This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, master has been updated via 3af3a6c5ee445d52bc31315ddaf734fbfa61f76e (commit) via d25d7bfccf37fd008af43021ec5a18f135894699 (commit) from 68aa7aa602afac230dc8f9d81f2b7f43993d24d5 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 3af3a6c5ee445d52bc31315ddaf734fbfa61f76e Author: Arne Fitzenreiter arne_f@ipfire.org Date: Tue May 3 21:30:14 2016 +0200
core102: ship openssl and openssl updates
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit d25d7bfccf37fd008af43021ec5a18f135894699 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Tue May 3 21:28:28 2016 +0200
openssl: security update to 1.0.2g
see https://www.openssl.org/news/secadv/20160503.txt for details
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
-----------------------------------------------------------------------
Summary of changes: config/rootfiles/core/{101 => 102}/exclude | 0 .../{oldcore/98 => core/102}/filelists/files | 0 .../99 => core/102}/filelists/i586/openssl-sse2 | 0 .../{oldcore/99 => core/102}/filelists/openssh | 0 .../{oldcore/99 => core/102}/filelists/openssl | 0 config/rootfiles/core/{101 => 102}/meta | 0 .../rootfiles/{oldcore/99 => core/102}/update.sh | 26 ++++++++++++++++------ config/rootfiles/oldcore/{100 => 101}/exclude | 0 .../101/filelists/armv5tel/ath9k-module | 0 .../{core => oldcore}/101/filelists/armv5tel/gmp | 0 .../101/filelists/armv5tel/linux-rpi | 0 .../rootfiles/{core => oldcore}/101/filelists/bind | 0 .../rootfiles/{core => oldcore}/101/filelists/dma | 0 .../{core => oldcore}/101/filelists/e2fsprogs | 0 .../{core => oldcore}/101/filelists/files | 0 .../rootfiles/{core => oldcore}/101/filelists/grep | 0 .../101/filelists/i586/ath9k-module | 0 .../{core => oldcore}/101/filelists/i586/dmidecode | 0 .../{core => oldcore}/101/filelists/i586/gmp | 0 .../{core => oldcore}/101/filelists/libxml2 | 0 .../rootfiles/{core => oldcore}/101/filelists/mpfr | 0 .../{core => oldcore}/101/filelists/nettle | 0 .../{core => oldcore}/101/filelists/patch | 0 .../{core => oldcore}/101/filelists/paxctl | 0 .../{core => oldcore}/101/filelists/pciutils | 0 .../rootfiles/{core => oldcore}/101/filelists/pcre | 0 .../101/filelists/perl-Apache-Htpasswd | 0 .../{core => oldcore}/101/filelists/squid | 0 .../101/filelists/x86_64/ath9k-module | 0 .../101/filelists/x86_64/dmidecode | 0 .../{core => oldcore}/101/filelists/x86_64/gmp | 0 config/rootfiles/oldcore/{99 => 101}/meta | 0 config/rootfiles/{core => oldcore}/101/update.sh | 0 lfs/openssl | 8 +++---- make.sh | 4 ++-- src/patches/openssl-1.0.1m-weak-ciphers.patch | 11 --------- src/patches/openssl-1.0.2h-weak-ciphers.patch | 12 ++++++++++ 37 files changed, 37 insertions(+), 24 deletions(-) rename config/rootfiles/core/{101 => 102}/exclude (100%) copy config/rootfiles/{oldcore/98 => core/102}/filelists/files (100%) copy config/rootfiles/{oldcore/99 => core/102}/filelists/i586/openssl-sse2 (100%) copy config/rootfiles/{oldcore/99 => core/102}/filelists/openssh (100%) copy config/rootfiles/{oldcore/99 => core/102}/filelists/openssl (100%) rename config/rootfiles/core/{101 => 102}/meta (100%) copy config/rootfiles/{oldcore/99 => core/102}/update.sh (88%) copy config/rootfiles/oldcore/{100 => 101}/exclude (100%) rename config/rootfiles/{core => oldcore}/101/filelists/armv5tel/ath9k-module (100%) rename config/rootfiles/{core => oldcore}/101/filelists/armv5tel/gmp (100%) rename config/rootfiles/{core => oldcore}/101/filelists/armv5tel/linux-rpi (100%) rename config/rootfiles/{core => oldcore}/101/filelists/bind (100%) rename config/rootfiles/{core => oldcore}/101/filelists/dma (100%) rename config/rootfiles/{core => oldcore}/101/filelists/e2fsprogs (100%) rename config/rootfiles/{core => oldcore}/101/filelists/files (100%) rename config/rootfiles/{core => oldcore}/101/filelists/grep (100%) rename config/rootfiles/{core => oldcore}/101/filelists/i586/ath9k-module (100%) rename config/rootfiles/{core => oldcore}/101/filelists/i586/dmidecode (100%) rename config/rootfiles/{core => oldcore}/101/filelists/i586/gmp (100%) rename