This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via 935c2f233b730a010b241029f559e837d93a7ea7 (commit) via 4851bc81f33058d814028ab91f4badf46739f373 (commit) via a6df80269bb2aaf10c45658d0d2a7058d8456d9a (commit) via c330d115bf0ab7232679151dd8a79fe59ebe1b27 (commit) via 458064c5196c7350313ef2753f17210607031c04 (commit) via a0e747dafc027d57976c799e23c17f5825a9739a (commit) via 5ecf77e7305d72db7c1e6d617d0317b161f25267 (commit) via b0507bff11ae99438291e35d1d36096b1cf9c008 (commit) via 4c658a270eca30cc9b91dc639da5c69326013045 (commit) via 9188f6142c7681ad46cf9acbfc42c2780f951f6c (commit) via 5ffd14f1407ca9be93a2edd65d7151567927fbb4 (commit) via a0a3d81c123cece4c25227c71c983a45594715e7 (commit) via b283b2cf8ffbeea1ab19237ca82db95a45efbb47 (commit) via c2f80e67a711eee43dd5c815defc689fc7604b64 (commit) via 5354d0f5c902f208d755b3b8a06f5896d4d2c975 (commit) via 93899a216f7f03b8e1d5092fdd20afd07b0bedae (commit) via 156311fbcd67f00002fe658e1ee4b20154bf014a (commit) via 06dbe99dbb1c37de8fc94b6f2dc6e53ef1d7d022 (commit) via 1f080b34bac4fbaa88d2b460ece53d460fff6ec5 (commit) via 5fe185f83c98d86cdbca470ecbea5c1365cae3f9 (commit) via b3f401fba4b69ea06a1987a971f8f7ff59b3ee33 (commit) from 80a5cc5609f717be24c2ca5f3f60b46412dc11cd (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 935c2f233b730a010b241029f559e837d93a7ea7 Merge: 80a5cc5 4851bc8 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Aug 7 21:06:13 2014 +0200
Merge remote-tracking branch 'ms/ddns.cgi-fixes' into next
Conflicts: html/cgi-bin/ddns.cgi
commit 4851bc81f33058d814028ab91f4badf46739f373 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Jul 26 18:26:37 2014 +0200
ddns.cgi: Support hostname details without seperating dots.
To keep compatiblity with the settings file of the old DDNS update script (setddns.pl) we keept the storrage of the hostname information in two parts (hostname and domain) and connected both with a dot to get a valid FQDN again. OpenDNS and may some other providers do not use a dotted format for this information, so one of these two values were empty.
We now can handle such cases in a right way.
commit a6df80269bb2aaf10c45658d0d2a7058d8456d9a Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Aug 7 20:58:33 2014 +0200
ddns.cgi: Fix CGI clearing all settings.
commit c330d115bf0ab7232679151dd8a79fe59ebe1b27 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Aug 7 20:40:14 2014 +0200
ddns.cgi: Fix coding style.
commit 458064c5196c7350313ef2753f17210607031c04 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Aug 7 20:33:10 2014 +0200
ddns.cgi: Allow enabling/disabling entries.
-----------------------------------------------------------------------
Summary of changes: config/rootfiles/common/ddns | 3 + config/rootfiles/core/80/filelists/files | 1 + config/rootfiles/core/{80 => 81}/exclude | 0 config/rootfiles/core/{80 => 81}/filelists/ddns | 0 .../{oldcore/63 => core/81}/filelists/files | 4 +- config/rootfiles/core/{80 => 81}/filelists/lzo | 0 .../{oldcore/36 => core/81}/filelists/openssh | 0 .../{oldcore/28 => core/81}/filelists/openssl | 0 config/rootfiles/core/{80 => 81}/meta | 0 config/rootfiles/core/{80 => 81}/update.sh | 0 html/cgi-bin/ddns.cgi | 88 ++++---- html/cgi-bin/ids.cgi | 6 +- lfs/check_mk_agent | 2 +- lfs/ddns | 6 +- lfs/lzo | 5 +- lfs/openssl | 4 +- lfs/tor | 6 +- make.sh | 4 +- src/paks/check_mk_agent/uninstall.sh | 1 + ...3-Add-a-program-prefix-to-syslog-messages.patch | 25 --- src/patches/lzo-2.06-CVE-2014-4607.patch | 245 +++++++++++++++++++++ 21 files changed, 310 insertions(+), 90 deletions(-) copy config/rootfiles/core/{80 => 81}/exclude (100%) copy config/rootfiles/core/{80 => 81}/filelists/ddns (100%) copy config/rootfiles/{oldcore/63 => core/81}/filelists/files (50%) copy config/rootfiles/core/{80 => 81}/filelists/lzo (100%) copy config/rootfiles/{oldcore/36 => core/81}/filelists/openssh (100%) copy config/rootfiles/{oldcore/28 => core/81}/filelists/openssl (100%) copy config/rootfiles/core/{80 => 81}/meta (100%) copy config/rootfiles/core/{80 => 81}/update.sh (100%) delete mode 100644 src/patches/ddns-003-Add-a-program-prefix-to-syslog-messages.patch create mode 100755 src/patches/lzo-2.06-CVE-2014-4607.patch
