This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, core154 has been updated via 9aa6f9a89f4e57a93bf6b1a751ef6abb9dc7812e (commit) via 08c83af39fbd226728f0da40d25ea62e77e05fb4 (commit) via b31cd7d0fc12e45c2875c9619d063e1e7310e9fe (commit) via 55209df391e11bf97ec1cda2dbf90aa365c75761 (commit) via e902ebe3be6931f6c632b105ad8fe6997afb305c (commit) via 5cdf3b8c78b4c7292b304af6c0b928a3083cd5f4 (commit) via d95f3606831fd03f4bdfdd4bed0f891489907d0d (commit) via 896fa74d68e83b344235dbd147b0e429aafb14d3 (commit) via 7c6a4babf851a13292f0cfa90ca9e3fbfc42525c (commit) via 0d58fcd2aa1240e96754aaf24665d4d1650e301a (commit) via fbbf44c62f509cdcc2e97e624137e6e64ad33dd9 (commit) from c1b356d20da2ebb162072787927b5babbafebfa4 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- -----------------------------------------------------------------------
Summary of changes: config/rootfiles/common/openssl | 4 +++ .../100 => core/154}/filelists/i586/openssl-sse2 | 0 .../{oldcore/100 => core/154}/filelists/openssl | 0 config/rootfiles/packages/fireperf | 1 + doc/language_issues.de | 1 + doc/language_issues.en | 1 + doc/language_issues.es | 1 + doc/language_issues.fr | 1 + doc/language_issues.it | 1 + doc/language_issues.nl | 1 + doc/language_issues.pl | 1 + doc/language_issues.ru | 1 + doc/language_issues.tr | 1 + doc/language_missings | 8 +++++ html/cgi-bin/dhcp.cgi | 2 +- html/cgi-bin/wirelessclient.cgi | 30 +++++++++++++++++- langs/en/cgi-bin/en.pl | 1 + lfs/dhcpcd | 7 ++--- lfs/openssl | 4 +-- src/initscripts/system/wlanclient | 4 +-- src/misc-progs/setuid.c | 9 +++++- ...86_for_SECCOMP_as_it_just_uses_socketcall.patch | 36 ---------------------- 22 files changed, 66 insertions(+), 49 deletions(-) copy config/rootfiles/{oldcore/100 => core/154}/filelists/i586/openssl-sse2 (100%) copy config/rootfiles/{oldcore/100 => core/154}/filelists/openssl (100%) delete mode 100644 src/patches/dhcpcd/01_Fix_Linux_i386_for_SECCOMP_as_it_just_uses_socketcall.patch
Difference in files: diff --git a/config/rootfiles/common/openssl b/config/rootfiles/common/openssl index df6bbe320..989670262 100644 --- a/config/rootfiles/common/openssl +++ b/config/rootfiles/common/openssl @@ -869,6 +869,7 @@ usr/lib/libssl.so.1.1 #usr/share/doc/openssl/html/man3/DH_check_pub_key_ex.html #usr/share/doc/openssl/html/man3/DH_clear_flags.html #usr/share/doc/openssl/html/man3/DH_compute_key.html +#usr/share/doc/openssl/html/man3/DH_compute_key_padded.html #usr/share/doc/openssl/html/man3/DH_free.html #usr/share/doc/openssl/html/man3/DH_generate_key.html #usr/share/doc/openssl/html/man3/DH_generate_parameters.html @@ -1983,6 +1984,7 @@ usr/lib/libssl.so.1.1 #usr/share/doc/openssl/html/man3/OCSP_REQUEST_new.html #usr/share/doc/openssl/html/man3/OCSP_REQ_CTX_add1_header.html #usr/share/doc/openssl/html/man3/OCSP_REQ_CTX_free.html +#usr/share/doc/openssl/html/man3/OCSP_REQ_CTX_i2d.html #usr/share/doc/openssl/html/man3/OCSP_REQ_CTX_set1_req.html #usr/share/doc/openssl/html/man3/OCSP_RESPBYTES_free.html #usr/share/doc/openssl/html/man3/OCSP_RESPBYTES_new.html @@ -4838,6 +4840,7 @@ usr/lib/libssl.so.1.1 #usr/share/man/man3/DH_check_pub_key_ex.3 #usr/share/man/man3/DH_clear_flags.3 #usr/share/man/man3/DH_compute_key.3 +#usr/share/man/man3/DH_compute_key_padded.3 #usr/share/man/man3/DH_free.3 #usr/share/man/man3/DH_generate_key.3 #usr/share/man/man3/DH_generate_parameters.3 @@ -5952,6 +5955,7 @@ usr/lib/libssl.so.1.1 #usr/share/man/man3/OCSP_REQUEST_new.3 #usr/share/man/man3/OCSP_REQ_CTX_add1_header.3 #usr/share/man/man3/OCSP_REQ_CTX_free.3 +#usr/share/man/man3/OCSP_REQ_CTX_i2d.3 #usr/share/man/man3/OCSP_REQ_CTX_set1_req.3 #usr/share/man/man3/OCSP_RESPBYTES_free.3 #usr/share/man/man3/OCSP_RESPBYTES_new.3 diff --git a/config/rootfiles/core/154/filelists/i586/openssl-sse2 b/config/rootfiles/core/154/filelists/i586/openssl-sse2 new file mode 120000 index 000000000..f424713d6 --- /dev/null +++ b/config/rootfiles/core/154/filelists/i586/openssl-sse2 @@ -0,0 +1 @@ +../../../../common/i586/openssl-sse2 \ No newline at end of file diff --git a/config/rootfiles/core/154/filelists/openssl b/config/rootfiles/core/154/filelists/openssl new file mode 120000 index 000000000..e011a9266 --- /dev/null +++ b/config/rootfiles/core/154/filelists/openssl @@ -0,0 +1 @@ +../../../common/openssl \ No newline at end of file diff --git a/config/rootfiles/packages/fireperf b/config/rootfiles/packages/fireperf index e69de29bb..bf6e51e71 100644 --- a/config/rootfiles/packages/fireperf +++ b/config/rootfiles/packages/fireperf @@ -0,0 +1 @@ +usr/bin/fireperf diff --git a/doc/language_issues.de b/doc/language_issues.de index aae7ca565..5d079036a 100644 --- a/doc/language_issues.de +++ b/doc/language_issues.de @@ -889,6 +889,7 @@ WARNING: untranslated string: smb daemon = SMB Daemon WARNING: untranslated string: user management = User Management WARNING: untranslated string: winbind daemon = Winbind Daemon WARNING: untranslated string: wlan client encryption wpa3 = WPA3 +WARNING: untranslated string: wlan client management frame protection = Management Frame Protection WARNING: untranslated string: wlanap 802.11w disabled = Disabled WARNING: untranslated string: wlanap 802.11w enforced = Enforced WARNING: untranslated string: wlanap 802.11w optional = Optional diff --git a/doc/language_issues.en b/doc/language_issues.en index 434115902..6e30eb995 100644 --- a/doc/language_issues.en +++ b/doc/language_issues.en @@ -2132,6 +2132,7 @@ WARNING: untranslated string: wlan client group cipher = Group cipher WARNING: untranslated string: wlan client group key algorithm = GKA WARNING: untranslated string: wlan client identity = Identity WARNING: untranslated string: wlan client invalid key length = Invalid key length. +WARNING: untranslated string: wlan client management frame protection = Management Frame Protection WARNING: untranslated string: wlan client method = Method WARNING: untranslated string: wlan client new entry = Create new wireless client configuration WARNING: untranslated string: wlan client new network = New network diff --git a/doc/language_issues.es b/doc/language_issues.es index 2feec8924..82d65d99c 100644 --- a/doc/language_issues.es +++ b/doc/language_issues.es @@ -1509,6 +1509,7 @@ WARNING: untranslated string: wlan client group cipher = Group cipher WARNING: untranslated string: wlan client group key algorithm = GKA WARNING: untranslated string: wlan client identity = Identity WARNING: untranslated string: wlan client invalid key length = Invalid key length. +WARNING: untranslated string: wlan client management frame protection = Management Frame Protection WARNING: untranslated string: wlan client method = Method WARNING: untranslated string: wlan client new entry = Create new wireless client configuration WARNING: untranslated string: wlan client new network = New network diff --git a/doc/language_issues.fr b/doc/language_issues.fr index 835352cf5..942be73ec 100644 --- a/doc/language_issues.fr +++ b/doc/language_issues.fr @@ -919,3 +919,4 @@ WARNING: untranslated string: routing config changed = unknown string WARNING: untranslated string: token = Token: WARNING: untranslated string: token not set = No Token has been given. WARNING: untranslated string: wlan client encryption wpa3 = WPA3 +WARNING: untranslated string: wlan client management frame protection = Management Frame Protection diff --git a/doc/language_issues.it b/doc/language_issues.it index 152ce4786..98074e59f 100644 --- a/doc/language_issues.it +++ b/doc/language_issues.it @@ -1197,6 +1197,7 @@ WARNING: untranslated string: wlan client eap state = EAP Status WARNING: untranslated string: wlan client encryption eap = EAP WARNING: untranslated string: wlan client encryption wpa3 = WPA3 WARNING: untranslated string: wlan client identity = Identity +WARNING: untranslated string: wlan client management frame protection = Management Frame Protection WARNING: untranslated string: wlan client method = Method WARNING: untranslated string: wlan client password = Password WARNING: untranslated string: wlan client tls cipher = TLS Cipher diff --git a/doc/language_issues.nl b/doc/language_issues.nl index 683c08f44..8eebbd57f 100644 --- a/doc/language_issues.nl +++ b/doc/language_issues.nl @@ -1237,6 +1237,7 @@ WARNING: untranslated string: wlan client eap state = EAP Status WARNING: untranslated string: wlan client encryption eap = EAP WARNING: untranslated string: wlan client encryption wpa3 = WPA3 WARNING: untranslated string: wlan client identity = Identity +WARNING: untranslated string: wlan client management frame protection = Management Frame Protection WARNING: untranslated string: wlan client method = Method WARNING: untranslated string: wlan client password = Password WARNING: untranslated string: wlan client tls cipher = TLS Cipher diff --git a/doc/language_issues.pl b/doc/language_issues.pl index 2feec8924..82d65d99c 100644 --- a/doc/language_issues.pl +++ b/doc/language_issues.pl @@ -1509,6 +1509,7 @@ WARNING: untranslated string: wlan client group cipher = Group cipher WARNING: untranslated string: wlan client group key algorithm = GKA WARNING: untranslated string: wlan client identity = Identity WARNING: untranslated string: wlan client invalid key length = Invalid key length. +WARNING: untranslated string: wlan client management frame protection = Management Frame Protection WARNING: untranslated string: wlan client method = Method WARNING: untranslated string: wlan client new entry = Create new wireless client configuration WARNING: untranslated string: wlan client new network = New network diff --git a/doc/language_issues.ru b/doc/language_issues.ru index cbd25d176..43c1f8c08 100644 --- a/doc/language_issues.ru +++ b/doc/language_issues.ru @@ -1502,6 +1502,7 @@ WARNING: untranslated string: wlan client group cipher = Group cipher WARNING: untranslated string: wlan client group key algorithm = GKA WARNING: untranslated string: wlan client identity = Identity WARNING: untranslated string: wlan client invalid key length = Invalid key length. +WARNING: untranslated string: wlan client management frame protection = Management Frame Protection WARNING: untranslated string: wlan client method = Method WARNING: untranslated string: wlan client new entry = Create new wireless client configuration WARNING: untranslated string: wlan client new network = New network diff --git a/doc/language_issues.tr b/doc/language_issues.tr index e4c25f931..439a58890 100644 --- a/doc/language_issues.tr +++ b/doc/language_issues.tr @@ -1067,6 +1067,7 @@ WARNING: untranslated string: vulnerable = Vulnerable WARNING: untranslated string: whois results from = WHOIS results from WARNING: untranslated string: winbind daemon = Winbind Daemon WARNING: untranslated string: wlan client encryption wpa3 = WPA3 +WARNING: untranslated string: wlan client management frame protection = Management Frame Protection WARNING: untranslated string: wlanap 802.11w disabled = Disabled WARNING: untranslated string: wlanap 802.11w enforced = Enforced WARNING: untranslated string: wlanap 802.11w optional = Optional diff --git a/doc/language_missings b/doc/language_missings index 1956eac48..0d89426ca 100644 --- a/doc/language_missings +++ b/doc/language_missings @@ -65,6 +65,7 @@ < wlanap 802.11w enforced < wlanap 802.11w optional < wlan client encryption wpa3 +< wlan client management frame protection ############################################################################ # Checking cgi-bin translations for language: es # ############################################################################ @@ -927,6 +928,7 @@ < wlan client group key algorithm < wlan client identity < wlan client invalid key length +< wlan client management frame protection < wlan client method < wlan client new entry < wlan client new network @@ -974,6 +976,7 @@ < token not set < upload fcdsl.o < wlan client encryption wpa3 +< wlan client management frame protection ############################################################################ # Checking cgi-bin translations for language: it # ############################################################################ @@ -1339,6 +1342,7 @@ < wlan client encryption eap < wlan client encryption wpa3 < wlan client identity +< wlan client management frame protection < wlan client method < wlan client password < wlan client tls cipher @@ -1777,6 +1781,7 @@ < wlan client encryption eap < wlan client encryption wpa3 < wlan client identity +< wlan client management frame protection < wlan client method < wlan client password < wlan client tls cipher @@ -2643,6 +2648,7 @@ < wlan client group key algorithm < wlan client identity < wlan client invalid key length +< wlan client management frame protection < wlan client method < wlan client new entry < wlan client new network @@ -3529,6 +3535,7 @@ < wlan client group key algorithm < wlan client identity < wlan client invalid key length +< wlan client management frame protection < wlan client method < wlan client new entry < wlan client new network @@ -3738,6 +3745,7 @@ < wlanap neighbor scan warning < wlanap ssid < wlan client encryption wpa3 +< wlan client management frame protection < working < zoneconf access native < zoneconf access none diff --git a/html/cgi-bin/dhcp.cgi b/html/cgi-bin/dhcp.cgi index 2ebdde818..867614f2a 100644 --- a/html/cgi-bin/dhcp.cgi +++ b/html/cgi-bin/dhcp.cgi @@ -180,12 +180,12 @@ if ($dhcpsettings{'ACTION'} eq $Lang::tr{'save'}) { if (($dhcpsettings{"START_ADDR_${itf}"}) eq '' && ($dhcpsettings{"END_ADDR_${itf}"}) eq '') { $errormessage = "DHCP on ${itf}: " . $Lang::tr{'dhcp valid range required when deny known clients checked'}; goto ERROR; + } }