config/rootfiles/{core => oldcore}/101/filelists/libxml2 (100%) rename config/rootfiles/{core => oldcore}/101/filelists/mpfr (100%) rename config/rootfiles/{core => oldcore}/101/filelists/nettle (100%) rename config/rootfiles/{core => oldcore}/101/filelists/patch (100%) rename config/rootfiles/{core => oldcore}/101/filelists/paxctl (100%) rename config/rootfiles/{core => oldcore}/101/filelists/pciutils (100%) rename config/rootfiles/{core => oldcore}/101/filelists/pcre (100%) rename config/rootfiles/{core => oldcore}/101/filelists/perl-Apache-Htpasswd (100%) rename config/rootfiles/{core => oldcore}/101/filelists/squid (100%) rename config/rootfiles/{core => oldcore}/101/filelists/x86_64/ath9k-module (100%) rename config/rootfiles/{core => oldcore}/101/filelists/x86_64/dmidecode (100%) rename config/rootfiles/{core => oldcore}/101/filelists/x86_64/gmp (100%) copy config/rootfiles/oldcore/{99 => 101}/meta (100%) rename config/rootfiles/{core => oldcore}/101/update.sh (100%) delete mode 100644 src/patches/openssl-1.0.1m-weak-ciphers.patch create mode 100644 src/patches/openssl-1.0.2h-weak-ciphers.patch
Difference in files: diff --git a/config/rootfiles/core/101/exclude b/config/rootfiles/core/101/exclude deleted file mode 100644 index 7ddeae0..0000000 --- a/config/rootfiles/core/101/exclude +++ /dev/null @@ -1,28 +0,0 @@ -boot/config.txt -boot/grub/grub.cfg -boot/grub/grubenv -etc/alternatives -etc/collectd.custom -etc/default/grub -etc/ipsec.conf -etc/ipsec.secrets -etc/ipsec.user.conf -etc/ipsec.user.secrets -etc/localtime -etc/shadow -etc/snort/snort.conf -etc/ssh/ssh_config -etc/ssh/sshd_config -etc/ssl/openssl.cnf -etc/sudoers -etc/sysconfig/firewall.local -etc/sysconfig/rc.local -etc/udev/rules.d/30-persistent-network.rules -srv/web/ipfire/html/proxy.pac -var/ipfire/dma -var/ipfire/time -var/ipfire/ovpn -var/lib/alternatives -var/log/cache -var/state/dhcp/dhcpd.leases -var/updatecache diff --git a/config/rootfiles/core/101/filelists/armv5tel/ath9k-module b/config/rootfiles/core/101/filelists/armv5tel/ath9k-module deleted file mode 100644 index 92f518e..0000000 --- a/config/rootfiles/core/101/filelists/armv5tel/ath9k-module +++ /dev/null @@ -1,3 +0,0 @@ -lib/modules/KVER-ipfire-multi/kernel/drivers/net/wireless/ath/ath9k -lib/modules/KVER-ipfire-kirkwood/kernel/drivers/net/wireless/ath/ath9k - diff --git a/config/rootfiles/core/101/filelists/armv5tel/gmp b/config/rootfiles/core/101/filelists/armv5tel/gmp deleted file mode 120000 index 2bdf30d..0000000 --- a/config/rootfiles/core/101/filelists/armv5tel/gmp +++ /dev/null @@ -1 +0,0 @@ -../../../../common/armv5tel/gmp \ No newline at end of file diff --git a/config/rootfiles/core/101/filelists/armv5tel/linux-rpi b/config/rootfiles/core/101/filelists/armv5tel/linux-rpi deleted file mode 120000 index a651a49..0000000 --- a/config/rootfiles/core/101/filelists/armv5tel/linux-rpi +++ /dev/null @@ -1 +0,0 @@ -../../../../common/armv5tel/linux-rpi \ No newline at end of file diff --git a/config/rootfiles/core/101/filelists/bind b/config/rootfiles/core/101/filelists/bind deleted file mode 120000 index 48a0eba..0000000 --- a/config/rootfiles/core/101/filelists/bind +++ /dev/null @@ -1 +0,0 @@ -../../../common/bind \ No newline at end of file diff --git a/config/rootfiles/core/101/filelists/dma b/config/rootfiles/core/101/filelists/dma deleted file mode 120000 index 60f4682..0000000 --- a/config/rootfiles/core/101/filelists/dma +++ /dev/null @@ -1 +0,0 @@ -../../../common/dma \ No newline at end of file diff --git a/config/rootfiles/core/101/filelists/e2fsprogs b/config/rootfiles/core/101/filelists/e2fsprogs deleted file mode 120000 index 37b55de..0000000 --- a/config/rootfiles/core/101/filelists/e2fsprogs +++ /dev/null @@ -1 +0,0 @@ -../../../common/e2fsprogs \ No newline at end of file diff --git a/config/rootfiles/core/101/filelists/files b/config/rootfiles/core/101/filelists/files deleted file mode 100644 index c04cff6..0000000 --- a/config/rootfiles/core/101/filelists/files +++ /dev/null @@ -1,7 +0,0 @@ -etc/system-release -etc/issue -etc/rc.d/init.d/firewall -srv/web/ipfire/cgi-bin/chpasswd.cgi -srv/web/ipfire/cgi-bin/ipinfo.cgi -srv/web/ipfire/cgi-bin/optionsfw.cgi -srv/web/ipfire/cgi-bin/proxy.cgi diff --git a/config/rootfiles/core/101/filelists/grep b/config/rootfiles/core/101/filelists/grep deleted file mode 120000 index ab5ef8b..0000000 --- a/config/rootfiles/core/101/filelists/grep +++ /dev/null @@ -1 +0,0 @@ -../../../common/grep \ No newline at end of file diff --git a/config/rootfiles/core/101/filelists/i586/ath9k-module b/config/rootfiles/core/101/filelists/i586/ath9k-module deleted file mode 100644 index 2490e61..0000000 --- a/config/rootfiles/core/101/filelists/i586/ath9k-module +++ /dev/null @@ -1,3 +0,0 @@ -lib/modules/KVER-ipfire/kernel/drivers/net/wireless/ath/ath9k -lib/modules/KVER-ipfire-pae/kernel/drivers/net/wireless/ath/ath9k - diff --git a/config/rootfiles/core/101/filelists/i586/dmidecode b/config/rootfiles/core/101/filelists/i586/dmidecode deleted file mode 120000 index 1add99b..0000000 --- a/config/rootfiles/core/101/filelists/i586/dmidecode +++ /dev/null @@ -1 +0,0 @@ -../../../../common/i586/dmidecode \ No newline at end of file diff --git a/config/rootfiles/core/101/filelists/i586/gmp b/config/rootfiles/core/101/filelists/i586/gmp deleted file mode 120000 index 52a09cd..0000000 --- a/config/rootfiles/core/101/filelists/i586/gmp +++ /dev/null @@ -1 +0,0 @@ -../../../../common/i586/gmp \ No newline at end of file diff --git a/config/rootfiles/core/101/filelists/libxml2 b/config/rootfiles/core/101/filelists/libxml2 deleted file mode 120000 index 242e69f..0000000 --- a/config/rootfiles/core/101/filelists/libxml2 +++ /dev/null @@ -1 +0,0 @@ -../../../common/libxml2 \ No newline at end of file diff --git a/config/rootfiles/core/101/filelists/mpfr b/config/rootfiles/core/101/filelists/mpfr deleted file mode 120000 index c8468bf..0000000 --- a/config/rootfiles/core/101/filelists/mpfr +++ /dev/null @@ -1 +0,0 @@ -../../../common/mpfr \ No newline at end of file diff --git a/config/rootfiles/core/101/filelists/nettle b/config/rootfiles/core/101/filelists/nettle deleted file mode 120000 index f0dba7a..0000000 --- a/config/rootfiles/core/101/filelists/nettle +++ /dev/null @@ -1 +0,0 @@ -../../../common/nettle \ No newline at end of file diff --git a/config/rootfiles/core/101/filelists/patch b/config/rootfiles/core/101/filelists/patch deleted file mode 120000 index 27a3825..0000000 --- a/config/rootfiles/core/101/filelists/patch +++ /dev/null @@ -1 +0,0 @@ -../../../common/patch \ No newline at end of file diff --git a/config/rootfiles/core/101/filelists/paxctl b/config/rootfiles/core/101/filelists/paxctl deleted file mode 120000 index dda8d9f..0000000 --- a/config/rootfiles/core/101/filelists/paxctl +++ /dev/null @@ -1 +0,0 @@ -../../../common/paxctl \ No newline at end of file diff --git a/config/rootfiles/core/101/filelists/pciutils b/config/rootfiles/core/101/filelists/pciutils deleted file mode 120000 index aeb45e7..0000000 --- a/config/rootfiles/core/101/filelists/pciutils +++ /dev/null @@ -1 +0,0 @@ -../../../common/pciutils \ No newline at end of file diff --git a/config/rootfiles/core/101/filelists/pcre b/config/rootfiles/core/101/filelists/pcre deleted file mode 120000 index b390d9a..0000000 --- a/config/rootfiles/core/101/filelists/pcre +++ /dev/null @@ -1 +0,0 @@ -../../../common/pcre \ No newline at end of file diff --git a/config/rootfiles/core/101/filelists/perl-Apache-Htpasswd b/config/rootfiles/core/101/filelists/perl-Apache-Htpasswd deleted file mode 120000 index c7d2c8d..0000000 --- a/config/rootfiles/core/101/filelists/perl-Apache-Htpasswd +++ /dev/null @@ -1 +0,0 @@ -../../../common/perl-Apache-Htpasswd \ No newline at end of file diff --git a/config/rootfiles/core/101/filelists/squid b/config/rootfiles/core/101/filelists/squid deleted file mode 120000 index 2dc8372..0000000 --- a/config/rootfiles/core/101/filelists/squid +++ /dev/null @@ -1 +0,0 @@ -../../../common/squid \ No newline at end of file diff --git a/config/rootfiles/core/101/filelists/x86_64/ath9k-module b/config/rootfiles/core/101/filelists/x86_64/ath9k-module deleted