This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, master has been updated via e2f8251726f7b4b567021a8631f153e014442f0c (commit) via 1159f711c8676d63ce9e2d100790031385eb01e3 (commit) via 1cd62a8d3dd6b340adb2208761f46d2d0de8f672 (commit) via c3afb9c65d4e9108db64cf8f3fc2e234e846380e (commit) via 3a4a8b055b56e22d9176486ce77abb1e26a0647e (commit) via 4b8f1ffb319303c1f70bcaa987803ddb328a6e94 (commit) via 80a474183e6c730da89e96a3d7719534c252a06b (commit) via f62bd2742cdfd2d2af8c6b77a526e6fe92f2d27b (commit) via afc0f6e8849c6b9bed5005a05c8c4a526b63e06d (commit) via de5627819ba5b7381b446606512eb7b4793fca88 (commit) via e73a5ce77a518e1c83bab5e59702b76f2b80d655 (commit) via 65a61d88c8a9d73c3315f4ea07a0d5f714ceb2d4 (commit) via 9a300ee8b5d142f1b3d7a47be64be03151493067 (commit) via 6a5b83f80d4f0ad34597b46e90d4dfbc567de4a0 (commit) via dcb6493a0cc32211c713615465ddf39bc3c1916f (commit) via a27c40a05bda1e3dc64954c0550ec32bc84c6763 (commit) via 3b8ad4fde998ada617708a1c175e0039dd75194a (commit) via dadee76d7be1b5f1d1ab9c100e8e4e4929aea3ff (commit) via 5cbfa0140c0f97e077957e351c1fbfd943ed3450 (commit) via a11aaa91b36761f07f05db5cc1a3efd27cf0bf88 (commit) via f617f21cc0661a74e452d61d299742b4634eef99 (commit) via efd9c5ffb45579b4ff3c323f1f19689caa8fe50a (commit) via 8651c94e9a03116fcb9d4226b1457c4307a9dee7 (commit) via 8afd763e702fc1e711e5544ab4246ec1b59ea7cb (commit) via 65c61b574f9f4e461418b26fa0f5e3780c1a019a (commit) via 7f218a58ba2537d04dd3a661f0a57f55fe8484b1 (commit) via 06f261cfb973edfc4b633afdd8060d001076aa99 (commit) via 2daa1f5bb230cff536067280545dff60f2fecaa8 (commit) via 2d17c6e6b8d6b0f8bb9711ead293e3f6abc73ede (commit) via 1cc653239fd4d1a8c589082ea6706d76de9dd55a (commit) via c880c2cb8a922bb1132871dad96e079b7b98442b (commit) via 62fd0e6fc7c946f2c9f11d34062c555d95e8a272 (commit) via c232e3489ada10b19ca00f675f2e7a930e9164a5 (commit) via 97849142bd882820c336bec357b62381cae8a5c4 (commit) via 7edbe063742d0c65e2f229dc366da8b18ea41482 (commit) via 891ba055f2ece97941bfe3801ec4e33114b583d1 (commit) via af6856afc470656283347c86106c76d4ba3a6f49 (commit) via 52958991040571d3154345612c6adc38b31973bb (commit) via d5305379985e5f33a5639a7f4ebb8fa5ab48290f (commit) via 723648ac92c18e9b8e43ccc138fab9c0c1224f54 (commit) via b5f7d90327dc8ecc346bac6f758d752d2b510e78 (commit) via eff1feb8c7d4ed98d24ed2119dbee8da3185ec05 (commit) via b1597f879c0e897c7bf9fdb256d178857055c61e (commit) via 6a153ecdaca6ea9a04d69ba7790e88e44479eca2 (commit) via 922ddf0ef64d977422653d4346f57a9f71c6ea4e (commit) via bfb860ceb797fd9e74601f0accdf5d87193f78c0 (commit) via 28981fac68e0c86dbdb2faf0bde1fd3d538fb50f (commit) via 36dbcf2e43d77678cfe96ee8f58f01dc0c33f69c (commit) via c973d6da105f1e83423ee8d66b25a934262b069d (commit) via 473c7257215a905d6eac7fe892b46038f534737b (commit) via 4a7fc9f6349f56d8f0409a1cbb3df693944a2810 (commit) via 96655fa6b7712d586d9ce6a11e7b2f2c47ea2c7d (commit) via f8c3bfe050776a702c0f7134d21e07569a2b8d50 (commit) via a35a066845d17c5cc1ebc03bb9f01e844ea20689 (commit) via 06ff7e28d7993d02be4e4a87bfc959b3bb375346 (commit) via 7899718f04b1a7e1288c12a49444f3e0312214d9 (commit) via a67b3e2dc53d24c7a25c4f053c4ae2e6368da1b0 (commit) via 26fcd31e1f68e279c6882e9d1998f3079cc4be19 (commit) via d2fea55e0930cdc2715855297734dd65857718fb (commit) via 1d5702a7c3e4de0700d08c2e45a1a2891f777fa9 (commit) via 5f462919d9fe730aaca4e0a0e1751df9a3b7d936 (commit) via 8b8413e566334bfdb62776d31427cfb1162e4a36 (commit) via 7f7285911c65776b061a9a2df018fec66eef064c (commit) via 01dbccb11e113497809d74356d2d3467982a5681 (commit) via 0c265f57175644c55431490a2aa10b860eabc26d (commit) via de2ee80d4ffb0d3d6a219223d1a2e0c85e6ad8c9 (commit) via 5a53d5947d29a65240a9a60e10101bc567638f0f (commit) via bde891d1b133a8a28d487cf163ff639d989f6d9a (commit) via c5c12c9c81bd8ef085a5453fe39e53df100915c3 (commit) via 0eccc8a97c59a3ad86c9370f4cfd844e63da8d2e (commit) via 24159f095246659fed4bb581384fa91784d3359e (commit) via c48a24dc14da1322dae72511c3e4c021602cf005 (commit) via f00699e8bb9f820f1be200a40d987b749cd278dd (commit) via 5261a13d3c2f5bec97c837713720c98a3a4c161b (commit) via 3b7d73d1d40b11b1eaf2ae48ebd22ef4cb587ff1 (commit) via 71f578bbfc43b5cf5b6480f00ca4536bd4155143 (commit) via ccb35c191fe91611a8bb8d755acddccd5f803051 (commit) via d4641215c788c54c36a7e3b3c056a1f4566af513 (commit) via 5fb41958ce9ca71f4eee6d71f932de5a696b6e54 (commit) via 25bb3677e9090d05aa64abdbaad97ae1efae3af2 (commit) via 035e2b4a9b843601b0af484d37c91fc3048f0ab7 (commit) via 10f8c6f421e0d635dfa303b71b7e7a2cb1694424 (commit) via fb686fdef34743853f618d0b816a8e678c7c8540 (commit) via f5194e7a38d63fc9769dbd35eb1941a49ff716b3 (commit) via eb03f0178286ba0c049f4ef15b47d7e9ca60cc75 (commit) via b61fe3f404035488e051929336d2b5159c8cb313 (commit) via 19a4317093718fc057d1a84d577593aaaee5c42e (commit) via aa3ff233c2895c0f0aa32d957e7403b108e9fb2b (commit) via 602696704cb13d91c87f99fd54e891040418540b (commit) via c11dfb92959d60cb73092c8a740c7eabe03a09e0 (commit) via 2a53bafffe1313eec256e5466924f35d8976532d (commit) via 6ec0831ae9716497276e33c4bef3dc4500d75d9e (commit) via 2249bb1d52f36a69aad36384e60de4a4c63b0fda (commit) via 04251def7f2a4f823ce5384298eb85c09676fb79 (commit) via cc97d7b417a44749be1568478173b799a7dc5ff9 (commit) via a4fdc176429a03fb47f851a9767c93f8b3a19259 (commit) via 754efda13126e16c951f4051df6cfc9926fca490 (commit) via afc14499a725d2d7d6f363d6859492dc74b3300b (commit) via d0d869b022b7cc1f103227579c9175d9b2bd167b (commit) via 7959134a5564345adb1f16b42cf3d7666be9aa42 (commit) via 913a442a2aad8f359462d2dbaa8f29a69ed3ebd6 (commit) via 795147c7d97b5fc691c6528bb5754f2b917a49c7 (commit) via 484e62046ee462af0c102a131b0c7d47ae7f33e8 (commit) via 01e38218c9193c9747ae9fca2a48345ff262af9e (commit) via dc2e0320d3bfdaf0f2c51f6ed7297c3140806482 (commit) via a3cab8134a87712723a5a4a76e0e5deee4b02864 (commit) via f7029f205713edc6f523c58685e2f420b5d2852e (commit) via fee796dcb761b70911644311e7dba98f7727cb79 (commit) via b1e8c4b521d8b8759c63985812f17d7c23ffe753 (commit) via 60ef4f6704c5a0cc2d971dccc90f81d4f0a051ce (commit) via 312ba20037df7db21abaeb4fcf5ee687d9c90dbe (commit) via 59232d72251e46011b92501b7538bfe24e869ffa (commit) via 96aeacd808bbde03997e7d699bed16605095c8a8 (commit) via 5cc7ae0926454f93998f7c25b931dae7eec0539d (commit) via 1dd61e0594e92155642039d3229e1505f8aea937 (commit) via 0204a3c5bff8b22c880b2fb181814a25c2c3e3b9 (commit) via 4787315b6e67b486e813292d45402ee3890a3e7b (commit) via 1bddfa5abf7a970bb6a1df90271bc6e2c67154a5 (commit) via e6fd1f2d3876aae2c37051fce718f68712fdee4a (commit) via 77d989a66726dfe8282d00eec25f1cca80aca118 (commit) via 6c2720cac6c4d807e7608d10d15349854714a8e0 (commit) via 6ce32b1d84a539bae4503fbfe0cb043edb919265 (commit) via 51f69a46533e2ed7a9c29de23b9ec791d27cc80b (commit) via 2e45b1125bc54f5376b57905541cd1309364579a (commit) via 44285d92a297f27310b3bf4de3d5c0af15a82462 (commit) via e072f094e6fcb20a718caaef91ba9766258e2377 (commit) via 6118218c192bdd0a957e787114190bfc9c440da0 (commit) via b6c0145236385bcef7b3fa016f2884f64a2bc9f0 (commit) via 3a376d999ecf485803c270e3d9d6f767c0378ba9 (commit) via 5a5e5f04a7cb2a6c39be2a53205d42b99ab80885 (commit) via 00c2bfe89b236ebbd0306d19965c9087b3aaf485 (commit) via cf074eb256e1254f3463f62d3e1893cca56ca2ff (commit) from 2b47cc27e3fbb6478a8729bc3c8fcffa7df3538a (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit e2f8251726f7b4b567021a8631f153e014442f0c Merge: 1159f71 2b47cc2 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sat Aug 6 12:11:46 2016 +0200
Merge remote-tracking branch 'origin/master' into next
-----------------------------------------------------------------------
Summary of changes: config/backup/includes/freeradius | 1 + config/backup/includes/guardian | 4 + config/backup/includes/libvirt | 1 + config/backup/includes/nginx | 2 +- config/collectd/collectd.conf | 6 +- config/fwhosts/customservices | 2 + config/guardian/guardian.conf | 33 - config/guardian/guardian.logrotate | 12 + config/guardian/guardian.pl | 431 -------- config/guardian/guardian_block.sh | 12 - config/guardian/guardian_unblock.sh | 10 - config/httpd/global.conf | 3 + .../kernel/kernel.config.armv5tel-ipfire-kirkwood | 4 +- config/kernel/kernel.config.armv5tel-ipfire-multi | 9 +- config/kernel/kernel.config.armv5tel-ipfire-rpi | 2 +- config/kernel/kernel.config.i586-ipfire | 8 +- config/kernel/kernel.config.i586-ipfire-pae | 8 +- config/kernel/kernel.config.x86_64-ipfire | 8 +- config/menu/EX-guardian.menu | 6 + config/qemu/65-kvm.rules | 2 + config/rootfiles/common/acl | 90 +- config/rootfiles/common/armv5tel/initscripts | 3 + config/rootfiles/common/armv5tel/linux-kirkwood | 1 + config/rootfiles/common/armv5tel/linux-multi | 1 + config/rootfiles/common/configroot | 1 + config/rootfiles/common/curl | 3 + config/rootfiles/common/i586/acpid | 12 +- config/rootfiles/common/i586/initscripts | 3 + config/rootfiles/common/i586/linux | 1 + config/rootfiles/common/libarchive | 6 +- config/rootfiles/common/libcap | 4 +- config/rootfiles/common/linux-atm | 1 + config/rootfiles/common/pcre | 146 +-- config/rootfiles/common/popt | 3 +- config/rootfiles/common/shadow | 98 +- config/rootfiles/common/snort | 3 +- config/rootfiles/common/web-user-interface | 1 + config/rootfiles/common/which | 4 +- config/rootfiles/common/x86_64/acpid | 12 +- config/rootfiles/common/x86_64/initscripts | 3 + config/rootfiles/common/x86_64/linux | 1 + config/rootfiles/core/{103 => 104}/exclude | 0 .../{oldcore/44 => core/104}/filelists/acl | 0 .../104}/filelists/armv5tel/linux-kirkwood | 0 .../95 => core/104}/filelists/armv5tel/linux-multi | 0 .../95 => core/104}/filelists/armv5tel/linux-rpi | 0 config/rootfiles/core/{103 => 104}/filelists/curl | 0 .../{oldcore/95 => core/104}/filelists/ddns | 0 .../rootfiles/core/{103 => 104}/filelists/dnsmasq | 0 config/rootfiles/core/104/filelists/files | 14 + .../{oldcore/90 => core/104}/filelists/i586/acpid | 0 .../{oldcore/95 => core/104}/filelists/i586/linux | 0 .../{oldcore/90 => core/104}/filelists/iputils | 0 config/rootfiles/core/104/filelists/libarchive | 1 + .../{oldcore/89 => core/104}/filelists/libcap | 0 .../{oldcore/96 => core/104}/filelists/ntp | 0 .../{oldcore/99 => core/104}/filelists/openssh | 0 .../{oldcore/94 => core/104}/filelists/pcre | 0 .../{oldcore/66 => core/104}/filelists/popt | 0 .../{oldcore/89 => core/104}/filelists/screen | 0 .../{oldcore/66 => core/104}/filelists/shadow | 0 .../{oldcore/95 => core/104}/filelists/snort | 0 .../{oldcore/89 => core/104}/filelists/wget | 0 config/rootfiles/core/104/filelists/which | 1 + config/rootfiles/core/104/filelists/x86_64/acpid | 1 + .../95 => core/104}/filelists/x86_64/linux | 0 config/rootfiles/core/{103 => 104}/meta | 0 config/rootfiles/core/104/update.sh | 259 +++++ config/rootfiles/oldcore/{102 => 103}/exclude | 0 .../{core => oldcore}/103/filelists/coreutils | 0 .../rootfiles/oldcore/{96 => 103}/filelists/curl | 0 .../{core => oldcore}/103/filelists/diffutils | 0 .../oldcore/{96 => 103}/filelists/dnsmasq | 0 .../{core => oldcore}/103/filelists/files | 0 .../{core => oldcore}/103/filelists/findutils | 0 .../rootfiles/{core => oldcore}/103/filelists/gawk | 0 .../{core => oldcore}/103/filelists/gettext | 0 .../rootfiles/{core => oldcore}/103/filelists/grep | 0 .../rootfiles/{core => oldcore}/103/filelists/less | 0 .../{core => oldcore}/103/filelists/ncurses | 0 .../{core => oldcore}/103/filelists/ncurses-compat | 0 .../{core => oldcore}/103/filelists/procps | 0 .../{core => oldcore}/103/filelists/sdparm | 0 .../{core => oldcore}/103/filelists/squid | 0 .../{core => oldcore}/103/filelists/tzdata | 0 .../{core => oldcore}/103/filelists/wpa_supplicant | 0 config/rootfiles/oldcore/{99 => 103}/meta | 0 config/rootfiles/{core => oldcore}/103/update.sh | 0 config/rootfiles/packages/freeradius | 901 ++++++++++++++++ config/rootfiles/packages/guardian | 25 +- config/rootfiles/packages/libtiff | 310 +++--- config/rootfiles/packages/libvirt | 15 +- config/rootfiles/packages/linux-pae | 1 + config/rootfiles/packages/nano | 1 + config/rootfiles/packages/nginx | 1 + config/rootfiles/packages/perl-Net-IP | 6 + config/rootfiles/packages/perl-common-sense | 7 + config/rootfiles/packages/perl-inotify2 | 8 + config/rootfiles/packages/qemu | 6 +- config/rootfiles/packages/spice | 2 +- config/updxlrator/download | 2 +- doc/language_issues.de | 6 +- doc/language_issues.en | 8 +- doc/language_issues.es | 32 + doc/language_issues.fr | 32 + doc/language_issues.it | 32 + doc/language_issues.nl | 32 + doc/language_issues.pl | 32 + doc/language_issues.ru | 32 + doc/language_issues.tr | 32 +- doc/language_missings | 88 ++ html/cgi-bin/guardian.cgi | 1129 ++++++++++++++++++++ html/cgi-bin/ids.cgi | 75 +- html/cgi-bin/logs.cgi/log.dat | 6 +- html/cgi-bin/proxy.cgi | 8 +- html/cgi-bin/tor.cgi | 10 +- html/html/themes/ipfire/include/functions.pl | 4 +- .../themes/ipfire/include/js/refreshInetInfo.js | 2 +- langs/de/cgi-bin/de.pl | 36 +- langs/en/cgi-bin/en.pl | 60 +- langs/es/cgi-bin/es.pl | 2 +- langs/fr/cgi-bin/fr.pl | 2 +- langs/it/cgi-bin/it.pl | 2 +- langs/nl/cgi-bin/nl.pl | 2 +- langs/pl/cgi-bin/pl.pl | 2 +- langs/ru/cgi-bin/ru.pl | 2 +- lfs/7zip | 6 +- lfs/acl | 17 +- lfs/acpid | 9 +- lfs/backports | 5 + lfs/curl | 10 +- lfs/ddns | 4 +- lfs/dnsmasq | 12 + lfs/foomatic | 2 +- lfs/{ntp => freeradius} | 82 +- lfs/guardian | 75 +- lfs/htop | 6 +- lfs/iputils | 8 +- lfs/libarchive | 12 +- lfs/libcap | 15 +- lfs/libtiff | 6 +- lfs/libvirt | 6 +- lfs/linux | 18 +- lfs/nano | 8 +- lfs/nginx | 23 +- lfs/ntp | 4 +- lfs/openssh | 4 +- lfs/pcre | 17 +- lfs/{htop => perl-Net-IP} | 23 +- lfs/{htop => perl-common-sense} | 23 +- lfs/{libarchive => perl-inotify2} | 24 +- lfs/popt | 7 +- lfs/qemu | 10 +- lfs/sane | 2 +- lfs/shadow | 23 +- lfs/snort | 6 +- lfs/spandsp | 2 +- lfs/spice | 6 +- lfs/spice-protocol | 6 +- lfs/wget | 6 +- lfs/which | 6 +- make.sh | 8 +- src/initscripts/init.d/freeradius | 46 + src/initscripts/init.d/guardian | 56 + .../init.d/networking/red.up/35-guardian | 3 + src/initscripts/init.d/snort | 20 +- src/pakfire/lib/functions.sh | 4 +- src/paks/{qemu => freeradius}/install.sh | 14 +- src/paks/{nginx => freeradius}/uninstall.sh | 3 +- src/paks/{xinetd => freeradius}/update.sh | 0 src/paks/libvirt/install.sh | 24 +- src/paks/libvirt/uninstall.sh | 6 +- src/paks/nginx/uninstall.sh | 1 + src/paks/qemu/install.sh | 2 + src/patches/arm-multi-grsec-compile-fixes.patch | 19 +- .../backports-4.2.6-1-add_usbnet_modules.patch | 87 +- .../backports/backports-linux-upstream-1.patch | 60 ++ .../backports/backports-linux-upstream-2.patch | 43 + .../backports/backports-linux-upstream-3.patch | 53 + ...q-Add-support-to-read-ISC-DHCP-lease-file.patch | 6 +- ...late_length_of_TFTP_error_reply_correctly.patch | 65 ++ .../dnsmasq/002-Zero_newly_malloc_ed_memory.patch | 36 + .../003-Check_return_of_expand_always.patch | 44 + .../004-Fix_editing_error_on_man_page.patch | 40 + src/patches/dnsmasq/005-Manpage_typo.patch | 25 + ...aviour_with_some_DHCP_option_arrangements.patch | 49 + ...007-Fix_logic_error_in_Linux_netlink_code.patch | 55 + .../008-Fix_problem_with_--dnssec-timestamp.patch | 93 ++ .../009-malloc_memset_calloc_for_efficiency.patch | 46 + ...put_to_reduce_risk_of_information_leakage.patch | 169 +++ ...on_transmission_in_case_of_retransmission.patch | 54 + ...n_buffer_sizes_for_leasefile_parsing_code.patch | 103 ++ ...hange-options-in-libvirtd.conf-for-IPFire.patch | 43 + src/patches/p7zip/CVE-2016-2334.patch | 24 + src/patches/p7zip/CVE-2016-2335.patch | 17 + .../shadow-4.2.1-SHA512_password_hashing.patch | 38 + ...dow-4.2.1-suppress_installation_of_groups.patch | 446 ++++++++ 197 files changed, 5240 insertions(+), 1245 deletions(-) create mode 100644 config/backup/includes/freeradius create mode 100644 config/backup/includes/guardian create mode 100644 config/backup/includes/libvirt delete mode 100644 config/guardian/guardian.conf create mode 100644 config/guardian/guardian.logrotate delete mode 100644 config/guardian/guardian.pl delete mode 100644 config/guardian/guardian_block.sh delete mode 100644 config/guardian/guardian_unblock.sh create mode 100644 config/menu/EX-guardian.menu create mode 100644 config/qemu/65-kvm.rules rename config/rootfiles/core/{103 => 104}/exclude (100%) copy config/rootfiles/{oldcore/44 => core/104}/filelists/acl (100%) copy config/rootfiles/{oldcore/95 => core/104}/filelists/armv5tel/linux-kirkwood (100%) copy config/rootfiles/{oldcore/95 => core/104}/filelists/armv5tel/linux-multi (100%) copy config/rootfiles/{oldcore/95 => core/104}/filelists/armv5tel/linux-rpi (100%) rename config/rootfiles/core/{103 => 104}/filelists/curl (100%) copy config/rootfiles/{oldcore/95 => core/104}/filelists/ddns (100%) rename config/rootfiles/core/{103 => 104}/filelists/dnsmasq (100%) create mode 100644 config/rootfiles/core/104/filelists/files copy config/rootfiles/{oldcore/90 => core/104}/filelists/i586/acpid (100%) copy config/rootfiles/{oldcore/95 => core/104}/filelists/i586/linux (100%) copy config/rootfiles/{oldcore/90 => core/104}/filelists/iputils (100%) create mode 120000 config/rootfiles/core/104/filelists/libarchive copy config/rootfiles/{oldcore/89 => core/104}/filelists/libcap (100%) copy config/rootfiles/{oldcore/96 => core/104}/filelists/ntp (100%) copy config/rootfiles/{oldcore/99 => core/104}/filelists/openssh (100%) copy config/rootfiles/{oldcore/94 => core/104}/filelists/pcre (100%) copy config/rootfiles/{oldcore/66 => core/104}/filelists/popt (100%) copy config/rootfiles/{oldcore/89 => core/104}/filelists/screen (100%) copy config/rootfiles/{oldcore/66 => core/104}/filelists/shadow (100%) copy config/rootfiles/{oldcore/95 => core/104}/filelists/snort (100%) copy config/rootfiles/{oldcore/89 => core/104}/filelists/wget (100%) create mode 120000 config/rootfiles/core/104/filelists/which create mode 120000 config/rootfiles/core/104/filelists/x86_64/acpid copy config/rootfiles/{oldcore/95 => core/104}/filelists/x86_64/linux (100%) rename config/rootfiles/core/{103 => 104}/meta (100%) create mode 100644 config/rootfiles/core/104/update.sh copy config/rootfiles/oldcore/{102 => 103}/exclude (100%) rename config/rootfiles/{core => oldcore}/103/filelists/coreutils (100%) copy config/rootfiles/oldcore/{96 => 103}/filelists/curl (100%) rename config/rootfiles/{core => oldcore}/103/filelists/diffutils (100%) copy config/rootfiles/oldcore/{96 => 103}/filelists/dnsmasq (100%) rename config/rootfiles/{core => oldcore}/103/filelists/files (100%) rename config/rootfiles/{core => oldcore}/103/filelists/findutils (100%) rename config/rootfiles/{core => oldcore}/103/filelists/gawk (100%) rename config/rootfiles/{core => oldcore}/103/filelists/gettext (100%) rename config/rootfiles/{core => oldcore}/103/filelists/grep (100%) rename config/rootfiles/{core => oldcore}/103/filelists/less (100%) rename config/rootfiles/{core => oldcore}/103/filelists/ncurses (100%) rename config/rootfiles/{core => oldcore}/103/filelists/ncurses-compat (100%) rename config/rootfiles/{core => oldcore}/103/filelists/procps (100%) rename config/rootfiles/{core => oldcore}/103/filelists/sdparm (100%) rename config/rootfiles/{core => oldcore}/103/filelists/squid (100%) rename config/rootfiles/{core => oldcore}/103/filelists/tzdata (100%) rename config/rootfiles/{core => oldcore}/103/filelists/wpa_supplicant (100%) copy config/rootfiles/oldcore/{99 => 103}/meta (100%) rename config/rootfiles/{core => oldcore}/103/update.sh (100%) create mode 100644 config/rootfiles/packages/freeradius create mode 100644 config/rootfiles/packages/perl-Net-IP create mode 100644 config/rootfiles/packages/perl-common-sense create mode 100644 config/rootfiles/packages/perl-inotify2 create mode 100644 html/cgi-bin/guardian.cgi copy lfs/{ntp => freeradius} (62%) copy lfs/{htop => perl-Net-IP} (89%) copy lfs/{htop => perl-common-sense} (89%) copy lfs/{libarchive => perl-inotify2} (89%) create mode 100644 src/initscripts/init.d/freeradius create mode 100755 src/initscripts/init.d/guardian create mode 100644 src/initscripts/init.d/networking/red.up/35-guardian copy src/paks/{qemu => freeradius}/install.sh (83%) copy src/paks/{nginx => freeradius}/uninstall.sh (97%) copy src/paks/{xinetd => freeradius}/update.sh (100%) create mode 100644 src/patches/backports/backports-linux-upstream-1.patch create mode 100644 src/patches/backports/backports-linux-upstream-2.patch create mode 100644 src/patches/backports/backports-linux-upstream-3.patch create mode 100644 src/patches/dnsmasq/001-Calculate_length_of_TFTP_error_reply_correctly.patch create mode 100644 src/patches/dnsmasq/002-Zero_newly_malloc_ed_memory.patch create mode 100644 src/patches/dnsmasq/003-Check_return_of_expand_always.patch create mode 100644 src/patches/dnsmasq/004-Fix_editing_error_on_man_page.patch create mode 100644 src/patches/dnsmasq/005-Manpage_typo.patch create mode 100644 src/patches/dnsmasq/006-Fix_bad_behaviour_with_some_DHCP_option_arrangements.patch create mode 100644 src/patches/dnsmasq/007-Fix_logic_error_in_Linux_netlink_code.patch create mode 100644 src/patches/dnsmasq/008-Fix_problem_with_--dnssec-timestamp.patch create mode 100644 src/patches/dnsmasq/009-malloc_memset_calloc_for_efficiency.patch create mode 100644 src/patches/dnsmasq/010-Zero_packet_buffers_before_building_output_to_reduce_risk_of_information_leakage.patch create mode 100644 src/patches/dnsmasq/011-Dont_reset_packet_length_on_transmission_in_case_of_retransmission.patch create mode 100644 src/patches/dnsmasq/012-Compile-time_check_on_buffer_sizes_for_leasefile_parsing_code.patch create mode 100644 src/patches/libvirt/0002-Change-options-in-libvirtd.conf-for-IPFire.patch create mode 100644 src/patches/p7zip/CVE-2016-2334.patch create mode 100644 src/patches/p7zip/CVE-2016-2335.patch create mode 100644 src/patches/shadow-4.2.1-SHA512_password_hashing.patch create mode 100644 src/patches/shadow-4.2.1-suppress_installation_of_groups.patch
Difference in files: diff --git a/config/backup/includes/freeradius b/config/backup/includes/freeradius new file mode 100644 index 0000000..21fae1c --- /dev/null +++ b/config/backup/includes/freeradius @@ -0,0 +1 @@ +/etc/raddb diff --git a/config/backup/includes/guardian b/config/backup/includes/guardian new file mode 100644 index 0000000..e5433f0 --- /dev/null +++ b/config/backup/includes/guardian @@ -0,0 +1,4 @@ +/var/ipfire/guardian/guardian.conf +/var/ipfire/guardian/guardian.ignore +/var/ipfire/guardian/settings +/var/ipfire/guardian/ignored diff --git a/config/backup/includes/libvirt b/config/backup/includes/libvirt new file mode 100644 index 0000000..2306999 --- /dev/null +++ b/config/backup/includes/libvirt @@ -0,0 +1 @@ +/etc/libvirt diff --git a/config/backup/includes/nginx b/config/backup/includes/nginx index db8e6ed..a367b8e 100644 --- a/config/backup/includes/nginx +++ b/config/backup/includes/nginx @@ -1 +1 @@ -/etc/nginx/nginx.conf +/etc/nginx diff --git a/config/collectd/collectd.conf b/config/collectd/collectd.conf index 384c943..486077a 100644 --- a/config/collectd/collectd.conf +++ b/config/collectd/collectd.conf @@ -34,9 +34,9 @@ include "/etc/collectd.precache"
<Plugin interface> Interface "lo" - Interface "ipsec1" - Interface "ipsec2" - Interface "ipsec3" + Interface "/[0-9]*phys$/" + Interface "/^macvtap[0-9]*$/" + Interface "/^vnet[0-9]*$/" IgnoreSelected true </Plugin>