if (!($dhcpsettings{"DEFAULT_LEASE_TIME_${itf}"} =~ /^\d+$/)) { $errormessage = "DHCP on ${itf}: " . $Lang::tr{'invalid default lease time'} . $dhcpsettings{'DEFAULT_LEASE_TIME_${itf}'}; goto ERROR; - } }
if (!($dhcpsettings{"MAX_LEASE_TIME_${itf}"} =~ /^\d+$/)) { diff --git a/html/cgi-bin/wirelessclient.cgi b/html/cgi-bin/wirelessclient.cgi index e8c3c9628..d8637ccd2 100644 --- a/html/cgi-bin/wirelessclient.cgi +++ b/html/cgi-bin/wirelessclient.cgi @@ -324,6 +324,8 @@ END $encryption_mode = $Lang::tr{'wlan client encryption wpa'}; } elsif ($config[3] eq "WPA2") { $encryption_mode = $Lang::tr{'wlan client encryption wpa2'}; + } elsif ($config[3] eq "WPA3") { + $encryption_mode = $Lang::tr{'wlan client encryption wpa3'}; } elsif ($config[3] eq "EAP") { $encryption_mode = $Lang::tr{'wlan client encryption eap'}; } @@ -682,6 +684,19 @@ sub ShowStatus() { </tr> END
+ if ($status{'pmf'} eq "1") { + print <<END; + <tr> + <td width='20%'> + $Lang::tr{'wlan client management frame protection'} + </td> + <td width='80%'> + $Lang::tr{'active'} + </td> + </tr> +END + } + if ($status{'EAP state'}) { my $selected_method = $status{'selectedMethod'}; $selected_method =~ s/\d+ ((.*))/$1/e; @@ -736,12 +751,25 @@ END }
if (($status{'pairwise_cipher'} ne "NONE") || ($status{'group_cipher'} ne "NONE")) { - print <<END; + if ($status{'key_mgmt'} eq "SAE") { + print <<END; + <tr> + <td colspan='2'> + <strong>$Lang::tr{'wlan client encryption wpa3'}</strong> + </td> + </tr> +END + } else { + print <<END; <tr> <td colspan='2'> <strong>$Lang::tr{'wlan client encryption wpa'}</strong> </td> </tr> +END + } + + print <<END; <tr> <td width='20%'> $Lang::tr{'wlan client pairwise cipher'} diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 22e8a4cc6..95a1cfda4 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -2956,6 +2956,7 @@ 'wlan client group key algorithm' => 'GKA', 'wlan client identity' => 'Identity', 'wlan client invalid key length' => 'Invalid key length.', +'wlan client management frame protection' => 'Management Frame Protection', 'wlan client method' => 'Method', 'wlan client new entry' => 'Create new wireless client configuration', 'wlan client new network' => 'New network', diff --git a/lfs/dhcpcd b/lfs/dhcpcd index 4e34e19d5..3bd33dc56 100644 --- a/lfs/dhcpcd +++ b/lfs/dhcpcd @@ -24,7 +24,7 @@
include Config
-VER = 9.3.4 +VER = 9.1.4
THISAPP = dhcpcd-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = badb02dfc69fe9bbeec35a02efcdb4db +$(DL_FILE)_MD5 = dd77711cf3232002bb075f5210269f88
install : $(TARGET)
@@ -70,9 +70,6 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) - - cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dhcpcd/01_Fix_Linux_i386_for_SECCOMP_as_it_just_uses_socketcall.patch - cd $(DIR_APP) && ./configure --prefix="" --sysconfdir=/var/ipfire/dhcpc \ --dbdir=/var/ipfire/dhcpc \ --libexecdir=/var/ipfire/dhcpc \ diff --git a/lfs/openssl b/lfs/openssl index 16e20b439..ea7eff135 100644 --- a/lfs/openssl +++ b/lfs/openssl @@ -24,7 +24,7 @@