file mode 100644 index 25361ce..0000000 --- a/config/rootfiles/core/101/filelists/x86_64/ath9k-module +++ /dev/null @@ -1,2 +0,0 @@ -lib/modules/KVER-ipfire/kernel/drivers/net/wireless/ath/ath9k - diff --git a/config/rootfiles/core/101/filelists/x86_64/dmidecode b/config/rootfiles/core/101/filelists/x86_64/dmidecode deleted file mode 120000 index 88f5f0a..0000000 --- a/config/rootfiles/core/101/filelists/x86_64/dmidecode +++ /dev/null @@ -1 +0,0 @@ -../../../../common/x86_64/dmidecode \ No newline at end of file diff --git a/config/rootfiles/core/101/filelists/x86_64/gmp b/config/rootfiles/core/101/filelists/x86_64/gmp deleted file mode 120000 index 7c59c60..0000000 --- a/config/rootfiles/core/101/filelists/x86_64/gmp +++ /dev/null @@ -1 +0,0 @@ -../../../../common/x86_64/gmp \ No newline at end of file diff --git a/config/rootfiles/core/101/meta b/config/rootfiles/core/101/meta deleted file mode 100644 index d547fa8..0000000 --- a/config/rootfiles/core/101/meta +++ /dev/null @@ -1 +0,0 @@ -DEPS="" diff --git a/config/rootfiles/core/101/update.sh b/config/rootfiles/core/101/update.sh deleted file mode 100644 index 207b046..0000000 --- a/config/rootfiles/core/101/update.sh +++ /dev/null @@ -1,95 +0,0 @@ -#!/bin/bash -############################################################################ -# # -# This file is part of the IPFire Firewall. # -# # -# IPFire is free software; you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation; either version 3 of the License, or # -# (at your option) any later version. # -# # -# IPFire is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with IPFire; if not, write to the Free Software # -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # -# # -# Copyright (C) 2016 IPFire-Team info@ipfire.org. # -# # -############################################################################ -# -. /opt/pakfire/lib/functions.sh -/usr/local/bin/backupctrl exclude >/dev/null 2>&1 - -core=101 - -function exit_with_error() { - # Set last succesfull installed core. - echo $(($core-1)) > /opt/pakfire/db/core/mine - /usr/bin/logger -p syslog.emerg -t ipfire \ - "core-update-${core}: $1" - exit $2 -} - -# Remove old core updates from pakfire cache to save space... -for (( i=1; i<=$core; i++ )) -do - rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire -done - - -# Stop services -/etc/init.d/squid stop - -# Remove old raspberrypi modules -rm -rf /lib/modules/3.14.65-ipfire-rpi - -# Extract files -extract_files - -# update linker config -ldconfig - -# Fix conntrack configuration -for i in CONNTRACK_H323 CONNTRACK_FTP CONNTRACK_PPTP CONNTRACK_TFTP CONNTRACK_IRC; do - if ! grep -q "^${i}" /var/ipfire/optionsfw/settings; then - echo "${i}=on" - fi -done >> /var/ipfire/optionsfw/settings - -# Special handling for SIP -if ! grep -q "^CONNTRACK_SIP" /var/ipfire/optionsfw/settings; then - if [ -e "/var/ipfire/main/disable_nf_sip" ]; then - echo "CONNTRACK_SIP=off" >> /var/ipfire/optionsfw/settings - rm -f /var/ipfire/main/disable_nf_sip - else - echo "CONNTRACK_SIP=on" >> /var/ipfire/optionsfw/settings - fi -fi - -# Update Language cache -#/usr/local/bin/update-lang-cache - -# -# Start services -# -/etc/init.d/squid start - -sync -# This update need a reboot... -touch /var/run/need_reboot - -# Finish -/etc/init.d/fireinfo start -sendprofile -# Update grub config to display new core version -if [ -e /boot/grub/grub.cfg ]; then - grub-mkconfig -o /boot/grub/grub.cfg -fi -sync - -# Don't report the exitcode last command -exit 0 diff --git a/config/rootfiles/core/102/exclude b/config/rootfiles/core/102/exclude new file mode 100644 index 0000000..7ddeae0 --- /dev/null +++ b/config/rootfiles/core/102/exclude @@ -0,0 +1,28 @@ +boot/config.txt +boot/grub/grub.cfg +boot/grub/grubenv +etc/alternatives +etc/collectd.custom +etc/default/grub +etc/ipsec.conf +etc/ipsec.secrets +etc/ipsec.user.conf +etc/ipsec.user.secrets +etc/localtime +etc/shadow +etc/snort/snort.conf +etc/ssh/ssh_config +etc/ssh/sshd_config +etc/ssl/openssl.cnf +etc/sudoers +etc/sysconfig/firewall.local +etc/sysconfig/rc.local +etc/udev/rules.d/30-persistent-network.rules +srv/web/ipfire/html/proxy.pac +var/ipfire/dma +var/ipfire/time +var/ipfire/ovpn +var/lib/alternatives +var/log/cache +var/state/dhcp/dhcpd.leases +var/updatecache diff --git a/config/rootfiles/core/102/filelists/files b/config/rootfiles/core/102/filelists/files new file mode 100644 index 0000000..409e5fe --- /dev/null +++ b/config/rootfiles/core/102/filelists/files @@ -0,0 +1,2 @@ +etc/system-release +etc/issue diff --git a/config/rootfiles/core/102/filelists/i586/openssl-sse2 b/config/rootfiles/core/102/filelists/i586/openssl-sse2 new file mode 120000 index 0000000..f424713 --- /dev/null +++ b/config/rootfiles/core/102/filelists/i586/openssl-sse2 @@ -0,0 +1 @@ +../../../../common/i586/openssl-sse2 \ No newline at end of file diff --git a/config/rootfiles/core/102/filelists/openssh b/config/rootfiles/core/102/filelists/openssh new file mode 120000 index 0000000..d8c77fd --- /dev/null +++ b/config/rootfiles/core/102/filelists/openssh @@ -0,0 +1 @@ +../../../common/openssh \ No newline at end of file diff --git a/config/rootfiles/core/102/filelists/openssl b/config/rootfiles/core/102/filelists/openssl new file mode 120000 index 0000000..e011a92 --- /dev/null +++ b/config/rootfiles/core/102/filelists/openssl @@ -0,0 +1 @@ +../../../common/openssl \ No newline at end of file diff --git a/config/rootfiles/core/102/meta b/config/rootfiles/core/102/meta new file mode 100644 index 0000000..d547fa8 --- /dev/null +++ b/config/rootfiles/core/102/meta @@ -0,0 +1 @@ +DEPS="" diff --git a/config/rootfiles/core/102/update.sh b/config/rootfiles/core/102/update.sh new file mode 100644 index 0000000..2f51d10 --- /dev/null +++ b/config/rootfiles/core/102/update.sh @@ -0,0 +1,74 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 3 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2016 IPFire-Team info@ipfire.org. # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh +/usr/local/bin/backupctrl exclude >/dev/null 2>&1 + +core=102 + +function exit_with_error() { + # Set last succesfull installed core. + echo $(($core-1)) > /opt/pakfire/db/core/mine + /usr/bin/logger -p syslog.emerg -t ipfire \ + "core-update-${core}: $1" + exit $2 +} + +# Remove old core updates from pakfire cache to save space... +for (( i=1; i<=$core; i++ )) +do + rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire +done + + +# Stop services + +# Extract files +extract_files + +# update linker config +ldconfig + +# Update Language cache +#/usr/local/bin/update-lang-cache + +# +# Start services +# + +sync +# This update need a reboot... +touch /var/run/need_reboot + +# Finish +/etc/init.d/fireinfo start +sendprofile + +# Update grub config to display new core version +if [ -e /boot/grub/grub.cfg ]; then + grub-mkconfig -o /boot/grub/grub.cfg +fi +sync + +# Don't report the exitcode last command +exit 0 diff --git a/config/rootfiles/oldcore/101/exclude b/config/rootfiles/oldcore/101/exclude new file mode 100644 index 0000000..7ddeae0 --- /dev/null +++ b/config/rootfiles/oldcore/101/exclude @@ -0,0 +1,28 @@ +boot/config.txt +boot/grub/grub.cfg +boot/grub/grubenv +etc/alternatives +etc/collectd.custom +etc/default/grub +etc/ipsec.conf +etc/ipsec.secrets +etc/ipsec.user.conf +etc/ipsec.user.secrets +etc/localtime +etc/shadow +etc/snort/snort.conf +etc/ssh/ssh_config +etc/ssh/sshd_config +etc/ssl/openssl.cnf +etc/sudoers +etc/sysconfig/firewall.local +etc/sysconfig/rc.local +etc/udev/rules.d/30-persistent-network.rules +srv/web/ipfire/html/proxy.pac +var/ipfire/dma +var/ipfire/time +var/ipfire/ovpn +var/lib/alternatives +var/log/cache +var/state/dhcp/dhcpd.leases +var/updatecache diff --git a/config/rootfiles/oldcore/101/filelists/armv5tel/ath9k-module b/config/rootfiles/oldcore/101/filelists/armv5tel/ath9k-module new file mode 100644 index 0000000..92f518e --- /dev/null +++ b/config/rootfiles/oldcore/101/filelists/armv5tel/ath9k-module @@ -0,0 +1,3 @@ +lib/modules/KVER-ipfire-multi/kernel/drivers/net/wireless/ath/ath9k +lib/modules/KVER-ipfire-kirkwood/kernel/drivers/net/wireless/ath/ath9k + diff --git