diff --git a/config/fwhosts/customservices b/config/fwhosts/customservices index 9b25a72..529f14e 100644 --- a/config/fwhosts/customservices +++ b/config/fwhosts/customservices @@ -32,3 +32,5 @@ 34,DNS (TCP),53,TCP,,0 19,FTPS data,989,TCP,BLANK,0 5,SMTP,25,TCP,BLANK,0 +35,Submission (TCP),587,TCP,BLANK,0 +36,SSMTP,465,TCP,BLANK,0 diff --git a/config/guardian/guardian.conf b/config/guardian/guardian.conf deleted file mode 100644 index b1aa2e8..0000000 --- a/config/guardian/guardian.conf +++ /dev/null @@ -1,33 +0,0 @@ -# The machines IP address that is visable to the internet -# If this is left undefined, then guardian will attempt to get the information -# from ifconfig, as long as it has an interface to use. This would be useful -# for people on ppp links, or dhcp machines, or if you are lazy :) -# HostIpAddr - -# Here we define the interface which we will use to guess the IP address, and -# block incoming offending packets. This is the only option that is required -# for guardian to run. If the rest are undefined, guardian will use the default. -Interface ppp0 - -# The last octet of the ip address, which gives us the gateway address. -HostGatewayByte 1 - -# Guardian's log file -LogFile /var/log/guardian/guardian.log - -# Snort's alert file. This can be the snort.alert file, or a syslog file -# There might be some snort alerts that get logged to syslog which guardian -# might not see.. -AlertFile /var/log/snort/alert - -# The list of ip addresses to ignore -IgnoreFile /var/ipfire/guardian/guardian.ignore - -# This is a list of IP addresses on the current host, in case there is more -# than one. If this file doesn't exist, then it will assume you want to run -# with the default setup (machine's ip address, and broadcast/network). -TargetFile /var/ipfire/guardian/guardian.target - -# The time in seconds to keep a host blocked. If undefined, it defaults to -# 99999999, which basicly disables the feature. -TimeLimit 86400 diff --git a/config/guardian/guardian.logrotate b/config/guardian/guardian.logrotate new file mode 100644 index 0000000..42f4817 --- /dev/null +++ b/config/guardian/guardian.logrotate @@ -0,0 +1,12 @@ +lastaction + /usr/bin/guardianctrl logrotate &>/dev/null +endscript + +/var/log/guardian/guardian.log { + weekly + rotate 4 + copytruncate + compress + notifempty + missingok +} diff --git a/config/guardian/guardian.pl b/config/guardian/guardian.pl deleted file mode 100644 index 34546b7..0000000 --- a/config/guardian/guardian.pl +++ /dev/null @@ -1,431 +0,0 @@ -#!/usr/bin/perl -# based on V 1.7 guardian enhanced for IPFire and snort 2.8 -# Read the readme file for changes -# -# Enhanced for IPFire by IPFire Team -# Added Portscan detection for non syslog system -# Added SSH-Watch for SSH-Bruteforce Attacks -# An suppected IP will be blocked on all interfaces - -$OS=`uname`; -chomp $OS; -print "OS shows $OS\n"; - -require 'getopts.pl'; - -&Getopts ('hc:d'); -if (defined($opt_h)) { - print "Guardian v1.7 \n"; - print "guardian.pl [-hd] <-c config>\n"; - print " -h shows help\n"; - print " -d run in debug mode (doesn't fork, output goes to STDOUT)\n"; - print " -c specifiy a configuration file other than the default (/etc/guardian.conf)\n"; - exit; -} -&load_conf; -&sig_handler_setup; - -print "My ip address and interface are: $hostipaddr $interface\n"; - -if ($hostipaddr !~ /\d+.\d+.\d+.\d+/) { - print "This ip address is bad : $hostipaddr\n"; - die "I need a good host ipaddress\n"; -} - -$networkaddr = $hostipaddr; -$networkaddr =~ s/\d+$/0/; -$gatewayaddr = `cat /var/ipfire/red/remote-ipaddress 2>/dev/null`; -$broadcastaddr = $hostipaddr; -$broadcastaddr =~ s/\d+$/255/; -&build_ignore_hash; - -print "My gatewayaddess is: $gatewayaddr\n"; - -# This is the target hash. If a packet was destened to any of these, then the -# sender of that packet will get denied, unless it is on the ignore list.. - -%targethash = ( "$networkaddr" => 1, - "$broadcastaddr" => 1, - "0" => 1, # This is what gets sent to &checkem if no - # destination was found. - "$hostipaddr" => 1); - -&get_aliases; - -%sshhash = (); - -if ( -e $targetfile ) { - &load_targetfile; -} - -if (!defined($opt_d)) { - print "Becoming a daemon..\n"; - &daemonize; -} else { print "Running in debug mode..\n"; } - -open (ALERT, $alert_file) or die "can't open alert file: $alert_file: $!\n"; -seek (ALERT, 0, 2); # set the position to EOF. -# this is the same as a tail -f :) -$counter=0; -open (ALERT2, "/var/log/messages" ) or die "can't open /var/log/messages: $!\n"; -seek (ALERT2, 0, 2); # set the position to EOF. -# this is the same as a tail -f :) - -for (;;) { - sleep 1; - if (seek(ALERT,0,1)){ - while (<ALERT>) { - chop; - if (defined($opt_d)) { - print "$_\n"; - } - if (/[**]\s+(.*)\s+[**]/){ - $type=$1; - } - if (/(\d+.\d+.\d+.\d+):\d+ -> (\d+.\d+.\d+.\d+):\d+/) { - &checkem ($1, $2, $type); - } - if (/(\d+.\d+.\d+.\d+)+ -> (\d+.\d+.\d+.\d+)+/) { - &checkem ($1, $2, $type); - } - } - } - - sleep 1; - if (seek(ALERT2,0,1)){ - while (<ALERT2>) { - chop; - if ($_=~/.*sshd.*Failed password for .* from.*/) { - my @array=split(/ /,$_); - my $temp = ""; - if ( $array[11] eq "port" ) { - $temp = $array[10]; - } elsif ( $array[11] eq "from" ) { - $temp = $array[12]; - } else { - $temp = $array[11]; - } - &checkssh ($temp, "possible SSH-Bruteforce Attack");} - - # This should catch Bruteforce Attacks with enabled preauth - if ($_ =~ /.*sshd.*Received disconnect from (\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}):.*[preauth]/) { - &checkssh ($1, "possible SSH-Bruteforce Attack, failed preauth");} - } - } - -# Run this stuff every 30 seconds.. - if ($counter == 30) { - &remove_blocks; # This might get moved elsewhere, depending on how much load - # it puts on the system.. - &check_log_name; - $counter=0; - } else { - $counter=$counter+1; - } -} - -sub check_log_name { - my ($dev,$ino,$mode,$nlink,$uid,$gid,$rdev,$size, - $atime,$mtime,$ctime,$blksize,$blocks) = stat($alert_file); - if ($size < $previous_size) { # The filesize is smaller than last - close (ALERT); # we checked, so we need to reopen it - open (ALERT, "$alert_file"); # This should still work in our main while - $previous_size=$size; # loop (I hope) - write_log ("Log filename changed. Reopening $alert_file\n"); - } else { - $previous_size=$size; - } -} - - -sub checkem { - my ($source, $dest,$type) = @_; - my $flag=0; - - return 1 if ($source eq $hostipaddr); - # this should prevent is from nuking ourselves - - return 1 if ($source eq $gatewayaddr); # or our gateway - if ($ignore{$source} == 1) { # check our ignore list.. - &write_log("$source\t$type\n"); - &write_log("Ignoring attack because $source is in my ignore list\n"); - return 1; - } - -# if the offending packet was sent to us, the network, or the broadcast, then - if ($targethash{$dest} == 1) { - &ipchain ($source, $dest, $type); - } -# you will see this if the destination was not in the $targethash, and the -# packet was not ignored before the target check.. - else { - &write_log ("Odd.. source = $source, dest = $dest - No action done.\n"); - if (defined ($opt_d)) { - foreach $key (keys %targethash) { - &write_log ("targethash{$key} = $targethash{$key}\n"); - } - } - } -} - -sub checkssh { - my ($source,$type) = @_; - my $flag=0; - - return 1 if ($source eq $hostipaddr); - # this should prevent is from nuking ourselves - - return 1 if ($source eq $gatewayaddr); # or our gateway - - return 0 if ($sshhash{$source} > 4); # allready blocked - - if ( ($ignore{$source} == 1) ){ - &write_log("Ignoring attack because $source is in my ignore list\n"); - return 1; - } - - if ($sshhash{$source} == 4 ) { - &write_log ("source = $source, blocking for ssh attack.\n"); - &ipchain ($source, "", $type); - $sshhash{$source} = $sshhash{$source}+1; - return 0; - } - - if ($sshhash{$source} eq "" ){ - $sshhash{$source} = 1; - &write_log ("SSH Attack = $source, ssh count only $sshhash{$source} - No action done.\n"); - return 0; - } - - $sshhash{$source} = $sshhash{$source}+1; - &write_log ("SSH Attack = $source, ssh count only $sshhash{$source} - No action done.\n"); -} - -sub ipchain { - my ($source, $dest, $type) = @_; - &write_log ("$source\t$type\n"); - if ($hash{$source} eq "") { - &write_log ("Running '$blockpath $source $interface'\n"); - system ("$blockpath $source $interface"); - $hash{$source} = time() + $TimeLimit; - } else { -# We have already blocked this one, but snort detected another attack. So -# we should update the time blocked.. - $hash{$source} = time() + $TimeLimit; - } -} - -sub build_ignore_hash { -# This would cause is to ignore all broadcasts if it -# got set.. However if unset, then the attacker could spoof the packet to make -# it look like it came from the network, and a reply to the spoofed packet -# could be seen if the attacker were on the local network. -# $ignore{$networkaddr}=1; - -# same thing as above, just with the broadcast instead of the network. -# $ignore{$broadcastaddr}=1; - my $count =0; - $ignore{$gatewayaddr}=1; - $ignore{$hostipaddr}=1; - if ($ignorefile ne "") { - open (IGNORE, $ignorefile); - while (<IGNORE>) { - $_=~ s/\s+$//; - chomp; - next if (/#/); #skip comments - next if (/^\s*$/); # and blank lines - $ignore{$_}=1; - $count++; - } - close (IGNORE); - &write_log("Loaded $count addresses from $ignorefile\n"); - } else { - &write_log("No ignore file was loaded!\n"); - } -} - -sub load_conf { - if ($opt_c eq "") { - $opt_c = "/etc/guardian.conf"; - } - - if (! -e $opt_c) { - die "Need a configuration file.. please use to the -c option to name a configuration file\n"; - } - - open (CONF, $opt_c) or die "Cannot read the config file $opt_c, $!\n"; - while (<CONF>) { - chop; - next if (/^\s*$/); #skip blank lines - next if (/^#/); # skip comment lines - if (/LogFile\s+(.*)/) { - $logfile = $1; - } - if (/Interface\s+(.*)/) { - $interface = $1; - if ( $interface eq "" ) { - $interface = `cat /var/ipfire/ethernet/settings | grep RED_DEV | cut -d"=" -f2`; - } - } - if (/AlertFile\s+(.*)/) { - $alert_file = $1; - } - if (/IgnoreFile\s+(.*)/) { - $ignorefile = $1; - } - if (/TargetFile\s+(.*)/) { - $targetfile = $1; - } - if (/TimeLimit\s+(.*)/) { - $TimeLimit = $1; - } - if (/HostIpAddr\s+(.*)/) { - $hostipaddr = $1; - } - if (/HostGatewayByte\s+(.*)/) { - $hostgatewaybyte = $1; - } - } - - if ($alert_file eq "") { - print "Warning! AlertFile is undefined.. Assuming /var/log/snort.alert\n"; - $alert_file="/var/log/snort.alert"; - } - if ($hostipaddr eq "") { - print "Warning! HostIpAddr is undefined! Attempting to guess..\n"; - $hostipaddr = `cat /var/ipfire/red/local-ipaddress`; - print "Got it.. your HostIpAddr is $hostipaddr\n"; - } - if ($ignorefile eq "") { - print "Warning! IgnoreFile is undefined.. going with default ignore list (hostname and gateway)!\n"; - } - if ($hostgatewaybyte eq "") { - print "Warning! HostGatewayByte is undefined.. gateway will not be in ignore list!\n"; - } - if ($logfile eq "") { - print "Warning! LogFile is undefined.. Assuming debug mode, output to STDOUT\n"; - $opt_d = 1; - } - if (! -w $logfile) { - print "Warning! Logfile is not writeable! Engaging debug mode, output to STDOUT\n"; - $opt_d = 1; - } - - foreach $mypath (split (/:/, $ENV{PATH})) { - if (-x "$mypath/guardian_block.sh") { - $blockpath = "$mypath/guardian_block.sh"; - } - if (-x "$mypath/guardian_unblock.sh") { - $unblockpath = "$mypath/guardian_unblock.sh"; - } - } - - if ($blockpath eq "") { - print "Error! Could not find guardian_block.sh. Please consult the README. \n"; - exit; - } - if ($unblockpath eq "") { - print "Warning! Could not find guardian_unblock.sh. Guardian will not be\n"; - print "able to remove blocked ip addresses. Please consult the README file\n"; - } - if ($TimeLimit eq "") { - print "Warning! Time limit not defined. Defaulting to absurdly long time limit\n"; - $TimeLimit = 999999999; - } -} - -sub write_log { - my $message = $_[0]; - my $date = localtime(); - if (defined($opt_d)) { # we are in debug mode, and not daemonized - print STDOUT $message; - } else { - open (LOG, ">>$logfile"); - print LOG $date.": ".$message; - close (LOG); - } -} - -sub daemonize { - my ($home); - if (fork()) { -# parent - exit(0); - } else { -# child - &write_log ("Guardian process id $$\n"); - $home = (getpwuid($>))[7] || die "No home directory!\n"; - chdir($home); # go to my homedir - setpgrp(0,0); # become process leader - close(STDOUT); - close(STDIN); - close(STDERR); - print "Testing...\n"; - } -} - -sub sig_handler_setup { - $SIG{INT} = &clean_up_and_exit; # kill -2 - $SIG{TERM} = &clean_up_and_exit; # kill -9 - $SIG{QUIT} = &clean_up_and_exit; # kill -3 -# $SIG{HUP} = &flush_and_reload; # kill -1 -} - -sub remove_blocks { - my $source; - my $time = time(); - foreach $source (keys %hash) { - if ($hash{$source} < $time) { - &call_unblock ($source, "expiring block of $source\n"); - delete ($hash{$source}); - } - } -} - -sub call_unblock { - my ($source, $message) = @_; - &write_log ("$message"); - system ("$unblockpath $source $interface"); -} - -sub clean_up_and_exit { - my $source; - &write_log ("received kill sig.. shutting down\n"); - foreach $source (keys %hash) { - &call_unblock ($source, "removing $source for shutdown\n"); - } - exit; -} - -sub load_targetfile { - my $count = 0; - open (TARG, "$targetfile") or die "Cannot open $targetfile\n"; - while (<TARG>) { - chop; - next if (/#/); #skip comments - next if (/^\s*$/); # and blank lines - $targethash{$_}=1; - $count++; - } - close (TARG); - print "Loaded $count addresses from $targetfile\n"; -} - -sub get_aliases { - my $ip; - print "Scanning for aliases on $interface and add them to the target hash..."; - - open (IFCONFIG, "/sbin/ip addr show $interface |"); - my @lines = <IFCONFIG>; - close(IFCONFIG); - - foreach $line (@lines) { - if ( $line =~ /inet (\d+.\d+.\d+.\d+)/) { - $ip = $1; - print " got $ip on $interface ... "; - $targethash{'$ip'} = "1"; - } - } - - print "done \n"; -} diff --git a/config/guardian/guardian_block.sh b/config/guardian/guardian_block.sh deleted file mode 100644 index a8331fa..0000000 --- a/config/guardian/guardian_block.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/sh - -# this is a sample block script for guardian. This should work with ipchains. -# This command gets called by guardian as such: -# guardian_block.sh <source_ip> <interface> -# and the script will issue a command to block all traffic from that source ip -# address. The logic of weither or not it is safe to block that address is -# done inside guardian itself. -source=$1 -interface=$2 - -/sbin/iptables -I GUARDIAN -s $source -i $interface -j DROP diff --git a/config/guardian/guardian_unblock.sh b/config/guardian/guardian_unblock.sh deleted file mode 100644 index 315d771..0000000 --- a/config/guardian/guardian_unblock.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/sh - -# this is a sample unblock script for guardian. This should work with ipchains. -# This command gets called by guardian as such: -# unblock.sh <source_ip> <interface> -# and the script will issue a command to remove the block that was created with # block.sh address. -source=$1 -interface=$2 - -/sbin/iptables -D GUARDIAN -s $source -i $interface -j DROP diff --git a/config/httpd/global.conf b/config/httpd/global.conf index 3fbd5e2..6cc69b5 100644 --- a/config/httpd/global.conf +++ b/config/httpd/global.conf @@ -8,3 +8,6 @@ Include /etc/httpd/conf/hostname.conf HostnameLookups off AddHandler cgi-script .cgi EnableSendfile Off + +# Always unset HTTP_PROXY variable, https://httpoxy.org +RequestHeader unset Proxy early diff --git a/config/kernel/kernel.config.armv5tel-ipfire-kirkwood b/config/kernel/kernel.config.armv5tel-ipfire-kirkwood index 91f90c6..4b53732 100644 --- a/config/kernel/kernel.config.armv5tel-ipfire-kirkwood +++ b/config/kernel/kernel.config.armv5tel-ipfire-kirkwood @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/arm 3.14.64 Kernel Configuration +# Linux/arm 3.14.73 Kernel Configuration # CONFIG_ARM=y CONFIG_SYS_SUPPORTS_APM_EMULATION=y @@ -1390,7 +1390,7 @@ CONFIG_HP_ILO=m # CONFIG_SENSORS_APDS990X is not set # CONFIG_HMC6352 is not set CONFIG_DS1682=m -CONFIG_BMP085=y +CONFIG_BMP085=m CONFIG_BMP085_I2C=m CONFIG_PCH_PHUB=m CONFIG_USB_SWITCH_FSA9480=m diff --git a/config/kernel/kernel.config.armv5tel-ipfire-multi b/config/kernel/kernel.config.armv5tel-ipfire-multi index 0bb4a76..0a380c9 100644 --- a/config/kernel/kernel.config.armv5tel-ipfire-multi +++ b/config/kernel/kernel.config.armv5tel-ipfire-multi @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/arm 3.14.64 Kernel Configuration +# Linux/arm 3.14.73 Kernel Configuration # CONFIG_ARM=y CONFIG_MIGHT_HAVE_PCI=y @@ -1573,7 +1573,7 @@ CONFIG_ENCLOSURE_SERVICES=m # CONFIG_HMC6352 is not set CONFIG_DS1682=m CONFIG_ARM_CHARLCD=y -CONFIG_BMP085=y +CONFIG_BMP085=m CONFIG_BMP085_I2C=m # CONFIG_PCH_PHUB is not set CONFIG_USB_SWITCH_FSA9480=m @@ -4412,7 +4412,10 @@ CONFIG_USB_EHCI_HCD_PLATFORM=y CONFIG_USB_ISP1362_HCD=m CONFIG_USB_FUSBH200_HCD=m CONFIG_USB_FOTG210_HCD=m -# CONFIG_USB_OHCI_HCD is not set +CONFIG_USB_OHCI_HCD=y +CONFIG_USB_OHCI_HCD_OMAP3=y +CONFIG_USB_OHCI_HCD_PCI=y +CONFIG_USB_OHCI_HCD_PLATFORM=y CONFIG_USB_UHCI_HCD=y CONFIG_USB_UHCI_SUPPORT_NON_PCI_HC=y CONFIG_USB_UHCI_PLATFORM=y diff --git a/config/kernel/kernel.config.armv5tel-ipfire-rpi b/config/kernel/kernel.config.armv5tel-ipfire-rpi index 3c354e2..ae7d1dd 100644 --- a/config/kernel/kernel.config.armv5tel-ipfire-rpi +++ b/config/kernel/kernel.config.armv5tel-ipfire-rpi @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/arm 3.14.64 Kernel Configuration +# Linux/arm 3.14.73 Kernel Configuration # CONFIG_ARM=y CONFIG_SYS_SUPPORTS_APM_EMULATION=y diff --git a/config/kernel/kernel.config.i586-ipfire b/config/kernel/kernel.config.i586-ipfire index 11230e3..834f369 100644 --- a/config/kernel/kernel.config.i586-ipfire +++ b/config/kernel/kernel.config.i586-ipfire @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 3.14.64 Kernel Configuration +# Linux/x86 3.14.73 Kernel Configuration # # CONFIG_64BIT is not set CONFIG_X86_32=y @@ -1454,7 +1454,7 @@ CONFIG_HP_ILO=m # CONFIG_HMC6352 is not set CONFIG_DS1682=m CONFIG_VMWARE_BALLOON=m -CONFIG_BMP085=y +CONFIG_BMP085=m CONFIG_BMP085_I2C=m CONFIG_PCH_PHUB=m CONFIG_USB_SWITCH_FSA9480=m @@ -5976,9 +5976,7 @@ CONFIG_CRYPTO_DEV_PADLOCK_SHA=m CONFIG_CRYPTO_DEV_GEODE=m CONFIG_CRYPTO_DEV_HIFN_795X=m CONFIG_CRYPTO_DEV_HIFN_795X_RNG=y -CONFIG_CRYPTO_DEV_CCP=y -CONFIG_CRYPTO_DEV_CCP_DD=m -CONFIG_CRYPTO_DEV_CCP_CRYPTO=m +# CONFIG_CRYPTO_DEV_CCP is not set CONFIG_ASYMMETRIC_KEY_TYPE=m CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE=m CONFIG_PUBLIC_KEY_ALGO_RSA=m diff --git a/config/kernel/kernel.config.i586-ipfire-pae b/config/kernel/kernel.config.i586-ipfire-pae index cfc3a6a..b4e34b2 100644 --- a/config/kernel/kernel.config.i586-ipfire-pae +++ b/config/kernel/kernel.config.i586-ipfire-pae @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 3.14.64 Kernel Configuration +# Linux/x86 3.14.73 Kernel Configuration # # CONFIG_64BIT is not set CONFIG_X86_32=y @@ -1470,7 +1470,7 @@ CONFIG_HP_ILO=m # CONFIG_HMC6352 is not set CONFIG_DS1682=m CONFIG_VMWARE_BALLOON=m -CONFIG_BMP085=y +CONFIG_BMP085=m CONFIG_BMP085_I2C=m CONFIG_PCH_PHUB=m CONFIG_USB_SWITCH_FSA9480=m @@ -6015,9 +6015,7 @@ CONFIG_CRYPTO_DEV_PADLOCK=m CONFIG_CRYPTO_DEV_PADLOCK_AES=m CONFIG_CRYPTO_DEV_PADLOCK_SHA=m CONFIG_CRYPTO_DEV_GEODE=m -CONFIG_CRYPTO_DEV_CCP=y -CONFIG_CRYPTO_DEV_CCP_DD=m -CONFIG_CRYPTO_DEV_CCP_CRYPTO=m +# CONFIG_CRYPTO_DEV_CCP is not set CONFIG_ASYMMETRIC_KEY_TYPE=m CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE=m CONFIG_PUBLIC_KEY_ALGO_RSA=m diff --git a/config/kernel/kernel.config.x86_64-ipfire b/config/kernel/kernel.config.x86_64-ipfire index d3bdcf0..673183a 100644 --- a/config/kernel/kernel.config.x86_64-ipfire +++ b/config/kernel/kernel.config.x86_64-ipfire @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 3.14.64 Kernel Configuration +# Linux/x86 3.14.73 Kernel Configuration # CONFIG_64BIT=y CONFIG_X86_64=y @@ -1411,7 +1411,7 @@ CONFIG_HP_ILO=m # CONFIG_HMC6352 is not set CONFIG_DS1682=m CONFIG_VMWARE_BALLOON=m -CONFIG_BMP085=y +CONFIG_BMP085=m CONFIG_BMP085_I2C=m CONFIG_PCH_PHUB=m CONFIG_USB_SWITCH_FSA9480=m @@ -5847,9 +5847,7 @@ CONFIG_CRYPTO_HW=y CONFIG_CRYPTO_DEV_PADLOCK=m CONFIG_CRYPTO_DEV_PADLOCK_AES=m CONFIG_CRYPTO_DEV_PADLOCK_SHA=m -CONFIG_CRYPTO_DEV_CCP=y -CONFIG_CRYPTO_DEV_CCP_DD=m -CONFIG_CRYPTO_DEV_CCP_CRYPTO=m +# CONFIG_CRYPTO_DEV_CCP is not set CONFIG_ASYMMETRIC_KEY_TYPE=m CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE=m CONFIG_PUBLIC_KEY_ALGO_RSA=m diff --git a/config/menu/EX-guardian.menu b/config/menu/EX-guardian.menu new file mode 100644 index 0000000..89cda9d --- /dev/null +++ b/config/menu/EX-guardian.menu @@ -0,0 +1,6 @@ +$subservices->{'65.guardian'} = { + 'caption' => $Lang::tr{'guardian'}, + 'uri' => '/cgi-bin/guardian.cgi', + 'title' => "$Lang::tr{'guardian'}", + 'enabled' => '1', + }; diff --git a/config/qemu/65-kvm.rules b/config/qemu/65-kvm.rules new file mode 100644 index 0000000..569ded9 --- /dev/null +++ b/config/qemu/65-kvm.rules @@ -0,0 +1,2 @@ +KERNEL=="kvm", GROUP="kvm", MODE="0660" +KERNEL=="vhost-net", GROUP="kvm", MODE="0660", TAG+="uaccess", OPTIONS+="static_node=vhost-net" diff --git a/config/rootfiles/common/acl b/config/rootfiles/common/acl index 630e4c7..a217714 100644 --- a/config/rootfiles/common/acl +++ b/config/rootfiles/common/acl @@ -4,59 +4,14 @@ usr/bin/setfacl #usr/include/acl #usr/include/acl/libacl.h #usr/include/sys/acl.h -#usr/lib/libacl.a #usr/lib/libacl.la usr/lib/libacl.so usr/lib/libacl.so.1 usr/lib/libacl.so.1.1.0 -#usr/libexec/libacl.a -#usr/libexec/libacl.la -usr/libexec/libacl.so -#usr/man/man1/chacl.1 -#usr/man/man1/getfacl.1 -#usr/man/man1/setfacl.1 -#usr/man/man3/acl_add_perm.3 -#usr/man/man3/acl_calc_mask.3 -#usr/man/man3/acl_check.3 -#usr/man/man3/acl_clear_perms.3 -#usr/man/man3/acl_cmp.3 -#usr/man/man3/acl_copy_entry.3 -#usr/man/man3/acl_copy_ext.3 -#usr/man/man3/acl_copy_int.3 -#usr/man/man3/acl_create_entry.3 -#usr/man/man3/acl_delete_def_file.3 -#usr/man/man3/acl_delete_entry.3 -#usr/man/man3/acl_delete_perm.3 -#usr/man/man3/acl_dup.3 -#usr/man/man3/acl_entries.3 -#usr/man/man3/acl_equiv_mode.3 -#usr/man/man3/acl_error.3 -#usr/man/man3/acl_extended_fd.3 -#usr/man/man3/acl_extended_file.3 -#usr/man/man3/acl_free.3 -#usr/man/man3/acl_from_mode.3 -#usr/man/man3/acl_from_text.3 -#usr/man/man3/acl_get_entry.3 -#usr/man/man3/acl_get_fd.3 -#usr/man/man3/acl_get_file.3 -#usr/man/man3/acl_get_perm.3 -#usr/man/man3/acl_get_permset.3 -#usr/man/man3/acl_get_qualifier.3 -#usr/man/man3/acl_get_tag_type.3 -#usr/man/man3/acl_init.3 -#usr/man/man3/acl_set_fd.3 -#usr/man/man3/acl_set_file.3 -#usr/man/man3/acl_set_permset.3 -#usr/man/man3/acl_set_qualifier.3 -#usr/man/man3/acl_set_tag_type.3 -#usr/man/man3/acl_size.3 -#usr/man/man3/acl_to_any_text.3 -#usr/man/man3/acl_to_text.3 -#usr/man/man3/acl_valid.3 -#usr/man/man5/acl.5 #usr/share/doc/acl #usr/share/doc/acl/CHANGES.gz #usr/share/doc/acl/COPYING +#usr/share/doc/acl/COPYING.LGPL #usr/share/doc/acl/PORTING #usr/share/doc/acl/README #usr/share/locale/de/LC_MESSAGES/acl.mo @@ -65,3 +20,46 @@ usr/libexec/libacl.so #usr/share/locale/gl/LC_MESSAGES/acl.mo #usr/share/locale/pl/LC_MESSAGES/acl.mo #usr/share/locale/sv/LC_MESSAGES/acl.mo +#usr/share/man/man1/chacl.1 +#usr/share/man/man1/getfacl.1 +#usr/share/man/man1/setfacl.1 +#usr/share/man/man3/acl_add_perm.3 +#usr/share/man/man3/acl_calc_mask.3 +#usr/share/man/man3/acl_check.3 +#usr/share/man/man3/acl_clear_perms.3 +#usr/share/man/man3/acl_cmp.3 +#usr/share/man/man3/acl_copy_entry.3 +#usr/share/man/man3/acl_copy_ext.3 +#usr/share/man/man3/acl_copy_int.3 +#usr/share/man/man3/acl_create_entry.3 +#usr/share/man/man3/acl_delete_def_file.3 +#usr/share/man/man3/acl_delete_entry.3 +#usr/share/man/man3/acl_delete_perm.3 +#usr/share/man/man3/acl_dup.3 +#usr/share/man/man3/acl_entries.3 +#usr/share/man/man3/acl_equiv_mode.3 +#usr/share/man/man3/acl_error.3 +#usr/share/man/man3/acl_extended_fd.3 +#usr/share/man/man3/acl_extended_file.3 +#usr/share/man/man3/acl_extended_file_nofollow.3 +#usr/share/man/man3/acl_free.3 +#usr/share/man/man3/acl_from_mode.3 +#usr/share/man/man3/acl_from_text.3 +#usr/share/man/man3/acl_get_entry.3 +#usr/share/man/man3/acl_get_fd.3 +#usr/share/man/man3/acl_get_file.3 +#usr/share/man/man3/acl_get_perm.3 +#usr/share/man/man3/acl_get_permset.3 +#usr/share/man/man3/acl_get_qualifier.3 +#usr/share/man/man3/acl_get_tag_type.3 +#usr/share/man/man3/acl_init.3 +#usr/share/man/man3/acl_set_fd.3 +#usr/share/man/man3/acl_set_file.3 +#usr/share/man/man3/acl_set_permset.3 +#usr/share/man/man3/acl_set_qualifier.3 +#usr/share/man/man3/acl_set_tag_type.3 +#usr/share/man/man3/acl_size.3 +#usr/share/man/man3/acl_to_any_text.3 +#usr/share/man/man3/acl_to_text.3 +#usr/share/man/man3/acl_valid.3 +#usr/share/man/man5/acl.5 diff --git a/config/rootfiles/common/armv5tel/initscripts b/config/rootfiles/common/armv5tel/initscripts index 70ed38b..29b3290 100644 --- a/config/rootfiles/common/armv5tel/initscripts +++ b/config/rootfiles/common/armv5tel/initscripts @@ -32,9 +32,11 @@ etc/rc.d/init.d/fcron etc/rc.d/init.d/fireinfo etc/rc.d/init.d/firewall etc/rc.d/init.d/firstsetup +#etc/rc.d/init.d/freeradius etc/rc.d/init.d/fsresize etc/rc.d/init.d/functions #etc/rc.d/init.d/gnump3d +#etc/rc.d/init.d/guardian etc/rc.d/init.d/halt #etc/rc.d/init.d/haproxy #etc/rc.d/init.d/hostapd @@ -91,6 +93,7 @@ etc/rc.d/init.d/networking/red.up/23-RS-snort etc/rc.d/init.d/networking/red.up/24-RS-qos etc/rc.d/init.d/networking/red.up/27-RS-squid etc/rc.d/init.d/networking/red.up/30-ddns +#etc/rc.d/init.d/networking/red.up/35-guardian etc/rc.d/init.d/networking/red.up/40-ipac etc/rc.d/init.d/networking/red.up/50-ipsec etc/rc.d/init.d/networking/red.up/50-ovpn diff --git a/config/rootfiles/common/armv5tel/linux-kirkwood b/config/rootfiles/common/armv5tel/linux-kirkwood index f5ae585..443daf9 100644 --- a/config/rootfiles/common/armv5tel/linux-kirkwood +++ b/config/rootfiles/common/armv5tel/linux-kirkwood @@ -1117,6 +1117,7 @@ lib/modules/KVER-ipfire-kirkwood #lib/modules/KVER-ipfire-kirkwood/kernel/drivers/misc/altera-stapl #lib/modules/KVER-ipfire-kirkwood/kernel/drivers/misc/altera-stapl/altera-stapl.ko #lib/modules/KVER-ipfire-kirkwood/kernel/drivers/misc/bmp085-i2c.ko +#lib/modules/KVER-ipfire-kirkwood/kernel/drivers/misc/bmp085.ko #lib/modules/KVER-ipfire-kirkwood/kernel/drivers/misc/cb710 #lib/modules/KVER-ipfire-kirkwood/kernel/drivers/misc/cb710/cb710.ko #lib/modules/KVER-ipfire-kirkwood/kernel/drivers/misc/ds1682.ko diff --git a/config/rootfiles/common/armv5tel/linux-multi b/config/rootfiles/common/armv5tel/linux-multi index c2d3cd2..162768f 100644 --- a/config/rootfiles/common/armv5tel/linux-multi +++ b/config/rootfiles/common/armv5tel/linux-multi @@ -1142,6 +1142,7 @@ lib/modules/KVER-ipfire-multi #lib/modules/KVER-ipfire-multi/kernel/drivers/misc/altera-stapl #lib/modules/KVER-ipfire-multi/kernel/drivers/misc/altera-stapl/altera-stapl.ko #lib/modules/KVER-ipfire-multi/kernel/drivers/misc/bmp085-i2c.ko +#lib/modules/KVER-ipfire-multi/kernel/drivers/misc/bmp085.ko #lib/modules/KVER-ipfire-multi/kernel/drivers/misc/ds1682.ko #lib/modules/KVER-ipfire-multi/kernel/drivers/misc/dummy-irq.ko #lib/modules/KVER-ipfire-multi/kernel/drivers/misc/eeprom diff --git a/config/rootfiles/common/configroot b/config/rootfiles/common/configroot index f37f97e..7552b96 100644 --- a/config/rootfiles/common/configroot +++ b/config/rootfiles/common/configroot @@ -110,6 +110,7 @@ var/ipfire/menu.d/70-log.menu #var/ipfire/menu.d/EX-apcupsd.menu #var/ipfire/menu.d/EX-asterisk.menu #var/ipfire/menu.d/EX-bluetooth.menu +#var/ipfire/menu.d/EX-guardian.menu #var/ipfire/menu.d/EX-imspector.menu #var/ipfire/menu.d/EX-mpfire.menu #var/ipfire/menu.d/EX-samba.menu diff --git a/config/rootfiles/common/curl b/config/rootfiles/common/curl index 1fb2956..8208b97 100644 --- a/config/rootfiles/common/curl +++ b/config/rootfiles/common/curl @@ -189,6 +189,7 @@ usr/lib/libcurl.so.4.4.0 #usr/share/man/man3/CURLOPT_NOPROGRESS.3 #usr/share/man/man3/CURLOPT_NOPROXY.3 #usr/share/man/man3/CURLOPT_NOSIGNAL.3 +#usr/share/man/man3/CURLOPT_CONNECT_TO.3 #usr/share/man/man3/CURLOPT_OPENSOCKETDATA.3 #usr/share/man/man3/CURLOPT_OPENSOCKETFUNCTION.3 #usr/share/man/man3/CURLOPT_PASSWORD.3 @@ -272,6 +273,7 @@ usr/lib/libcurl.so.4.4.0 #usr/share/man/man3/CURLOPT_STREAM_DEPENDS.3 #usr/share/man/man3/CURLOPT_STREAM_DEPENDS_E.3 #usr/share/man/man3/CURLOPT_STREAM_WEIGHT.3 +#usr/share/man/man3/CURLOPT_TCP_FASTOPEN.3 #usr/share/man/man3/CURLOPT_TCP_KEEPALIVE.3 #usr/share/man/man3/CURLOPT_TCP_KEEPIDLE.3 #usr/share/man/man3/CURLOPT_TCP_KEEPINTVL.3 @@ -337,6 +339,7 @@ usr/lib/libcurl.so.4.4.0 #usr/share/man/man3/curl_multi_remove_handle.3 #usr/share/man/man3/curl_multi_setopt.3 #usr/share/man/man3/curl_multi_socket.3 +#usr/share/man/man3/curl_multi_socket_all.3 #usr/share/man/man3/curl_multi_socket_action.3 #usr/share/man/man3/curl_multi_strerror.3 #usr/share/man/man3/curl_multi_timeout.3 diff --git a/config/rootfiles/common/i586/acpid b/config/rootfiles/common/i586/acpid index 535e2bd..85a110d 100644 --- a/config/rootfiles/common/i586/acpid +++ b/config/rootfiles/common/i586/acpid @@ -6,12 +6,12 @@ etc/acpi/events/power usr/bin/acpi_listen usr/sbin/acpid #usr/sbin/kacpimon -#usr/share/doc/acpid -#usr/share/doc/acpid/COPYING -#usr/share/doc/acpid/Changelog -#usr/share/doc/acpid/README -#usr/share/doc/acpid/TESTPLAN -#usr/share/doc/acpid/TODO +#usr/share/doc/acpid-2.0.26 +#usr/share/doc/acpid-2.0.26/COPYING +#usr/share/doc/acpid-2.0.26/Changelog +#usr/share/doc/acpid-2.0.26/README +#usr/share/doc/acpid-2.0.26/TESTPLAN +#usr/share/doc/acpid-2.0.26/TODO #usr/share/man/man8/acpi_listen.8 #usr/share/man/man8/acpid.8 #usr/share/man/man8/kacpimon.8 diff --git a/config/rootfiles/common/i586/initscripts b/config/rootfiles/common/i586/initscripts index 43a8e90..443dee3 100644 --- a/config/rootfiles/common/i586/initscripts +++ b/config/rootfiles/common/i586/initscripts @@ -33,9 +33,11 @@ etc/rc.d/init.d/fcron etc/rc.d/init.d/fireinfo etc/rc.d/init.d/firewall etc/rc.d/init.d/firstsetup +#etc/rc.d/init.d/freeradius etc/rc.d/init.d/fsresize etc/rc.d/init.d/functions #etc/rc.d/init.d/gnump3d +#etc/rc.d/init.d/guardian etc/rc.d/init.d/halt #etc/rc.d/init.d/haproxy #etc/rc.d/init.d/hostapd @@ -93,6 +95,7 @@ etc/rc.d/init.d/networking/red.up/23-RS-snort etc/rc.d/init.d/networking/red.up/24-RS-qos etc/rc.d/init.d/networking/red.up/27-RS-squid etc/rc.d/init.d/networking/red.up/30-ddns +#etc/rc.d/init.d/networking/red.up/35-guardian etc/rc.d/init.d/networking/red.up/40-ipac etc/rc.d/init.d/networking/red.up/50-ipsec etc/rc.d/init.d/networking/red.up/50-ovpn diff --git a/config/rootfiles/common/i586/linux b/config/rootfiles/common/i586/linux index ff17a62..ead8fe2 100644 --- a/config/rootfiles/common/i586/linux +++ b/config/rootfiles/common/i586/linux @@ -1334,6 +1334,7 @@ lib/modules/KVER-ipfire #lib/modules/KVER-ipfire/kernel/drivers/misc/altera-stapl #lib/modules/KVER-ipfire/kernel/drivers/misc/altera-stapl/altera-stapl.ko #lib/modules/KVER-ipfire/kernel/drivers/misc/bmp085-i2c.ko +#lib/modules/KVER-ipfire/kernel/drivers/misc/bmp085.ko #lib/modules/KVER-ipfire/kernel/drivers/misc/cb710 #lib/modules/KVER-ipfire/kernel/drivers/misc/cb710/cb710.ko #lib/modules/KVER-ipfire/kernel/drivers/misc/cs5535-mfgpt.ko diff --git a/config/rootfiles/common/libarchive b/config/rootfiles/common/libarchive index 735bf37..80daa2d 100644 --- a/config/rootfiles/common/libarchive +++ b/config/rootfiles/common/libarchive @@ -1,13 +1,15 @@ #usr/bin/bsdcpio +#usr/bin/bsdcat #usr/bin/bsdtar #usr/include/archive.h #usr/include/archive_entry.h #usr/lib/libarchive.la #usr/lib/libarchive.so #usr/lib/libarchive.so.13 -#usr/lib/libarchive.so.13.1.2 +#usr/lib/libarchive.so.13.2.1 #usr/lib/pkgconfig/libarchive.pc #usr/share/man/man1/bsdcpio.1 +#usr/share/man/man1/bsdcat.1 #usr/share/man/man1/bsdtar.1 #usr/share/man/man3/archive_entry.3 #usr/share/man/man3/archive_entry_acl.3 @@ -17,6 +19,7 @@ #usr/share/man/man3/archive_entry_stat.3 #usr/share/man/man3/archive_entry_time.3 #usr/share/man/man3/archive_read.3 +#usr/share/man/man3/archive_read_add_passphrase.3 #usr/share/man/man3/archive_read_data.3 #usr/share/man/man3/archive_read_disk.3 #usr/share/man/man3/archive_read_extract.3 @@ -40,6 +43,7 @@ #usr/share/man/man3/archive_write_new.3 #usr/share/man/man3/archive_write_open.3 #usr/share/man/man3/archive_write_set_options.3 +#usr/share/man/man3/archive_write_set_passphrase.3 #usr/share/man/man3/libarchive.3 #usr/share/man/man3/libarchive_changes.3 #usr/share/man/man3/libarchive_internals.3 diff --git a/config/rootfiles/common/libcap b/config/rootfiles/common/libcap index 0049f0a..294eca6 100644 --- a/config/rootfiles/common/libcap +++ b/config/rootfiles/common/libcap @@ -1,14 +1,14 @@ -#lib/libcap.a lib/libcap.so lib/libcap.so.1 lib/libcap.so.2 -lib/libcap.so.2.24 +lib/libcap.so.2.25 lib/security/pam_cap.so sbin/capsh sbin/getcap sbin/getpcaps sbin/setcap #usr/include/sys/capability.h +usr/lib/libcap.so #usr/lib/pkgconfig/libcap.pc #usr/share/man/man1/capsh.1 #usr/share/man/man3/cap_clear.3 diff --git a/config/rootfiles/common/linux-atm b/config/rootfiles/common/linux-atm index db5793a..7cc8323 100644 --- a/config/rootfiles/common/linux-atm +++ b/config/rootfiles/common/linux-atm @@ -21,6 +21,7 @@ usr/lib/libatm.so.1.0.0 #usr/man/man4/atmsigd.conf.4 #usr/man/man7/qos.7 #usr/man/man7/sap.7 +#usr/man/man8 #usr/man/man8/atmaddr.8 #usr/man/man8/atmarp.8 #usr/man/man8/atmarpd.8 diff --git a/config/rootfiles/common/pcre b/config/rootfiles/common/pcre index 1d6310f..55fb9d7 100644 --- a/config/rootfiles/common/pcre +++ b/config/rootfiles/common/pcre @@ -10,7 +10,15 @@ #usr/lib/libpcre.la usr/lib/libpcre.so usr/lib/libpcre.so.1 -usr/lib/libpcre.so.1.2.6 +usr/lib/libpcre.so.1.2.7 +#usr/lib/libpcre16.la +usr/lib/libpcre16.so +usr/lib/libpcre16.so.0 +usr/lib/libpcre16.so.0.2.7 +#usr/lib/libpcre32.la +usr/lib/libpcre32.so +usr/lib/libpcre32.so.0 +usr/lib/libpcre32.so.0.0.7 #usr/lib/libpcrecpp.la usr/lib/libpcrecpp.so usr/lib/libpcrecpp.so.0 @@ -18,76 +26,78 @@ usr/lib/libpcrecpp.so.0.0.1 #usr/lib/libpcreposix.la usr/lib/libpcreposix.so usr/lib/libpcreposix.so.0 -usr/lib/libpcreposix.so.0.0.3 +usr/lib/libpcreposix.so.0.0.4 #usr/lib/pkgconfig/libpcre.pc +#usr/lib/pkgconfig/libpcre16.pc +#usr/lib/pkgconfig/libpcre32.pc #usr/lib/pkgconfig/libpcrecpp.pc #usr/lib/pkgconfig/libpcreposix.pc -#usr/share/doc/pcre -#usr/share/doc/pcre/AUTHORS -#usr/share/doc/pcre/COPYING -#usr/share/doc/pcre/ChangeLog -#usr/share/doc/pcre/LICENCE -#usr/share/doc/pcre/NEWS -#usr/share/doc/pcre/README -#usr/share/doc/pcre/html -#usr/share/doc/pcre/html/NON-AUTOTOOLS-BUILD.txt -#usr/share/doc/pcre/html/README.txt -#usr/share/doc/pcre/html/index.html -#usr/share/doc/pcre/html/pcre-config.html -#usr/share/doc/pcre/html/pcre.html -#usr/share/doc/pcre/html/pcre16.html -#usr/share/doc/pcre/html/pcre32.html -#usr/share/doc/pcre/html/pcre_assign_jit_stack.html -#usr/share/doc/pcre/html/pcre_compile.html -#usr/share/doc/pcre/html/pcre_compile2.html -#usr/share/doc/pcre/html/pcre_config.html -#usr/share/doc/pcre/html/pcre_copy_named_substring.html -#usr/share/doc/pcre/html/pcre_copy_substring.html -#usr/share/doc/pcre/html/pcre_dfa_exec.html -#usr/share/doc/pcre/html/pcre_exec.html -#usr/share/doc/pcre/html/pcre_free_study.html -#usr/share/doc/pcre/html/pcre_free_substring.html -#usr/share/doc/pcre/html/pcre_free_substring_list.html -#usr/share/doc/pcre/html/pcre_fullinfo.html -#usr/share/doc/pcre/html/pcre_get_named_substring.html -#usr/share/doc/pcre/html/pcre_get_stringnumber.html -#usr/share/doc/pcre/html/pcre_get_stringtable_entries.html -#usr/share/doc/pcre/html/pcre_get_substring.html -#usr/share/doc/pcre/html/pcre_get_substring_list.html -#usr/share/doc/pcre/html/pcre_jit_exec.html -#usr/share/doc/pcre/html/pcre_jit_stack_alloc.html -#usr/share/doc/pcre/html/pcre_jit_stack_free.html -#usr/share/doc/pcre/html/pcre_maketables.html -#usr/share/doc/pcre/html/pcre_pattern_to_host_byte_order.html -#usr/share/doc/pcre/html/pcre_refcount.html -#usr/share/doc/pcre/html/pcre_study.html -#usr/share/doc/pcre/html/pcre_utf16_to_host_byte_order.html -#usr/share/doc/pcre/html/pcre_utf32_to_host_byte_order.html -#usr/share/doc/pcre/html/pcre_version.html -#usr/share/doc/pcre/html/pcreapi.html -#usr/share/doc/pcre/html/pcrebuild.html -#usr/share/doc/pcre/html/pcrecallout.html -#usr/share/doc/pcre/html/pcrecompat.html -#usr/share/doc/pcre/html/pcrecpp.html -#usr/share/doc/pcre/html/pcredemo.html -#usr/share/doc/pcre/html/pcregrep.html -#usr/share/doc/pcre/html/pcrejit.html -#usr/share/doc/pcre/html/pcrelimits.html -#usr/share/doc/pcre/html/pcrematching.html -#usr/share/doc/pcre/html/pcrepartial.html -#usr/share/doc/pcre/html/pcrepattern.html -#usr/share/doc/pcre/html/pcreperform.html -#usr/share/doc/pcre/html/pcreposix.html -#usr/share/doc/pcre/html/pcreprecompile.html -#usr/share/doc/pcre/html/pcresample.html -#usr/share/doc/pcre/html/pcrestack.html -#usr/share/doc/pcre/html/pcresyntax.html -#usr/share/doc/pcre/html/pcretest.html -#usr/share/doc/pcre/html/pcreunicode.html -#usr/share/doc/pcre/pcre-config.txt -#usr/share/doc/pcre/pcre.txt -#usr/share/doc/pcre/pcregrep.txt -#usr/share/doc/pcre/pcretest.txt +#usr/share/doc/pcre-pcre-8.39 +#usr/share/doc/pcre-pcre-8.39/AUTHORS +#usr/share/doc/pcre-pcre-8.39/COPYING +#usr/share/doc/pcre-pcre-8.39/ChangeLog +#usr/share/doc/pcre-pcre-8.39/LICENCE +#usr/share/doc/pcre-pcre-8.39/NEWS +#usr/share/doc/pcre-pcre-8.39/README +#usr/share/doc/pcre-pcre-8.39/html +#usr/share/doc/pcre-pcre-8.39/html/NON-AUTOTOOLS-BUILD.txt +#usr/share/doc/pcre-pcre-8.39/html/README.txt +#usr/share/doc/pcre-pcre-8.39/html/index.html +#usr/share/doc/pcre-pcre-8.39/html/pcre-config.html +#usr/share/doc/pcre-pcre-8.39/html/pcre.html +#usr/share/doc/pcre-pcre-8.39/html/pcre16.html +#usr/share/doc/pcre-pcre-8.39/html/pcre32.html +#usr/share/doc/pcre-pcre-8.39/html/pcre_assign_jit_stack.html +#usr/share/doc/pcre-pcre-8.39/html/pcre_compile.html +#usr/share/doc/pcre-pcre-8.39/html/pcre_compile2.html +#usr/share/doc/pcre-pcre-8.39/html/pcre_config.html +#usr/share/doc/pcre-pcre-8.39/html/pcre_copy_named_substring.html +#usr/share/doc/pcre-pcre-8.39/html/pcre_copy_substring.html +#usr/share/doc/pcre-pcre-8.39/html/pcre_dfa_exec.html +#usr/share/doc/pcre-pcre-8.39/html/pcre_exec.html +#usr/share/doc/pcre-pcre-8.39/html/pcre_free_study.html +#usr/share/doc/pcre-pcre-8.39/html/pcre_free_substring.html +#usr/share/doc/pcre-pcre-8.39/html/pcre_free_substring_list.html +#usr/share/doc/pcre-pcre-8.39/html/pcre_fullinfo.html +#usr/share/doc/pcre-pcre-8.39/html/pcre_get_named_substring.html +#usr/share/doc/pcre-pcre-8.39/html/pcre_get_stringnumber.html +#usr/share/doc/pcre-pcre-8.39/html/pcre_get_stringtable_entries.html +#usr/share/doc/pcre-pcre-8.39/html/pcre_get_substring.html +#usr/share/doc/pcre-pcre-8.39/html/pcre_get_substring_list.html +#usr/share/doc/pcre-pcre-8.39/html/pcre_jit_exec.html +#usr/share/doc/pcre-pcre-8.39/html/pcre_jit_stack_alloc.html +#usr/share/doc/pcre-pcre-8.39/html/pcre_jit_stack_free.html +#usr/share/doc/pcre-pcre-8.39/html/pcre_maketables.html +#usr/share/doc/pcre-pcre-8.39/html/pcre_pattern_to_host_byte_order.html +#usr/share/doc/pcre-pcre-8.39/html/pcre_refcount.html +#usr/share/doc/pcre-pcre-8.39/html/pcre_study.html +#usr/share/doc/pcre-pcre-8.39/html/pcre_utf16_to_host_byte_order.html +#usr/share/doc/pcre-pcre-8.39/html/pcre_utf32_to_host_byte_order.html +#usr/share/doc/pcre-pcre-8.39/html/pcre_version.html +#usr/share/doc/pcre-pcre-8.39/html/pcreapi.html +#usr/share/doc/pcre-pcre-8.39/html/pcrebuild.html +#usr/share/doc/pcre-pcre-8.39/html/pcrecallout.html +#usr/share/doc/pcre-pcre-8.39/html/pcrecompat.html +#usr/share/doc/pcre-pcre-8.39/html/pcrecpp.html +#usr/share/doc/pcre-pcre-8.39/html/pcredemo.html +#usr/share/doc/pcre-pcre-8.39/html/pcregrep.html +#usr/share/doc/pcre-pcre-8.39/html/pcrejit.html +#usr/share/doc/pcre-pcre-8.39/html/pcrelimits.html +#usr/share/doc/pcre-pcre-8.39/html/pcrematching.html +#usr/share/doc/pcre-pcre-8.39/html/pcrepartial.html +#usr/share/doc/pcre-pcre-8.39/html/pcrepattern.html +#usr/share/doc/pcre-pcre-8.39/html/pcreperform.html +#usr/share/doc/pcre-pcre-8.39/html/pcreposix.html +#usr/share/doc/pcre-pcre-8.39/html/pcreprecompile.html +#usr/share/doc/pcre-pcre-8.39/html/pcresample.html +#usr/share/doc/pcre-pcre-8.39/html/pcrestack.html +#usr/share/doc/pcre-pcre-8.39/html/pcresyntax.html +#usr/share/doc/pcre-pcre-8.39/html/pcretest.html +#usr/share/doc/pcre-pcre-8.39/html/pcreunicode.html +#usr/share/doc/pcre-pcre-8.39/pcre-config.txt +#usr/share/doc/pcre-pcre-8.39/pcre.txt +#usr/share/doc/pcre-pcre-8.39/pcregrep.txt +#usr/share/doc/pcre-pcre-8.39/pcretest.txt #usr/share/man/man1/pcre-config.1 #usr/share/man/man1/pcregrep.1 #usr/share/man/man1/pcretest.1 diff --git a/config/rootfiles/common/popt b/config/rootfiles/common/popt index 23371c6..9383f60 100644 --- a/config/rootfiles/common/popt +++ b/config/rootfiles/common/popt @@ -4,4 +4,5 @@ usr/lib/libpopt.so usr/lib/libpopt.so.0 usr/lib/libpopt.so.0.0.0 -#usr/man/man3/popt.3 +#usr/lib/pkgconfig/popt.pc +#usr/share/man/man3/popt.3 diff --git a/config/rootfiles/common/shadow b/config/rootfiles/common/shadow index ec9054e..0b0c83f 100644 --- a/config/rootfiles/common/shadow +++ b/config/rootfiles/common/shadow @@ -1,17 +1,16 @@ -bin/groups bin/login bin/passwd bin/su #etc/.pwd.lock #etc/default +#etc/default/useradd etc/limits etc/login.access etc/login.defs #etc/passwd- etc/shadow #etc/shadow- -lib/libshadow.so.0 -lib/libshadow.so.0.0.0 +sbin/nologin #usr/bin/chage #usr/bin/chfn #usr/bin/chsh @@ -19,64 +18,22 @@ lib/libshadow.so.0.0.0 #usr/bin/faillog #usr/bin/gpasswd #usr/bin/lastlog +#usr/bin/newgidmap #usr/bin/newgrp +#usr/bin/newuidmap #usr/bin/sg -#usr/lib/libshadow.a -#usr/lib/libshadow.la #usr/lib/libshadow.so -#usr/man/man1/chage.1 -#usr/man/man1/chfn.1 -#usr/man/man1/chsh.1 -#usr/man/man1/expiry.1 -#usr/man/man1/gpasswd.1 -#usr/man/man1/login.1 -#usr/man/man1/newgrp.1 -#usr/man/man1/passwd.1 -#usr/man/man1/sg.1 -#usr/man/man1/su.1 -#usr/man/man3/getspnam.3 -#usr/man/man3/shadow.3 -#usr/man/man5/faillog.5 -#usr/man/man5/gshadow.5 -#usr/man/man5/limits.5 -#usr/man/man5/login.access.5 -#usr/man/man5/login.defs.5 -#usr/man/man5/passwd.5 -#usr/man/man5/porttime.5 -#usr/man/man5/shadow.5 -#usr/man/man5/suauth.5 -#usr/man/man8 -#usr/man/man8/chpasswd.8 -#usr/man/man8/faillog.8 -#usr/man/man8/groupadd.8 -#usr/man/man8/groupdel.8 -#usr/man/man8/groupmod.8 -#usr/man/man8/grpck.8 -#usr/man/man8/grpconv.8 -#usr/man/man8/grpunconv.8 -#usr/man/man8/lastlog.8 -#usr/man/man8/logoutd.8 -#usr/man/man8/newusers.8 -#usr/man/man8/nologin.8 -#usr/man/man8/pwck.8 -#usr/man/man8/pwconv.8 -#usr/man/man8/pwunconv.8 -#usr/man/man8/useradd.8 -#usr/man/man8/userdel.8 -#usr/man/man8/usermod.8 -#usr/man/man8/vigr.8 -#usr/man/man8/vipw.8 #usr/sbin/chgpasswd usr/sbin/chpasswd usr/sbin/groupadd usr/sbin/groupdel +usr/sbin/groupmems usr/sbin/groupmod #usr/sbin/grpck usr/sbin/grpconv #usr/sbin/grpunconv #usr/sbin/logoutd #usr/sbin/newusers -#usr/sbin/nologin #usr/sbin/pwck usr/sbin/pwconv #usr/sbin/pwunconv @@ -85,3 +42,48 @@ usr/sbin/userdel usr/sbin/usermod #usr/sbin/vigr #usr/sbin/vipw +#usr/share/man/man1/chage.1 +#usr/share/man/man1/chfn.1 +#usr/share/man/man1/chsh.1 +#usr/share/man/man1/expiry.1 +#usr/share/man/man1/gpasswd.1 +#usr/share/man/man1/login.1 +#usr/share/man/man1/newgidmap.1 +#usr/share/man/man1/newgrp.1 +#usr/share/man/man1/newuidmap.1 +#usr/share/man/man1/passwd.1 +#usr/share/man/man1/sg.1 +#usr/share/man/man1/su.1 +#usr/share/man/man3/shadow.3 +#usr/share/man/man5/faillog.5 +#usr/share/man/man5/gshadow.5 +#usr/share/man/man5/limits.5 +#usr/share/man/man5/login.access.5 +#usr/share/man/man5/login.defs.5 +#usr/share/man/man5/porttime.5 +#usr/share/man/man5/shadow.5 +#usr/share/man/man5/suauth.5 +#usr/share/man/man5/subgid.5 +#usr/share/man/man5/subuid.5 +#usr/share/man/man8/chgpasswd.8 +#usr/share/man/man8/chpasswd.8 +#usr/share/man/man8/faillog.8 +#usr/share/man/man8/groupadd.8 +#usr/share/man/man8/groupdel.8 +#usr/share/man/man8/groupmems.8 +#usr/share/man/man8/groupmod.8 +#usr/share/man/man8/grpck.8 +#usr/share/man/man8/grpconv.8 +#usr/share/man/man8/grpunconv.8 +#usr/share/man/man8/lastlog.8 +#usr/share/man/man8/logoutd.8 +#usr/share/man/man8/newusers.8 +#usr/share/man/man8/nologin.8 +#usr/share/man/man8/pwck.8 +#usr/share/man/man8/pwconv.8 +#usr/share/man/man8/pwunconv.8 +#usr/share/man/man8/useradd.8 +#usr/share/man/man8/userdel.8 +#usr/share/man/man8/usermod.8 +#usr/share/man/man8/vigr.8 +#usr/share/man/man8/vipw.8 diff --git a/config/rootfiles/common/snort b/config/rootfiles/common/snort index 6dfcdfc..ea29593 100644 --- a/config/rootfiles/common/snort +++ b/config/rootfiles/common/snort @@ -27,7 +27,6 @@ usr/bin/u2spewfoo #usr/include/snort/dynamic_output/snort_debug.h #usr/include/snort/dynamic_output/stream_api.h #usr/include/snort/dynamic_preproc -#usr/include/snort/dynamic_preproc/appId.h #usr/include/snort/dynamic_preproc/bitop.h #usr/include/snort/dynamic_preproc/cpuclock.h #usr/include/snort/dynamic_preproc/file_api.h @@ -38,6 +37,7 @@ usr/bin/u2spewfoo #usr/include/snort/dynamic_preproc/mpse_methods.h #usr/include/snort/dynamic_preproc/obfuscation.h #usr/include/snort/dynamic_preproc/packet_time.h +#usr/include/snort/dynamic_preproc/perf_indicators.h #usr/include/snort/dynamic_preproc/preprocids.h #usr/include/snort/dynamic_preproc/profiler.h #usr/include/snort/dynamic_preproc/segment_mem.h @@ -215,6 +215,7 @@ usr/sbin/snort #usr/share/doc/snort/README.reload #usr/share/doc/snort/README.reputation #usr/share/doc/snort/README.sensitive_data +#usr/share/doc/snort/README.session #usr/share/doc/snort/README.sfportscan #usr/share/doc/snort/README.sip #usr/share/doc/snort/README.ssh diff --git a/config/rootfiles/common/web-user-interface b/config/rootfiles/common/web-user-interface index b9780ea..8c94d2e 100644 --- a/config/rootfiles/common/web-user-interface +++ b/config/rootfiles/common/web-user-interface @@ -23,6 +23,7 @@ srv/web/ipfire/cgi-bin/fireinfo.cgi srv/web/ipfire/cgi-bin/firewall.cgi srv/web/ipfire/cgi-bin/fwhosts.cgi srv/web/ipfire/cgi-bin/geoip-block.cgi +#srv/web/ipfire/cgi-bin/guardian.cgi srv/web/ipfire/cgi-bin/gpl.cgi srv/web/ipfire/cgi-bin/gui.cgi srv/web/ipfire/cgi-bin/hardwaregraphs.cgi diff --git a/config/rootfiles/common/which b/config/rootfiles/common/which index 08dc7a5..35ccd2f 100644 --- a/config/rootfiles/common/which +++ b/config/rootfiles/common/which @@ -1,3 +1,3 @@ usr/bin/which -#usr/info/which.info -#usr/man/man1/which.1 +#usr/share/info/which.info +#usr/share/man/man1/which.1 diff --git a/config/rootfiles/common/x86_64/acpid b/config/rootfiles/common/x86_64/acpid index 535e2bd..85a110d 100644 --- a/config/rootfiles/common/x86_64/acpid +++ b/config/rootfiles/common/x86_64/acpid @@ -6,12 +6,12 @@ etc/acpi/events/power usr/bin/acpi_listen usr/sbin/acpid #usr/sbin/kacpimon -#usr/share/doc/acpid -#usr/share/doc/acpid/COPYING -#usr/share/doc/acpid/Changelog -#usr/share/doc/acpid/README -#usr/share/doc/acpid/TESTPLAN -#usr/share/doc/acpid/TODO +#usr/share/doc/acpid-2.0.26 +#usr/share/doc/acpid-2.0.26/COPYING +#usr/share/doc/acpid-2.0.26/Changelog +#usr/share/doc/acpid-2.0.26/README +#usr/share/doc/acpid-2.0.26/TESTPLAN +#usr/share/doc/acpid-2.0.26/TODO #usr/share/man/man8/acpi_listen.8 #usr/share/man/man8/acpid.8 #usr/share/man/man8/kacpimon.8 diff --git a/config/rootfiles/common/x86_64/initscripts b/config/rootfiles/common/x86_64/initscripts index 43a8e90..443dee3 100644 --- a/config/rootfiles/common/x86_64/initscripts +++ b/config/rootfiles/common/x86_64/initscripts @@ -33,9 +33,11 @@ etc/rc.d/init.d/fcron etc/rc.d/init.d/fireinfo etc/rc.d/init.d/firewall etc/rc.d/init.d/firstsetup +#etc/rc.d/init.d/freeradius etc/rc.d/init.d/fsresize etc/rc.d/init.d/functions #etc/rc.d/init.d/gnump3d +#etc/rc.d/init.d/guardian etc/rc.d/init.d/halt #etc/rc.d/init.d/haproxy #etc/rc.d/init.d/hostapd @@ -93,6 +95,7 @@ etc/rc.d/init.d/networking/red.up/23-RS-snort etc/rc.d/init.d/networking/red.up/24-RS-qos etc/rc.d/init.d/networking/red.up/27-RS-squid etc/rc.d/init.d/networking/red.up/30-ddns +#etc/rc.d/init.d/networking/red.up/35-guardian etc/rc.d/init.d/networking/red.up/40-ipac etc/rc.d/init.d/networking/red.up/50-ipsec etc/rc.d/init.d/networking/red.up/50-ovpn diff --git a/config/rootfiles/common/x86_64/linux b/config/rootfiles/common/x86_64/linux index 2cae007..65c080e 100644 --- a/config/rootfiles/common/x86_64/linux +++ b/config/rootfiles/common/x86_64/linux @@ -1336,6 +1336,7 @@ lib/modules/KVER-ipfire #lib/modules/KVER-ipfire/kernel/drivers/misc/altera-stapl #lib/modules/KVER-ipfire/kernel/drivers/misc/altera-stapl/altera-stapl.ko #lib/modules/KVER-ipfire/kernel/drivers/misc/bmp085-i2c.ko +#lib/modules/KVER-ipfire/kernel/drivers/misc/bmp085.ko #lib/modules/KVER-ipfire/kernel/drivers/misc/cb710 #lib/modules/KVER-ipfire/kernel/drivers/misc/cb710/cb710.ko #lib/modules/KVER-ipfire/kernel/drivers/misc/cs5535-mfgpt.ko diff --git a/config/rootfiles/core/103/exclude b/config/rootfiles/core/103/exclude deleted file mode 100644 index 7ddeae0..0000000 --- a/config/rootfiles/core/103/exclude +++ /dev/null @@ -1,28 +0,0 @@ -boot/config.txt -boot/grub/grub.cfg -boot/grub/grubenv -etc/alternatives -etc/collectd.custom -etc/default/grub -etc/ipsec.conf -etc/ipsec.secrets -etc/ipsec.user.conf -etc/ipsec.user.secrets -etc/localtime -etc/shadow -etc/snort/snort.conf -etc/ssh/ssh_config -etc/ssh/sshd_config -etc/ssl/openssl.cnf -etc/sudoers -etc/sysconfig/firewall.local -etc/sysconfig/rc.local -etc/udev/rules.d/30-persistent-network.rules -srv/web/ipfire/html/proxy.pac -var/ipfire/dma -var/ipfire/time -var/ipfire/ovpn -var/lib/alternatives -var/log/cache -var/state/dhcp/dhcpd.leases -var/updatecache diff --git a/config/rootfiles/core/103/filelists/coreutils b/config/rootfiles/core/103/filelists/coreutils deleted file mode 120000 index 7351ed2..0000000 --- a/config/rootfiles/core/103/filelists/coreutils +++ /dev/null @@ -1 +0,0 @@ -../../../common/coreutils \ No newline at end of file diff --git a/config/rootfiles/core/103/filelists/curl b/config/rootfiles/core/103/filelists/curl deleted file mode 120000 index 4b84bef..0000000 --- a/config/rootfiles/core/103/filelists/curl +++ /dev/null @@ -1 +0,0 @@ -../../../common/curl \ No newline at end of file diff --git a/config/rootfiles/core/103/filelists/diffutils b/config/rootfiles/core/103/filelists/diffutils deleted file mode 120000 index a5c02f3..0000000 --- a/config/rootfiles/core/103/filelists/diffutils +++ /dev/null @@ -1 +0,0 @@ -../../../common/diffutils \ No newline at end of file diff --git a/config/rootfiles/core/103/filelists/dnsmasq b/config/rootfiles/core/103/filelists/dnsmasq deleted file mode 120000 index d469c74..0000000 --- a/config/rootfiles/core/103/filelists/dnsmasq +++ /dev/null @@ -1 +0,0 @@ -../../../common/dnsmasq \ No newline at end of file diff --git a/config/rootfiles/core/103/filelists/files b/config/rootfiles/core/103/filelists/files deleted file mode 100644 index 2294a5e..0000000 --- a/config/rootfiles/core/103/filelists/files +++ /dev/null @@ -1,9 +0,0 @@ -etc/system-release -etc/issue -lib/udev/network-hotplug-macvtap -lib/udev/network-hotplug-rename -lib/udev/rules.d/60-net.rules -srv/web/ipfire/cgi-bin/logs.cgi/log.dat -usr/sbin/setup -var/ipfire/general-functions.pl -var/ipfire/menu.d/30-network.menu diff --git a/config/rootfiles/core/103/filelists/findutils b/config/rootfiles/core/103/filelists/findutils deleted file mode 120000 index 545280a..0000000 --- a/config/rootfiles/core/103/filelists/findutils +++ /dev/null @@ -1 +0,0 @@ -../../../common/findutils \ No newline at end of file diff --git a/config/rootfiles/core/103/filelists/gawk b/config/rootfiles/core/103/filelists/gawk deleted file mode 120000 index a3bbe32..0000000 --- a/config/rootfiles/core/103/filelists/gawk +++ /dev/null @@ -1 +0,0 @@ -../../../common/gawk \ No newline at end of file diff --git a/config/rootfiles/core/103/filelists/gettext b/config/rootfiles/core/103/filelists/gettext deleted file mode 120000 index b6c6c6f..0000000 --- a/config/rootfiles/core/103/filelists/gettext +++ /dev/null @@ -1 +0,0 @@ -../../../common/gettext \ No newline at end of file diff --git a/config/rootfiles/core/103/filelists/grep b/config/rootfiles/core/103/filelists/grep deleted file mode 120000 index ab5ef8b..0000000 --- a/config/rootfiles/core/103/filelists/grep +++ /dev/null @@ -1 +0,0 @@ -../../../common/grep \ No newline at end of file diff --git a/config/rootfiles/core/103/filelists/less b/config/rootfiles/core/103/filelists/less deleted file mode 120000 index 65c0e07..0000000 --- a/config/rootfiles/core/103/filelists/less +++ /dev/null @@ -1 +0,0 @@ -../../../common/less \ No newline at end of file diff --git a/config/rootfiles/core/103/filelists/ncurses b/config/rootfiles/core/103/filelists/ncurses deleted file mode 120000 index 512faef..0000000 --- a/config/rootfiles/core/103/filelists/ncurses +++ /dev/null @@ -1 +0,0 @@ -../../../common/ncurses \ No newline at end of file diff --git a/config/rootfiles/core/103/filelists/ncurses-compat b/config/rootfiles/core/103/filelists/ncurses-compat deleted file mode 120000 index 5ecff53..0000000 --- a/config/rootfiles/core/103/filelists/ncurses-compat +++ /dev/null @@ -1 +0,0 @@ -../../../common/ncurses-compat \ No newline at end of file diff --git a/config/rootfiles/core/103/filelists/procps b/config/rootfiles/core/103/filelists/procps deleted file mode 120000 index e17e8ed..0000000 --- a/config/rootfiles/core/103/filelists/procps +++ /dev/null @@ -1 +0,0 @@ -../../../common/procps \ No newline at end of file diff --git a/config/rootfiles/core/103/filelists/sdparm b/config/rootfiles/core/103/filelists/sdparm deleted file mode 120000 index 86d9c24..0000000 --- a/config/rootfiles/core/103/filelists/sdparm +++ /dev/null @@ -1 +0,0 @@ -../../../common/sdparm \ No newline at end of file diff --git a/config/rootfiles/core/103/filelists/squid b/config/rootfiles/core/103/filelists/squid deleted file mode 120000 index 2dc8372..0000000 --- a/config/rootfiles/core/103/filelists/squid +++ /dev/null @@ -1 +0,0 @@ -../../../common/squid \ No newline at end of file diff --git a/config/rootfiles/core/103/filelists/tzdata b/config/rootfiles/core/103/filelists/tzdata deleted file mode 120000 index 5a6e325..0000000 --- a/config/rootfiles/core/103/filelists/tzdata +++ /dev/null @@ -1 +0,0 @@ -../../../common/tzdata \ No newline at end of file diff --git a/config/rootfiles/core/103/filelists/wpa_supplicant b/config/rootfiles/core/103/filelists/wpa_supplicant deleted file mode 120000 index 1d04c03..0000000 --- a/config/rootfiles/core/103/filelists/wpa_supplicant +++ /dev/null @@ -1 +0,0 @@ -../../../common/wpa_supplicant \ No newline at end of file diff --git a/config/rootfiles/core/103/meta b/config/rootfiles/core/103/meta deleted file mode 100644 index d547fa8..0000000 --- a/config/rootfiles/core/103/meta +++ /dev/null @@ -1 +0,0 @@ -DEPS="" diff --git a/config/rootfiles/core/103/update.sh b/config/rootfiles/core/103/update.sh deleted file mode 100644 index 3f45eaa..0000000 --- a/config/rootfiles/core/103/update.sh +++ /dev/null @@ -1,82 +0,0 @@ -#!