This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, master has been updated via 2b51f53cfd32d6f24aba49c8fde822be8bee6d56 (commit) via b6e3a3eec9e0848b339bbe60ad475ff9f583aed3 (commit) via 488e29e033097eadabd152e97022b71c21e6a414 (commit) via 7ae9f2212278c89365d62589b6d54d7adf39b638 (commit) via 3359061d68c0e872c18c7baa45b77311c2f8f385 (commit) via a66fe2a79178f68b8c123f1dda569fe696240352 (commit) from d267131be3a9500e00d2cc98f48de87b830561d3 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 2b51f53cfd32d6f24aba49c8fde822be8bee6d56 Author: Peter Müller peter.mueller@ipfire.org Date: Fri May 21 15:42:36 2021 +0200
Icinga: Do not ship event handlers for Nagios
These are owned (hence being writable) by "nobody", posing a potential security risk. Since the files itself were already exluded from being shipped, their parent directory should be as well.
This patch should reduce the amount of executable files being owned by nobody to zero after upgrading to Core Update 157. Due to complexity reasons, not all applications available in Pakfire could be tested, though, so your mileage may vary.
Signed-off-by: Peter Müller peter.mueller@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit b6e3a3eec9e0848b339bbe60ad475ff9f583aed3 Author: Peter Müller peter.mueller@ipfire.org Date: Fri May 21 15:42:14 2021 +0200
nagios-plugins: Set SUID bit for plugins which need it to function properly
Signed-off-by: Peter Müller peter.mueller@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 488e29e033097eadabd152e97022b71c21e6a414 Author: Peter Müller peter.mueller@ipfire.org Date: Fri May 21 15:41:50 2021 +0200
Core Update 157: Delete shared object files leftover from pppd 2.4.8
Signed-off-by: Peter Müller peter.mueller@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 7ae9f2212278c89365d62589b6d54d7adf39b638 Author: Peter Müller peter.mueller@ipfire.org Date: Fri May 21 15:41:29 2021 +0200
pppd: Explicitly ship pppd shared object files
These are needed by pppd, but were not previously shipped as such. Instead, since their parent directory at /usr/lib/pppd/${version}/ was not commented out, we implicitly shipped the entire directory.
This patch does not change our behaviour in the end, but makes things more transparent to developers.
Signed-off-by: Peter Müller peter.mueller@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 3359061d68c0e872c18c7baa45b77311c2f8f385 Author: Peter Müller peter.mueller@ipfire.org Date: Fri May 21 15:41:05 2021 +0200
Core Update 157: Ship backup package to apply changed permissions
This is required as "backup" itself does not gets updated automatically, contrary to it's LFS file suggesting by having a "PAK_VER" number.
In order to fix #12619, it is therefore necessary to ship the backup files with Core Update 157.
Partially fixes: #12619
Signed-off-by: Peter Müller peter.mueller@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit a66fe2a79178f68b8c123f1dda569fe696240352 Author: Peter Müller peter.mueller@ipfire.org Date: Fri May 21 15:40:38 2021 +0200
Core Update 157: Apply changed SSH configurations
This is necessary to fix SSH not starting after upgrading to Core Update 157 unless it's settings are manually written via the WebUI.