include Config
-VER = 1.1.1i +VER = 1.1.1j
THISAPP = openssl-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -87,7 +87,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 08987c3cf125202e2b0840035efb392c +$(DL_FILE)_MD5 = cccaa064ed860a2b4d1303811bf5c682
install : $(TARGET)
diff --git a/src/initscripts/system/wlanclient b/src/initscripts/system/wlanclient index 4b3938b46..338a743ab 100644 --- a/src/initscripts/system/wlanclient +++ b/src/initscripts/system/wlanclient @@ -275,9 +275,7 @@ function wpa_supplicant_start() { # Build wpa_supplicant command line. local wpa_suppl_cmd="wpa_supplicant -B -qqq -i${device} -c${config}"
- if device_is_wireless ${device}; then - wpa_suppl_cmd="${wpa_suppl_cmd} -Dwext" - else + if ! device_is_wireless ${device}; then wpa_suppl_cmd="${wpa_suppl_cmd} -Dwired" fi
diff --git a/src/misc-progs/setuid.c b/src/misc-progs/setuid.c index efd181ad8..8044742f2 100644 --- a/src/misc-progs/setuid.c +++ b/src/misc-progs/setuid.c @@ -144,7 +144,14 @@ int safe_system(char* command) { /* Much like safe_system but lets you specify a non-root uid and gid to run * the command as */ int unpriv_system(char* command, uid_t uid, gid_t gid) { - return system_core(command, NULL, uid, gid, "unpriv_system"); + char* argv[4] = { + "/bin/sh", + "-c", + command, + NULL, + }; + + return system_core(argv[0], argv, uid, gid, "unpriv_system"); }
/* General routine to initialise a setuid root program, and put the diff --git a/src/patches/dhcpcd/01_Fix_Linux_i386_for_SECCOMP_as_it_just_uses_socketcall.patch b/src/patches/dhcpcd/01_Fix_Linux_i386_for_SECCOMP_as_it_just_uses_socketcall.patch deleted file mode 100644 index 9efcde219..000000000 --- a/src/patches/dhcpcd/01_Fix_Linux_i386_for_SECCOMP_as_it_just_uses_socketcall.patch +++ /dev/null @@ -1,36 +0,0 @@ -diff --git a/src/privsep-linux.c b/src/privsep-linux.c -index 050a30cf..d31d720d 100644 ---- a/src/privsep-linux.c -+++ b/src/privsep-linux.c -@@ -32,6 +32,7 @@ - - #include <linux/audit.h> - #include <linux/filter.h> -+#include <linux/net.h> - #include <linux/seccomp.h> - #include <linux/sockios.h> - -@@ -304,6 +305,23 @@ static struct sock_filter ps_seccomp_filter[] = { - #ifdef __NR_sendto - SECCOMP_ALLOW(__NR_sendto), - #endif -+#ifdef __NR_socketcall -+ /* i386 needs this and demonstrates why SECCOMP -+ * is poor compared to OpenBSD pledge(2) and FreeBSD capsicum(4) -+ * as this is soooo tied to the kernel API which changes per arch -+ * and likely libc as well. */ -+ SECCOMP_ALLOW_ARG(__NR_socketcall, 0, SYS_ACCEPT), -+ SECCOMP_ALLOW_ARG(__NR_socketcall, 0, SYS_ACCEPT4), -+ SECCOMP_ALLOW_ARG(__NR_socketcall, 0, SYS_LISTEN), -+ SECCOMP_ALLOW_ARG(__NR_socketcall, 0, SYS_GETSOCKOPT), /* overflow */ -+ SECCOMP_ALLOW_ARG(__NR_socketcall, 0, SYS_RECV), -+ SECCOMP_ALLOW_ARG(__NR_socketcall, 0, SYS_RECVFROM), -+ SECCOMP_ALLOW_ARG(__NR_socketcall, 0, SYS_RECVMSG), -+ SECCOMP_ALLOW_ARG(__NR_socketcall, 0, SYS_SEND), -+ SECCOMP_ALLOW_ARG(__NR_socketcall, 0, SYS_SENDMSG), -+ SECCOMP_ALLOW_ARG(__NR_socketcall, 0, SYS_SENDTO), -+ SECCOMP_ALLOW_ARG(__NR_socketcall, 0, SYS_SHUTDOWN), -+#endif - #ifdef __NR_shutdown - SECCOMP_ALLOW(__NR_shutdown), - #endif
hooks/post-receive -- IPFire 2.x development tree