Difference in files: diff --git a/config/rootfiles/common/ddns b/config/rootfiles/common/ddns index 2f0bdf7..f93965c 100644 --- a/config/rootfiles/common/ddns +++ b/config/rootfiles/common/ddns @@ -60,4 +60,7 @@ usr/lib/python2.7/site-packages/ddns/system.pyo #usr/share/locale/uz@Latn/LC_MESSAGES #usr/share/locale/uz@Latn/LC_MESSAGES/ddns.mo #usr/share/locale/vi/LC_MESSAGES/ddns.mo +#usr/share/locale/zh +#usr/share/locale/zh/LC_MESSAGES +#usr/share/locale/zh/LC_MESSAGES/ddns.mo #var/ipfire/ddns/ddns.conf.sample diff --git a/config/rootfiles/core/80/filelists/files b/config/rootfiles/core/80/filelists/files index a12048d..cdddaac 100644 --- a/config/rootfiles/core/80/filelists/files +++ b/config/rootfiles/core/80/filelists/files @@ -8,6 +8,7 @@ etc/rc.d/init.d/firewall etc/rc.d/init.d/networking/red.up/30-ddns etc/rc.d/init.d/rngd srv/web/ipfire/cgi-bin/ddns.cgi +srv/web/ipfire/cgi-bin/ids.cgi srv/web/ipfire/cgi-bin/logs.cgi/firewalllogcountry.dat srv/web/ipfire/cgi-bin/logs.cgi/log.dat srv/web/ipfire/cgi-bin/netexternal.cgi diff --git a/config/rootfiles/core/81/exclude b/config/rootfiles/core/81/exclude new file mode 100644 index 0000000..18e9b4d --- /dev/null +++ b/config/rootfiles/core/81/exclude @@ -0,0 +1,20 @@ +boot/config.txt +etc/collectd.custom +etc/ipsec.conf +etc/ipsec.secrets +etc/ipsec.user.conf +etc/ipsec.user.secrets +etc/localtime +etc/shadow +etc/ssh/ssh_config +etc/ssh/sshd_config +etc/ssl/openssl.cnf +etc/sudoers +etc/sysconfig/firewall.local +etc/sysconfig/rc.local +etc/udev/rules.d/30-persistent-network.rules +srv/web/ipfire/html/proxy.pac +var/ipfire/ovpn +var/log/cache +var/state/dhcp/dhcpd.leases +var/updatecache diff --git a/config/rootfiles/core/81/filelists/ddns b/config/rootfiles/core/81/filelists/ddns new file mode 120000 index 0000000..7395164 --- /dev/null +++ b/config/rootfiles/core/81/filelists/ddns @@ -0,0 +1 @@ +../../../common/ddns \ No newline at end of file diff --git a/config/rootfiles/core/81/filelists/files b/config/rootfiles/core/81/filelists/files new file mode 100644 index 0000000..4b0ae1e --- /dev/null +++ b/config/rootfiles/core/81/filelists/files @@ -0,0 +1,5 @@ +etc/system-release +etc/issue +etc/rc.d/init.d/firewall +srv/web/ipfire/cgi-bin/ddns.cgi +srv/web/ipfire/cgi-bin/ovpnmain.cgi diff --git a/config/rootfiles/core/81/filelists/lzo b/config/rootfiles/core/81/filelists/lzo new file mode 120000 index 0000000..8e11e78 --- /dev/null +++ b/config/rootfiles/core/81/filelists/lzo @@ -0,0 +1 @@ +../../../common/lzo \ No newline at end of file diff --git a/config/rootfiles/core/81/filelists/openssh b/config/rootfiles/core/81/filelists/openssh new file mode 120000 index 0000000..d8c77fd --- /dev/null +++ b/config/rootfiles/core/81/filelists/openssh @@ -0,0 +1 @@ +../../../common/openssh \ No newline at end of file diff --git a/config/rootfiles/core/81/filelists/openssl b/config/rootfiles/core/81/filelists/openssl new file mode 120000 index 0000000..e011a92 --- /dev/null +++ b/config/rootfiles/core/81/filelists/openssl @@ -0,0 +1 @@ +../../../common/openssl \ No newline at end of file diff --git a/config/rootfiles/core/81/meta b/config/rootfiles/core/81/meta new file mode 100644 index 0000000..d547fa8 --- /dev/null +++ b/config/rootfiles/core/81/meta @@ -0,0 +1 @@ +DEPS="" diff --git a/config/rootfiles/core/81/update.sh b/config/rootfiles/core/81/update.sh new file mode 100644 index 0000000..67244c6 --- /dev/null +++ b/config/rootfiles/core/81/update.sh @@ -0,0 +1,101 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 3 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2014 IPFire-Team info@ipfire.org. # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh +/usr/local/bin/backupctrl exclude >/dev/null 2>&1 + +# Remove old core updates from pakfire cache to save space... +core=80 +for (( i=1; i<=$core; i++ )) +do + rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire +done + +# Stop services +/etc/init.d/ipsec stop + +# Remove old strongswan files +rm -f \ + /etc/strongswan.d/charon/unity.conf \ + /usr/lib/ipsec/plugins/libstrongswan-unity.so \ + /usr/share/strongswan/templates/config/plugins/unity.conf + +rm -f /usr/local/bin/setddns.pl + +# Extract files +extract_files + +# Start services +/etc/init.d/dnsmasq restart +if [ `grep "ENABLED=on" /var/ipfire/vpn/settings` ]; then + /etc/init.d/ipsec start +fi + + +# Update Language cache +perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang" + +# Uninstall the libgpg-error package. +rm -f \ + /opt/pakfire/db/installed/meta-libgpg-error \ + /opt/pakfire/db/rootfiles/libgpg-error + +# Fix broken proxy configuration permissions +chown -R nobody.nobody \ + /var/ipfire/proxy/advanced \ + /var/ipfire/proxy/acl-1.4 \ + /var/ipfire/proxy/enable \ + /var/ipfire/proxy/settings \ + /var/ipfire/proxy/squid.conf \ + /var/ipfire/proxy/transparent + +# Regenerate squid configuration file +sudo -u nobody /srv/web/ipfire/cgi-bin/proxy.cgi + +# Generate ddns configuration file +sudo -u nobody /srv/web/ipfire/cgi-bin/ddns.cgi + +# Update crontab +sed -i /var/spool/cron/root.orig -e "/setddns.pl/d" + +grep -q /usr/bin/ddns /var/spool/cron/root.orig || cat <<EOF >> /var/spool/cron/root.orig + +# Update dynamic DNS records every five minutes. +# Force an update once a month +*/5 * * * * [ -f "/var/ipfire/red/active" ] && /usr/bin/ddns update-all +3 2 1 * * [ -f "/var/ipfire/red/active" ] && /usr/bin/ddns update-all --force +EOF + +fcrontab -z &>/dev/null + +sync + +# This update need a reboot... +#touch /var/run/need_reboot + +# Finish +/etc/init.d/fireinfo start +sendprofile + +# Don't report the exitcode last command +exit 0 diff --git a/html/cgi-bin/ddns.cgi b/html/cgi-bin/ddns.cgi index aeb0cd7..55841b2 100644 --- a/html/cgi-bin/ddns.cgi +++ b/html/cgi-bin/ddns.cgi @@ -89,7 +89,6 @@ close (FILE); # Save General Settings. # if ($settings{'ACTION'} eq $Lang::tr{'save'}) { - # Open /var/ipfire/ddns/settings for writing. open(FILE, ">$settingsfile") or die "Unable to open $settingsfile.";
@@ -104,9 +103,6 @@ if ($settings{'ACTION'} eq $Lang::tr{'save'}) { # Close file after writing. close(FILE);
- # Unset given CGI parmas. - undef %settings; - # Update ddns config file. &GenerateDDNSConfigFile(); } @@ -115,7 +111,6 @@ if ($settings{'ACTION'} eq $Lang::tr{'save'}) { # Toggle enable/disable field. Field is in second position # if ($settings{'ACTION'} eq $Lang::tr{'toggle enable disable'}) { - # Open /var/ipfire/ddns/config for writing. open(FILE, ">$datafile") or die "Unable to open $datafile.";
@@ -127,23 +122,19 @@ if ($settings{'ACTION'} eq $Lang::tr{'toggle enable disable'}) {
# Read file line by line. foreach my $line (@current) { - # Remove newlines. chomp($line);
if ($settings{'ID'} eq $id) { - # Splitt lines (splitting element is a single ",") and save values into temp array. @temp = split(/,/,$line);
# Check if we want to toggle ENABLED or WILDCARDS. if ($settings{'ENABLED'} ne '') { - # Update ENABLED. print FILE "$temp[0],$temp[1],$temp[2],$temp[3],$temp[4],$temp[5],$temp[6],$settings{'ENABLED'}\n"; } } else { - # Print unmodified line. print FILE "$line\n"; } @@ -151,13 +142,11 @@ if ($settings{'ACTION'} eq $Lang::tr{'toggle enable disable'}) { # Increase $id. $id++; } + undef $settings{'ID'};
# Close file after writing. close(FILE);
- # Unset given CGI params. - undef %settings; - # Write out logging notice. &General::log($Lang::tr{'ddns hostname modified'});