Reported-by: Erik Kapfer ummeegge@ipfire.org Reported-by: Tom Rymes tom@rymes.net Signed-off-by: Peter Müller peter.mueller@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
-----------------------------------------------------------------------
Summary of changes: config/rootfiles/common/ppp | 24 ++++++++++++------------ config/rootfiles/core/157/filelists/backup | 1 + config/rootfiles/core/157/update.sh | 7 +++++++ config/rootfiles/packages/icinga | 2 +- lfs/icinga | 2 +- lfs/nagios-plugins | 9 ++++++++- 6 files changed, 30 insertions(+), 15 deletions(-) create mode 120000 config/rootfiles/core/157/filelists/backup
Difference in files: diff --git a/config/rootfiles/common/ppp b/config/rootfiles/common/ppp index 8d0af69c4..d61fdf811 100644 --- a/config/rootfiles/common/ppp +++ b/config/rootfiles/common/ppp @@ -38,18 +38,18 @@ etc/ppp/standardloginscript #usr/include/pppd/upap.h usr/lib/pppd usr/lib/pppd/2.4.9 -#usr/lib/pppd/2.4.9/minconn.so -#usr/lib/pppd/2.4.9/openl2tp.so -#usr/lib/pppd/2.4.9/passprompt.so -#usr/lib/pppd/2.4.9/passwordfd.so -#usr/lib/pppd/2.4.9/pppoatm.so -#usr/lib/pppd/2.4.9/pppoe.so -#usr/lib/pppd/2.4.9/pppol2tp.so -#usr/lib/pppd/2.4.9/radattr.so -#usr/lib/pppd/2.4.9/radius.so -#usr/lib/pppd/2.4.9/radrealms.so -#usr/lib/pppd/2.4.9/rp-pppoe.so -#usr/lib/pppd/2.4.9/winbind.so +usr/lib/pppd/2.4.9/minconn.so +usr/lib/pppd/2.4.9/openl2tp.so +usr/lib/pppd/2.4.9/passprompt.so +usr/lib/pppd/2.4.9/passwordfd.so +usr/lib/pppd/2.4.9/pppoatm.so +usr/lib/pppd/2.4.9/pppoe.so +usr/lib/pppd/2.4.9/pppol2tp.so +usr/lib/pppd/2.4.9/radattr.so +usr/lib/pppd/2.4.9/radius.so +usr/lib/pppd/2.4.9/radrealms.so +usr/lib/pppd/2.4.9/rp-pppoe.so +usr/lib/pppd/2.4.9/winbind.so usr/sbin/chat usr/sbin/pppd usr/sbin/pppdump diff --git a/config/rootfiles/core/157/filelists/backup b/config/rootfiles/core/157/filelists/backup new file mode 120000 index 000000000..38e28a8b4 --- /dev/null +++ b/config/rootfiles/core/157/filelists/backup @@ -0,0 +1 @@ +../../../common/backup \ No newline at end of file diff --git a/config/rootfiles/core/157/update.sh b/config/rootfiles/core/157/update.sh index ce7b6f5bf..94b10723f 100644 --- a/config/rootfiles/core/157/update.sh +++ b/config/rootfiles/core/157/update.sh @@ -97,6 +97,9 @@ extract_files # update linker config ldconfig
+# Apply local configuration to sshd_config +/usr/local/bin/sshctrl + # Update Language cache /usr/local/bin/update-lang-cache
@@ -121,6 +124,10 @@ rm -f \ /usr/lib/dma-mbox-create \ /usr/lib/openssh/ssh-keysign
+# Delete orphaned pppd 2.4.8 shared object files +rm -rf \ + /usr/lib/pppd/2.4.8/ + # Start services /etc/init.d/sshd restart /etc/init.d/apache restart diff --git a/config/rootfiles/packages/icinga b/config/rootfiles/packages/icinga index f81ba9db2..000be6346 100644 --- a/config/rootfiles/packages/icinga +++ b/config/rootfiles/packages/icinga @@ -25,7 +25,7 @@ usr/bin/icinga usr/bin/icingastats #usr/lib/icinga usr/lib/icinga/p1.pl -usr/lib/nagios/plugins/eventhandlers +#usr/lib/nagios/plugins/eventhandlers #usr/lib/nagios/plugins/eventhandlers/disable_active_service_checks #usr/lib/nagios/plugins/eventhandlers/disable_notifications #usr/lib/nagios/plugins/eventhandlers/distributed-monitoring diff --git a/lfs/icinga b/lfs/icinga index 6534722ac..456f66388 100644 --- a/lfs/icinga +++ b/lfs/icinga @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = icinga -PAK_VER = 4 +PAK_VER = 5
DEPS = nagios-plugins
diff --git a/lfs/nagios-plugins b/lfs/nagios-plugins index d35a94bbe..cdf1910b0 100644 --- a/lfs/nagios-plugins +++ b/lfs/nagios-plugins @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = nagios-plugins -PAK_VER = 5 +PAK_VER = 6
DEPS =
@@ -92,4 +92,11 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) # Prevent Nagios plugins from being owned (and hence writeable) by "nobody" chown root:root -R /usr/lib/nagios/plugins
+ # Unfortunately, some of these plugins need the SUID bit to do their work properly + chmod +s \ + /usr/lib/nagios/plugins/check_dhcp \ + /usr/lib/nagios/plugins/check_icmp \ + /usr/lib/nagios/plugins/check_ide_smart \ + /usr/lib/nagios/plugins/check_ping + @$(POSTBUILD)
hooks/post-receive -- IPFire 2.x development tree