/bin/bash -############################################################################ -# # -# This file is part of the IPFire Firewall. # -# # -# IPFire is free software; you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation; either version 3 of the License, or # -# (at your option) any later version. # -# # -# IPFire is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with IPFire; if not, write to the Free Software # -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # -# # -# Copyright (C) 2016 IPFire-Team info@ipfire.org. # -# # -############################################################################ -# -. /opt/pakfire/lib/functions.sh -/usr/local/bin/backupctrl exclude >/dev/null 2>&1 - -core=103 - -function exit_with_error() { - # Set last succesfull installed core. - echo $(($core-1)) > /opt/pakfire/db/core/mine - /usr/bin/logger -p syslog.emerg -t ipfire \ - "core-update-${core}: $1" - exit $2 -} - -# Remove old core updates from pakfire cache to save space... -for (( i=1; i<=$core; i++ )) -do - rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire -done - - -# Stop services -/etc/init.d/squid stop - -# Remove checkfstab -rm -f /etc/rc.d/init.d/checkfstab -rm -f /etc/rc.d/rcsysinit.d/S19checkfstab - -# Extract files -extract_files - -# update linker config -ldconfig - -# Update Language cache -#/usr/local/bin/update-lang-cache - -# Remove potentially broken squid cache index (will be recreated after the next start) -rm -f /var/log/cache/swap.state - -# Start services -/etc/init.d/dnsmasq restart -/etc/init.d/squid start - -sync -# This update need a reboot... -touch /var/run/need_reboot - -# Finish -/etc/init.d/fireinfo start -sendprofile - -# Update grub config to display new core version -if [ -e /boot/grub/grub.cfg ]; then - grub-mkconfig -o /boot/grub/grub.cfg -fi -sync - -# Don't report the exitcode last command -exit 0 diff --git a/config/rootfiles/core/104/exclude b/config/rootfiles/core/104/exclude new file mode 100644 index 0000000..7ddeae0 --- /dev/null +++ b/config/rootfiles/core/104/exclude @@ -0,0 +1,28 @@ +boot/config.txt +boot/grub/grub.cfg +boot/grub/grubenv +etc/alternatives +etc/collectd.custom +etc/default/grub +etc/ipsec.conf +etc/ipsec.secrets +etc/ipsec.user.conf +etc/ipsec.user.secrets +etc/localtime +etc/shadow +etc/snort/snort.conf +etc/ssh/ssh_config +etc/ssh/sshd_config +etc/ssl/openssl.cnf +etc/sudoers +etc/sysconfig/firewall.local +etc/sysconfig/rc.local +etc/udev/rules.d/30-persistent-network.rules +srv/web/ipfire/html/proxy.pac +var/ipfire/dma +var/ipfire/time +var/ipfire/ovpn +var/lib/alternatives +var/log/cache +var/state/dhcp/dhcpd.leases +var/updatecache diff --git a/config/rootfiles/core/104/filelists/acl b/config/rootfiles/core/104/filelists/acl new file mode 120000 index 0000000..d819f9c --- /dev/null +++ b/config/rootfiles/core/104/filelists/acl @@ -0,0 +1 @@ +../../../common/acl \ No newline at end of file diff --git a/config/rootfiles/core/104/filelists/armv5tel/linux-kirkwood b/config/rootfiles/core/104/filelists/armv5tel/linux-kirkwood new file mode 120000 index 0000000..7217107 --- /dev/null +++ b/config/rootfiles/core/104/filelists/armv5tel/linux-kirkwood @@ -0,0 +1 @@ +../../../../common/armv5tel/linux-kirkwood \ No newline at end of file diff --git a/config/rootfiles/core/104/filelists/armv5tel/linux-multi b/config/rootfiles/core/104/filelists/armv5tel/linux-multi new file mode 120000 index 0000000..204eb4c --- /dev/null +++ b/config/rootfiles/core/104/filelists/armv5tel/linux-multi @@ -0,0 +1 @@ +../../../../common/armv5tel/linux-multi \ No newline at end of file diff --git a/config/rootfiles/core/104/filelists/armv5tel/linux-rpi b/config/rootfiles/core/104/filelists/armv5tel/linux-rpi new file mode 120000 index 0000000..a651a49 --- /dev/null +++ b/config/rootfiles/core/104/filelists/armv5tel/linux-rpi @@ -0,0 +1 @@ +../../../../common/armv5tel/linux-rpi \ No newline at end of file diff --git a/config/rootfiles/core/104/filelists/curl b/config/rootfiles/core/104/filelists/curl new file mode 120000 index 0000000..4b84bef --- /dev/null +++ b/config/rootfiles/core/104/filelists/curl @@ -0,0 +1 @@ +../../../common/curl \ No newline at end of file diff --git a/config/rootfiles/core/104/filelists/ddns b/config/rootfiles/core/104/filelists/ddns new file mode 120000 index 0000000..7395164 --- /dev/null +++ b/config/rootfiles/core/104/filelists/ddns @@ -0,0 +1 @@ +../../../common/ddns \ No newline at end of file diff --git a/config/rootfiles/core/104/filelists/dnsmasq b/config/rootfiles/core/104/filelists/dnsmasq new file mode 120000 index 0000000..d469c74 --- /dev/null +++ b/config/rootfiles/core/104/filelists/dnsmasq @@ -0,0 +1 @@ +../../../common/dnsmasq \ No newline at end of file diff --git a/config/rootfiles/core/104/filelists/files b/config/rootfiles/core/104/filelists/files new file mode 100644 index 0000000..c172c14 --- /dev/null +++ b/config/rootfiles/core/104/filelists/files @@ -0,0 +1,14 @@ +etc/system-release +etc/issue +etc/collectd.conf +etc/httpd/conf/global.conf +etc/rc.d/init.d/snort +opt/pakfire/lib/functions.sh +srv/web/ipfire/cgi-bin/ids.cgi +srv/web/ipfire/cgi-bin/proxy.cgi +srv/web/ipfire/cgi-bin/logs.cgi/log.dat +srv/web/ipfire/html/themes/ipfire/include/functions.pl +srv/web/ipfire/html/themes/ipfire/include/js/refreshInetInfo.js +var/ipfire/langs +var/ipfire/fwhosts/customservices.default +var/ipfire/updatexlrator/bin/download diff --git a/config/rootfiles/core/104/filelists/i586/acpid b/config/rootfiles/core/104/filelists/i586/acpid new file mode 120000 index 0000000..21d36ee --- /dev/null +++ b/config/rootfiles/core/104/filelists/i586/acpid @@ -0,0 +1 @@ +../../../../common/i586/acpid \ No newline at end of file diff --git a/config/rootfiles/core/104/filelists/i586/linux b/config/rootfiles/core/104/filelists/i586/linux new file mode 120000 index 0000000..693ec4b --- /dev/null +++ b/config/rootfiles/core/104/filelists/i586/linux @@ -0,0 +1 @@ +../../../../common/i586/linux \ No newline at end of file diff --git a/config/rootfiles/core/104/filelists/iputils b/config/rootfiles/core/104/filelists/iputils new file mode 120000 index 0000000..361c28f --- /dev/null +++ b/config/rootfiles/core/104/filelists/iputils @@ -0,0 +1 @@ +../../../common/iputils \ No newline at end of file diff --git a/config/rootfiles/core/104/filelists/libarchive b/config/rootfiles/core/104/filelists/libarchive new file mode 120000 index 0000000..551f1f7 --- /dev/null +++ b/config/rootfiles/core/104/filelists/libarchive @@ -0,0 +1 @@ +../../../common/libarchive \ No newline at end of file diff --git a/config/rootfiles/core/104/filelists/libcap b/config/rootfiles/core/104/filelists/libcap new file mode 120000 index 0000000..ed67d95 --- /dev/null +++ b/config/rootfiles/core/104/filelists/libcap @@ -0,0 +1 @@ +../../../common/libcap \ No newline at end of file diff --git a/config/rootfiles/core/104/filelists/ntp b/config/rootfiles/core/104/filelists/ntp new file mode 120000 index 0000000..7542d86 --- /dev/null +++ b/config/rootfiles/core/104/filelists/ntp @@ -0,0 +1 @@ +../../../common/ntp \ No newline at end of file diff --git a/config/rootfiles/core/104/filelists/openssh b/config/rootfiles/core/104/filelists/openssh new file mode 120000 index 0000000..d8c77fd --- /dev/null +++ b/config/rootfiles/core/104/filelists/openssh @@ -0,0 +1 @@ +../../../common/openssh \ No newline at end of file diff --git a/config/rootfiles/core/104/filelists/pcre b/config/rootfiles/core/104/filelists/pcre new file mode 120000 index 0000000..b390d9a --- /dev/null +++ b/config/rootfiles/core/104/filelists/pcre @@ -0,0 +1 @@ +../../../common/pcre \ No newline at end of file diff --git a/config/rootfiles/core/104/filelists/popt b/config/rootfiles/core/104/filelists/popt new file mode 120000 index 0000000..d71a9ab --- /dev/null +++ b/config/rootfiles/core/104/filelists/popt @@ -0,0 +1 @@ +../../../common/popt \ No newline at end of file diff --git a/config/rootfiles/core/104/filelists/screen b/config/rootfiles/core/104/filelists/screen new file mode 120000 index 0000000..81008f4 --- /dev/null +++ b/config/rootfiles/core/104/filelists/screen @@ -0,0 +1 @@ +../../../common/screen \ No newline at end of file diff --git a/config/rootfiles/core/104/filelists/shadow b/config/rootfiles/core/104/filelists/shadow new file mode 120000 index 0000000..c0824b7 --- /dev/null +++ b/config/rootfiles/core/104/filelists/shadow @@ -0,0 +1 @@ +../../../common/shadow \ No newline at end of file diff --git a/config/rootfiles/core/104/filelists/snort b/config/rootfiles/core/104/filelists/snort new file mode 120000 index 0000000..9406ce0 --- /dev/null +++ b/config/rootfiles/core/104/filelists/snort @@ -0,0 +1 @@ +../../../common/snort \ No newline at end of file diff --git a/config/rootfiles/core/104/filelists/wget b/config/rootfiles/core/104/filelists/wget new file mode 120000 index 0000000..fcb57df --- /dev/null +++ b/config/rootfiles/core/104/filelists/wget @@ -0,0 +1 @@ +../../../common/wget \ No newline at end of file diff --git a/config/rootfiles/core/104/filelists/which b/config/rootfiles/core/104/filelists/which new file mode 120000 index 0000000..9cfc884 --- /dev/null +++ b/config/rootfiles/core/104/filelists/which @@ -0,0 +1 @@ +../../../common/which \ No newline at end of file diff --git a/config/rootfiles/core/104/filelists/x86_64/acpid b/config/rootfiles/core/104/filelists/x86_64/acpid new file mode 120000 index 0000000..289f8f5 --- /dev/null +++ b/config/rootfiles/core/104/filelists/x86_64/acpid @@ -0,0 +1 @@ +../../../../common/x86_64/acpid \ No newline at end of file diff --git a/config/rootfiles/core/104/filelists/x86_64/linux b/config/rootfiles/core/104/filelists/x86_64/linux new file mode 120000 index 0000000..0615b5b --- /dev/null +++ b/config/rootfiles/core/104/filelists/x86_64/linux @@ -0,0 +1 @@ +../../../../common/x86_64/linux \ No newline at end of file diff --git a/config/rootfiles/core/104/meta b/config/rootfiles/core/104/meta new file mode 100644 index 0000000..d547fa8 --- /dev/null +++ b/config/rootfiles/core/104/meta @@ -0,0 +1 @@ +DEPS="" diff --git a/config/rootfiles/core/104/update.sh b/config/rootfiles/core/104/update.sh new file mode 100644 index 0000000..3988a9d --- /dev/null +++ b/config/rootfiles/core/104/update.sh @@ -0,0 +1,259 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 3 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2016 IPFire-Team info@ipfire.org. # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh +/usr/local/bin/backupctrl exclude >/dev/null 2>&1 + +function find_device() { + local mountpoint="${1}" + + local root + local dev mp fs flags rest + while read -r dev mp fs flags rest; do + # Skip unwanted entries + [ "${dev}" = "rootfs" ] && continue + + if [ "${mp}" = "${mountpoint}" ] && [ -b "${dev}" ]; then + root="$(basename "${dev}")" + break + fi + done < /proc/mounts + + # Get the actual device from the partition that holds / + while [ -n "${root}" ]; do + if [ -e "/sys/block/${root}" ]; then + echo "${root}" + return 0 + fi + + # Remove last character + root="${root::-1}" + done + + return 1 +} + + +core=104 + +function exit_with_error() { + # Set last succesfull installed core. + echo $(($core-1)) > /opt/pakfire/db/core/mine + /usr/bin/logger -p syslog.emerg -t ipfire \ + "core-update-${core}: $1" + exit $2 +} + +# Remove old core updates from pakfire cache to save space... +for (( i=1; i<=$core; i++ )) +do + rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire +done + +# +# Do some sanity checks. +case $(uname -r) in + *-ipfire* ) + # Ok. + ;; + * ) + exit_with_error "ERROR cannot update. No IPFire Kernel." 1 + ;; +esac + + +# +# +KVER="xxxKVERxxx" + +# Check diskspace on root +ROOTSPACE=`df / -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1` + +if [ $ROOTSPACE -lt 100000 ]; then + exit_with_error "ERROR cannot update because not enough free space on root." 2 + exit 2 +fi + +echo +echo Update Kernel to $KVER ... +# +# Remove old kernel, configs, initrd, modules, dtb's ... +# +rm -rf /boot/System.map-* +rm -rf /boot/config-* +rm -rf /boot/ipfirerd-* +rm -rf /boot/initramfs-* +rm -rf /boot/vmlinuz-* +rm -rf /boot/uImage-ipfire-* +rm -rf /boot/zImage-ipfire-* +rm -rf /boot/uInit-ipfire-* +rm -rf /boot/dtb-*-ipfire-* +rm -rf /lib/modules + +case "$(uname -m)" in + armv*) + # Backup uEnv.txt if exist + if [ -e /boot/uEnv.txt ]; then + cp -vf /boot/uEnv.txt /boot/uEnv.txt.org + fi + + # work around the u-boot folder detection bug + mkdir -pv /boot/dtb-$KVER-ipfire-kirkwood + mkdir -pv /boot/dtb-$KVER-ipfire-multi + touch /boot/uImage-ipfire-kirkwood + touch /boot/zImage-ipfire-multi + touch /boot/uIinit-ipfire-kirkwood + touch /boot/uIinit-ipfire-multi + ;; +esac + +# Stop services +/etc/init.d/collectd stop +/etc/init.d/snort stop +/etc/init.d/squid stop +/etc/init.d/dnsmasq stop +/etc/init.d/sshd stop +/etc/init.d/ipsec stop +/etc/init.d/apache stop + +# Extract files +tar xavf /opt/pakfire/tmp/files* --no-overwrite-dir -p --numeric-owner -C / + +# Update customservices +cp /var/ipfire/fwhosts/customservices /var/ipfire/fwhosts/customservices.old +echo 35,Submission (TCP),587,TCP,BLANK,0 >> /var/ipfire/fwhosts/customservices +echo 36,SSMTP,465,TCP,BLANK,0 >> /var/ipfire/fwhosts/customservices + +# Remove some old files +rm -f /bin/groups /lib/libshadow.so.0* + +# update linker config +ldconfig + +# Check diskspace on boot +BOOTSPACE=`df /boot -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1` + +if [ $BOOTSPACE -lt 1000 ]; then + case $(uname -r) in + *-ipfire-kirkwood ) + # Special handling for old kirkwood images. + # (install only kirkwood kernel) + rm -rf /boot/* + # work around the u-boot folder detection bug + mkdir -pv /boot/dtb-$KVER-ipfire-kirkwood + tar xavf /opt/pakfire/tmp/files* --no-overwrite-dir -p \ + --numeric-owner -C / --wildcards 'boot/*-kirkwood*' + ;; + * ) + /etc/init.d/apache start + exit_with_error "FATAL-ERROR space run out on boot. System is not bootable..." 4 + ;; + esac +fi + +# Update Language cache +/usr/local/bin/update-lang-cache + +# +# Start services +# +/etc/init.d/collectd start +/etc/init.d/apache start +/etc/init.d/dnsmasq start +/etc/init.d/sshd start +/etc/init.d/squid start +/etc/init.d/snort start +if [ `grep "ENABLED=on" /var/ipfire/vpn/settings` ]; then + /etc/init.d/ipsec start +fi + +# Delete old QoS enabled indicator +rm -f /var/ipfire/qos/enable + +# Upadate Kernel version uEnv.txt +if [ -e /boot/uEnv.txt ]; then + sed -i -e "s/KVER=.*/KVER=${KVER}/g" /boot/uEnv.txt +fi + +# call user update script (needed for some arm boards) +if [ -e /boot/pakfire-kernel-update ]; then + /boot/pakfire-kernel-update ${KVER} +fi + +case "$(uname -m)" in + i?86) + # Force (re)install pae kernel if pae is supported + rm -rf /opt/pakfire/db/installed/meta-linux-pae + if [ ! "$(grep "^flags.* pae " /proc/cpuinfo)" == "" ]; then + ROOTSPACE=`df / -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1` + BOOTSPACE=`df /boot -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1` + if [ $BOOTSPACE -lt 12000 -o $ROOTSPACE -lt 90000 ]; then + /usr/bin/logger -p syslog.emerg -t ipfire \ + "core-update-${core}: WARNING not enough space for pae kernel." + else + echo "Name: linux-pae" > /opt/pakfire/db/installed/meta-linux-pae + echo "ProgVersion: 0" >> /opt/pakfire/db/installed/meta-linux-pae + echo "Release: 0" >> /opt/pakfire/db/installed/meta-linux-pae + fi + fi + ;; +esac +# +# After pakfire has ended run it again and update the lists and do upgrade +# +echo '#!/bin/bash' > /tmp/pak_update +echo 'while [ "$(ps -A | grep " update.sh")" != "" ]; do' >> /tmp/pak_update +echo ' sleep 1' >> /tmp/pak_update +echo 'done' >> /tmp/pak_update +echo 'while [ "$(ps -A | grep " pakfire")" != "" ]; do' >> /tmp/pak_update +echo ' sleep 1' >> /tmp/pak_update +echo 'done' >> /tmp/pak_update +echo '/opt/pakfire/pakfire update -y --force' >> /tmp/pak_update +echo '/opt/pakfire/pakfire upgrade -y' >> /tmp/pak_update +echo '/opt/pakfire/pakfire upgrade -y' >> /tmp/pak_update +echo '/opt/pakfire/pakfire upgrade -y' >> /tmp/pak_update +echo '/usr/bin/logger -p syslog.emerg -t ipfire "Core-upgrade finished. If you use a customized grub/uboot config"' >> /tmp/pak_update +echo '/usr/bin/logger -p syslog.emerg -t ipfire "Check it before reboot !!!"' >> /tmp/pak_update +echo '/usr/bin/logger -p syslog.emerg -t ipfire " *** Please reboot... *** "' >> /tmp/pak_update +echo 'touch /var/run/need_reboot ' >> /tmp/pak_update +# +killall -KILL pak_update +chmod +x /tmp/pak_update +/tmp/pak_update & + +sync + +# This update need a reboot... +touch /var/run/need_reboot + +# Finish +/etc/init.d/fireinfo start +sendprofile +# Update grub config to display new core version +if [ -e /boot/grub/grub.cfg ]; then + grub-mkconfig -o /boot/grub/grub.cfg +fi +sync + +# Don't report the exitcode last command +exit 0 diff --git a/config/rootfiles/oldcore/103/exclude b/config/rootfiles/oldcore/103/exclude new file mode 100644 index 0000000..7ddeae0 --- /dev/null +++ b/config/rootfiles/oldcore/103/exclude @@ -0,0 +1,28 @@ +boot/config.txt +boot/grub/grub.cfg +boot/grub/grubenv +etc/alternatives +etc/collectd.custom +etc/default/grub +etc/ipsec.conf +etc/ipsec.secrets +etc/ipsec.user.conf +etc/ipsec.user.secrets +etc/localtime +etc/shadow +etc/snort/snort.conf +etc/ssh/ssh_config +etc/ssh/sshd_config +etc/ssl/openssl.cnf +etc/sudoers +etc/sysconfig/firewall.local +etc/sysconfig/rc.local +etc/udev/rules.d/30-persistent-network.rules +srv/web/ipfire/html/proxy.pac +var/ipfire/dma +var/ipfire/time +var/ipfire/ovpn +var/lib/alternatives +var/log/cache +var/state/dhcp/dhcpd.leases +var/updatecache diff --git a/config/rootfiles/oldcore/103/filelists/coreutils b/config/rootfiles/oldcore/103/filelists/coreutils new file mode 120000 index 0000000..7351ed2 --- /dev/null +++ b/config/rootfiles/oldcore/103/filelists/coreutils @@ -0,0 +1 @@ +../../../common/coreutils \ No newline at end of file diff --git a/config/rootfiles/oldcore/103/filelists/curl b/config/rootfiles/oldcore/103/filelists/curl new file mode 120000 index 0000000..4b84bef --- /dev/null +++ b/config/rootfiles/oldcore/103/filelists/curl @@ -0,0 +1 @@ +../../../common/curl \ No newline at end of file diff --git a/config/rootfiles/oldcore/103/filelists/diffutils b/config/rootfiles/oldcore/103/filelists/diffutils new file mode 120000 index 0000000..a5c02f3 --- /dev/null +++ b/config/rootfiles/oldcore/103/filelists/diffutils @@ -0,0 +1 @@ +../../../common/diffutils \ No newline at end of file diff --git a/config/rootfiles/oldcore/103/filelists/dnsmasq b/config/rootfiles/oldcore/103/filelists/dnsmasq new file mode 120000 index 0000000..d469c74 --- /dev/null +++ b/config/rootfiles/oldcore/103/filelists/dnsmasq @@ -0,0 +1 @@ +../../../common/dnsmasq \ No newline at end of file diff --git a/config/rootfiles/oldcore/103/filelists/files b/config/rootfiles/oldcore/103/filelists/files new file mode 100644 index 0000000..2294a5e --- /dev/null +++ b/config/rootfiles/oldcore/103/filelists/files @@ -0,0 +1,9 @@ +etc/system-release +etc/issue +lib/udev/network-hotplug-macvtap +lib/udev/network-hotplug-rename +lib/udev/rules.d/60-net.rules +srv/web/ipfire/cgi-bin/logs.cgi/log.dat +usr/sbin/setup +var/ipfire/general-functions.pl +var/ipfire/menu.d/30-network.menu diff --git a/config/rootfiles/oldcore/103/filelists/findutils b/config/rootfiles/oldcore/103/filelists/findutils new file mode 120000 index 0000000..545280a --- /dev/null +++ b/config/rootfiles/oldcore/103/filelists/findutils @@ -0,0 +1 @@ +../../../common/findutils \ No newline at end of file diff --git a/config/rootfiles/oldcore/103/filelists/gawk b/config/rootfiles/oldcore/103/filelists/gawk new file mode 120000 index 0000000..a3bbe32 --- /dev/null +++ b/config/rootfiles/oldcore/103/filelists/gawk @@ -0,0 +1 @@ +../../../common/gawk \ No newline at end of file diff --git a/config/rootfiles/oldcore/103/filelists/gettext b/config/rootfiles/oldcore/103/filelists/gettext new file mode 120000 index 0000000..b6c6c6f --- /dev/null +++ b/config/rootfiles/oldcore/103/filelists/gettext @@ -0,0 +1 @@ +../../../common/gettext \ No newline at end of file diff --git a/config/rootfiles/oldcore/103/filelists/grep b/config/rootfiles/oldcore/103/filelists/grep new file mode 120000 index 0000000..ab5ef8b --- /dev/null +++ b/config/rootfiles/oldcore/103/filelists/grep @@ -0,0 +1 @@ +../../../common/grep \ No newline at end of file diff --git a/config/rootfiles/oldcore/103/filelists/less b/config/rootfiles/oldcore/103/filelists/less new file mode 120000 index 0000000..65c0e07 --- /dev/null +++ b/config/rootfiles/oldcore/103/filelists/less @@ -0,0 +1 @@ +../../../common/less \ No newline at end of file diff --git a/config/rootfiles/oldcore/103/filelists/ncurses b/config/rootfiles/oldcore/103/filelists/ncurses new file mode 120000 index 0000000..512faef --- /dev/null +++ b/config/rootfiles/oldcore/103/filelists/ncurses @@ -0,0 +1 @@ +../../../common/ncurses \ No newline at end of file diff --git a/config/rootfiles/oldcore/103/filelists/ncurses-compat b/config/rootfiles/oldcore/103/filelists/ncurses-compat new file mode 120000 index 0000000..5ecff53 --- /dev/null +++ b/config/rootfiles/oldcore/103/filelists/ncurses-compat @@ -0,0 +1 @@ +../../../common/ncurses-compat \ No newline at end of file diff --git a/config/rootfiles/oldcore/103/filelists/procps b/config/rootfiles/oldcore/103/filelists/procps new file mode 120000 index 0000000..e17e8ed --- /dev/null +++ b/config/rootfiles/oldcore/103/filelists/procps @@ -0,0 +1 @@ +../../../common/procps \ No newline at end of file diff --git a/config/rootfiles/oldcore/103/filelists/sdparm b/config/rootfiles/oldcore/103/filelists/sdparm new file mode 120000 index 0000000..86d9c24 --- /dev/null +++ b/config/rootfiles/oldcore/103/filelists/sdparm @@ -0,0 +1 @@ +../../../common/sdparm \ No newline at end of file diff --git a/config/rootfiles/oldcore/103/filelists/squid b/config/rootfiles/oldcore/103/filelists/squid new file mode 120000 index 0000000..2dc8372 --- /dev/null +++ b/config/rootfiles/oldcore/103/filelists/squid @@ -0,0 +1 @@ +../../../common/squid \ No newline at end of file diff --git a/config/rootfiles/oldcore/103/filelists/tzdata b/config/rootfiles/oldcore/103/filelists/tzdata new file mode 120000 index 0000000..5a6e325 --- /dev/null +++ b/config/rootfiles/oldcore/103/filelists/tzdata @@ -0,0 +1 @@ +../../../common/tzdata \ No newline at end of file diff --git a/config/rootfiles/oldcore/103/filelists/wpa_supplicant b/config/rootfiles/oldcore/103/filelists/wpa_supplicant new file mode 120000 index 0000000..1d04c03 --- /dev/null +++ b/config/rootfiles/oldcore/103/filelists/wpa_supplicant @@ -0,0 +1 @@ +../../../common/wpa_supplicant \ No newline at end of file diff --git a/config/rootfiles/oldcore/103/meta b/config/rootfiles/oldcore/103/meta new file mode 100644 index 0000000..d547fa8 --- /dev/null +++ b/config/rootfiles/oldcore/103/meta @@ -0,0 +1 @@ +DEPS="" diff --git a/config/rootfiles/oldcore/103/update.sh b/config/rootfiles/oldcore/103/update.sh new file mode 100644 index 0000000..3f45eaa --- /dev/null +++ b/config/rootfiles/oldcore/103/update.sh @@ -0,0 +1,82 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 3 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2016 IPFire-Team info@ipfire.org. # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh +/usr/local/bin/backupctrl exclude >/dev/null 2>&1 + +core=103 + +function exit_with_error() { + # Set last succesfull installed core. + echo $(($core-1)) > /opt/pakfire/db/core/mine + /usr/bin/logger -p syslog.emerg -t ipfire \ + "core-update-${core}: $1" + exit $2 +} + +# Remove old core updates from pakfire cache to save space... +for (( i=1; i<=$core; i++ )) +do + rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire +done + + +# Stop services +/etc/init.d/squid stop + +# Remove checkfstab +rm -f /etc/rc.d/init.d/checkfstab +rm -f /etc/rc.d/rcsysinit.d/S19checkfstab + +# Extract files +extract_files + +# update linker config +ldconfig + +# Update Language cache +#/usr/local/bin/update-lang-cache + +# Remove potentially broken squid cache index (will be recreated after the next start) +rm -f /var/log/cache/swap.state + +# Start services +/etc/init.d/dnsmasq restart +/etc/init.d/squid start + +sync +# This update need a reboot... +touch /var/run/need_reboot + +# Finish +/etc/init.d/fireinfo start +sendprofile + +# Update grub config to display new core version +if [ -e /boot/grub/grub.cfg ]; then + grub-mkconfig -o /boot/grub/grub.cfg +fi +sync + +# Don't report the exitcode last command +exit 0 diff --git a/config/rootfiles/packages/freeradius b/config/rootfiles/packages/freeradius new file mode 100644 index 0000000..9bcd3a4 --- /dev/null +++ b/config/rootfiles/packages/freeradius @@ -0,0 +1,901 @@ +etc/raddb +#etc/raddb/README.rst +#etc/raddb/certs +#etc/raddb/certs/Makefile +#etc/raddb/certs/README +#etc/raddb/certs/bootstrap +#etc/raddb/certs/ca.cnf +#etc/raddb/certs/client.cnf +#etc/raddb/certs/passwords.mk +#etc/raddb/certs/server.cnf +#etc/raddb/certs/xpextensions +#etc/raddb/clients.conf +#etc/raddb/dictionary +#etc/raddb/hints +#etc/raddb/huntgroups +#etc/raddb/mods-available +#etc/raddb/mods-available/README.rst +#etc/raddb/mods-available/always +#etc/raddb/mods-available/attr_filter +#etc/raddb/mods-available/cache +#etc/raddb/mods-available/cache_eap +#etc/raddb/mods-available/chap +#etc/raddb/mods-available/counter +#etc/raddb/mods-available/cui +#etc/raddb/mods-available/date +#etc/raddb/mods-available/detail +#etc/raddb/mods-available/detail.example.com +#etc/raddb/mods-available/detail.log +#etc/raddb/mods-available/dhcp +#etc/raddb/mods-available/dhcp_sqlippool +#etc/raddb/mods-available/digest +#etc/raddb/mods-available/dynamic_clients +#etc/raddb/mods-available/eap +#etc/raddb/mods-available/echo +#etc/raddb/mods-available/etc_group +#etc/raddb/mods-available/exec +#etc/raddb/mods-available/expiration +#etc/raddb/mods-available/expr +#etc/raddb/mods-available/files +#etc/raddb/mods-available/idn +#etc/raddb/mods-available/inner-eap +#etc/raddb/mods-available/ippool +#etc/raddb/mods-available/krb5 +#etc/raddb/mods-available/ldap +#etc/raddb/mods-available/linelog +#etc/raddb/mods-available/logintime +#etc/raddb/mods-available/mac2ip +#etc/raddb/mods-available/mac2vlan +#etc/raddb/mods-available/mschap +#etc/raddb/mods-available/ntlm_auth +#etc/raddb/mods-available/opendirectory +#etc/raddb/mods-available/otp +#etc/raddb/mods-available/pam +#etc/raddb/mods-available/pap +#etc/raddb/mods-available/passwd +#etc/raddb/mods-available/perl +#etc/raddb/mods-available/preprocess +#etc/raddb/mods-available/python +#etc/raddb/mods-available/radutmp +#etc/raddb/mods-available/realm +#etc/raddb/mods-available/redis +#etc/raddb/mods-available/rediswho +#etc/raddb/mods-available/replicate +#etc/raddb/mods-available/rest +#etc/raddb/mods-available/smbpasswd +#etc/raddb/mods-available/smsotp +#etc/raddb/mods-available/soh +#etc/raddb/mods-available/sometimes +#etc/raddb/mods-available/sql +#etc/raddb/mods-available/sqlcounter +#etc/raddb/mods-available/sqlippool +#etc/raddb/mods-available/sradutmp +#etc/raddb/mods-available/unix +#etc/raddb/mods-available/unpack +#etc/raddb/mods-available/utf8 +#etc/raddb/mods-available/wimax +#etc/raddb/mods-available/yubikey +#etc/raddb/mods-config +#etc/raddb/mods-config/README.rst +#etc/raddb/mods-config/attr_filter +#etc/raddb/mods-config/attr_filter/access_challenge +#etc/raddb/mods-config/attr_filter/access_reject +#etc/raddb/mods-config/attr_filter/accounting_response +#etc/raddb/mods-config/attr_filter/post-proxy +#etc/raddb/mods-config/attr_filter/pre-proxy +#etc/raddb/mods-config/files +#etc/raddb/mods-config/files/accounting +#etc/raddb/mods-config/files/authorize +#etc/raddb/mods-config/files/pre-proxy +#etc/raddb/mods-config/perl +#etc/raddb/mods-config/perl/example.pl +#etc/raddb/mods-config/preprocess +#etc/raddb/mods-config/preprocess/hints +#etc/raddb/mods-config/preprocess/huntgroups +#etc/raddb/mods-config/python +#etc/raddb/mods-config/python/example.py +#etc/raddb/mods-config/python/radiusd.py +#etc/raddb/mods-config/sql +#etc/raddb/mods-config/sql/counter +#etc/raddb/mods-config/sql/counter/mysql +#etc/raddb/mods-config/sql/counter/mysql/dailycounter.conf +#etc/raddb/mods-config/sql/counter/mysql/expire_on_login.conf +#etc/raddb/mods-config/sql/counter/mysql/monthlycounter.conf +#etc/raddb/mods-config/sql/counter/mysql/noresetcounter.conf +#etc/raddb/mods-config/sql/counter/postgresql +#etc/raddb/mods-config/sql/counter/postgresql/dailycounter.conf +#etc/raddb/mods-config/sql/counter/postgresql/expire_on_login.conf +#etc/raddb/mods-config/sql/counter/postgresql/monthlycounter.conf +#etc/raddb/mods-config/sql/counter/postgresql/noresetcounter.conf +#etc/raddb/mods-config/sql/counter/sqlite +#etc/raddb/mods-config/sql/counter/sqlite/dailycounter.conf +#etc/raddb/mods-config/sql/counter/sqlite/expire_on_login.conf +#etc/raddb/mods-config/sql/counter/sqlite/monthlycounter.conf +#etc/raddb/mods-config/sql/counter/sqlite/noresetcounter.conf +#etc/raddb/mods-config/sql/cui +#etc/raddb/mods-config/sql/cui/mysql +#etc/raddb/mods-config/sql/cui/mysql/queries.conf +#etc/raddb/mods-config/sql/cui/mysql/schema.sql +#etc/raddb/mods-config/sql/cui/postgresql +#etc/raddb/mods-config/sql/cui/postgresql/queries.conf +#etc/raddb/mods-config/sql/cui/postgresql/schema.sql +#etc/raddb/mods-config/sql/cui/sqlite +#etc/raddb/mods-config/sql/cui/sqlite/queries.conf +#etc/raddb/mods-config/sql/cui/sqlite/schema.sql +#etc/raddb/mods-config/sql/ippool +#etc/raddb/mods-config/sql/ippool-dhcp +#etc/raddb/mods-config/sql/ippool-dhcp/mysql +#etc/raddb/mods-config/sql/ippool-dhcp/mysql/queries.conf +#etc/raddb/mods-config/sql/ippool-dhcp/mysql/schema.sql +#etc/raddb/mods-config/sql/ippool-dhcp/sqlite +#etc/raddb/mods-config/sql/ippool-dhcp/sqlite/queries.conf +#etc/raddb/mods-config/sql/ippool-dhcp/sqlite/schema.sql +#etc/raddb/mods-config/sql/ippool/mysql +#etc/raddb/mods-config/sql/ippool/mysql/queries.conf +#etc/raddb/mods-config/sql/ippool/mysql/schema.sql +#etc/raddb/mods-config/sql/ippool/postgresql +#etc/raddb/mods-config/sql/ippool/postgresql/queries.conf +#etc/raddb/mods-config/sql/ippool/postgresql/schema.sql +#etc/raddb/mods-config/sql/ippool/sqlite +#etc/raddb/mods-config/sql/ippool/sqlite/queries.conf +#etc/raddb/mods-config/sql/ippool/sqlite/schema.sql +#etc/raddb/mods-config/sql/main +#etc/raddb/mods-config/sql/main/mysql +#etc/raddb/mods-config/sql/main/mysql/extras +#etc/raddb/mods-config/sql/main/mysql/extras/wimax +#etc/raddb/mods-config/sql/main/mysql/extras/wimax/queries.conf +#etc/raddb/mods-config/sql/main/mysql/extras/wimax/schema.sql +#etc/raddb/mods-config/sql/main/mysql/queries.conf +#etc/raddb/mods-config/sql/main/mysql/schema.sql +#etc/raddb/mods-config/sql/main/mysql/setup.sql +#etc/raddb/mods-config/sql/main/ndb +#etc/raddb/mods-config/sql/main/ndb/README +#etc/raddb/mods-config/sql/main/ndb/schema.sql +#etc/raddb/mods-config/sql/main/ndb/setup.sql +#etc/raddb/mods-config/sql/main/postgresql +#etc/raddb/mods-config/sql/main/postgresql/extras +#etc/raddb/mods-config/sql/main/postgresql/extras/cisco_h323_db_schema.sql +#etc/raddb/mods-config/sql/main/postgresql/extras/update_radacct_group.sql +#etc/raddb/mods-config/sql/main/postgresql/extras/voip-postpaid.conf +#etc/raddb/mods-config/sql/main/postgresql/queries.conf +#etc/raddb/mods-config/sql/main/postgresql/schema.sql +#etc/raddb/mods-config/sql/main/postgresql/setup.sql +#etc/raddb/mods-config/sql/main/sqlite +#etc/raddb/mods-config/sql/main/sqlite/queries.conf +#etc/raddb/mods-config/sql/main/sqlite/schema.sql +#etc/raddb/mods-config/unbound +#etc/raddb/mods-enabled +#etc/raddb/mods-enabled/always +#etc/raddb/mods-enabled/attr_filter +#etc/raddb/mods-enabled/cache_eap +#etc/raddb/mods-enabled/chap +#etc/raddb/mods-enabled/detail +#etc/raddb/mods-enabled/detail.log +#etc/raddb/mods-enabled/dhcp +#etc/raddb/mods-enabled/digest +#etc/raddb/mods-enabled/dynamic_clients +#etc/raddb/mods-enabled/eap +#etc/raddb/mods-enabled/echo +#etc/raddb/mods-enabled/exec +#etc/raddb/mods-enabled/expiration +#etc/raddb/mods-enabled/expr +#etc/raddb/mods-enabled/files +#etc/raddb/mods-enabled/linelog +#etc/raddb/mods-enabled/logintime +#etc/raddb/mods-enabled/mschap +#etc/raddb/mods-enabled/ntlm_auth +#etc/raddb/mods-enabled/pap +#etc/raddb/mods-enabled/passwd +#etc/raddb/mods-enabled/preprocess +#etc/raddb/mods-enabled/radutmp +#etc/raddb/mods-enabled/realm +#etc/raddb/mods-enabled/replicate +#etc/raddb/mods-enabled/soh +#etc/raddb/mods-enabled/sradutmp +#etc/raddb/mods-enabled/unix +#etc/raddb/mods-enabled/unpack +#etc/raddb/mods-enabled/utf8 +#etc/raddb/panic.gdb +#etc/raddb/policy.d +#etc/raddb/policy.d/accounting +#etc/raddb/policy.d/canonicalization +#etc/raddb/policy.d/control +#etc/raddb/policy.d/cui +#etc/raddb/policy.d/debug +#etc/raddb/policy.d/dhcp +#etc/raddb/policy.d/eap +#etc/raddb/policy.d/filter +#etc/raddb/policy.d/operator-name +#etc/raddb/proxy.conf +#etc/raddb/radiusd.conf +#etc/raddb/sites-available +#etc/raddb/sites-available/README +#etc/raddb/sites-available/buffered-sql +#etc/raddb/sites-available/challenge +#etc/raddb/sites-available/channel_bindings +#etc/raddb/sites-available/check-eap-tls +#etc/raddb/sites-available/coa +#etc/raddb/sites-available/control-socket +#etc/raddb/sites-available/copy-acct-to-home-server +#etc/raddb/sites-available/decoupled-accounting +#etc/raddb/sites-available/default +#etc/raddb/sites-available/dhcp +#etc/raddb/sites-available/dhcp.relay +#etc/raddb/sites-available/dynamic-clients +#etc/raddb/sites-available/example +#etc/raddb/sites-available/inner-tunnel +#etc/raddb/sites-available/originate-coa +#etc/raddb/sites-available/proxy-inner-tunnel +#etc/raddb/sites-available/robust-proxy-accounting +#etc/raddb/sites-available/soh +#etc/raddb/sites-available/status +#etc/raddb/sites-available/tls +#etc/raddb/sites-available/virtual.example.com +#etc/raddb/sites-available/vmps +#etc/raddb/sites-enabled +#etc/raddb/sites-enabled/default +#etc/raddb/sites-enabled/inner-tunnel +#etc/raddb/templates.conf +#etc/raddb/trigger.conf +#etc/raddb/users +etc/rc.d/init.d/freeradius +#usr/bin/dhcpclient +usr/bin/map_unit +usr/bin/rad_counter +usr/bin/radattr +usr/bin/radclient +usr/bin/radcrypt +usr/bin/radeapclient +usr/bin/radlast +usr/bin/radsniff +usr/bin/radsqlrelay +usr/bin/radtest +usr/bin/radwho +usr/bin/radzap +usr/bin/rlm_ippool_tool +usr/bin/smbencrypt +#usr/include/freeradius +#usr/include/freeradius/attributes.h +#usr/include/freeradius/base64.h +#usr/include/freeradius/build.h +#usr/include/freeradius/conf.h +#usr/include/freeradius/conffile.h +#usr/include/freeradius/detail.h +#usr/include/freeradius/event.h +#usr/include/freeradius/features.h +#usr/include/freeradius/freeradius.h +#usr/include/freeradius/hash.h +#usr/include/freeradius/heap.h +#usr/include/freeradius/libradius.h +#usr/include/freeradius/map.h +#usr/include/freeradius/md4.h +#usr/include/freeradius/md5.h +#usr/include/freeradius/missing.h +#usr/include/freeradius/modcall.h +#usr/include/freeradius/modules.h +#usr/include/freeradius/packet.h +#usr/include/freeradius/rad_assert.h +#usr/include/freeradius/radius.h +#usr/include/freeradius/radiusd.h +#usr/include/freeradius/radpaths.h +#usr/include/freeradius/radutmp.h +#usr/include/freeradius/realms.h +#usr/include/freeradius/rfc2865.h +#usr/include/freeradius/rfc2866.h +#usr/include/freeradius/rfc2867.h +#usr/include/freeradius/rfc2868.h +#usr/include/freeradius/rfc2869.h +#usr/include/freeradius/rfc3162.h +#usr/include/freeradius/rfc3576.h +#usr/include/freeradius/rfc3580.h +#usr/include/freeradius/rfc4072.h +#usr/include/freeradius/rfc4372.h +#usr/include/freeradius/rfc4603.h +#usr/include/freeradius/rfc4675.h +#usr/include/freeradius/rfc4679.h +#usr/include/freeradius/rfc4818.h +#usr/include/freeradius/rfc4849.h +#usr/include/freeradius/rfc5090.h +#usr/include/freeradius/rfc5176.h +#usr/include/freeradius/rfc5447.h +#usr/include/freeradius/rfc5580.h +#usr/include/freeradius/rfc5607.h +#usr/include/freeradius/rfc5904.h +#usr/include/freeradius/rfc6519.h +#usr/include/freeradius/rfc6572.h +#usr/include/freeradius/rfc6677.h +#usr/include/freeradius/rfc6911.h +#usr/include/freeradius/rfc6929.h +#usr/include/freeradius/rfc6930.h +#usr/include/freeradius/rfc7055.h +#usr/include/freeradius/rfc7155.h +#usr/include/freeradius/rfc7268.h +#usr/include/freeradius/rfc7499.h +#usr/include/freeradius/sha1.h +#usr/include/freeradius/stats.h +#usr/include/freeradius/sysutmp.h +#usr/include/freeradius/tls.h +#usr/include/freeradius/token.h +#usr/include/freeradius/udpfromto.h +#usr/include/freeradius/vqp.h +#usr/lib/freeradius +#usr/lib/freeradius/libfreeradius-dhcp.a +#usr/lib/freeradius/libfreeradius-dhcp.la +usr/lib/freeradius/libfreeradius-dhcp.so +#usr/lib/freeradius/libfreeradius-eap.a +#usr/lib/freeradius/libfreeradius-eap.la +usr/lib/freeradius/libfreeradius-eap.so +#usr/lib/freeradius/libfreeradius-radius.a +#usr/lib/freeradius/libfreeradius-radius.la +usr/lib/freeradius/libfreeradius-radius.so +#usr/lib/freeradius/libfreeradius-server.a +#usr/lib/freeradius/libfreeradius-server.la +usr/lib/freeradius/libfreeradius-server.so +#usr/lib/freeradius/proto_dhcp.a +#usr/lib/freeradius/proto_dhcp.la +usr/lib/freeradius/proto_dhcp.so +#usr/lib/freeradius/proto_vmps.a +#usr/lib/freeradius/proto_vmps.la +usr/lib/freeradius/proto_vmps.so +#usr/lib/freeradius/rlm_always.a +#usr/lib/freeradius/rlm_always.la +usr/lib/freeradius/rlm_always.so +#usr/lib/freeradius/rlm_attr_filter.a +#usr/lib/freeradius/rlm_attr_filter.la +usr/lib/freeradius/rlm_attr_filter.so +#usr/lib/freeradius/rlm_cache.a +#usr/lib/freeradius/rlm_cache.la +usr/lib/freeradius/rlm_cache.so +#usr/lib/freeradius/rlm_cache_rbtree.a +#usr/lib/freeradius/rlm_cache_rbtree.la +usr/lib/freeradius/rlm_cache_rbtree.so +#usr/lib/freeradius/rlm_chap.a +#usr/lib/freeradius/rlm_chap.la +usr/lib/freeradius/rlm_chap.so +#usr/lib/freeradius/rlm_counter.a +#usr/lib/freeradius/rlm_counter.la +usr/lib/freeradius/rlm_counter.so +#usr/lib/freeradius/rlm_cram.a +#usr/lib/freeradius/rlm_cram.la +usr/lib/freeradius/rlm_cram.so +#usr/lib/freeradius/rlm_date.a +#usr/lib/freeradius/rlm_date.la +usr/lib/freeradius/rlm_date.so +#usr/lib/freeradius/rlm_detail.a +#usr/lib/freeradius/rlm_detail.la +usr/lib/freeradius/rlm_detail.so +#usr/lib/freeradius/rlm_dhcp.a +#usr/lib/freeradius/rlm_dhcp.la +usr/lib/freeradius/rlm_dhcp.so +#usr/lib/freeradius/rlm_digest.a +#usr/lib/freeradius/rlm_digest.la +usr/lib/freeradius/rlm_digest.so +#usr/lib/freeradius/rlm_dynamic_clients.a +#usr/lib/freeradius/rlm_dynamic_clients.la +usr/lib/freeradius/rlm_dynamic_clients.so +#usr/lib/freeradius/rlm_eap.a +#usr/lib/freeradius/rlm_eap.la +usr/lib/freeradius/rlm_eap.so +#usr/lib/freeradius/rlm_eap_gtc.a +#usr/lib/freeradius/rlm_eap_gtc.la +usr/lib/freeradius/rlm_eap_gtc.so +#usr/lib/freeradius/rlm_eap_leap.a +#usr/lib/freeradius/rlm_eap_leap.la +usr/lib/freeradius/rlm_eap_leap.so +#usr/lib/freeradius/rlm_eap_md5.a +#usr/lib/freeradius/rlm_eap_md5.la +usr/lib/freeradius/rlm_eap_md5.so +#usr/lib/freeradius/rlm_eap_mschapv2.a +#usr/lib/freeradius/rlm_eap_mschapv2.la +usr/lib/freeradius/rlm_eap_mschapv2.so +#usr/lib/freeradius/rlm_eap_peap.a +#usr/lib/freeradius/rlm_eap_peap.la +usr/lib/freeradius/rlm_eap_peap.so +#usr/lib/freeradius/rlm_eap_pwd.a +#usr/lib/freeradius/rlm_eap_pwd.la +usr/lib/freeradius/rlm_eap_pwd.so +#usr/lib/freeradius/rlm_eap_sim.a +#usr/lib/freeradius/rlm_eap_sim.la +usr/lib/freeradius/rlm_eap_sim.so +#usr/lib/freeradius/rlm_eap_tls.a +#usr/lib/freeradius/rlm_eap_tls.la +usr/lib/freeradius/rlm_eap_tls.so +#usr/lib/freeradius/rlm_eap_ttls.a +#usr/lib/freeradius/rlm_eap_ttls.la +usr/lib/freeradius/rlm_eap_ttls.so +#usr/lib/freeradius/rlm_exec.a +#usr/lib/freeradius/rlm_exec.la +usr/lib/freeradius/rlm_exec.so +#usr/lib/freeradius/rlm_expiration.a +#usr/lib/freeradius/rlm_expiration.la +usr/lib/freeradius/rlm_expiration.so +#usr/lib/freeradius/rlm_expr.a +#usr/lib/freeradius/rlm_expr.la +usr/lib/freeradius/rlm_expr.so +#usr/lib/freeradius/rlm_files.a +#usr/lib/freeradius/rlm_files.la +usr/lib/freeradius/rlm_files.so +#usr/lib/freeradius/rlm_ippool.a +#usr/lib/freeradius/rlm_ippool.la +usr/lib/freeradius/rlm_ippool.so +#usr/lib/freeradius/rlm_krb5.a +#usr/lib/freeradius/rlm_krb5.la +usr/lib/freeradius/rlm_krb5.so +#usr/lib/freeradius/rlm_ldap.a +#usr/lib/freeradius/rlm_ldap.la +usr/lib/freeradius/rlm_ldap.so +#usr/lib/freeradius/rlm_linelog.a +#usr/lib/freeradius/rlm_linelog.la +usr/lib/freeradius/rlm_linelog.so +#usr/lib/freeradius/rlm_logintime.a +#usr/lib/freeradius/rlm_logintime.la +usr/lib/freeradius/rlm_logintime.so +#usr/lib/freeradius/rlm_mschap.a +#usr/lib/freeradius/rlm_mschap.la +usr/lib/freeradius/rlm_mschap.so +#usr/lib/freeradius/rlm_otp.a +#usr/lib/freeradius/rlm_otp.la +usr/lib/freeradius/rlm_otp.so +#usr/lib/freeradius/rlm_pam.a +#usr/lib/freeradius/rlm_pam.la +usr/lib/freeradius/rlm_pam.so +#usr/lib/freeradius/rlm_pap.a +#usr/lib/freeradius/rlm_pap.la +usr/lib/freeradius/rlm_pap.so +#usr/lib/freeradius/rlm_passwd.a +#usr/lib/freeradius/rlm_passwd.la +usr/lib/freeradius/rlm_passwd.so +#usr/lib/freeradius/rlm_perl.a +#usr/lib/freeradius/rlm_perl.la +usr/lib/freeradius/rlm_perl.so +#usr/lib/freeradius/rlm_preprocess.a +#usr/lib/freeradius/rlm_preprocess.la +usr/lib/freeradius/rlm_preprocess.so +#usr/lib/freeradius/rlm_python.a +#usr/lib/freeradius/rlm_python.la +usr/lib/freeradius/rlm_python.so +#usr/lib/freeradius/rlm_radutmp.a +#usr/lib/freeradius/rlm_radutmp.la +usr/lib/freeradius/rlm_radutmp.so +#usr/lib/freeradius/rlm_realm.a +#usr/lib/freeradius/rlm_realm.la +usr/lib/freeradius/rlm_realm.so +#usr/lib/freeradius/rlm_replicate.a +#usr/lib/freeradius/rlm_replicate.la +usr/lib/freeradius/rlm_replicate.so +#usr/lib/freeradius/rlm_soh.a +#usr/lib/freeradius/rlm_soh.la +usr/lib/freeradius/rlm_soh.so +#usr/lib/freeradius/rlm_sometimes.a +#usr/lib/freeradius/rlm_sometimes.la +usr/lib/freeradius/rlm_sometimes.so +#usr/lib/freeradius/rlm_sql.a +#usr/lib/freeradius/rlm_sql.la +usr/lib/freeradius/rlm_sql.so +#usr/lib/freeradius/rlm_sql_null.a +#usr/lib/freeradius/rlm_sql_null.la +usr/lib/freeradius/rlm_sql_null.so +#usr/lib/freeradius/rlm_sqlcounter.a +#usr/lib/freeradius/rlm_sqlcounter.la +usr/lib/freeradius/rlm_sqlcounter.so +#usr/lib/freeradius/rlm_sqlippool.a +#usr/lib/freeradius/rlm_sqlippool.la +usr/lib/freeradius/rlm_sqlippool.so +#usr/lib/freeradius/rlm_test.a +#usr/lib/freeradius/rlm_test.la +#usr/lib/freeradius/rlm_unix.a +#usr/lib/freeradius/rlm_unix.la +usr/lib/freeradius/rlm_unix.so +#usr/lib/freeradius/rlm_unpack.a +#usr/lib/freeradius/rlm_unpack.la +usr/lib/freeradius/rlm_unpack.so +#usr/lib/freeradius/rlm_utf8.a +#usr/lib/freeradius/rlm_utf8.la +usr/lib/freeradius/rlm_utf8.so +#usr/lib/freeradius/rlm_wimax.a +#usr/lib/freeradius/rlm_wimax.la +usr/lib/freeradius/rlm_wimax.so +#usr/lib/freeradius/rlm_yubikey.a +#usr/lib/freeradius/rlm_yubikey.la +usr/lib/freeradius/rlm_yubikey.so +usr/sbin/checkrad +usr/sbin/raddebug +usr/sbin/radiusd +usr/sbin/radmin +#usr/share/doc/freeradius +#usr/share/doc/freeradius/ChangeLog +#usr/share/doc/freeradius/Makefile.sphinx +#usr/share/doc/freeradius/README +#usr/share/doc/freeradius/bugs +#usr/share/doc/freeradius/concepts +#usr/share/doc/freeradius/concepts/aaa.rst +#usr/share/doc/freeradius/concepts/proxy.rst +#usr/share/doc/freeradius/configuration +#usr/share/doc/freeradius/configuration/acct_type.rst +#usr/share/doc/freeradius/configuration/autz_type.rst +#usr/share/doc/freeradius/configuration/configurable_failover.rst +#usr/share/doc/freeradius/configuration/load_balance.rst +#usr/share/doc/freeradius/configuration/post_auth_type +#usr/share/doc/freeradius/configuration/session_type +#usr/share/doc/freeradius/configuration/simultaneous_use +#usr/share/doc/freeradius/configuration/snmp +#usr/share/doc/freeradius/configuration/variables.rst +#usr/share/doc/freeradius/deployment +#usr/share/doc/freeradius/deployment/CYGWIN.rst +#usr/share/doc/freeradius/deployment/MACOSX +#usr/share/doc/freeradius/deployment/OS2 +#usr/share/doc/freeradius/deployment/performance-testing +#usr/share/doc/freeradius/deployment/supervise-radiusd.rst +#usr/share/doc/freeradius/deployment/tuning_guide +#usr/share/doc/freeradius/developer +#usr/share/doc/freeradius/developer/coding-methods.rst +#usr/share/doc/freeradius/developer/contributing.rst +#usr/share/doc/freeradius/developer/module_interface.rst +#usr/share/doc/freeradius/developer/release-method.rst +#usr/share/doc/freeradius/index.rst +#usr/share/doc/freeradius/modules +#usr/share/doc/freeradius/modules/RADIUS-LDAP-eDirectory +#usr/share/doc/freeradius/modules/ldap_howto.rst +#usr/share/doc/freeradius/modules/mschap.rst +#usr/share/doc/freeradius/modules/rlm_dbm +#usr/share/doc/freeradius/modules/rlm_eap +#usr/share/doc/freeradius/modules/rlm_expiration +#usr/share/doc/freeradius/modules/rlm_krb5 +#usr/share/doc/freeradius/modules/rlm_pam +#usr/share/doc/freeradius/modules/rlm_passwd +#usr/share/doc/freeradius/modules/rlm_python +#usr/share/doc/freeradius/modules/rlm_soh +#usr/share/doc/freeradius/modules/rlm_sql +#usr/share/doc/freeradius/modules/rlm_sqlcounter +#usr/share/doc/freeradius/modules/rlm_sqlippool +#usr/share/doc/freeradius/rfc +#usr/share/doc/freeradius/rfc/Makefile +#usr/share/doc/freeradius/rfc/attributes.html +#usr/share/doc/freeradius/rfc/draft-kamath-pppext-eap-mschapv2-00.txt +#usr/share/doc/freeradius/rfc/draft-sterman-aaa-sip-00.txt +#usr/share/doc/freeradius/rfc/genref.pl +#usr/share/doc/freeradius/rfc/leap.txt +#usr/share/doc/freeradius/rfc/per-rfc.pl +#usr/share/doc/freeradius/rfc/rewrite.pl +#usr/share/doc/freeradius/rfc/rfc1157.txt +#usr/share/doc/freeradius/rfc/rfc1227.txt +#usr/share/doc/freeradius/rfc/rfc1448.txt +#usr/share/doc/freeradius/rfc/rfc1901.txt +#usr/share/doc/freeradius/rfc/rfc1905.txt +#usr/share/doc/freeradius/rfc/rfc2243.txt +#usr/share/doc/freeradius/rfc/rfc2284.txt +#usr/share/doc/freeradius/rfc/rfc2289.txt +#usr/share/doc/freeradius/rfc/rfc2433.txt +#usr/share/doc/freeradius/rfc/rfc2548.txt +#usr/share/doc/freeradius/rfc/rfc2607.txt +#usr/share/doc/freeradius/rfc/rfc2618.txt +#usr/share/doc/freeradius/rfc/rfc2619.txt +#usr/share/doc/freeradius/rfc/rfc2620.txt +#usr/share/doc/freeradius/rfc/rfc2621.txt +#usr/share/doc/freeradius/rfc/rfc2716.txt +#usr/share/doc/freeradius/rfc/rfc2759.txt +#usr/share/doc/freeradius/rfc/rfc2809.txt +#usr/share/doc/freeradius/rfc/rfc2865.txt +#usr/share/doc/freeradius/rfc/rfc2866.txt +#usr/share/doc/freeradius/rfc/rfc2867.txt +#usr/share/doc/freeradius/rfc/rfc2868.txt +#usr/share/doc/freeradius/rfc/rfc2869.txt +#usr/share/doc/freeradius/rfc/rfc2924.txt +#usr/share/doc/freeradius/rfc/rfc3079.txt +#usr/share/doc/freeradius/rfc/rfc3162.txt +#usr/share/doc/freeradius/rfc/rfc3539.txt +#usr/share/doc/freeradius/rfc/rfc3575.txt +#usr/share/doc/freeradius/rfc/rfc3576.txt +#usr/share/doc/freeradius/rfc/rfc3579.txt +#usr/share/doc/freeradius/rfc/rfc3580.txt +#usr/share/doc/freeradius/rfc/rfc3748.txt +#usr/share/doc/freeradius/rfc/rfc4072.txt +#usr/share/doc/freeradius/rfc/rfc4186.txt +#usr/share/doc/freeradius/rfc/rfc4282.txt +#usr/share/doc/freeradius/rfc/rfc4372.txt +#usr/share/doc/freeradius/rfc/rfc4590.txt +#usr/share/doc/freeradius/rfc/rfc4668.txt +#usr/share/doc/freeradius/rfc/rfc4669.txt +#usr/share/doc/freeradius/rfc/rfc4670.txt +#usr/share/doc/freeradius/rfc/rfc4671.txt +#usr/share/doc/freeradius/rfc/rfc4672.txt +#usr/share/doc/freeradius/rfc/rfc4673.txt +#usr/share/doc/freeradius/rfc/rfc4675.txt +#usr/share/doc/freeradius/rfc/rfc4679.txt +#usr/share/doc/freeradius/rfc/rfc4818.txt +#usr/share/doc/freeradius/rfc/rfc4849.txt +#usr/share/doc/freeradius/rfc/rfc5080.txt +#usr/share/doc/freeradius/rfc/rfc5090.txt +#usr/share/doc/freeradius/rfc/rfc5176.txt +#usr/share/doc/freeradius/rfc/rfc5247.txt +#usr/share/doc/freeradius/rfc/rfc5281.txt +#usr/share/doc/freeradius/rfc/rfc5580.txt +#usr/share/doc/freeradius/rfc/rfc5607.txt +#usr/share/doc/freeradius/rfc/rfc5904.txt +#usr/share/doc/freeradius/rfc/rfc5931.txt +#usr/share/doc/freeradius/rfc/rfc5997.txt +#usr/share/doc/freeradius/rfc/rfc6158.txt +#usr/share/doc/freeradius/rfc/rfc6519.txt +#usr/share/doc/freeradius/rfc/rfc6572.txt +#usr/share/doc/freeradius/rfc/rfc6613.txt +#usr/share/doc/freeradius/rfc/rfc6614.txt +#usr/share/doc/freeradius/rfc/rfc6677.txt +#usr/share/doc/freeradius/rfc/rfc6911.txt +#usr/share/doc/freeradius/rfc/rfc6929.txt +#usr/share/doc/freeradius/rfc/rfc6930.txt +#usr/share/doc/freeradius/rfc/rfc7055.txt +#usr/share/doc/freeradius/rfc/rfc7268.txt +#usr/share/doc/freeradius/rfc/rfc7542.txt +#usr/share/doc/freeradius/rfc/rfc7599.txt +#usr/share/doc/freeradius/schemas +#usr/share/doc/freeradius/schemas/ldap +#usr/share/doc/freeradius/schemas/ldap/edir +#usr/share/doc/freeradius/schemas/ldap/edir/freeradius-clients.ldif +#usr/share/doc/freeradius/schemas/ldap/iplanet +#usr/share/doc/freeradius/schemas/ldap/iplanet/freeradius.ldif +#usr/share/doc/freeradius/schemas/ldap/iplanet/freeradius.schema +#usr/share/doc/freeradius/schemas/ldap/openldap +#usr/share/doc/freeradius/schemas/ldap/openldap/freeradius-clients.ldif +#usr/share/doc/freeradius/schemas/ldap/openldap/freeradius-clients.schema +#usr/share/doc/freeradius/schemas/ldap/openldap/freeradius.ldif +#usr/share/doc/freeradius/schemas/ldap/openldap/freeradius.schema +#usr/share/doc/freeradius/schemas/logstash +#usr/share/doc/freeradius/schemas/logstash/README +#usr/share/doc/freeradius/schemas/logstash/kibana3-dashboard.json +#usr/share/doc/freeradius/schemas/logstash/kibana4-dashboard.json +#usr/share/doc/freeradius/schemas/logstash/log-courier.conf +#usr/share/doc/freeradius/schemas/logstash/logstash-radius.conf +#usr/share/doc/freeradius/schemas/logstash/radius-mapping.sh +#usr/share/doc/freeradius/schemas/sql +#usr/share/doc/freeradius/vendor +#usr/share/doc/freeradius/vendor/ascend +#usr/share/doc/freeradius/vendor/bay +#usr/share/doc/freeradius/vendor/cisco.rst +#usr/share/doc/freeradius/vendor/proxim +usr/share/freeradius +#usr/share/freeradius/dictionary +#usr/share/freeradius/dictionary.3com +#usr/share/freeradius/dictionary.3gpp +#usr/share/freeradius/dictionary.3gpp2 +#usr/share/freeradius/dictionary.acc +#usr/share/freeradius/dictionary.acme +#usr/share/freeradius/dictionary.actelis +#usr/share/freeradius/dictionary.aerohive +#usr/share/freeradius/dictionary.airespace +#usr/share/freeradius/dictionary.alcatel +#usr/share/freeradius/dictionary.alcatel-lucent.aaa +#usr/share/freeradius/dictionary.alcatel.esam +#usr/share/freeradius/dictionary.alcatel.sr +#usr/share/freeradius/dictionary.alteon +#usr/share/freeradius/dictionary.altiga +#usr/share/freeradius/dictionary.alvarion +#usr/share/freeradius/dictionary.alvarion.wimax.v2_2 +#usr/share/freeradius/dictionary.apc +#usr/share/freeradius/dictionary.aptilo +#usr/share/freeradius/dictionary.aptis +#usr/share/freeradius/dictionary.arbor +#usr/share/freeradius/dictionary.arista +#usr/share/freeradius/dictionary.aruba +#usr/share/freeradius/dictionary.ascend +#usr/share/freeradius/dictionary.ascend.illegal +#usr/share/freeradius/dictionary.asn +#usr/share/freeradius/dictionary.audiocodes +#usr/share/freeradius/dictionary.avaya +#usr/share/freeradius/dictionary.azaire +#usr/share/freeradius/dictionary.bay +#usr/share/freeradius/dictionary.bintec +#usr/share/freeradius/dictionary.bluecoat +#usr/share/freeradius/dictionary.boingo +#usr/share/freeradius/dictionary.bristol +#usr/share/freeradius/dictionary.broadsoft +#usr/share/freeradius/dictionary.brocade +#usr/share/freeradius/dictionary.bskyb +#usr/share/freeradius/dictionary.bt +#usr/share/freeradius/dictionary.cablelabs +#usr/share/freeradius/dictionary.cabletron +#usr/share/freeradius/dictionary.camiant +#usr/share/freeradius/dictionary.chillispot +#usr/share/freeradius/dictionary.cisco +#usr/share/freeradius/dictionary.cisco.asa +#usr/share/freeradius/dictionary.cisco.bbsm +#usr/share/freeradius/dictionary.cisco.vpn3000 +#usr/share/freeradius/dictionary.cisco.vpn5000 +#usr/share/freeradius/dictionary.citrix +#usr/share/freeradius/dictionary.clavister +#usr/share/freeradius/dictionary.colubris +#usr/share/freeradius/dictionary.columbia_university +#usr/share/freeradius/dictionary.compat +#usr/share/freeradius/dictionary.compatible +#usr/share/freeradius/dictionary.cosine +#usr/share/freeradius/dictionary.dante +#usr/share/freeradius/dictionary.dhcp +#usr/share/freeradius/dictionary.digium +#usr/share/freeradius/dictionary.dlink +#usr/share/freeradius/dictionary.dragonwave +#usr/share/freeradius/dictionary.efficientip +#usr/share/freeradius/dictionary.eltex +#usr/share/freeradius/dictionary.epygi +#usr/share/freeradius/dictionary.equallogic +#usr/share/freeradius/dictionary.ericsson +#usr/share/freeradius/dictionary.ericsson.ab +#usr/share/freeradius/dictionary.ericsson.packet.core.networks +#usr/share/freeradius/dictionary.erx +#usr/share/freeradius/dictionary.extreme +#usr/share/freeradius/dictionary.f5 +#usr/share/freeradius/dictionary.fdxtended +#usr/share/freeradius/dictionary.fortinet +#usr/share/freeradius/dictionary.foundry +#usr/share/freeradius/dictionary.freedhcp +#usr/share/freeradius/dictionary.freeradius +#usr/share/freeradius/dictionary.freeradius.internal +#usr/share/freeradius/dictionary.freeswitch +#usr/share/freeradius/dictionary.gandalf +#usr/share/freeradius/dictionary.garderos +#usr/share/freeradius/dictionary.gemtek +#usr/share/freeradius/dictionary.h3c +#usr/share/freeradius/dictionary.hillstone +#usr/share/freeradius/dictionary.hp +#usr/share/freeradius/dictionary.huawei +#usr/share/freeradius/dictionary.iana +#usr/share/freeradius/dictionary.iea +#usr/share/freeradius/dictionary.infoblox +#usr/share/freeradius/dictionary.infonet +#usr/share/freeradius/dictionary.ipunplugged +#usr/share/freeradius/dictionary.issanni +#usr/share/freeradius/dictionary.itk +#usr/share/freeradius/dictionary.juniper +#usr/share/freeradius/dictionary.karlnet +#usr/share/freeradius/dictionary.kineto +#usr/share/freeradius/dictionary.lancom +#usr/share/freeradius/dictionary.lantronix +#usr/share/freeradius/dictionary.livingston +#usr/share/freeradius/dictionary.localweb +#usr/share/freeradius/dictionary.lucent +#usr/share/freeradius/dictionary.manzara +#usr/share/freeradius/dictionary.meinberg +#usr/share/freeradius/dictionary.meraki +#usr/share/freeradius/dictionary.merit +#usr/share/freeradius/dictionary.meru +#usr/share/freeradius/dictionary.microsoft +#usr/share/freeradius/dictionary.mikrotik +#usr/share/freeradius/dictionary.motorola +#usr/share/freeradius/dictionary.motorola.illegal +#usr/share/freeradius/dictionary.motorola.wimax +#usr/share/freeradius/dictionary.navini +#usr/share/freeradius/dictionary.netscreen +#usr/share/freeradius/dictionary.networkphysics +#usr/share/freeradius/dictionary.nexans +#usr/share/freeradius/dictionary.nokia +#usr/share/freeradius/dictionary.nokia.conflict +#usr/share/freeradius/dictionary.nomadix +#usr/share/freeradius/dictionary.nortel +#usr/share/freeradius/dictionary.ntua +#usr/share/freeradius/dictionary.openser +#usr/share/freeradius/dictionary.packeteer +#usr/share/freeradius/dictionary.paloalto +#usr/share/freeradius/dictionary.patton +#usr/share/freeradius/dictionary.perle +#usr/share/freeradius/dictionary.propel +#usr/share/freeradius/dictionary.prosoft +#usr/share/freeradius/dictionary.proxim +#usr/share/freeradius/dictionary.purewave +#usr/share/freeradius/dictionary.quiconnect +#usr/share/freeradius/dictionary.quintum +#usr/share/freeradius/dictionary.redcreek +#usr/share/freeradius/dictionary.rfc2865 +#usr/share/freeradius/dictionary.rfc2866 +#usr/share/freeradius/dictionary.rfc2867 +#usr/share/freeradius/dictionary.rfc2868 +#usr/share/freeradius/dictionary.rfc2869 +#usr/share/freeradius/dictionary.rfc3162 +#usr/share/freeradius/dictionary.rfc3576 +#usr/share/freeradius/dictionary.rfc3580 +#usr/share/freeradius/dictionary.rfc4072 +#usr/share/freeradius/dictionary.rfc4372 +#usr/share/freeradius/dictionary.rfc4603 +#usr/share/freeradius/dictionary.rfc4675 +#usr/share/freeradius/dictionary.rfc4679 +#usr/share/freeradius/dictionary.rfc4818 +#usr/share/freeradius/dictionary.rfc4849 +#usr/share/freeradius/dictionary.rfc5090 +#usr/share/freeradius/dictionary.rfc5176 +#usr/share/freeradius/dictionary.rfc5447 +#usr/share/freeradius/dictionary.rfc5580 +#usr/share/freeradius/dictionary.rfc5607 +#usr/share/freeradius/dictionary.rfc5904 +#usr/share/freeradius/dictionary.rfc6519 +#usr/share/freeradius/dictionary.rfc6572 +#usr/share/freeradius/dictionary.rfc6677 +#usr/share/freeradius/dictionary.rfc6911 +#usr/share/freeradius/dictionary.rfc6929 +#usr/share/freeradius/dictionary.rfc6930 +#usr/share/freeradius/dictionary.rfc7055 +#usr/share/freeradius/dictionary.rfc7155 +#usr/share/freeradius/dictionary.rfc7268 +#usr/share/freeradius/dictionary.rfc7499 +#usr/share/freeradius/dictionary.riverbed +#usr/share/freeradius/dictionary.riverstone +#usr/share/freeradius/dictionary.roaringpenguin +#usr/share/freeradius/dictionary.ruckus +#usr/share/freeradius/dictionary.ruggedcom +#usr/share/freeradius/dictionary.sg +#usr/share/freeradius/dictionary.shasta +#usr/share/freeradius/dictionary.shiva +#usr/share/freeradius/dictionary.siemens +#usr/share/freeradius/dictionary.slipstream +#usr/share/freeradius/dictionary.sofaware +#usr/share/freeradius/dictionary.sonicwall +#usr/share/freeradius/dictionary.springtide +#usr/share/freeradius/dictionary.starent +#usr/share/freeradius/dictionary.starent.vsa1 +#usr/share/freeradius/dictionary.surfnet +#usr/share/freeradius/dictionary.symbol +#usr/share/freeradius/dictionary.t_systems_nova +#usr/share/freeradius/dictionary.telebit +#usr/share/freeradius/dictionary.telkom +#usr/share/freeradius/dictionary.terena +#usr/share/freeradius/dictionary.trapeze +#usr/share/freeradius/dictionary.travelping +#usr/share/freeradius/dictionary.tropos +#usr/share/freeradius/dictionary.ukerna +#usr/share/freeradius/dictionary.unix +#usr/share/freeradius/dictionary.usr +#usr/share/freeradius/dictionary.usr.illegal +#usr/share/freeradius/dictionary.utstarcom +#usr/share/freeradius/dictionary.valemount +#usr/share/freeradius/dictionary.versanet +#usr/share/freeradius/dictionary.vqp +#usr/share/freeradius/dictionary.walabi +#usr/share/freeradius/dictionary.waverider +#usr/share/freeradius/dictionary.wichorus +#usr/share/freeradius/dictionary.wifialliance +#usr/share/freeradius/dictionary.wimax +#usr/share/freeradius/dictionary.wimax.alvarion +#usr/share/freeradius/dictionary.wimax.wichorus +#usr/share/freeradius/dictionary.wispr +#usr/share/freeradius/dictionary.xedia +#usr/share/freeradius/dictionary.xylan +#usr/share/freeradius/dictionary.yubico +#usr/share/freeradius/dictionary.zeus +#usr/share/freeradius/dictionary.zte +#usr/share/freeradius/dictionary.zyxel +#usr/share/man/man1/radclient.1 +#usr/share/man/man1/radeapclient.1 +#usr/share/man/man1/radlast.1 +#usr/share/man/man1/radtest.1 +#usr/share/man/man1/radwho.1 +#usr/share/man/man1/radzap.1 +#usr/share/man/man1/smbencrypt.1 +#usr/share/man/man5/checkrad.5 +#usr/share/man/man5/clients.conf.5 +#usr/share/man/man5/dictionary.5 +#usr/share/man/man5/radiusd.conf.5 +#usr/share/man/man5/radrelay.conf.5 +#usr/share/man/man5/rlm_always.5 +#usr/share/man/man5/rlm_attr_filter.5 +#usr/share/man/man5/rlm_chap.5 +#usr/share/man/man5/rlm_counter.5 +#usr/share/man/man5/rlm_detail.5 +#usr/share/man/man5/rlm_digest.5 +#usr/share/man/man5/rlm_expr.5 +#usr/share/man/man5/rlm_files.5 +#usr/share/man/man5/rlm_idn.5 +#usr/share/man/man5/rlm_mschap.5 +#usr/share/man/man5/rlm_pap.5 +#usr/share/man/man5/rlm_passwd.5 +#usr/share/man/man5/rlm_realm.5 +#usr/share/man/man5/rlm_sql.5 +#usr/share/man/man5/rlm_unix.5 +#usr/share/man/man5/unlang.5 +#usr/share/man/man5/users.5 +#usr/share/man/man8/radcrypt.8 +#usr/share/man/man8/raddebug.8 +#usr/share/man/man8/radiusd.8 +#usr/share/man/man8/radmin.8 +#usr/share/man/man8/radrelay.8 +#usr/share/man/man8/radsniff.8 +#usr/share/man/man8/radsqlrelay.8 +#usr/share/man/man8/rlm_ippool_tool.8 +var/ipfire/backup/addons/includes/freeradius +var/log/radius +#var/log/radius/radacct diff --git a/config/rootfiles/packages/guardian b/config/rootfiles/packages/guardian index 2ebdf1e..9eb3fed 100644 --- a/config/rootfiles/packages/guardian +++ b/config/rootfiles/packages/guardian @@ -1,8 +1,23 @@ -usr/local/bin/guardian.pl -usr/local/bin/guardian_block.sh -usr/local/bin/guardian_unblock.sh +etc/logrotate.d/guardian +etc/rc.d/init.d/guardian +etc/rc.d/init.d/networking/red.up/35-guardian +etc/rc.d/rc0.d/K76guardian +etc/rc.d/rc3.d/S45guardian +etc/rc.d/rc6.d/K76guardian +srv/web/ipfire/cgi-bin/guardian.cgi +usr/bin/guardianctrl +#usr/lib/perl5/site_perl/5.12.3/Guardian +usr/lib/perl5/site_perl/5.12.3/Guardian/Base.pm +usr/lib/perl5/site_perl/5.12.3/Guardian/Config.pm +usr/lib/perl5/site_perl/5.12.3/Guardian/Daemon.pm +usr/lib/perl5/site_perl/5.12.3/Guardian/Events.pm +usr/lib/perl5/site_perl/5.12.3/Guardian/IPtables.pm +usr/lib/perl5/site_perl/5.12.3/Guardian/Logger.pm +usr/lib/perl5/site_perl/5.12.3/Guardian/Parser.pm +usr/lib/perl5/site_perl/5.12.3/Guardian/Socket.pm +usr/sbin/guardian +var/ipfire/backup/addons/includes/guardian var/ipfire/guardian -var/ipfire/guardian/guardian.conf -var/ipfire/guardian/guardian.ignore +var/ipfire/menu.d/EX-guardian.menu var/log/guardian var/log/guardian/guardian.log diff --git a/config/rootfiles/packages/libtiff b/config/rootfiles/packages/libtiff index 12de791..07e74f6 100644 --- a/config/rootfiles/packages/libtiff +++ b/config/rootfiles/packages/libtiff @@ -29,153 +29,169 @@ usr/bin/tiffsplit #usr/lib/libtiff.a #usr/lib/libtiff.la usr/lib/libtiff.so -usr/lib/libtiff.so.3 -usr/lib/libtiff.so.3.9.4 +usr/lib/libtiff.so.5 +usr/lib/libtiff.so.5.2.4 #usr/lib/libtiffxx.a #usr/lib/libtiffxx.la usr/lib/libtiffxx.so -usr/lib/libtiffxx.so.3 -usr/lib/libtiffxx.so.3.9.4 -#usr/share/doc/tiff-3.9.4 -#usr/share/doc/tiff-3.9.4/COPYRIGHT -#usr/share/doc/tiff-3.9.4/ChangeLog -#usr/share/doc/tiff-3.9.4/README -#usr/share/doc/tiff-3.9.4/README.vms -#usr/share/doc/tiff-3.9.4/RELEASE-DATE -#usr/share/doc/tiff-3.9.4/TODO -#usr/share/doc/tiff-3.9.4/VERSION -#usr/share/doc/tiff-3.9.4/html -#usr/share/doc/tiff-3.9.4/html/TIFFTechNote2.html -#usr/share/doc/tiff-3.9.4/html/addingtags.html -#usr/share/doc/tiff-3.9.4/html/bugs.html -#usr/share/doc/tiff-3.9.4/html/build.html -#usr/share/doc/tiff-3.9.4/html/contrib.html -#usr/share/doc/tiff-3.9.4/html/document.html -#usr/share/doc/tiff-3.9.4/html/images -#usr/share/doc/tiff-3.9.4/html/images.html -#usr/share/doc/tiff-3.9.4/html/images/back.gif -#usr/share/doc/tiff-3.9.4/html/images/bali.jpg -#usr/share/doc/tiff-3.9.4/html/images/cat.gif -#usr/share/doc/tiff-3.9.4/html/images/cover.jpg -#usr/share/doc/tiff-3.9.4/html/images/cramps.gif -#usr/share/doc/tiff-3.9.4/html/images/dave.gif -#usr/share/doc/tiff-3.9.4/html/images/info.gif -#usr/share/doc/tiff-3.9.4/html/images/jello.jpg -#usr/share/doc/tiff-3.9.4/html/images/jim.gif -#usr/share/doc/tiff-3.9.4/html/images/note.gif -#usr/share/doc/tiff-3.9.4/html/images/oxford.gif -#usr/share/doc/tiff-3.9.4/html/images/quad.jpg -#usr/share/doc/tiff-3.9.4/html/images/ring.gif -#usr/share/doc/tiff-3.9.4/html/images/smallliz.jpg -#usr/share/doc/tiff-3.9.4/html/images/strike.gif -#usr/share/doc/tiff-3.9.4/html/images/warning.gif -#usr/share/doc/tiff-3.9.4/html/index.html -#usr/share/doc/tiff-3.9.4/html/internals.html -#usr/share/doc/tiff-3.9.4/html/intro.html -#usr/share/doc/tiff-3.9.4/html/libtiff.html -#usr/share/doc/tiff-3.9.4/html/man -#usr/share/doc/tiff-3.9.4/html/man/TIFFClose.3tiff.html -#usr/share/doc/tiff-3.9.4/html/man/TIFFDataWidth.3tiff.html -#usr/share/doc/tiff-3.9.4/html/man/TIFFError.3tiff.html -#usr/share/doc/tiff-3.9.4/html/man/TIFFFlush.3tiff.html -#usr/share/doc/tiff-3.9.4/html/man/TIFFGetField.3tiff.html -#usr/share/doc/tiff-3.9.4/html/man/TIFFOpen.3tiff.html -#usr/share/doc/tiff-3.9.4/html/man/TIFFPrintDirectory.3tiff.html -#usr/share/doc/tiff-3.9.4/html/man/TIFFRGBAImage.3tiff.html -#usr/share/doc/tiff-3.9.4/html/man/TIFFReadDirectory.3tiff.html -#usr/share/doc/tiff-3.9.4/html/man/TIFFReadEncodedStrip.3tiff.html -#usr/share/doc/tiff-3.9.4/html/man/TIFFReadEncodedTile.3tiff.html -#usr/share/doc/tiff-3.9.4/html/man/TIFFReadRGBAImage.3tiff.html -#usr/share/doc/tiff-3.9.4/html/man/TIFFReadRGBAStrip.3tiff.html -#usr/share/doc/tiff-3.9.4/html/man/TIFFReadRGBATile.3tiff.html -#usr/share/doc/tiff-3.9.4/html/man/TIFFReadRawStrip.3tiff.html -#usr/share/doc/tiff-3.9.4/html/man/TIFFReadRawTile.3tiff.html -#usr/share/doc/tiff-3.9.4/html/man/TIFFReadScanline.3tiff.html -#usr/share/doc/tiff-3.9.4/html/man/TIFFReadTile.3tiff.html -#usr/share/doc/tiff-3.9.4/html/man/TIFFSetDirectory.3tiff.html -#usr/share/doc/tiff-3.9.4/html/man/TIFFSetField.3tiff.html -#usr/share/doc/tiff-3.9.4/html/man/TIFFWarning.3tiff.html -#usr/share/doc/tiff-3.9.4/html/man/TIFFWriteDirectory.3tiff.html -#usr/share/doc/tiff-3.9.4/html/man/TIFFWriteEncodedStrip.3tiff.html -#usr/share/doc/tiff-3.9.4/html/man/TIFFWriteEncodedTile.3tiff.html -#usr/share/doc/tiff-3.9.4/html/man/TIFFWriteRawStrip.3tiff.html -#usr/share/doc/tiff-3.9.4/html/man/TIFFWriteRawTile.3tiff.html -#usr/share/doc/tiff-3.9.4/html/man/TIFFWriteScanline.3tiff.html -#usr/share/doc/tiff-3.9.4/html/man/TIFFWriteTile.3tiff.html -#usr/share/doc/tiff-3.9.4/html/man/TIFFbuffer.3tiff.html -#usr/share/doc/tiff-3.9.4/html/man/TIFFcodec.3tiff.html -#usr/share/doc/tiff-3.9.4/html/man/TIFFcolor.3tiff.html -#usr/share/doc/tiff-3.9.4/html/man/TIFFmemory.3tiff.html -#usr/share/doc/tiff-3.9.4/html/man/TIFFquery.3tiff.html -#usr/share/doc/tiff-3.9.4/html/man/TIFFsize.3tiff.html -#usr/share/doc/tiff-3.9.4/html/man/TIFFstrip.3tiff.html -#usr/share/doc/tiff-3.9.4/html/man/TIFFswab.3tiff.html -#usr/share/doc/tiff-3.9.4/html/man/TIFFtile.3tiff.html -#usr/share/doc/tiff-3.9.4/html/man/fax2ps.1.html -#usr/share/doc/tiff-3.9.4/html/man/fax2tiff.1.html -#usr/share/doc/tiff-3.9.4/html/man/gif2tiff.1.html -#usr/share/doc/tiff-3.9.4/html/man/index.html -#usr/share/doc/tiff-3.9.4/html/man/libtiff.3tiff.html -#usr/share/doc/tiff-3.9.4/html/man/pal2rgb.1.html -#usr/share/doc/tiff-3.9.4/html/man/ppm2tiff.1.html -#usr/share/doc/tiff-3.9.4/html/man/ras2tiff.1.html -#usr/share/doc/tiff-3.9.4/html/man/raw2tiff.1.html -#usr/share/doc/tiff-3.9.4/html/man/rgb2ycbcr.1.html -#usr/share/doc/tiff-3.9.4/html/man/sgi2tiff.1.html -#usr/share/doc/tiff-3.9.4/html/man/thumbnail.1.html -#usr/share/doc/tiff-3.9.4/html/man/tiff2bw.1.html -#usr/share/doc/tiff-3.9.4/html/man/tiff2pdf.1.html -#usr/share/doc/tiff-3.9.4/html/man/tiff2ps.1.html -#usr/share/doc/tiff-3.9.4/html/man/tiff2rgba.1.html -#usr/share/doc/tiff-3.9.4/html/man/tiffcmp.1.html -#usr/share/doc/tiff-3.9.4/html/man/tiffcp.1.html -#usr/share/doc/tiff-3.9.4/html/man/tiffcrop.1.html -#usr/share/doc/tiff-3.9.4/html/man/tiffdither.1.html -#usr/share/doc/tiff-3.9.4/html/man/tiffdump.1.html -#usr/share/doc/tiff-3.9.4/html/man/tiffgt.1.html -#usr/share/doc/tiff-3.9.4/html/man/tiffinfo.1.html -#usr/share/doc/tiff-3.9.4/html/man/tiffmedian.1.html -#usr/share/doc/tiff-3.9.4/html/man/tiffset.1.html -#usr/share/doc/tiff-3.9.4/html/man/tiffsplit.1.html -#usr/share/doc/tiff-3.9.4/html/man/tiffsv.1.html -#usr/share/doc/tiff-3.9.4/html/misc.html -#usr/share/doc/tiff-3.9.4/html/support.html -#usr/share/doc/tiff-3.9.4/html/tools.html -#usr/share/doc/tiff-3.9.4/html/v3.4beta007.html -#usr/share/doc/tiff-3.9.4/html/v3.4beta016.html -#usr/share/doc/tiff-3.9.4/html/v3.4beta018.html -#usr/share/doc/tiff-3.9.4/html/v3.4beta024.html -#usr/share/doc/tiff-3.9.4/html/v3.4beta028.html -#usr/share/doc/tiff-3.9.4/html/v3.4beta029.html -#usr/share/doc/tiff-3.9.4/html/v3.4beta031.html -#usr/share/doc/tiff-3.9.4/html/v3.4beta032.html -#usr/share/doc/tiff-3.9.4/html/v3.4beta033.html -#usr/share/doc/tiff-3.9.4/html/v3.4beta034.html -#usr/share/doc/tiff-3.9.4/html/v3.4beta035.html -#usr/share/doc/tiff-3.9.4/html/v3.4beta036.html -#usr/share/doc/tiff-3.9.4/html/v3.5.1.html -#usr/share/doc/tiff-3.9.4/html/v3.5.2.html -#usr/share/doc/tiff-3.9.4/html/v3.5.3.html -#usr/share/doc/tiff-3.9.4/html/v3.5.4.html -#usr/share/doc/tiff-3.9.4/html/v3.5.5.html -#usr/share/doc/tiff-3.9.4/html/v3.5.6-beta.html -#usr/share/doc/tiff-3.9.4/html/v3.5.7.html -#usr/share/doc/tiff-3.9.4/html/v3.6.0.html -#usr/share/doc/tiff-3.9.4/html/v3.6.1.html -#usr/share/doc/tiff-3.9.4/html/v3.7.0.html -#usr/share/doc/tiff-3.9.4/html/v3.7.0alpha.html -#usr/share/doc/tiff-3.9.4/html/v3.7.0beta.html -#usr/share/doc/tiff-3.9.4/html/v3.7.0beta2.html -#usr/share/doc/tiff-3.9.4/html/v3.7.1.html -#usr/share/doc/tiff-3.9.4/html/v3.7.2.html -#usr/share/doc/tiff-3.9.4/html/v3.7.3.html -#usr/share/doc/tiff-3.9.4/html/v3.7.4.html -#usr/share/doc/tiff-3.9.4/html/v3.8.0.html -#usr/share/doc/tiff-3.9.4/html/v3.8.1.html -#usr/share/doc/tiff-3.9.4/html/v3.8.2.html -#usr/share/doc/tiff-3.9.4/html/v3.9.0beta.html -#usr/share/doc/tiff-3.9.4/html/v3.9.1.html -#usr/share/doc/tiff-3.9.4/html/v3.9.2.html +usr/lib/libtiffxx.so.5 +usr/lib/libtiffxx.so.5.2.4 +#usr/lib/pkgconfig/libtiff-4.pc +#usr/share/doc/tiff-4.0.6 +#usr/share/doc/tiff-4.0.6/COPYRIGHT +#usr/share/doc/tiff-4.0.6/ChangeLog +#usr/share/doc/tiff-4.0.6/README +#usr/share/doc/tiff-4.0.6/README.vms +#usr/share/doc/tiff-4.0.6/RELEASE-DATE +#usr/share/doc/tiff-4.0.6/TODO +#usr/share/doc/tiff-4.0.6/VERSION +#usr/share/doc/tiff-4.0.6/html +#usr/share/doc/tiff-4.0.6/html/TIFFTechNote2.html +#usr/share/doc/tiff-4.0.6/html/addingtags.html +#usr/share/doc/tiff-4.0.6/html/bugs.html +#usr/share/doc/tiff-4.0.6/html/build.html +#usr/share/doc/tiff-4.0.6/html/contrib.html +#usr/share/doc/tiff-4.0.6/html/document.html +#usr/share/doc/tiff-4.0.6/html/images +#usr/share/doc/tiff-4.0.6/html/images.html +#usr/share/doc/tiff-4.0.6/html/images/back.gif +#usr/share/doc/tiff-4.0.6/html/images/bali.jpg +#usr/share/doc/tiff-4.0.6/html/images/cat.gif +#usr/share/doc/tiff-4.0.6/html/images/cover.jpg +#usr/share/doc/tiff-4.0.6/html/images/cramps.gif +#usr/share/doc/tiff-4.0.6/html/images/dave.gif +#usr/share/doc/tiff-4.0.6/html/images/info.gif +#usr/share/doc/tiff-4.0.6/html/images/jello.jpg +#usr/share/doc/tiff-4.0.6/html/images/jim.gif +#usr/share/doc/tiff-4.0.6/html/images/note.gif +#usr/share/doc/tiff-4.0.6/html/images/oxford.gif +#usr/share/doc/tiff-4.0.6/html/images/quad.jpg +#usr/share/doc/tiff-4.0.6/html/images/ring.gif +#usr/share/doc/tiff-4.0.6/html/images/smallliz.jpg +#usr/share/doc/tiff-4.0.6/html/images/strike.gif +#usr/share/doc/tiff-4.0.6/html/images/warning.gif +#usr/share/doc/tiff-4.0.6/html/index.html +#usr/share/doc/tiff-4.0.6/html/internals.html +#usr/share/doc/tiff-4.0.6/html/intro.html +#usr/share/doc/tiff-4.0.6/html/libtiff.html +#usr/share/doc/tiff-4.0.6/html/man +#usr/share/doc/tiff-4.0.6/html/man/TIFFClose.3tiff.html +#usr/share/doc/tiff-4.0.6/html/man/TIFFDataWidth.3tiff.html +#usr/share/doc/tiff-4.0.6/html/man/TIFFError.3tiff.html +#usr/share/doc/tiff-4.0.6/html/man/TIFFFieldDataType.3tiff.html +#usr/share/doc/tiff-4.0.6/html/man/TIFFFieldName.3tiff.html +#usr/share/doc/tiff-4.0.6/html/man/TIFFFieldPassCount.3tiff.html +#usr/share/doc/tiff-4.0.6/html/man/TIFFFieldReadCount.3tiff.html +#usr/share/doc/tiff-4.0.6/html/man/TIFFFieldTag.3tiff.html +#usr/share/doc/tiff-4.0.6/html/man/TIFFFieldWriteCount.3tiff.html +#usr/share/doc/tiff-4.0.6/html/man/TIFFFlush.3tiff.html +#usr/share/doc/tiff-4.0.6/html/man/TIFFGetField.3tiff.html +#usr/share/doc/tiff-4.0.6/html/man/TIFFOpen.3tiff.html +#usr/share/doc/tiff-4.0.6/html/man/TIFFPrintDirectory.3tiff.html +#usr/share/doc/tiff-4.0.6/html/man/TIFFRGBAImage.3tiff.html +#usr/share/doc/tiff-4.0.6/html/man/TIFFReadDirectory.3tiff.html +#usr/share/doc/tiff-4.0.6/html/man/TIFFReadEncodedStrip.3tiff.html +#usr/share/doc/tiff-4.0.6/html/man/TIFFReadEncodedTile.3tiff.html +#usr/share/doc/tiff-4.0.6/html/man/TIFFReadRGBAImage.3tiff.html +#usr/share/doc/tiff-4.0.6/html/man/TIFFReadRGBAStrip.3tiff.html +#usr/share/doc/tiff-4.0.6/html/man/TIFFReadRGBATile.3tiff.html +#usr/share/doc/tiff-4.0.6/html/man/TIFFReadRawStrip.3tiff.html +#usr/share/doc/tiff-4.0.6/html/man/TIFFReadRawTile.3tiff.html +#usr/share/doc/tiff-4.0.6/html/man/TIFFReadScanline.3tiff.html +#usr/share/doc/tiff-4.0.6/html/man/TIFFReadTile.3tiff.html +#usr/share/doc/tiff-4.0.6/html/man/TIFFSetDirectory.3tiff.html +#usr/share/doc/tiff-4.0.6/html/man/TIFFSetField.3tiff.html +#usr/share/doc/tiff-4.0.6/html/man/TIFFWarning.3tiff.html +#usr/share/doc/tiff-4.0.6/html/man/TIFFWriteDirectory.3tiff.html +#usr/share/doc/tiff-4.0.6/html/man/TIFFWriteEncodedStrip.3tiff.html +#usr/share/doc/tiff-4.0.6/html/man/TIFFWriteEncodedTile.3tiff.html +#usr/share/doc/tiff-4.0.6/html/man/TIFFWriteRawStrip.3tiff.html +#usr/share/doc/tiff-4.0.6/html/man/TIFFWriteRawTile.3tiff.html +#usr/share/doc/tiff-4.0.6/html/man/TIFFWriteScanline.3tiff.html +#usr/share/doc/tiff-4.0.6/html/man/TIFFWriteTile.3tiff.html +#usr/share/doc/tiff-4.0.6/html/man/TIFFbuffer.3tiff.html +#usr/share/doc/tiff-4.0.6/html/man/TIFFcodec.3tiff.html +#usr/share/doc/tiff-4.0.6/html/man/TIFFcolor.3tiff.html +#usr/share/doc/tiff-4.0.6/html/man/TIFFmemory.3tiff.html +#usr/share/doc/tiff-4.0.6/html/man/TIFFquery.3tiff.html +#usr/share/doc/tiff-4.0.6/html/man/TIFFsize.3tiff.html +#usr/share/doc/tiff-4.0.6/html/man/TIFFstrip.3tiff.html +#usr/share/doc/tiff-4.0.6/html/man/TIFFswab.3tiff.html +#usr/share/doc/tiff-4.0.6/html/man/TIFFtile.3tiff.html +#usr/share/doc/tiff-4.0.6/html/man/bmp2tiff.1.html +#usr/share/doc/tiff-4.0.6/html/man/fax2ps.1.html +#usr/share/doc/tiff-4.0.6/html/man/fax2tiff.1.html +#usr/share/doc/tiff-4.0.6/html/man/gif2tiff.1.html +#usr/share/doc/tiff-4.0.6/html/man/index.html +#usr/share/doc/tiff-4.0.6/html/man/libtiff.3tiff.html +#usr/share/doc/tiff-4.0.6/html/man/pal2rgb.1.html +#usr/share/doc/tiff-4.0.6/html/man/ppm2tiff.1.html +#usr/share/doc/tiff-4.0.6/html/man/ras2tiff.1.html +#usr/share/doc/tiff-4.0.6/html/man/raw2tiff.1.html +#usr/share/doc/tiff-4.0.6/html/man/rgb2ycbcr.1.html +#usr/share/doc/tiff-4.0.6/html/man/sgi2tiff.1.html +#usr/share/doc/tiff-4.0.6/html/man/thumbnail.1.html +#usr/share/doc/tiff-4.0.6/html/man/tiff2bw.1.html +#usr/share/doc/tiff-4.0.6/html/man/tiff2pdf.1.html +#usr/share/doc/tiff-4.0.6/html/man/tiff2ps.1.html +#usr/share/doc/tiff-4.0.6/html/man/tiff2rgba.1.html +#usr/share/doc/tiff-4.0.6/html/man/tiffcmp.1.html +#usr/share/doc/tiff-4.0.6/html/man/tiffcp.1.html +#usr/share/doc/tiff-4.0.6/html/man/tiffcrop.1.html +#usr/share/doc/tiff-4.0.6/html/man/tiffdither.1.html +#usr/share/doc/tiff-4.0.6/html/man/tiffdump.1.html +#usr/share/doc/tiff-4.0.6/html/man/tiffgt.1.html +#usr/share/doc/tiff-4.0.6/html/man/tiffinfo.1.html +#usr/share/doc/tiff-4.0.6/html/man/tiffmedian.1.html +#usr/share/doc/tiff-4.0.6/html/man/tiffset.1.html +#usr/share/doc/tiff-4.0.6/html/man/tiffsplit.1.html +#usr/share/doc/tiff-4.0.6/html/man/tiffsv.1.html +#usr/share/doc/tiff-4.0.6/html/misc.html +#usr/share/doc/tiff-4.0.6/html/support.html +#usr/share/doc/tiff-4.0.6/html/tools.html +#usr/share/doc/tiff-4.0.6/html/v3.4beta007.html +#usr/share/doc/tiff-4.0.6/html/v3.4beta016.html +#usr/share/doc/tiff-4.0.6/html/v3.4beta018.html +#usr/share/doc/tiff-4.0.6/html/v3.4beta024.html +#usr/share/doc/tiff-4.0.6/html/v3.4beta028.html +#usr/share/doc/tiff-4.0.6/html/v3.4beta029.html +#usr/share/doc/tiff-4.0.6/html/v3.4beta031.html +#usr/share/doc/tiff-4.0.6/html/v3.4beta032.html +#usr/share/doc/tiff-4.0.6/html/v3.4beta033.html +#usr/share/doc/tiff-4.0.6/html/v3.4beta034.html +#usr/share/doc/tiff-4.0.6/html/v3.4beta035.html +#usr/share/doc/tiff-4.0.6/html/v3.4beta036.html +#usr/share/doc/tiff-4.0.6/html/v3.5.1.html +#usr/share/doc/tiff-4.0.6/html/v3.5.2.html +#usr/share/doc/tiff-4.0.6/html/v3.5.3.html +#usr/share/doc/tiff-4.0.6/html/v3.5.4.html +#usr/share/doc/tiff-4.0.6/html/v3.5.5.html +#usr/share/doc/tiff-4.0.6/html/v3.5.6-beta.html +#usr/share/doc/tiff-4.0.6/html/v3.5.7.html +#usr/share/doc/tiff-4.0.6/html/v3.6.0.html +#usr/share/doc/tiff-4.0.6/html/v3.6.1.html +#usr/share/doc/tiff-4.0.6/html/v3.7.0.html +#usr/share/doc/tiff-4.0.6/html/v3.7.0alpha.html +#usr/share/doc/tiff-4.0.6/html/v3.7.0beta.html +#usr/share/doc/tiff-4.0.6/html/v3.7.0beta2.html +#usr/share/doc/tiff-4.0.6/html/v3.7.1.html +#usr/share/doc/tiff-4.0.6/html/v3.7.2.html +#usr/share/doc/tiff-4.0.6/html/v3.7.3.html +#usr/share/doc/tiff-4.0.6/html/v3.7.4.html +#usr/share/doc/tiff-4.0.6/html/v3.8.0.html +#usr/share/doc/tiff-4.0.6/html/v3.8.1.html +#usr/share/doc/tiff-4.0.6/html/v3.8.2.html +#usr/share/doc/tiff-4.0.6/html/v3.9.0beta.html +#usr/share/doc/tiff-4.0.6/html/v3.9.1.html +#usr/share/doc/tiff-4.0.6/html/v3.9.2.html +#usr/share/doc/tiff-4.0.6/html/v4.0.0.html +#usr/share/doc/tiff-4.0.6/html/v4.0.1.html +#usr/share/doc/tiff-4.0.6/html/v4.0.2.html +#usr/share/doc/tiff-4.0.6/html/v4.0.3.html +#usr/share/doc/tiff-4.0.6/html/v4.0.4.html +#usr/share/doc/tiff-4.0.6/html/v4.0.4beta.html +#usr/share/doc/tiff-4.0.6/html/v4.0.5.html +#usr/share/doc/tiff-4.0.6/html/v4.0.6.html #usr/share/man/man1/bmp2tiff.1 #usr/share/man/man1/fax2ps.1 #usr/share/man/man1/fax2tiff.1 @@ -205,6 +221,12 @@ usr/lib/libtiffxx.so.3.9.4 #usr/share/man/man3/TIFFClose.3tiff #usr/share/man/man3/TIFFDataWidth.3tiff #usr/share/man/man3/TIFFError.3tiff +#usr/share/man/man3/TIFFFieldDataType.3tiff +#usr/share/man/man3/TIFFFieldName.3tiff +#usr/share/man/man3/TIFFFieldPassCount.3tiff +#usr/share/man/man3/TIFFFieldReadCount.3tiff +#usr/share/man/man3/TIFFFieldTag.3tiff +#usr/share/man/man3/TIFFFieldWriteCount.3tiff #usr/share/man/man3/TIFFFlush.3tiff #usr/share/man/man3/TIFFGetField.3tiff #usr/share/man/man3/TIFFOpen.3tiff diff --git a/config/rootfiles/packages/libvirt b/config/rootfiles/packages/libvirt index aa20aaa..b193987 100644 --- a/config/rootfiles/packages/libvirt +++ b/config/rootfiles/packages/libvirt @@ -271,17 +271,18 @@ usr/share/libvirt/schemas/storagevol.rng #usr/share/man/man8/libvirtd.8 #usr/share/man/man8/virtlockd.8 #var/cache/libvirt -var/cache/libvirt/qemu +#var/cache/libvirt/qemu #var/lib/libvirt -var/lib/libvirt/boot -var/lib/libvirt/filesystems -var/lib/libvirt/images +#var/lib/libvirt/boot +#var/lib/libvirt/filesystems +#var/lib/libvirt/images #var/lib/libvirt/lockd -var/lib/libvirt/lockd/files -var/lib/libvirt/qemu +#var/lib/libvirt/lockd/files +#var/lib/libvirt/qemu #var/log/libvirt #var/log/libvirt/lxc -var/log/libvirt/qemu +#var/log/libvirt/qemu #var/log/libvirt/uml etc/rc.d/init.d/libvirt-guests etc/rc.d/init.d/libvirtd +var/ipfire/backup/addons/includes/libvirt diff --git a/config/rootfiles/packages/linux-pae b/config/rootfiles/packages/linux-pae index 511b0f3..db876f7 100644 --- a/config/rootfiles/packages/linux-pae +++ b/config/rootfiles/packages/linux-pae @@ -1332,6 +1332,7 @@ lib/modules/KVER-ipfire-pae #lib/modules/KVER-ipfire-pae/kernel/drivers/misc/altera-stapl #lib/modules/KVER-ipfire-pae/kernel/drivers/misc/altera-stapl/altera-stapl.ko #lib/modules/KVER-ipfire-pae/kernel/drivers/misc/bmp085-i2c.ko +#lib/modules/KVER-ipfire-pae/kernel/drivers/misc/bmp085.ko #lib/modules/KVER-ipfire-pae/kernel/drivers/misc/cb710 #lib/modules/KVER-ipfire-pae/kernel/drivers/misc/cb710/cb710.ko #lib/modules/KVER-ipfire-pae/kernel/drivers/misc/cs5535-mfgpt.ko diff --git a/config/rootfiles/packages/nano b/config/rootfiles/packages/nano index 3582f36..f8171b4 100644 --- a/config/rootfiles/packages/nano +++ b/config/rootfiles/packages/nano @@ -49,6 +49,7 @@ usr/share/nano/postgresql.nanorc usr/share/nano/pov.nanorc usr/share/nano/python.nanorc usr/share/nano/ruby.nanorc +usr/share/nano/rust.nanorc usr/share/nano/sh.nanorc usr/share/nano/spec.nanorc usr/share/nano/tcl.nanorc diff --git a/config/rootfiles/packages/nginx b/config/rootfiles/packages/nginx index 5ecb241..3560e45 100644 --- a/config/rootfiles/packages/nginx +++ b/config/rootfiles/packages/nginx @@ -20,5 +20,6 @@ usr/share/nginx usr/share/nginx/html usr/share/nginx/html/50x.html usr/share/nginx/html/index.html +var/ipfire/backup/addons/includes/nginx var/log/nginx var/spool/nginx diff --git a/config/rootfiles/packages/perl-Net-IP b/config/rootfiles/packages/perl-Net-IP new file mode 100644 index 0000000..815208d --- /dev/null +++ b/config/rootfiles/packages/perl-Net-IP @@ -0,0 +1,6 @@ +#usr/bin/ipcount +#usr/bin/iptab +usr/lib/perl5/site_perl/5.12.3/Net/IP.pm +#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Net/IP +#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Net/IP/.packlist +#usr/share/man/man3/Net::IP.3 diff --git a/config/rootfiles/packages/perl-common-sense b/config/rootfiles/packages/perl-common-sense new file mode 100644 index 0000000..1af6940 --- /dev/null +++ b/config/rootfiles/packages/perl-common-sense @@ -0,0 +1,7 @@ +#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/common +#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/common/sense +#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/common/sense/.packlist +#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/common +usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/common/sense.pm +usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/common/sense.pod +#usr/share/man/man3/common::sense.3 diff --git a/config/rootfiles/packages/perl-inotify2 b/config/rootfiles/packages/perl-inotify2 new file mode 100644 index 0000000..7b8114b --- /dev/null +++ b/config/rootfiles/packages/perl-inotify2 @@ -0,0 +1,8 @@ +#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/Linux +usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/Linux/Inotify2.pm +#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Linux +#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Linux/Inotify2 +#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Linux/Inotify2/.packlist +#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Linux/Inotify2/Inotify2.bs +usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Linux/Inotify2/Inotify2.so +#usr/share/man/man3/Linux::Inotify2.3 diff --git a/config/rootfiles/packages/qemu b/config/rootfiles/packages/qemu index 482087b..21b438f 100644 --- a/config/rootfiles/packages/qemu +++ b/config/rootfiles/packages/qemu @@ -1,3 +1,4 @@ +lib/udev/rules.d/65-kvm.rules usr/bin/qemu usr/bin/qemu-arm usr/bin/qemu-ga @@ -84,11 +85,9 @@ usr/share/qemu/pxe-ne2k_pci.rom usr/share/qemu/pxe-pcnet.rom usr/share/qemu/pxe-rtl8139.rom usr/share/qemu/pxe-virtio.rom -usr/share/qemu/q35-acpi-dsdt.aml usr/share/qemu/qemu-icon.bmp usr/share/qemu/qemu_logo_no_text.svg usr/share/qemu/s390-ccw.img -usr/share/qemu/s390-zipl.rom usr/share/qemu/sgabios.bin usr/share/qemu/slof.bin usr/share/qemu/spapr-rtas.bin @@ -101,4 +100,7 @@ usr/share/qemu/vgabios-virtio.bin usr/share/qemu/vgabios-vmware.bin usr/share/qemu/vgabios.bin #usr/var/run +usr/bin/ivshmem-client +usr/bin/ivshmem-server +#usr/share/man/man8/qemu-ga.8