@@ -169,7 +158,6 @@ if ($settings{'ACTION'} eq $Lang::tr{'toggle enable disable'}) { # Add new accounts, or edit existing ones. # if (($settings{'ACTION'} eq $Lang::tr{'add'}) || ($settings{'ACTION'} eq $Lang::tr{'update'})) { - # Check if a hostname has been given. if ($settings{'HOSTNAME'} eq '') { $errormessage = $Lang::tr{'hostname not set'}; @@ -187,19 +175,23 @@ if (($settings{'ACTION'} eq $Lang::tr{'add'}) || ($settings{'ACTION'} eq $Lang::
# Check if a password has been typed in. # freedns.afraid.org does not require this field. - if (($settings{'PASSWORD'} eq '') && ($settings{'SERVICE'} ne 'freedns.afraid.org')) { + if (($settings{'PASSWORD'} eq '') && ($settings{'SERVICE'} ne 'freedns.afraid.org') && ($settings{'SERVICE'} ne 'regfish.com')) { $errormessage = $Lang::tr{'password not set'}; }
# Go furter if there was no error. - if ( ! $errormessage) { - + if (!$errormessage) { # Splitt hostname field into 2 parts for storrage. my($hostname, $domain) = split(/./, $settings{'HOSTNAME'}, 2);
+ # Handle enabled checkbox. When the checkbox is selected a "on" will be returned, + # if the checkbox is not checked nothing is returned in this case we set the value to "off". + if ($settings{'ENABLED'} ne 'on') { + $settings{'ENABLED'} = 'off'; + } + # Handle adding new accounts. if ($settings{'ACTION'} eq $Lang::tr{'add'}) { - # Open /var/ipfire/ddns/config for writing. open(FILE, ">>$datafile") or die "Unable to open $datafile.";
@@ -215,11 +207,8 @@ if (($settings{'ACTION'} eq $Lang::tr{'add'}) || ($settings{'ACTION'} eq $Lang:: # Write out notice to logfile. &General::log($Lang::tr{'ddns hostname added'});
- # Update ddns config file. - # Handle account edditing. } elsif ($settings{'ACTION'} eq $Lang::tr{'update'}) { - # Open /var/ipfire/ddns/config for writing. open(FILE, ">$datafile") or die "Unable to open $datafile.";
@@ -230,7 +219,6 @@ if (($settings{'ACTION'} eq $Lang::tr{'add'}) || ($settings{'ACTION'} eq $Lang::
# Read file line by line. foreach my $line (@current) { - if ($settings{'ID'} eq $id) { print FILE "$settings{'SERVICE'},$hostname,$domain,$settings{'PROXY'},$settings{'WILDCARDS'},$settings{'LOGIN'},$settings{'PASSWORD'},$settings{'ENABLED'}\n"; } else { @@ -247,9 +235,7 @@ if (($settings{'ACTION'} eq $Lang::tr{'add'}) || ($settings{'ACTION'} eq $Lang:: # Write out notice to logfile. &General::log($Lang::tr{'ddns hostname modified'}); } - - # Unset given CGI params. - undef %settings; + undef $settings{'ID'};
# Update ddns config file. &GenerateDDNSConfigFile(); @@ -260,7 +246,6 @@ if (($settings{'ACTION'} eq $Lang::tr{'add'}) || ($settings{'ACTION'} eq $Lang:: # Remove existing accounts. # if ($settings{'ACTION'} eq $Lang::tr{'remove'}) { - # Open /var/ipfire/ddns/config for writing. open(FILE, ">$datafile") or die "Unable to open $datafile.";
@@ -271,7 +256,6 @@ if ($settings{'ACTION'} eq $Lang::tr{'remove'}) {
# Read file line by line. foreach my $line (@current) { - # Write back every line, except the one we want to drop # (identified by the ID) unless ($settings{'ID'} eq $id) { @@ -281,13 +265,11 @@ if ($settings{'ACTION'} eq $Lang::tr{'remove'}) { # Increase id. $id++; } + undef $settings{'ID'};
# Close file after writing. close(FILE);
- # Unset given CGI params. - undef %settings; - # Write out notice to logfile. &General::log($Lang::tr{'ddns hostname removed'});
@@ -299,15 +281,12 @@ if ($settings{'ACTION'} eq $Lang::tr{'remove'}) { # Read items for editing. # if ($settings{'ACTION'} eq $Lang::tr{'edit'}) { - my $id = 0; my @temp;