a/config/rootfiles/oldcore/101/filelists/armv5tel/gmp b/config/rootfiles/oldcore/101/filelists/armv5tel/gmp new file mode 120000 index 0000000..2bdf30d --- /dev/null +++ b/config/rootfiles/oldcore/101/filelists/armv5tel/gmp @@ -0,0 +1 @@ +../../../../common/armv5tel/gmp \ No newline at end of file diff --git a/config/rootfiles/oldcore/101/filelists/armv5tel/linux-rpi b/config/rootfiles/oldcore/101/filelists/armv5tel/linux-rpi new file mode 120000 index 0000000..a651a49 --- /dev/null +++ b/config/rootfiles/oldcore/101/filelists/armv5tel/linux-rpi @@ -0,0 +1 @@ +../../../../common/armv5tel/linux-rpi \ No newline at end of file diff --git a/config/rootfiles/oldcore/101/filelists/bind b/config/rootfiles/oldcore/101/filelists/bind new file mode 120000 index 0000000..48a0eba --- /dev/null +++ b/config/rootfiles/oldcore/101/filelists/bind @@ -0,0 +1 @@ +../../../common/bind \ No newline at end of file diff --git a/config/rootfiles/oldcore/101/filelists/dma b/config/rootfiles/oldcore/101/filelists/dma new file mode 120000 index 0000000..60f4682 --- /dev/null +++ b/config/rootfiles/oldcore/101/filelists/dma @@ -0,0 +1 @@ +../../../common/dma \ No newline at end of file diff --git a/config/rootfiles/oldcore/101/filelists/e2fsprogs b/config/rootfiles/oldcore/101/filelists/e2fsprogs new file mode 120000 index 0000000..37b55de --- /dev/null +++ b/config/rootfiles/oldcore/101/filelists/e2fsprogs @@ -0,0 +1 @@ +../../../common/e2fsprogs \ No newline at end of file diff --git a/config/rootfiles/oldcore/101/filelists/files b/config/rootfiles/oldcore/101/filelists/files new file mode 100644 index 0000000..c04cff6 --- /dev/null +++ b/config/rootfiles/oldcore/101/filelists/files @@ -0,0 +1,7 @@ +etc/system-release +etc/issue +etc/rc.d/init.d/firewall +srv/web/ipfire/cgi-bin/chpasswd.cgi +srv/web/ipfire/cgi-bin/ipinfo.cgi +srv/web/ipfire/cgi-bin/optionsfw.cgi +srv/web/ipfire/cgi-bin/proxy.cgi diff --git a/config/rootfiles/oldcore/101/filelists/grep b/config/rootfiles/oldcore/101/filelists/grep new file mode 120000 index 0000000..ab5ef8b --- /dev/null +++ b/config/rootfiles/oldcore/101/filelists/grep @@ -0,0 +1 @@ +../../../common/grep \ No newline at end of file diff --git a/config/rootfiles/oldcore/101/filelists/i586/ath9k-module b/config/rootfiles/oldcore/101/filelists/i586/ath9k-module new file mode 100644 index 0000000..2490e61 --- /dev/null +++ b/config/rootfiles/oldcore/101/filelists/i586/ath9k-module @@ -0,0 +1,3 @@ +lib/modules/KVER-ipfire/kernel/drivers/net/wireless/ath/ath9k +lib/modules/KVER-ipfire-pae/kernel/drivers/net/wireless/ath/ath9k + diff --git a/config/rootfiles/oldcore/101/filelists/i586/dmidecode b/config/rootfiles/oldcore/101/filelists/i586/dmidecode new file mode 120000 index 0000000..1add99b --- /dev/null +++ b/config/rootfiles/oldcore/101/filelists/i586/dmidecode @@ -0,0 +1 @@ +../../../../common/i586/dmidecode \ No newline at end of file diff --git a/config/rootfiles/oldcore/101/filelists/i586/gmp b/config/rootfiles/oldcore/101/filelists/i586/gmp new file mode 120000 index 0000000..52a09cd --- /dev/null +++ b/config/rootfiles/oldcore/101/filelists/i586/gmp @@ -0,0 +1 @@ +../../../../common/i586/gmp \ No newline at end of file diff --git a/config/rootfiles/oldcore/101/filelists/libxml2 b/config/rootfiles/oldcore/101/filelists/libxml2 new file mode 120000 index 0000000..242e69f --- /dev/null +++ b/config/rootfiles/oldcore/101/filelists/libxml2 @@ -0,0 +1 @@ +../../../common/libxml2 \ No newline at end of file diff --git a/config/rootfiles/oldcore/101/filelists/mpfr b/config/rootfiles/oldcore/101/filelists/mpfr new file mode 120000 index 0000000..c8468bf --- /dev/null +++ b/config/rootfiles/oldcore/101/filelists/mpfr @@ -0,0 +1 @@ +../../../common/mpfr \ No newline at end of file diff --git a/config/rootfiles/oldcore/101/filelists/nettle b/config/rootfiles/oldcore/101/filelists/nettle new file mode 120000 index 0000000..f0dba7a --- /dev/null +++ b/config/rootfiles/oldcore/101/filelists/nettle @@ -0,0 +1 @@ +../../../common/nettle \ No newline at end of file diff --git a/config/rootfiles/oldcore/101/filelists/patch