diff --git a/config/rootfiles/packages/spice b/config/rootfiles/packages/spice index 93d2e9e..91fc0a6 100644 --- a/config/rootfiles/packages/spice +++ b/config/rootfiles/packages/spice @@ -13,5 +13,5 @@ #usr/lib/libspice-server.la #usr/lib/libspice-server.so usr/lib/libspice-server.so.1 -usr/lib/libspice-server.so.1.10.0 +usr/lib/libspice-server.so.1.10.1 #usr/lib/pkgconfig/spice-server.pc diff --git a/config/updxlrator/download b/config/updxlrator/download index 1624609..dbc722c 100644 --- a/config/updxlrator/download +++ b/config/updxlrator/download @@ -108,7 +108,7 @@ if ($xlratorsettings{'MAX_DOWNLOAD_RATE'} eq '') { &writelog("Retrieving file for local cache: $updatefile"); } else { - &writelog("Retrieving file for local cache at max. " . $xlratorsettings{'MAX_DOWNLOAD_RATE'} . " kBit/s: $updatefile"); + &writelog("Retrieving file for local cache at max. " . $xlratorsettings{'MAX_DOWNLOAD_RATE'} . " kbit/s: $updatefile"); }
$ENV{'http_proxy'} = $proxysettings{'UPSTREAM_PROXY'}; diff --git a/doc/language_issues.de b/doc/language_issues.de index 421c40e..81807d9 100644 --- a/doc/language_issues.de +++ b/doc/language_issues.de @@ -74,7 +74,6 @@ WARNING: translation string unused: bad characters in WARNING: translation string unused: behind a proxy WARNING: translation string unused: bitrate WARNING: translation string unused: bleeding rules -WARNING: translation string unused: block WARNING: translation string unused: blue access use hint WARNING: translation string unused: blue interface WARNING: translation string unused: cache management @@ -611,8 +610,6 @@ WARNING: translation string unused: tripwirewarningkeys WARNING: translation string unused: tripwirewarningpolicy WARNING: translation string unused: umount WARNING: translation string unused: umount removable media before to unplug -WARNING: translation string unused: unblock -WARNING: translation string unused: unblock all WARNING: translation string unused: unencrypted WARNING: translation string unused: update transcript WARNING: translation string unused: updatedatabase @@ -672,6 +669,9 @@ WARNING: untranslated string: dead peer detection WARNING: untranslated string: emerging rules WARNING: untranslated string: fwhost cust geoipgrp WARNING: untranslated string: fwhost err hostip +WARNING: untranslated string: guardian invalid blockcount +WARNING: untranslated string: guardian invalid blocktime +WARNING: untranslated string: guardian invalid logfile WARNING: untranslated string: ike lifetime should be between 1 and 8 hours WARNING: untranslated string: info messages WARNING: untranslated string: no data diff --git a/doc/language_issues.en b/doc/language_issues.en index 0a1756f..a6c55d9 100644 --- a/doc/language_issues.en +++ b/doc/language_issues.en @@ -92,7 +92,6 @@ WARNING: translation string unused: bewan adsl pci st WARNING: translation string unused: bewan adsl usb WARNING: translation string unused: bitrate WARNING: translation string unused: bleeding rules -WARNING: translation string unused: block WARNING: translation string unused: blue access use hint WARNING: translation string unused: blue interface WARNING: translation string unused: cache management @@ -300,6 +299,8 @@ WARNING: translation string unused: geoipblock country code WARNING: translation string unused: geoipblock country name WARNING: translation string unused: geoipblock flag WARNING: translation string unused: green interface +WARNING: translation string unused: guardian not running no hosts can be blocked +WARNING: translation string unused: guardian snort alertfile WARNING: translation string unused: gz with key WARNING: translation string unused: hint WARNING: translation string unused: host @@ -644,8 +645,6 @@ WARNING: translation string unused: tripwirewarningkeys WARNING: translation string unused: tripwirewarningpolicy WARNING: translation string unused: umount WARNING: translation string unused: umount removable media before to unplug -WARNING: translation string unused: unblock -WARNING: translation string unused: unblock all WARNING: translation string unused: unencrypted WARNING: translation string unused: update transcript WARNING: translation string unused: updatedatabase @@ -704,6 +703,9 @@ WARNING: untranslated string: Scan for Songs WARNING: untranslated string: bytes WARNING: untranslated string: fwhost cust geoipgrp WARNING: untranslated string: fwhost err hostip +WARNING: untranslated string: guardian invalid blockcount +WARNING: untranslated string: guardian invalid blocktime +WARNING: untranslated string: guardian invalid logfile WARNING: untranslated string: ike lifetime should be between 1 and 8 hours WARNING: untranslated string: info messages WARNING: untranslated string: no data diff --git a/doc/language_issues.es b/doc/language_issues.es index 17347f6..f99cb90 100644 --- a/doc/language_issues.es +++ b/doc/language_issues.es @@ -244,6 +244,10 @@ WARNING: translation string unused: geoipblock country code WARNING: translation string unused: geoipblock country name WARNING: translation string unused: geoipblock flag WARNING: translation string unused: green interface +WARNING: translation string unused: guardian alertfile +WARNING: translation string unused: guardian ignorefile +WARNING: translation string unused: guardian interface +WARNING: translation string unused: guardian timelimit WARNING: translation string unused: gz with key WARNING: translation string unused: hint WARNING: translation string unused: host @@ -642,6 +646,7 @@ WARNING: untranslated string: application layer gateways WARNING: untranslated string: atm device WARNING: untranslated string: attention WARNING: untranslated string: bit +WARNING: untranslated string: block WARNING: untranslated string: bytes WARNING: untranslated string: capabilities WARNING: untranslated string: ccd add @@ -921,6 +926,31 @@ WARNING: untranslated string: fwhost welcome WARNING: untranslated string: gen dh WARNING: untranslated string: generate dh key WARNING: untranslated string: grouptype +WARNING: untranslated string: guardian +WARNING: untranslated string: guardian block a host +WARNING: untranslated string: guardian block httpd brute-force +WARNING: untranslated string: guardian block owncloud brute-force +WARNING: untranslated string: guardian block ssh brute-force +WARNING: untranslated string: guardian blockcount +WARNING: untranslated string: guardian blocked hosts +WARNING: untranslated string: guardian blocking of this address is not allowed +WARNING: untranslated string: guardian blocktime +WARNING: untranslated string: guardian common settings +WARNING: untranslated string: guardian daemon +WARNING: untranslated string: guardian empty input +WARNING: untranslated string: guardian enabled +WARNING: untranslated string: guardian firewallaction +WARNING: untranslated string: guardian ignored hosts +WARNING: untranslated string: guardian invalid address or subnet +WARNING: untranslated string: guardian invalid blockcount +WARNING: untranslated string: guardian invalid blocktime +WARNING: untranslated string: guardian invalid logfile +WARNING: untranslated string: guardian logfacility +WARNING: untranslated string: guardian loglevel +WARNING: untranslated string: guardian no entries +WARNING: untranslated string: guardian priority level +WARNING: untranslated string: guardian service +WARNING: untranslated string: guardian watch snort alertfile WARNING: untranslated string: hardware support WARNING: untranslated string: ike lifetime should be between 1 and 8 hours WARNING: untranslated string: imei @@ -1091,6 +1121,8 @@ WARNING: untranslated string: tor traffic limit hard WARNING: untranslated string: tor traffic limit soft WARNING: untranslated string: tor traffic read written WARNING: untranslated string: tor use exit nodes +WARNING: untranslated string: unblock +WARNING: untranslated string: unblock all WARNING: untranslated string: uncheck all WARNING: untranslated string: uplink WARNING: untranslated string: upload dh key diff --git a/doc/language_issues.fr b/doc/language_issues.fr index a93453f..c9714b5 100644 --- a/doc/language_issues.fr +++ b/doc/language_issues.fr @@ -241,6 +241,10 @@ WARNING: translation string unused: generatepolicy WARNING: translation string unused: generatereport WARNING: translation string unused: genkey WARNING: translation string unused: green interface +WARNING: translation string unused: guardian alertfile +WARNING: translation string unused: guardian ignorefile +WARNING: translation string unused: guardian interface +WARNING: translation string unused: guardian timelimit WARNING: translation string unused: gz with key WARNING: translation string unused: hint WARNING: translation string unused: host @@ -649,6 +653,7 @@ WARNING: untranslated string: application layer gateways WARNING: untranslated string: atm device WARNING: untranslated string: attention WARNING: untranslated string: bit +WARNING: untranslated string: block WARNING: untranslated string: bytes WARNING: untranslated string: capabilities WARNING: untranslated string: ccd add @@ -936,6 +941,31 @@ WARNING: untranslated string: geoipblock country is allowed WARNING: untranslated string: geoipblock country is blocked WARNING: untranslated string: geoipblock enable feature WARNING: untranslated string: grouptype +WARNING: untranslated string: guardian +WARNING: untranslated string: guardian block a host +WARNING: untranslated string: guardian block httpd brute-force +WARNING: untranslated string: guardian block owncloud brute-force +WARNING: untranslated string: guardian block ssh brute-force +WARNING: untranslated string: guardian blockcount +WARNING: untranslated string: guardian blocked hosts +WARNING: untranslated string: guardian blocking of this address is not allowed +WARNING: untranslated string: guardian blocktime +WARNING: untranslated string: guardian common settings +WARNING: untranslated string: guardian daemon +WARNING: untranslated string: guardian empty input +WARNING: untranslated string: guardian enabled +WARNING: untranslated string: guardian firewallaction +WARNING: untranslated string: guardian ignored hosts +WARNING: untranslated string: guardian invalid address or subnet +WARNING: untranslated string: guardian invalid blockcount +WARNING: untranslated string: guardian invalid blocktime +WARNING: untranslated string: guardian invalid logfile +WARNING: untranslated string: guardian logfacility +WARNING: untranslated string: guardian loglevel +WARNING: untranslated string: guardian no entries +WARNING: untranslated string: guardian priority level +WARNING: untranslated string: guardian service +WARNING: untranslated string: guardian watch snort alertfile WARNING: untranslated string: hardware support WARNING: untranslated string: ike lifetime should be between 1 and 8 hours WARNING: untranslated string: imei @@ -1103,6 +1133,8 @@ WARNING: untranslated string: tor traffic limit hard WARNING: untranslated string: tor traffic limit soft WARNING: untranslated string: tor traffic read written WARNING: untranslated string: tor use exit nodes +WARNING: untranslated string: unblock +WARNING: untranslated string: unblock all WARNING: untranslated string: uncheck all WARNING: untranslated string: uplink WARNING: untranslated string: upload dh key diff --git a/doc/language_issues.it b/doc/language_issues.it index 776b932..b271c22 100644 --- a/doc/language_issues.it +++ b/doc/language_issues.it @@ -291,6 +291,10 @@ WARNING: translation string unused: generatepolicy WARNING: translation string unused: generatereport WARNING: translation string unused: genkey WARNING: translation string unused: green interface +WARNING: translation string unused: guardian alertfile +WARNING: translation string unused: guardian ignorefile +WARNING: translation string unused: guardian interface +WARNING: translation string unused: guardian timelimit WARNING: translation string unused: gz with key WARNING: translation string unused: hint WARNING: translation string unused: host @@ -699,6 +703,7 @@ WARNING: untranslated string: advproxy basic authentication WARNING: untranslated string: advproxy group access control WARNING: untranslated string: advproxy group required WARNING: untranslated string: application layer gateways +WARNING: untranslated string: block WARNING: untranslated string: bytes WARNING: untranslated string: check all WARNING: untranslated string: dhcp dns enable update @@ -742,6 +747,31 @@ WARNING: untranslated string: geoipblock configuration WARNING: untranslated string: geoipblock country is allowed WARNING: untranslated string: geoipblock country is blocked WARNING: untranslated string: geoipblock enable feature +WARNING: untranslated string: guardian +WARNING: untranslated string: guardian block a host +WARNING: untranslated string: guardian block httpd brute-force +WARNING: untranslated string: guardian block owncloud brute-force +WARNING: untranslated string: guardian block ssh brute-force +WARNING: untranslated string: guardian blockcount +WARNING: untranslated string: guardian blocked hosts +WARNING: untranslated string: guardian blocking of this address is not allowed +WARNING: untranslated string: guardian blocktime +WARNING: untranslated string: guardian common settings +WARNING: untranslated string: guardian daemon +WARNING: untranslated string: guardian empty input +WARNING: untranslated string: guardian enabled +WARNING: untranslated string: guardian firewallaction +WARNING: untranslated string: guardian ignored hosts +WARNING: untranslated string: guardian invalid address or subnet +WARNING: untranslated string: guardian invalid blockcount +WARNING: untranslated string: guardian invalid blocktime +WARNING: untranslated string: guardian invalid logfile +WARNING: untranslated string: guardian logfacility +WARNING: untranslated string: guardian loglevel +WARNING: untranslated string: guardian no entries +WARNING: untranslated string: guardian priority level +WARNING: untranslated string: guardian service +WARNING: untranslated string: guardian watch snort alertfile WARNING: untranslated string: ike lifetime should be between 1 and 8 hours WARNING: untranslated string: incoming compression in bytes per second WARNING: untranslated string: incoming overhead in bytes per second @@ -770,6 +800,8 @@ WARNING: untranslated string: routing table WARNING: untranslated string: samba join a domain WARNING: untranslated string: samba join domain WARNING: untranslated string: search +WARNING: untranslated string: unblock +WARNING: untranslated string: unblock all WARNING: untranslated string: uncheck all WARNING: untranslated string: vpn force mobike WARNING: untranslated string: vpn statistic n2n diff --git a/doc/language_issues.nl b/doc/language_issues.nl index 77fa1f5..4ae42a6 100644 --- a/doc/language_issues.nl +++ b/doc/language_issues.nl @@ -290,6 +290,10 @@ WARNING: translation string unused: generatepolicy WARNING: translation string unused: generatereport WARNING: translation string unused: genkey WARNING: translation string unused: green interface +WARNING: translation string unused: guardian alertfile +WARNING: translation string unused: guardian ignorefile +WARNING: translation string unused: guardian interface +WARNING: translation string unused: guardian timelimit WARNING: translation string unused: gz with key WARNING: translation string unused: hint WARNING: translation string unused: host @@ -697,6 +701,7 @@ WARNING: untranslated string: advproxy group access control WARNING: untranslated string: advproxy group required WARNING: untranslated string: application layer gateways WARNING: untranslated string: atm device +WARNING: untranslated string: block WARNING: untranslated string: bytes WARNING: untranslated string: capabilities WARNING: untranslated string: check all @@ -757,6 +762,31 @@ WARNING: untranslated string: geoipblock configuration WARNING: untranslated string: geoipblock country is allowed WARNING: untranslated string: geoipblock country is blocked WARNING: untranslated string: geoipblock enable feature +WARNING: untranslated string: guardian +WARNING: untranslated string: guardian block a host +WARNING: untranslated string: guardian block httpd brute-force +WARNING: untranslated string: guardian block owncloud brute-force +WARNING: untranslated string: guardian block ssh brute-force +WARNING: untranslated string: guardian blockcount +WARNING: untranslated string: guardian blocked hosts +WARNING: untranslated string: guardian blocking of this address is not allowed +WARNING: untranslated string: guardian blocktime +WARNING: untranslated string: guardian common settings +WARNING: untranslated string: guardian daemon +WARNING: untranslated string: guardian empty input +WARNING: untranslated string: guardian enabled +WARNING: untranslated string: guardian firewallaction +WARNING: untranslated string: guardian ignored hosts +WARNING: untranslated string: guardian invalid address or subnet +WARNING: untranslated string: guardian invalid blockcount +WARNING: untranslated string: guardian invalid blocktime +WARNING: untranslated string: guardian invalid logfile +WARNING: untranslated string: guardian logfacility +WARNING: untranslated string: guardian loglevel +WARNING: untranslated string: guardian no entries +WARNING: untranslated string: guardian priority level +WARNING: untranslated string: guardian service +WARNING: untranslated string: guardian watch snort alertfile WARNING: untranslated string: ike lifetime should be between 1 and 8 hours WARNING: untranslated string: imei WARNING: untranslated string: imsi @@ -817,6 +847,8 @@ WARNING: untranslated string: show tls-auth key WARNING: untranslated string: software version WARNING: untranslated string: source ip country WARNING: untranslated string: ta key +WARNING: untranslated string: unblock +WARNING: untranslated string: unblock all WARNING: untranslated string: uncheck all WARNING: untranslated string: upload dh key WARNING: untranslated string: vendor diff --git a/doc/language_issues.pl b/doc/language_issues.pl index 17347f6..f99cb90 100644 --- a/doc/language_issues.pl +++ b/doc/language_issues.pl @@ -244,6 +244,10 @@ WARNING: translation string unused: geoipblock country code WARNING: translation string unused: geoipblock country name WARNING: translation string unused: geoipblock flag WARNING: translation string unused: green interface +WARNING: translation string unused: guardian alertfile +WARNING: translation string unused: guardian ignorefile +WARNING: translation string unused: guardian interface +WARNING: translation string unused: guardian timelimit WARNING: translation string unused: gz with key WARNING: translation string unused: hint WARNING: translation string unused: host @@ -642,6 +646,7 @@ WARNING: untranslated string: application layer gateways WARNING: untranslated string: atm device WARNING: untranslated string: attention WARNING: untranslated string: bit +WARNING: untranslated string: block WARNING: untranslated string: bytes WARNING: untranslated string: capabilities WARNING: untranslated string: ccd add @@ -921,6 +926,31 @@ WARNING: untranslated string: fwhost welcome WARNING: untranslated string: gen dh WARNING: untranslated string: generate dh key WARNING: untranslated string: grouptype +WARNING: untranslated string: guardian +WARNING: untranslated string: guardian block a host +WARNING: untranslated string: guardian block httpd brute-force +WARNING: untranslated string: guardian block owncloud brute-force +WARNING: untranslated string: guardian block ssh brute-force +WARNING: untranslated string: guardian blockcount +WARNING: untranslated string: guardian blocked hosts +WARNING: untranslated string: guardian blocking of this address is not allowed +WARNING: untranslated string: guardian blocktime +WARNING: untranslated string: guardian common settings +WARNING: untranslated string: guardian daemon +WARNING: untranslated string: guardian empty input +WARNING: untranslated string: guardian enabled +WARNING: untranslated string: guardian firewallaction +WARNING: untranslated string: guardian ignored hosts +WARNING: untranslated string: guardian invalid address or subnet +WARNING: untranslated string: guardian invalid blockcount +WARNING: untranslated string: guardian invalid blocktime +WARNING: untranslated string: guardian invalid logfile +WARNING: untranslated string: guardian logfacility +WARNING: untranslated string: guardian loglevel +WARNING: untranslated string: guardian no entries +WARNING: untranslated string: guardian priority level +WARNING: untranslated string: guardian service +WARNING: untranslated string: guardian watch snort alertfile WARNING: untranslated string: hardware support WARNING: untranslated string: ike lifetime should be between 1 and 8 hours WARNING: untranslated string: imei @@ -1091,6 +1121,8 @@ WARNING: untranslated string: tor traffic limit hard WARNING: untranslated string: tor traffic limit soft WARNING: untranslated string: tor traffic read written WARNING: untranslated string: tor use exit nodes +WARNING: untranslated string: unblock +WARNING: untranslated string: unblock all WARNING: untranslated string: uncheck all WARNING: untranslated string: uplink WARNING: untranslated string: upload dh key diff --git a/doc/language_issues.ru b/doc/language_issues.ru index 6446a74..8c5d4bb 100644 --- a/doc/language_issues.ru +++ b/doc/language_issues.ru @@ -237,6 +237,10 @@ WARNING: translation string unused: generatepolicy WARNING: translation string unused: generatereport WARNING: translation string unused: genkey WARNING: translation string unused: green interface +WARNING: translation string unused: guardian alertfile +WARNING: translation string unused: guardian ignorefile +WARNING: translation string unused: guardian interface +WARNING: translation string unused: guardian timelimit WARNING: translation string unused: gz with key WARNING: translation string unused: hint WARNING: translation string unused: host @@ -642,6 +646,7 @@ WARNING: untranslated string: application layer gateways WARNING: untranslated string: atm device WARNING: untranslated string: attention WARNING: untranslated string: bit +WARNING: untranslated string: block WARNING: untranslated string: bytes WARNING: untranslated string: capabilities WARNING: untranslated string: ccd add @@ -920,6 +925,31 @@ WARNING: untranslated string: geoipblock country is allowed WARNING: untranslated string: geoipblock country is blocked WARNING: untranslated string: geoipblock enable feature WARNING: untranslated string: grouptype +WARNING: untranslated string: guardian +WARNING: untranslated string: guardian block a host +WARNING: untranslated string: guardian block httpd brute-force +WARNING: untranslated string: guardian block owncloud brute-force +WARNING: untranslated string: guardian block ssh brute-force +WARNING: untranslated string: guardian blockcount +WARNING: untranslated string: guardian blocked hosts +WARNING: untranslated string: guardian blocking of this address is not allowed +WARNING: untranslated string: guardian blocktime +WARNING: untranslated string: guardian common settings +WARNING: untranslated string: guardian daemon +WARNING: untranslated string: guardian empty input +WARNING: untranslated string: guardian enabled +WARNING: untranslated string: guardian firewallaction +WARNING: untranslated string: guardian ignored hosts +WARNING: untranslated string: guardian invalid address or subnet +WARNING: untranslated string: guardian invalid blockcount +WARNING: untranslated string: guardian invalid blocktime +WARNING: untranslated string: guardian invalid logfile +WARNING: untranslated string: guardian logfacility +WARNING: untranslated string: guardian loglevel +WARNING: untranslated string: guardian no entries +WARNING: untranslated string: guardian priority level +WARNING: untranslated string: guardian service +WARNING: untranslated string: guardian watch snort alertfile WARNING: untranslated string: hardware support WARNING: untranslated string: ike lifetime should be between 1 and 8 hours WARNING: untranslated string: imei @@ -1084,6 +1114,8 @@ WARNING: untranslated string: tor traffic limit hard WARNING: untranslated