# Read file line by line. foreach my $line (@current) { - if ($settings{'ID'} eq $id) { - # Remove newlines. chomp($line);
@@ -331,10 +310,12 @@ if ($settings{'ACTION'} eq $Lang::tr{'edit'}) { $settings{'PASSWORD'} = $temp[6]; $settings{'ENABLED'} = $temp[7]; } - # Increase $id. - $id++;
+ # Increase $id. + $id++; } + + &GenerateDDNSConfigFile(); }
# @@ -347,9 +328,10 @@ if ($settings{'ACTION'} eq $Lang::tr{'instant update'}) { # # Set default values. # -if (! $settings{'ACTION'}) { +if (!$settings{'ACTION'}) { $settings{'SERVICE'} = 'dyndns.org'; $settings{'ENABLED'} = 'on'; + $settings{'ID'} = ''; }
&Header::openpage($Lang::tr{'dynamic dns'}, 1, ''); @@ -363,7 +345,9 @@ $checked{'BEHINDROUTER'}{'RED_IP'} = ''; $checked{'BEHINDROUTER'}{'FETCH_IP'} = ''; $checked{'BEHINDROUTER'}{$settings{'BEHINDROUTER'}} = "checked='checked'";
-$checked{'ENABLED'}{'on'} = ($settings{'ENABLED'} eq '' ) ? '' : "checked='checked'"; +$checked{'ENABLED'}{'on'} = ''; +$checked{'ENABLED'}{'off'} = ''; +$checked{'ENABLED'}{$settings{'ENABLED'}} = "checked='checked'";
# Show box for errormessages.. if ($errormessage) { @@ -413,18 +397,15 @@ my $buttontext = $Lang::tr{'add'};
# Change buttontext and headline if we edit an account. if ($settings{'ACTION'} eq $Lang::tr{'edit'}) { - # Rename button and print headline for updating. $buttontext = $Lang::tr{'update'}; &Header::openbox('100%', 'left', $Lang::tr{'edit an existing host'}); } else { - # Otherwise use default button text and show headline for adding a new account. &Header::openbox('100%', 'left', $Lang::tr{'add a host'}); }
print <<END - <form method='post' action='$ENV{'SCRIPT_NAME'}'> <input type='hidden' name='ID' value='$settings{'ID'}' /> <table width='100%'> @@ -440,7 +421,6 @@ END
# Loop to print the providerlist. foreach my $provider (@providers) { - # Check if the current provider needs to be selected. if ($provider eq $settings{'SERVICE'}) { $selected = 'selected'; @@ -460,7 +440,7 @@ print <<END
<tr> <td class='base'>$Lang::tr{'enabled'}</td> - <td><input type='checkbox' name='ENABLED' value='on' $checked{'ENABLED'}{'on'} /></td> + <td><input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} /></td> <td class='base'>$Lang::tr{'username'}</td> <td><input type='text' name='LOGIN' value='$settings{'LOGIN'}' /></td> </tr> @@ -516,17 +496,32 @@ END chomp(@current); my @temp = split(/,/,$line);
+ # Handle hostname details. Only connect the values with a dott if both are available. + my $hostname=""; + + if (($temp[1]) && ($temp[2])) { + $hostname="$temp[1].$temp[2]"; + } else { + $hostname="$temp[1]"; + } + # Generate value for enable/disable checkbox. - my $sync = "<font color='blue'>"; + my $sync = ''; my $gif = ''; my $gdesc = '';
if ($temp[7] eq "on") { $gif = 'on.gif'; $gdesc = $Lang::tr{'click to disable'}; - $sync = (&General::DyndnsServiceSync ($ip,$temp[1], $temp[2]) ? "<font color='green'>": "<font color='red'>") ; + + # Check if the given hostname is a FQDN before doing a nslookup. + if (&General::validfqdn($hostname)) { + $sync = (&General::DyndnsServiceSync ($ip,$temp[1], $temp[2]) ? "<font color='green'>": "<font color='red'>") ; + } + $toggle_enabled = 'off'; } else { + $sync = "<font color='blue'>"; $gif = 'off.gif'; $gdesc = $Lang::tr{'click to enable'}; $toggle_enabled = 'on'; @@ -648,6 +643,7 @@ sub GenerateDDNSConfigFile {
while (<SETTINGS>) { my $line = $_; + chomp($line);
# Generate array based on the line content (seperator is a single or multiple space's) my @settings = split(/,/, $line); @@ -657,7 +653,7 @@ sub GenerateDDNSConfigFile { next unless ($provider ~~ @providers);
# Skip disabled entries. - next if ($enabled eq "off"); + next unless ($enabled eq "on");
# Handle hostname details. Only connect the values with a dott if both are available. if (($hostname) && ($domain)) { @@ -674,8 +670,8 @@ sub GenerateDDNSConfigFile { if ($provider ~~ ["dns.lightningwirelabs.com", "entrydns.net", "regfish.com"] && $username eq "token") { $use_token = 1;
- # Handle token auth for freedns.afraid.org. - } elsif ($provider eq "freedns.afraid.org" && $password eq "") { + # Handle token auth for freedns.afraid.org and regfish.com. + } elsif ($provider ~~ ["freedns.afraid.org", "regfish.com"] && $password eq "") { $use_token = 1; $password = $username;
