/subclasses qos/level7config qos/portconfig \ - qos/tosconfig suricata/settings upnp/settings vpn/config vpn/settings vpn/ipsec.conf \ + qos/tosconfig suricata/settings vpn/config vpn/settings vpn/ipsec.conf \ vpn/ipsec.secrets vpn/caconfig wakeonlan/clients.conf wireless/config wireless/settings; do \ touch $(CONFIG_ROOT)/$$i; \ done diff --git a/lfs/libupnp b/lfs/libupnp deleted file mode 100644 index 61856ff7b..000000000 --- a/lfs/libupnp +++ /dev/null @@ -1,78 +0,0 @@ -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team info@ipfire.org # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see http://www.gnu.org/licenses/. # -# # -############################################################################### - -############################################################################### -# Definitions -############################################################################### - -include Config - -VER = 1.14.6 - -THISAPP = libupnp-$(VER) -DL_FILE = $(THISAPP).tar.bz2 -DL_FROM = $(URL_IPFIRE) -DIR_APP = $(DIR_SRC)/$(THISAPP) -TARGET = $(DIR_INFO)/$(THISAPP) - -############################################################################### -# Top-level Rules -############################################################################### - -objects = $(DL_FILE) - -$(DL_FILE) = $(DL_FROM)/$(DL_FILE) - -$(DL_FILE)_MD5 = 05c2393eee4fbf81c9e1b116b9554039 - -install : $(TARGET) - -check : $(patsubst %,$(DIR_CHK)/%,$(objects)) - -download :$(patsubst %,$(DIR_DL)/%,$(objects)) - -md5 : $(subst %,%_MD5,$(objects)) - -############################################################################### -# Downloading, checking, md5sum -############################################################################### - -$(patsubst %,$(DIR_CHK)/%,$(objects)) : - @$(CHECK) - -$(patsubst %,$(DIR_DL)/%,$(objects)) : - @$(LOAD) - -$(subst %,%_MD5,$(objects)) : - @$(MD5) - -############################################################################### -# Installation Details -############################################################################### - -$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) - @$(PREBUILD) - @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE) - $(UPDATE_AUTOMAKE) - cd $(DIR_APP) && ./configure --prefix=/usr - cd $(DIR_APP) && make $(MAKETUNING) - cd $(DIR_APP) && make install - @rm -rf $(DIR_APP) - @$(POSTBUILD) diff --git a/make.sh b/make.sh index 4af0081e9..9fba3977d 100755 --- a/make.sh +++ b/make.sh @@ -1306,7 +1306,6 @@ buildipfire() { lfsmake2 whatmask lfsmake2 libtirpc lfsmake2 conntrack-tools - lfsmake2 libupnp lfsmake2 ipaddr lfsmake2 iputils lfsmake2 l7-protocols