b/config/rootfiles/oldcore/101/filelists/patch new file mode 120000 index 0000000..27a3825 --- /dev/null +++ b/config/rootfiles/oldcore/101/filelists/patch @@ -0,0 +1 @@ +../../../common/patch \ No newline at end of file diff --git a/config/rootfiles/oldcore/101/filelists/paxctl b/config/rootfiles/oldcore/101/filelists/paxctl new file mode 120000 index 0000000..dda8d9f --- /dev/null +++ b/config/rootfiles/oldcore/101/filelists/paxctl @@ -0,0 +1 @@ +../../../common/paxctl \ No newline at end of file diff --git a/config/rootfiles/oldcore/101/filelists/pciutils b/config/rootfiles/oldcore/101/filelists/pciutils new file mode 120000 index 0000000..aeb45e7 --- /dev/null +++ b/config/rootfiles/oldcore/101/filelists/pciutils @@ -0,0 +1 @@ +../../../common/pciutils \ No newline at end of file diff --git a/config/rootfiles/oldcore/101/filelists/pcre b/config/rootfiles/oldcore/101/filelists/pcre new file mode 120000 index 0000000..b390d9a --- /dev/null +++ b/config/rootfiles/oldcore/101/filelists/pcre @@ -0,0 +1 @@ +../../../common/pcre \ No newline at end of file diff --git a/config/rootfiles/oldcore/101/filelists/perl-Apache-Htpasswd b/config/rootfiles/oldcore/101/filelists/perl-Apache-Htpasswd new file mode 120000 index 0000000..c7d2c8d --- /dev/null +++ b/config/rootfiles/oldcore/101/filelists/perl-Apache-Htpasswd @@ -0,0 +1 @@ +../../../common/perl-Apache-Htpasswd \ No newline at end of file diff --git a/config/rootfiles/oldcore/101/filelists/squid b/config/rootfiles/oldcore/101/filelists/squid new file mode 120000 index 0000000..2dc8372 --- /dev/null +++ b/config/rootfiles/oldcore/101/filelists/squid @@ -0,0 +1 @@ +../../../common/squid \ No newline at end of file diff --git a/config/rootfiles/oldcore/101/filelists/x86_64/ath9k-module b/config/rootfiles/oldcore/101/filelists/x86_64/ath9k-module new file mode 100644 index 0000000..25361ce --- /dev/null +++ b/config/rootfiles/oldcore/101/filelists/x86_64/ath9k-module @@ -0,0 +1,2 @@ +lib/modules/KVER-ipfire/kernel/drivers/net/wireless/ath/ath9k + diff --git a/config/rootfiles/oldcore/101/filelists/x86_64/dmidecode b/config/rootfiles/oldcore/101/filelists/x86_64/dmidecode new file mode 120000 index 0000000..88f5f0a --- /dev/null +++ b/config/rootfiles/oldcore/101/filelists/x86_64/dmidecode @@ -0,0 +1 @@ +../../../../common/x86_64/dmidecode \ No newline at end of file diff --git a/config/rootfiles/oldcore/101/filelists/x86_64/gmp b/config/rootfiles/oldcore/101/filelists/x86_64/gmp new file mode 120000 index 0000000..7c59c60 --- /dev/null +++ b/config/rootfiles/oldcore/101/filelists/x86_64/gmp @@ -0,0 +1 @@ +../../../../common/x86_64/gmp \ No newline at end of file diff --git a/config/rootfiles/oldcore/101/meta b/config/rootfiles/oldcore/101/meta new file mode 100644 index 0000000..d547fa8 --- /dev/null +++ b/config/rootfiles/oldcore/101/meta @@ -0,0 +1 @@ +DEPS="" diff --git a/config/rootfiles/oldcore/101/update.sh b/config/rootfiles/oldcore/101/update.sh new file mode 100644 index 0000000..207b046 --- /dev/null +++ b/config/rootfiles/oldcore/101/update.sh @@ -0,0 +1,95 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 3 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2016 IPFire-Team info@ipfire.org. # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh +/usr/local/bin/backupctrl exclude >/dev/null 2>&1 + +core=101 + +function exit_with_error() { + # Set last succesfull installed core. + echo $(($core-1)) > /opt/pakfire/db/core/mine + /usr/bin/logger -p syslog.emerg -t ipfire \ + "core-update-${core}: $1" + exit $2 +} + +# Remove old core updates from pakfire cache to save space... +for (( i=1; i<=$core; i++ )) +do + rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire +done + + +# Stop services +/etc/init.d/squid stop + +# Remove old raspberrypi modules +rm -rf /lib/modules/3.14.65-ipfire-rpi + +# Extract files +extract_files + +# update linker config +ldconfig + +# Fix conntrack configuration +for i in CONNTRACK_H323 CONNTRACK_FTP CONNTRACK_PPTP CONNTRACK_TFTP CONNTRACK_IRC; do + if ! grep -q "^${i}" /var/ipfire/optionsfw/settings; then + echo "${i}=on" + fi +done >> /var/ipfire/optionsfw/settings + +# Special handling for SIP +if ! grep -q "^CONNTRACK_SIP" /var/ipfire/optionsfw/settings; then + if [ -e "/var/ipfire/main/disable_nf_sip" ]; then + echo "CONNTRACK_SIP=off" >> /var/ipfire/optionsfw/settings + rm -f /var/ipfire/main/disable_nf_sip + else + echo "CONNTRACK_SIP=on" >> /var/ipfire/optionsfw/settings + fi +fi + +# Update Language cache +#/usr/local/bin/update-lang-cache + +# +# Start services +# +/etc/init.d/squid start + +sync +# This update need a reboot... +touch /var/run/need_reboot + +# Finish +/etc/init.d/fireinfo start +sendprofile +# Update grub config to display new core version +if [ -e /boot/grub/grub.cfg ]; then + grub-mkconfig -o /boot/grub/grub.cfg +fi +sync + +# Don't report the exitcode last command +exit 0 diff --git a/lfs/openssl b/lfs/openssl index eb7352f..0a0b2cf 100644 --- a/lfs/openssl +++ b/lfs/openssl @@ -24,7 +24,7 @@
include Config
-VER = 1.0.2g +VER = 1.0.2h
THISAPP = openssl-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -53,7 +53,7 @@ CONFIGURE_OPTIONS = \ zlib-dynamic \ enable-camellia \ enable-md2 \ - enable-ssl2 \ + disable-ssl2 \ enable-seed \ enable-tlsext \ enable-rfc3779 \ @@ -87,7 +87,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = f3c710c045cdee5fd114feb69feba7aa +$(DL_FILE)_MD5 = 9392e65072ce4b614c1392eefc1f23d0
install : $(TARGET)
@@ -119,7 +119,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.0-beta5-enginesdir.patch cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2a-rpmbuild.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.1m-weak-ciphers.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2h-weak-ciphers.patch cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2g-disable-sslv2v3.patch
# i586 specific patches diff --git a/make.sh b/make.sh index 960b45d..d2d3e14 100755 --- a/make.sh +++ b/make.sh @@ -25,8 +25,8 @@ NAME="IPFire" # Software name SNAME="ipfire" # Short name VERSION="2.19" # Version number -CORE="101" # Core Level (Filename) -PAKFIRE_CORE="101" # Core Level (PAKFIRE) +CORE="102" # Core Level (Filename) +PAKFIRE_CORE="102" # Core Level (PAKFIRE) GIT_BRANCH=`git rev-parse --abbrev-ref HEAD` # Git Branch SLOGAN="www.ipfire.org" # Software slogan CONFIG_ROOT=/var/ipfire # Configuration rootdir diff --git a/src/patches/openssl-1.0.1m-weak-ciphers.patch b/src/patches/openssl-1.0.1m-weak-ciphers.patch deleted file mode 100644 index f57b978..0000000 --- a/src/patches/openssl-1.0.1m-weak-ciphers.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- openssl-1.0.1m/ssl/ssl.h.old 2015-03-19 15:25:20.646533583 +0100 -+++ openssl-1.0.1m/ssl/ssl.h 2015-03-19 15:25:31.229875691 +0100 -@@ -334,7 +334,7 @@ - * The following cipher list is used by default. It also is substituted when - * an application-defined cipher list string starts with 'DEFAULT'. - */ --# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!aNULL:!eNULL:!SSLv2" -+# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!aNULL:!eNULL:!SSLv2:!RC2:!DES" - /* - * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always - * starts with a reasonable order, and all we have to do for DEFAULT is diff --git a/src/patches/openssl-1.0.2h-weak-ciphers.patch b/src/patches/openssl-1.0.2h-weak-ciphers.patch new file mode 100644 index 0000000..d1ec6a2 --- /dev/null +++ b/src/patches/openssl-1.0.2h-weak-ciphers.patch @@ -0,0 +1,12 @@ +diff -Naur openssl-1.0.2h.org/ssl/ssl.h openssl-1.0.2h/ssl/ssl.h +--- openssl-1.0.2h.org/ssl/ssl.h 2016-05-03 15:44:42.000000000 +0200 ++++ openssl-1.0.2h/ssl/ssl.h 2016-05-03 18:49:10.393302264 +0200 +@@ -338,7 +338,7 @@ + * The following cipher list is used by default. It also is substituted when + * an application-defined cipher list string starts with 'DEFAULT'. + */ +-# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2" ++# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2:!RC2:!DES" + /* + * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always + * starts with a reasonable order, and all we have to do for DEFAULT is
hooks/post-receive -- IPFire 2.x development tree