diff --git a/html/cgi-bin/ids.cgi b/html/cgi-bin/ids.cgi index 5a28daa..ff72b78 100644 --- a/html/cgi-bin/ids.cgi +++ b/html/cgi-bin/ids.cgi @@ -263,11 +263,11 @@ if (-e "/etc/snort/snort.conf") { ####################### End added for snort rules control #################################
if ($snortsettings{'RULES'} eq 'subscripted') { - $url=" http://www.snort.org/sub-rules/snortrules-snapshot-2961.tar.gz/$snortsetting..."; + $url=" https://www.snort.org/rules/snortrules-snapshot-2961.tar.gz?oinkcode=$snorts..."; } elsif ($snortsettings{'RULES'} eq 'registered') { - $url=" http://www.snort.org/reg-rules/snortrules-snapshot-2960.tar.gz/$snortsetting..."; + $url=" https://www.snort.org/rules/snortrules-snapshot-2961.tar.gz?oinkcode=$snorts..."; } elsif ($snortsettings{'RULES'} eq 'community') { - $url=" http://s3.amazonaws.com/snort-org/www/rules/community/community-rules.tar.gz"; + $url=" https://www.snort.org/rules/community"; } else { $url="http://rules.emergingthreats.net/open/snort-2.9.0/emerging.rules.tar.gz"; } diff --git a/lfs/check_mk_agent b/lfs/check_mk_agent index 541d7d6..5326471 100644 --- a/lfs/check_mk_agent +++ b/lfs/check_mk_agent @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/check_mk-${VER} TARGET = $(DIR_INFO)/$(THISAPP) PROG = check_mk_agent -PAK_VER = 3 +PAK_VER = 4
DEPS = ""
diff --git a/lfs/ddns b/lfs/ddns index 975c8c3..b94b3a1 100644 --- a/lfs/ddns +++ b/lfs/ddns @@ -24,7 +24,7 @@
include Config
-VER = 003 +VER = 004
THISAPP = ddns-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 9ff8ab5fa716859b51f63b0a241f1337 +$(DL_FILE)_MD5 = ff77cb72d0cb06c73bde70419b15bae8
install : $(TARGET)
@@ -71,8 +71,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/ddns-003-Add-a-program-prefix-to-syslog-messages.patch - cd $(DIR_APP) && [ -x "configure" ] || sh ./autogen.sh cd $(DIR_APP) && ./configure --prefix=/usr --sysconfdir=/var/ipfire cd $(DIR_APP) && make $(MAKETUNING) diff --git a/lfs/lzo b/lfs/lzo index 1745f4c..19ad090 100644 --- a/lfs/lzo +++ b/lfs/lzo @@ -24,7 +24,7 @@
include Config
-VER = 2.08 +VER = 2.06
THISAPP = lzo-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = fcec64c26a0f4f4901468f360029678f +$(DL_FILE)_MD5 = 95380bd4081f85ef08c5209f4107e9f8
install : $(TARGET)
@@ -70,6 +70,7 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/lzo-2.06-CVE-2014-4607.patch cd $(DIR_APP) && ./configure --prefix=/usr --enable-shared cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install diff --git a/lfs/openssl b/lfs/openssl index 12cea68..0f0b823 100644 --- a/lfs/openssl +++ b/lfs/openssl @@ -24,7 +24,7 @@
include Config
-VER = 1.0.1h +VER = 1.0.1i
THISAPP = openssl-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -51,7 +51,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 8d6d684a9430d5cc98a62a5d8fbda8cf +$(DL_FILE)_MD5 = c8dc151a671b9b92ff3e4c118b174972
install : $(TARGET)
diff --git a/lfs/tor b/lfs/tor index 6f9e502..0cc2957 100644 --- a/lfs/tor +++ b/lfs/tor @@ -24,7 +24,7 @@
include Config
-VER = 0.2.4.22 +VER = 0.2.4.23
THISAPP = tor-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = tor -PAK_VER = 7 +PAK_VER = 8
DEPS = "libevent2"
@@ -44,7 +44,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 5a7eee0d9df87233255d78b25c6f8270 +$(DL_FILE)_MD5 = 9e39928e310612c3bffee727f554c63f
install : $(TARGET)
diff --git a/make.sh b/make.sh index 88e710b..739fc53 100755 --- a/make.sh +++ b/make.sh @@ -25,8 +25,8 @@ NAME="IPFire" # Software name SNAME="ipfire" # Short name VERSION="2.15" # Version number -CORE="80" # Core Level (Filename) -PAKFIRE_CORE="80" # Core Level (PAKFIRE) +CORE="81" # Core Level (Filename) +PAKFIRE_CORE="81" # Core Level (PAKFIRE) GIT_BRANCH=`git rev-parse --abbrev-ref HEAD` # Git Branch SLOGAN="www.ipfire.org" # Software slogan CONFIG_ROOT=/var/ipfire # Configuration rootdir diff --git a/src/paks/check_mk_agent/uninstall.sh b/src/paks/check_mk_agent/uninstall.sh index 3a0860a..51449f5 100644 --- a/src/paks/check_mk_agent/uninstall.sh +++ b/src/paks/check_mk_agent/uninstall.sh @@ -22,6 +22,7 @@ ############################################################################ # . /opt/pakfire/lib/functions.sh +extract_backup_includes make_backup ${NAME} remove_files
diff --git a/src/patches/ddns-003-Add-a-program-prefix-to-syslog-messages.patch b/src/patches/ddns-003-Add-a-program-prefix-to-syslog-messages.patch deleted file mode 100644 index 978db85..0000000 --- a/src/patches/ddns-003-Add-a-program-prefix-to-syslog-messages.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 21fd4b8d26d01d622185ab8de971a9ee934220a3 Mon Sep 17 00:00:00 2001 -From: Michael Tremer michael.tremer@ipfire.org -Date: Thu, 24 Jul 2014 13:23:36 +0200 -Subject: [PATCH] Add a program prefix to syslog messages. - ---- - src/ddns/__init__.py | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/src/ddns/__init__.py b/src/ddns/__init__.py -index 22764e6..6fe3a33 100644 ---- a/src/ddns/__init__.py -+++ b/src/ddns/__init__.py -@@ -42,6 +42,8 @@ def setup_logging(): - handler = logging.handlers.SysLogHandler(address="/dev/log", - facility=logging.handlers.SysLogHandler.LOG_DAEMON - ) -+ formatter = logging.Formatter("ddns[%(process)d]: %(message)s") -+ handler.setFormatter(formatter) - handler.setLevel(logging.INFO) - rootlogger.addHandler(handler) - --- -1.9.3 - diff --git a/src/patches/lzo-2.06-CVE-2014-4607.patch b/src/patches/lzo-2.06-CVE-2014-4607.patch new file mode 100755 index 0000000..d22c406 --- /dev/null +++ b/src/patches/lzo-2.06-CVE-2014-4607.patch @@ -0,0 +1,245 @@ +diff --git a/minilzo/minilzo.c b/minilzo/minilzo.c +index 34ce0f0..ecfdf66 100644 +--- a/minilzo/minilzo.c ++++ b/minilzo/minilzo.c +@@ -3547,6 +3547,8 @@ DO_COMPRESS ( const lzo_bytep in , lzo_uint in_len, + #undef TEST_LBO + #undef NEED_IP + #undef NEED_OP ++#undef TEST_IV ++#undef TEST_OV + #undef HAVE_TEST_IP + #undef HAVE_TEST_OP + #undef HAVE_NEED_IP +@@ -3561,6 +3563,7 @@ DO_COMPRESS ( const lzo_bytep in , lzo_uint in_len, + # if (LZO_TEST_OVERRUN_INPUT >= 2) + # define NEED_IP(x) \ + if ((lzo_uint)(ip_end - ip) < (lzo_uint)(x)) goto input_overrun ++# define TEST_IV(x) if ((x) > (lzo_uint)0 - (511)) goto input_overrun + # endif + #endif + +@@ -3572,6 +3575,7 @@ DO_COMPRESS ( const lzo_bytep in , lzo_uint in_len, + # undef TEST_OP + # define NEED_OP(x) \ + if ((lzo_uint)(op_end - op) < (lzo_uint)(x)) goto output_overrun ++# define TEST_OV(x) if ((x) > (lzo_uint)0 - (511)) goto output_overrun + # endif + #endif + +@@ -3602,11 +3606,13 @@ DO_COMPRESS ( const lzo_bytep in , lzo_uint in_len, + # define HAVE_NEED_IP 1 + #else + # define NEED_IP(x) ((void) 0) ++# define TEST_IV(x) ((void) 0) + #endif + #if defined(NEED_OP) + # define HAVE_NEED_OP 1 + #else + # define NEED_OP(x) ((void) 0) ++# define TEST_OV(x) ((void) 0) + #endif + + #if defined(HAVE_TEST_IP) || defined(HAVE_NEED_IP) +@@ -3687,6 +3693,7 @@ DO_DECOMPRESS ( const lzo_bytep in , lzo_uint in_len, + { + t += 255; + ip++; ++ TEST_IV(t); + NEED_IP(1); + } + t += 15 + *ip++; +@@ -3835,6 +3842,7 @@ match: + { + t += 255; + ip++; ++ TEST_OV(t); + NEED_IP(1); + } + t += 31 + *ip++; +@@ -3879,6 +3887,7 @@ match: + { + t += 255; + ip++; ++ TEST_OV(t); + NEED_IP(1); + } + t += 7 + *ip++; +@@ -4073,6 +4082,8 @@ lookbehind_overrun: + #undef TEST_LBO + #undef NEED_IP + #undef NEED_OP ++#undef TEST_IV ++#undef TEST_OV + #undef HAVE_TEST_IP + #undef HAVE_TEST_OP + #undef HAVE_NEED_IP +@@ -4087,6 +4098,7 @@ lookbehind_overrun: + # if (LZO_TEST_OVERRUN_INPUT >= 2) + # define NEED_IP(x) \ + if ((lzo_uint)(ip_end - ip) < (lzo_uint)(x)) goto input_overrun ++# define TEST_IV(x) if ((x) > (lzo_uint)0 - (511)) goto input_overrun + # endif + #endif + +@@ -4098,6 +4110,7 @@ lookbehind_overrun: + # undef TEST_OP + # define NEED_OP(x) \ + if ((lzo_uint)(op_end - op) < (lzo_uint)(x)) goto output_overrun ++# define TEST_OV(x) if ((x) > (lzo_uint)0 - (511)) goto output_overrun + # endif + #endif + +@@ -4128,11 +4141,13 @@ lookbehind_overrun: + # define HAVE_NEED_IP 1 + #else + # define NEED_IP(x) ((void) 0) ++# define TEST_IV(x) ((void) 0) + #endif + #if defined(NEED_OP) + # define HAVE_NEED_OP 1 + #else + # define NEED_OP(x) ((void) 0) ++# define TEST_OV(x) ((void) 0) + #endif + + #if defined(HAVE_TEST_IP) || defined(HAVE_NEED_IP) +@@ -4213,6 +4228,7 @@ DO_DECOMPRESS ( const lzo_bytep in , lzo_uint in_len, + { + t += 255; + ip++; ++ TEST_IV(t); + NEED_IP(1); + } + t += 15 + *ip++; +@@ -4361,6 +4377,7 @@ match: + { + t += 255; + ip++; ++ TEST_OV(t); + NEED_IP(1); + } + t += 31 + *ip++; +@@ -4405,6 +4422,7 @@ match: + { + t += 255; + ip++; ++ TEST_OV(t); + NEED_IP(1); + } + t += 7 + *ip++; +diff --git a/src/lzo1_d.ch b/src/lzo1_d.ch +index 40a5bfd..c442d9c 100644 +--- a/src/lzo1_d.ch ++++ b/src/lzo1_d.ch +@@ -76,6 +76,8 @@ + #undef TEST_LBO + #undef NEED_IP + #undef NEED_OP ++#undef TEST_IV ++#undef TEST_OV + #undef HAVE_TEST_IP + #undef HAVE_TEST_OP + #undef HAVE_NEED_IP +@@ -91,6 +93,7 @@ + # if (LZO_TEST_OVERRUN_INPUT >= 2) + # define NEED_IP(x) \ + if ((lzo_uint)(ip_end - ip) < (lzo_uint)(x)) goto input_overrun ++# define TEST_IV(x) if ((x) > (lzo_uint)0 - (511)) goto input_overrun + # endif + #endif + +@@ -102,6 +105,7 @@ + # undef TEST_OP /* don't need both of the tests here */ + # define NEED_OP(x) \ + if ((lzo_uint)(op_end - op) < (lzo_uint)(x)) goto output_overrun ++# define TEST_OV(x) if ((x) > (lzo_uint)0 - (511)) goto output_overrun + # endif + #endif + +@@ -135,11 +139,13 @@ + # define HAVE_NEED_IP 1 + #else + # define NEED_IP(x) ((void) 0) ++# define TEST_IV(x) ((void) 0) + #endif + #if defined(NEED_OP) + # define HAVE_NEED_OP 1 + #else + # define NEED_OP(x) ((void) 0) ++# define TEST_OV(x) ((void) 0) + #endif + + +diff --git a/src/lzo1b_d.ch b/src/lzo1b_d.ch +index fe5f361..36b4b6b 100644 +--- a/src/lzo1b_d.ch ++++ b/src/lzo1b_d.ch +@@ -187,6 +187,7 @@ match: + { + t += 255; + ip++; ++ TEST_OV(t); + NEED_IP(1); + } + t += (M4_MIN_LEN - M3_MIN_LEN) + *ip++; +diff --git a/src/lzo1f_d.ch b/src/lzo1f_d.ch +index 9e942f5..0c2199e 100644 +--- a/src/lzo1f_d.ch ++++ b/src/lzo1f_d.ch +@@ -84,6 +84,7 @@ DO_DECOMPRESS ( const lzo_bytep in , lzo_uint in_len, + { + t += 255; + ip++; ++ TEST_IV(t); + NEED_IP(1); + } + t += 31 + *ip++; +@@ -138,6 +139,7 @@ match: + { + t += 255; + ip++; ++ TEST_OV(t); + NEED_IP(1); + } + t += 31 + *ip++; +diff --git a/src/lzo1x_d.ch b/src/lzo1x_d.ch +index 49cf326..c804cc7 100644 +--- a/src/lzo1x_d.ch ++++ b/src/lzo1x_d.ch +@@ -120,6 +120,7 @@ DO_DECOMPRESS ( const lzo_bytep in , lzo_uint in_len, + { + t += 255; + ip++; ++ TEST_IV(t); + NEED_IP(1); + } + t += 15 + *ip++; +@@ -273,6 +274,7 @@ match: + { + t += 255; + ip++; ++ TEST_OV(t); + NEED_IP(1); + } + t += 31 + *ip++; +@@ -317,6 +319,7 @@ match: + { + t += 255; + ip++; ++ TEST_OV(t); + NEED_IP(1); + } + t += 7 + *ip++; +diff --git a/src/lzo2a_d.ch b/src/lzo2a_d.ch +index 48e51ca..954f07e 100644 +--- a/src/lzo2a_d.ch ++++ b/src/lzo2a_d.ch +@@ -131,6 +131,7 @@ DO_DECOMPRESS ( const lzo_bytep in , lzo_uint in_len, + { + t += 255; + ip++; ++ TEST_OV(t); + NEED_IP(1); + } + t += *ip++;
hooks/post-receive -- IPFire 2.x development tree