string: tor traffic limit soft WARNING: untranslated string: tor traffic read written WARNING: untranslated string: tor use exit nodes +WARNING: untranslated string: unblock +WARNING: untranslated string: unblock all WARNING: untranslated string: uncheck all WARNING: untranslated string: uplink WARNING: untranslated string: upload dh key diff --git a/doc/language_issues.tr b/doc/language_issues.tr index 5479859..1389408 100644 --- a/doc/language_issues.tr +++ b/doc/language_issues.tr @@ -92,7 +92,6 @@ WARNING: translation string unused: bewan adsl pci st WARNING: translation string unused: bewan adsl usb WARNING: translation string unused: bitrate WARNING: translation string unused: bleeding rules -WARNING: translation string unused: block WARNING: translation string unused: blue access use hint WARNING: translation string unused: blue interface WARNING: translation string unused: cache management @@ -300,6 +299,10 @@ WARNING: translation string unused: geoipblock country code WARNING: translation string unused: geoipblock country name WARNING: translation string unused: geoipblock flag WARNING: translation string unused: green interface +WARNING: translation string unused: guardian alertfile +WARNING: translation string unused: guardian ignorefile +WARNING: translation string unused: guardian interface +WARNING: translation string unused: guardian timelimit WARNING: translation string unused: gz with key WARNING: translation string unused: hint WARNING: translation string unused: host @@ -644,8 +647,6 @@ WARNING: translation string unused: tripwirewarningkeys WARNING: translation string unused: tripwirewarningpolicy WARNING: translation string unused: umount WARNING: translation string unused: umount removable media before to unplug -WARNING: translation string unused: unblock -WARNING: translation string unused: unblock all WARNING: translation string unused: unencrypted WARNING: translation string unused: update transcript WARNING: translation string unused: updatedatabase @@ -705,6 +706,31 @@ WARNING: untranslated string: application layer gateways WARNING: untranslated string: bytes WARNING: untranslated string: fwhost cust geoipgrp WARNING: untranslated string: fwhost err hostip +WARNING: untranslated string: guardian +WARNING: untranslated string: guardian block a host +WARNING: untranslated string: guardian block httpd brute-force +WARNING: untranslated string: guardian block owncloud brute-force +WARNING: untranslated string: guardian block ssh brute-force +WARNING: untranslated string: guardian blockcount +WARNING: untranslated string: guardian blocked hosts +WARNING: untranslated string: guardian blocking of this address is not allowed +WARNING: untranslated string: guardian blocktime +WARNING: untranslated string: guardian common settings +WARNING: untranslated string: guardian daemon +WARNING: untranslated string: guardian empty input +WARNING: untranslated string: guardian enabled +WARNING: untranslated string: guardian firewallaction +WARNING: untranslated string: guardian ignored hosts +WARNING: untranslated string: guardian invalid address or subnet +WARNING: untranslated string: guardian invalid blockcount +WARNING: untranslated string: guardian invalid blocktime +WARNING: untranslated string: guardian invalid logfile +WARNING: untranslated string: guardian logfacility +WARNING: untranslated string: guardian loglevel +WARNING: untranslated string: guardian no entries +WARNING: untranslated string: guardian priority level +WARNING: untranslated string: guardian service +WARNING: untranslated string: guardian watch snort alertfile WARNING: untranslated string: ike lifetime should be between 1 and 8 hours WARNING: untranslated string: info messages WARNING: untranslated string: no data diff --git a/doc/language_missings b/doc/language_missings index 32e1e48..8afdfe8 100644 --- a/doc/language_missings +++ b/doc/language_missings @@ -372,6 +372,28 @@ < geoipblock enable feature < geoipblock flag < grouptype +< guardian +< guardian block a host +< guardian blockcount +< guardian blocked hosts +< guardian block httpd brute-force +< guardian blocking of this address is not allowed +< guardian block owncloud brute-force +< guardian block ssh brute-force +< guardian blocktime +< guardian common settings +< guardian daemon +< guardian empty input +< guardian enabled +< guardian firewallaction +< guardian ignored hosts +< guardian invalid address or subnet +< guardian logfacility +< guardian loglevel +< guardian no entries +< guardian priority level +< guardian service +< guardian watch snort alertfile < hardware support < imei < imsi @@ -973,6 +995,28 @@ < gen dh < generate dh key < grouptype +< guardian +< guardian block a host +< guardian blockcount +< guardian blocked hosts +< guardian block httpd brute-force +< guardian blocking of this address is not allowed +< guardian block owncloud brute-force +< guardian block ssh brute-force +< guardian blocktime +< guardian common settings +< guardian daemon +< guardian empty input +< guardian enabled +< guardian firewallaction +< guardian ignored hosts +< guardian invalid address or subnet +< guardian logfacility +< guardian loglevel +< guardian no entries +< guardian priority level +< guardian service +< guardian watch snort alertfile < hardware support < imei < imsi @@ -1568,6 +1612,28 @@ < geoipblock enable feature < geoipblock flag < grouptype +< guardian +< guardian block a host +< guardian blockcount +< guardian blocked hosts +< guardian block httpd brute-force +< guardian blocking of this address is not allowed +< guardian block owncloud brute-force +< guardian block ssh brute-force +< guardian blocktime +< guardian common settings +< guardian daemon +< guardian empty input +< guardian enabled +< guardian firewallaction +< guardian ignored hosts +< guardian invalid address or subnet +< guardian logfacility +< guardian loglevel +< guardian no entries +< guardian priority level +< guardian service +< guardian watch snort alertfile < hardware support < imei < imsi @@ -2152,6 +2218,28 @@ < geoipblock enable feature < geoipblock flag < grouptype +< guardian +< guardian block a host +< guardian blockcount +< guardian blocked hosts +< guardian block httpd brute-force +< guardian blocking of this address is not allowed +< guardian block owncloud brute-force +< guardian block ssh brute-force +< guardian blocktime +< guardian common settings +< guardian daemon +< guardian empty input +< guardian enabled +< guardian firewallaction +< guardian ignored hosts +< guardian invalid address or subnet +< guardian logfacility +< guardian loglevel +< guardian no entries +< guardian priority level +< guardian service +< guardian watch snort alertfile < hardware support < hour-graph < imei diff --git a/html/cgi-bin/guardian.cgi b/html/cgi-bin/guardian.cgi new file mode 100644 index 0000000..9d044fe --- /dev/null +++ b/html/cgi-bin/guardian.cgi @@ -0,0 +1,1129 @@ +#!/usr/bin/perl +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2016 IPFire Team info@ipfire.org # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +use strict; +use Locale::Codes::Country; +use Guardian::Socket; + +# enable only the following on debugging purpose +#use warnings; +#use CGI::Carp 'fatalsToBrowser'; + +require '/var/ipfire/general-functions.pl'; +require "${General::swroot}/lang.pl"; +require "${General::swroot}/header.pl"; + +#workaround to suppress a warning when a variable is used only once +my @dummy = ( + ${Header::colourred}, + ${Header::colourgreen} +); + +undef (@dummy); + +my $string=(); +my $memory=(); +my @memory=(); +my @pid=(); +my @guardian=(); + +# Path to the guardian.ignore file. +my $ignorefile ='/var/ipfire/guardian/guardian.ignore'; + +# Hash which contains the supported modules and the +# file locations on IPFire systems. +my %module_file_locations = ( + "HTTPD" => "/var/log/httpd/error_log", + "OWNCLOUD" => "/var/owncloud/data/owncloud.log", + "SNORT" => "/var/log/snort/alert", + "SSH" => "/var/log/messages", +); + +our %netsettings = (); +&General::readhash("${General::swroot}/ethernet/settings", %netsettings); + +our %color = (); +our %mainsettings = (); +&General::readhash("${General::swroot}/main/settings", %mainsettings); +&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", %color); + +# Pakfire meta file for owncloud. +# (File exists when the addon is installed.) +my $owncloud_meta = "/opt/pakfire/db/installed/meta-owncloud"; + + +# File declarations. +my $settingsfile = "${General::swroot}/guardian/settings"; +my $ignoredfile = "${General::swroot}/guardian/ignored"; + +# Create empty settings and ignoredfile if they do not exist yet. +unless (-e "$settingsfile") { system("touch $settingsfile"); } +unless (-e "$ignoredfile") { system("touch $ignoredfile"); } + +our %settings = (); +our %ignored = (); + +$settings{'ACTION'} = ''; + +$settings{'GUARDIAN_ENABLED'} = 'off'; +$settings{'GUARDIAN_MONITOR_SNORT'} = 'on'; +$settings{'GUARDIAN_MONITOR_SSH'} = 'on'; +$settings{'GUARDIAN_MONITOR_HTTPD'} = 'on'; +$settings{'GUARDIAN_MONITOR_OWNCLOUD'} = ''; +$settings{'GUARDIAN_LOG_FACILITY'} = 'syslog'; +$settings{'GUARDIAN_LOGLEVEL'} = 'info'; +$settings{'GUARDIAN_BLOCKCOUNT'} = '3'; +$settings{'GUARDIAN_BLOCKTIME'} = '86400'; +$settings{'GUARDIAN_FIREWALL_ACTION'} = 'DROP'; +$settings{'GUARDIAN_LOGFILE'} = '/var/log/guardian/guardian.log'; +$settings{'GUARDIAN_SNORT_PRIORITY_LEVEL'} = '3'; + +# Default settings for owncloud if installed. +if ( -e "$owncloud_meta") { + $settings{'GUARDIAN_MONITOR_OWNCLOUD'} = 'off'; +} + +my $errormessage = ''; + +&Header::showhttpheaders(); + +# Get GUI values. +&Header::getcgihash(%settings); + +# Check if guardian is running and grab some stats. +&daemonstats(); +my $pid = $pid[0]; + +## Perform input checks and save settings. +# +if ($settings{'ACTION'} eq $Lang::tr{'save'}) { + # Check for valid blocktime. + unless(($settings{'GUARDIAN_BLOCKTIME'} =~ /^\d+$/) && ($settings{'GUARDIAN_BLOCKTIME'} ne "0")) { + $errormessage = "$Lang::tr{'guardian invalid blocktime'}"; + } + + # Check if the bloccount is valid. + unless(($settings{'GUARDIAN_BLOCKCOUNT'} =~ /^\d+$/) && ($settings{'GUARDIAN_BLOCKCOUNT'} ne "0")) { + $errormessage = "$Lang::tr{'guardian invalid blockcount'}"; + } + + # Check Logfile. + unless($settings{'GUARDIAN_LOGFILE'} =~ /^[a-zA-Z0-9./]+$/) { + $errormessage = "$Lang::tr{'guardian invalid logfile'}"; + } + + # Only continue if no error message has been set. + if($errormessage eq '') { + # Write configuration settings to file. + &General::writehash("${General::swroot}/guardian/settings", %settings); + + # Update configuration files. + &BuildConfiguration(); + } + +## Add/edit an entry to the ignore file. +# +} elsif (($settings{'ACTION'} eq $Lang::tr{'add'}) || ($settings{'ACTION'} eq $Lang::tr{'update'})) { + + # Check if any input has been performed. + if ($settings{'IGNORE_ENTRY_ADDRESS'} ne '') { + + # Check if the given input is no valid IP-address or IP-address with subnet, display an error message. + if ((!&General::validip($settings{'IGNORE_ENTRY_ADDRESS'})) && (!&General::validipandmask($settings{'IGNORE_ENTRY_ADDRESS'}))) { + $errormessage = "$Lang::tr{'guardian invalid address or subnet'}"; + } + } else { + $errormessage = "$Lang::tr{'guardian empty input'}"; + } + + # Go further if there was no error. + if ($errormessage eq '') { + my %ignored = (); + my $id; + my $status; + + # Assign hash values. + my $new_entry_address = $settings{'IGNORE_ENTRY_ADDRESS'}; + my $new_entry_remark = $settings{'IGNORE_ENTRY_REMARK'}; + + # Read-in ignoredfile. + &General::readhasharray($ignoredfile, %ignored); + + # Check if we should edit an existing entry and got an ID. + if (($settings{'ACTION'} eq $Lang::tr{'update'}) && ($settings{'ID'})) { + # Assin the provided id. + $id = $settings{'ID'}; + + # Undef the given ID. + undef($settings{'ID'}); + + # Grab the configured status of the corresponding entry. + $status = $ignored{$id}[2]; + } else { + # Each newly added entry automatically should be enabled. + $status = "enabled"; + + # Generate the ID for the new entry. + # + # Sort the keys by it's ID and store them in an array. + my @keys = sort { $a <=> $b } keys %ignored; + + # Reverse the key array. + my @reversed = reverse(@keys); + + # Obtain the last used id. + my $last_id = @reversed[0]; + + # Increase the last id by one and use it as id for the new entry. + $id = ++$last_id; + } + + # Add/Modify the entry to/in the ignored hash. + $ignored{$id} = ["$new_entry_address", "$new_entry_remark", "$status"]; + + # Write the changed ignored hash to the ignored file. + &General::writehasharray($ignoredfile, %ignored); + + # Regenerate the ignore file. + &GenerateIgnoreFile(); + } + + # Check if guardian is running. + if ($pid > 0) { + # Send reload command through socket connection. + &Guardian::Socket::Client("reload-ignore-list"); + } + +## Toggle Enabled/Disabled for an existing entry on the ignore list. +# + +} elsif ($settings{'ACTION'} eq $Lang::tr{'toggle enable disable'}) { + my %ignored = (); + + # Only go further, if an ID has been passed. + if ($settings{'ID'}) { + # Assign the given ID. + my $id = $settings{'ID'}; + + # Undef the given ID. + undef($settings{'ID'}); + + # Read-in ignoredfile. + &General::readhasharray($ignoredfile, %ignored); + + # Grab the configured status of the corresponding entry. + my $status = $ignored{$id}[2]; + + # Switch the status. + if ($status eq "disabled") { + $status = "enabled"; + } else { + $status = "disabled"; + } + + # Modify the status of the existing entry. + $ignored{$id} = ["$ignored{$id}[0]", "$ignored{$id}[1]", "$status"]; + + # Write the changed ignored hash to the ignored file. + &General::writehasharray($ignoredfile, %ignored); + + # Regenerate the ignore file. + &GenerateIgnoreFile(); + + # Check if guardian is running. + if ($pid > 0) { + # Send reload command through socket connection. + &Guardian::Socket::Client("reload-ignore-list"); + } + } + +## Remove entry from ignore list. +# +} elsif ($settings{'ACTION'} eq $Lang::tr{'remove'}) { + my %ignored = (); + + # Read-in ignoredfile. + &General::readhasharray($ignoredfile, %ignored); + + # Drop entry from the hash. + delete($ignored{$settings{'ID'}}); + + # Undef the given ID. + undef($settings{'ID'}); + + # Write the changed ignored hash to the ignored file. + &General::writehasharray($ignoredfile, %ignored); + + # Regenerate the ignore file. + &GenerateIgnoreFile(); + + # Check if guardian is running. + if ($pid > 0) { + # Send reload command through socket connection. + &Guardian::Socket::Client("reload-ignore-list"); + } + +## Block a user given address or subnet. +# +} elsif ($settings{'ACTION'} eq $Lang::tr{'block'}) { + + # Assign some temporary variables used for input validation. + my $input = $settings{'ADDRESS_BLOCK'}; + my $green = $netsettings{'GREEN_ADDRESS'}; + my $blue = $netsettings{'BLUE_ADDRESS'}; + my $orange = $netsettings{'ORANGE_ADDRESS'}; + my $red = $netsettings{'RED_ADDRESS'}; + + # File declarations. + my $gatewayfile = "${General::swroot}/red/remote-ipaddress"; + my $dns1file = "${General::swroot}/red/dns1"; + my $dns2file = "${General::swroot}/red/dns2"; + + # Get gateway address. + my $gateway = &_get_address_from_file($gatewayfile); + + # Get addresses from the used dns servers. + my $dns1 = &_get_address_from_file($dns1file); + my $dns2 = &_get_address_from_file($dns2file); + + # Check if any input has been performed. + if ($input eq '') { + $errormessage = "$Lang::tr{'guardian empty input'}"; + } + + # Check if the given input is localhost (127.0.0.1). + elsif ($input eq "127.0.0.1") { + $errormessage = "$Lang::tr{'guardian blocking of this address is not allowed'}"; + } + + # Check if the given input is anywhere (0.0.0.0). + elsif ($input eq "0.0.0.0") { + $errormessage = "$Lang::tr{'guardian blocking of this address is not allowed'}"; + } + + # Check if the given input is one of the interface addresses or our gateway. + elsif ($input eq "$green" || $input eq "$blue" || $input eq "$orange" || $input eq "$red" || $input eq "$gateway" || $input eq "$dns1" || $input eq "$dns2") { + $errormessage = "$Lang::tr{'guardian blocking of this address is not allowed'}"; + } + + # Check if the given input is a valid IP address. + elsif (!&General::validip($input)) { + $errormessage = "$Lang::tr{'guardian invalid address or subnet'}"; + } + + # Go further if there was no error. + if ($errormessage eq '') { + my $block = $settings{'ADDRESS_BLOCK'}; + + # Send command to block the specified address through socket connection. + &Guardian::Socket::Client("block $block"); + } + +## Unblock address or subnet. +# +} elsif ($settings{'ACTION'} eq $Lang::tr{'unblock'}) { + + # Check if no empty input has been performed. + if ($settings{'ADDRESS_UNBLOCK'} ne '') { + + # Check if the given input is no valid IP-address or IP-address with subnet, display an error message. + if ((!&General::validip($settings{'ADDRESS_UNBLOCK'})) && (!&General::validipandmask($settings{'ADDRESS_UNBLOCK'}))) { + $errormessage = "$Lang::tr{'guardian invalid address or subnet'}"; + } + + } else { + $errormessage = "$Lang::tr{'guardian empty input'}"; + } + + # Go further if there was no error. + if ($errormessage eq '') { + my $unblock = $settings{'ADDRESS_UNBLOCK'}; + + # Send command to unblock the given address through socket connection. + &Guardian::Socket::Client("unblock $unblock"); + } + +## Unblock all. +# +} elsif ($settings{'ACTION'} eq $Lang::tr{'unblock all'}) { + + # Send flush command through socket connection. + &Guardian::Socket::Client("flush"); +} + +# Load settings from files. +&General::readhash("${General::swroot}/guardian/settings", %settings); +&General::readhasharray("${General::swroot}/guardian/ignored", %ignored); + +# Call functions to generate whole page. +&showMainBox(); +&showIgnoreBox(); + +# Display area only if guardian is running. +if ( ($memory != 0) && ($pid > 0) ) { + &showBlockedBox(); +} + +# Function to display the status of guardian and allow base configuration. +sub showMainBox() { + my %checked = (); + my %selected = (); + + $checked{'GUARDIAN_ENABLED'}{'on'} = ''; + $checked{'GUARDIAN_ENABLED'}{'off'} = ''; + $checked{'GUARDIAN_ENABLED'}{$settings{'GUARDIAN_ENABLED'}} = 'checked'; + $checked{'GUARDIAN_MONITOR_SNORT'}{'off'} = ''; + $checked{'GUARDIAN_MONITOR_SNORT'}{'on'} = ''; + $checked{'GUARDIAN_MONITOR_SNORT'}{$settings{'GUARDIAN_MONITOR_SNORT'}} = "checked='checked'"; + $checked{'GUARDIAN_MONITOR_SSH'}{'off'} = ''; + $checked{'GUARDIAN_MONITOR_SSH'}{'on'} = ''; + $checked{'GUARDIAN_MONITOR_SSH'}{$settings{'GUARDIAN_MONITOR_SSH'}} = "checked='checked'"; + $checked{'GUARDIAN_MONITOR_HTTPD'}{'off'} = ''; + $checked{'GUARDIAN_MONITOR_HTTPD'}{'on'} = ''; + $checked{'GUARDIAN_MONITOR_HTTPD'}{$settings{'GUARDIAN_MONITOR_HTTPD'}} = "checked='checked'"; + $checked{'GUARDIAN_MONITOR_OWNCLOUD'}{'off'} = ''; + $checked{'GUARDIAN_MONITOR_OWNCLOUD'}{'on'} = ''; + $checked{'GUARDIAN_MONITOR_OWNCLOUD'}{$settings{'GUARDIAN_MONITOR_OWNCLOUD'}} = "checked='checked'"; + + $selected{'GUARDIAN_LOG_FACILITY'}{$settings{'GUARDIAN_LOG_FACILITY'}} = 'selected'; + $selected{'GUARDIAN_LOGLEVEL'}{$settings{'GUARDIAN_LOGLEVEL'}} = 'selected'; + $selected{'GUARDIAN_SNORT_PRIORITY_LEVEL'}{$settings{'GUARDIAN_SNORT_PRIORITY_LEVEL'}} = 'selected'; + $selected{'GUARDIAN_FIREWALL_ACTION'}{$settings{'GUARDIAN_FIREWALL_ACTION'}} = 'selected'; + + &Header::openpage($Lang::tr{'guardian configuration'}, 1, ''); + &Header::openbigbox('100%', 'left', '', $errormessage); + + # Print errormessage if there is one. + if ($errormessage) { + &Header::openbox('100%', 'left', $Lang::tr{'error messages'}); + print "<font class='base'>$errormessage </font>\n"; + &Header::closebox(); + } + + ### Java Script ### + print<<END; + <script> + var update_options = function() { + + var logfacility = $("#GUARDIAN_LOG_FACILITY").val(); + var loglevel = $("#GUARDIAN_LOGLEVEL").val(); + + if (logfacility === undefined) + return; + + if (loglevel === undefined) + return; + + // Show / Hide input for specifying the path to the logfile. + if (logfacility === "file") { + $(".GUARDIAN_LOGFILE").show(); + } else { + $(".GUARDIAN_LOGFILE").hide(); + } + + // Show / Hide loglevel debug if the facility is set to syslog. + if (logfacility === "syslog") { + $("#loglevel_debug").hide(); + } else { + $("#loglevel_debug").show(); + } + + // Show / Hide logfacility syslog if the loglevel is set to debug. + if (loglevel === "debug") { + $("#logfacility_syslog").hide(); + } else { + $("#logfacility_syslog").show(); + } + }; + + $(document).ready(function() { + $("#GUARDIAN_LOG_FACILITY").change(update_options); + $("#GUARDIAN_LOGLEVEL").change(update_options); + update_options(); + + // Show / Hide snort priority level option, based if + // snort is enabled / disabled. + if ($('input[name=GUARDIAN_MONITOR_SNORT]:checked').val() == 'on') { + $('.GUARDIAN_SNORT_PRIORITY_LEVEL').show(); + } else { + $('.GUARDIAN_SNORT_PRIORITY_LEVEL').hide(); + } + + // Show/Hide snort priority level when GUARDIAN_MONITOR_SNORT get changed. + $('input[name=GUARDIAN_MONITOR_SNORT]').change(function() { + $('.GUARDIAN_SNORT_PRIORITY_LEVEL').toggle(); + }); + }); + </script> +END + + + + # Draw current guardian state. + &Header::openbox('100%', 'center', $Lang::tr{'guardian'}); + + # Get current status of guardian. + &daemonstats(); + $pid = $pid[0]; + + # Display some useful information related to guardian, if daemon is running. + if ( ($memory != 0) && ($pid > 0) ){ + print <<END; + <table width='95%' cellspacing='0' class='tbl'> + <tr> + <th bgcolor='$color{'color20'}' colspan='3' align='left'><strong>$Lang::tr{'guardian service'}</strong></th> + </tr> + <tr> + <td class='base'>$Lang::tr{'guardian daemon'}</td> + <td align='center' colspan='2' width='75%' bgcolor='${Header::colourgreen}'><font color='white'><strong>$Lang::tr{'running'}</strong></font></td> + </tr> + <tr> + <td class='base'></td> + <td bgcolor='$color{'color20'}' align='center'><strong>PID</strong></td> + <td bgcolor='$color{'color20'}' align='center'><strong>$Lang::tr{'memory'}</strong></td> + </tr> + <tr> + <td class='base'></td> + <td bgcolor='$color{'color22'}' align='center'>$pid</td> + <td bgcolor='$color{'color22'}' align='center'>$memory KB</td> + </tr> + </table> +END + } else { + # Otherwise display a hint that the service is not launched. + print <<END; + <table width='95%' cellspacing='0' class='tbl'> + <tr> + <th bgcolor='$color{'color20'}' colspan='3' align='left'><strong>$Lang::tr{'guardian service'}</strong></th> + </tr> + <tr> + <td class='base'>$Lang::tr{'guardian daemon'}</td> + <td align='center' width='75%' bgcolor='${Header::colourred}'><font color='white'><strong>$Lang::tr{'stopped'}</strong></font></td> + </tr> + </table> +END + } + + &Header::closebox(); + + # Draw elements for guardian configuration. + &Header::openbox('100%', 'center', $Lang::tr{'guardian configuration'}); + + print <<END; + <form method='post' action='$ENV{'SCRIPT_NAME'}'> + + <table width='95%'> + <tr> + <td colspan='2' class='base' bgcolor='$color{'color20'}'><b>$Lang::tr{'guardian common settings'}</b></td> + </tr> + <tr> + <td width='20%' class='base'>$Lang::tr{'guardian enabled'}:</td> + <td><input type='checkbox' name='GUARDIAN_ENABLED' $checked{'GUARDIAN_ENABLED'}{'on'} /></td> + </tr> + <tr> + <td colspan='2'><br></td> + </tr> + <tr> + <td width='20%' class='base'>$Lang::tr{'guardian watch snort alertfile'}</td> + <td align='left'>on <input type='radio' name='GUARDIAN_MONITOR_SNORT' value='on' $checked{'GUARDIAN_MONITOR_SNORT'}{'on'} /> / + <input type='radio' name='GUARDIAN_MONITOR_SNORT' value='off' $checked{'GUARDIAN_MONITOR_SNORT'}{'off'} /> off</td> + </tr> + <tr> + <td width='20%' class='base'>$Lang::tr{'guardian block ssh brute-force'}</td> + <td align='left'>on <input type='radio' name='GUARDIAN_MONITOR_SSH' value='on' $checked{'GUARDIAN_MONITOR_SSH'}{'on'} /> / + <input type='radio' name='GUARDIAN_MONITOR_SSH' value='off' $checked{'GUARDIAN_MONITOR_SSH'}{'off'} /> off</td> + </tr> + <tr> + <td width='20%' class='base'>$Lang::tr{'guardian block httpd brute-force'}</td> + <td align='left'>on <input type='radio' name='GUARDIAN_MONITOR_HTTPD' value='on' $checked{'GUARDIAN_MONITOR_HTTPD'}{'on'} /> / + <input type='radio' name='GUARDIAN_MONITOR_HTTPD' value='off' $checked{'GUARDIAN_MONITOR_HTTPD'}{'off'} /> off</td> + </tr> +END + # Display owncloud checkbox when the addon is installed. + if ( -e "$owncloud_meta" ) { + print"<tr>\n"; + print"<td width='20%' class='base'>$Lang::tr{'guardian block owncloud brute-force'}</td>\n"; + print"<td align='left'>on <input type='radio' name='GUARDIAN_MONITOR_OWNCLOUD' value='on' $checked{'GUARDIAN_MONITOR_OWNCLOUD'}{'on'} /> /\n"; + print"<input type='radio' name='GUARDIAN_MONITOR_OWNCLOUD' value='off' $checked{'GUARDIAN_MONITOR_OWNCLOUD'}{'off'} /> off</td>\n"; + print"</tr>\n"; + } + print <<END; + <tr> + <td colspan='2'><br></td> + </tr> + <tr> + <td align='left' width='20%'>$Lang::tr{'guardian logfacility'}:</td> + <td><select id='GUARDIAN_LOG_FACILITY' name='GUARDIAN_LOG_FACILITY'> + <option id='logfacility_syslog' value='syslog' $selected{'GUARDIAN_LOG_FACILITY'}{'syslog'}>syslog</option> + <option id='logfacility_file' value='file' $selected{'GUARDIAN_LOG_FACILITY'}{'file'}>file</option> + <option id='logfacility_console' value='console' $selected{'GUARDIAN_LOG_FACILITY'}{'console'}>console</option> + </select></td> + </tr> + <tr> + <td colspan='2'><br></td> + </tr> + <tr> + <td align='left' width='20%'>$Lang::tr{'guardian loglevel'}:</td> + <td><select id='GUARDIAN_LOGLEVEL' name='GUARDIAN_LOGLEVEL'> + <option id='loglevel_off' value='off' $selected{'GUARDIAN_LOGLEVEL'}{'off'}>off</option> + <option id='loglevel_info' value='info' $selected{'GUARDIAN_LOGLEVEL'}{'info'}>info</option> + <option id='loglevel_debug' value='debug' $selected{'GUARDIAN_LOGLEVEL'}{'debug'}>debug</option> + </select></td> + </tr> + <tr class="GUARDIAN_SNORT_PRIORITY_LEVEL"> + <td colspan='2'><br></td> + </tr> + <tr class="GUARDIAN_SNORT_PRIORITY_LEVEL"> + <td align='left' width='20%'>$Lang::tr{'guardian priority level'}:</td> + <td><select name='GUARDIAN_SNORT_PRIORITY_LEVEL'> + <option value='1' $selected{'GUARDIAN_SNORT_PRIORITY_LEVEL'}{'1'}>1</option> + <option value='2' $selected{'GUARDIAN_SNORT_PRIORITY_LEVEL'}{'2'}>2</option> + <option value='3' $selected{'GUARDIAN_SNORT_PRIORITY_LEVEL'}{'3'}>3</option> + <option value='4' $selected{'GUARDIAN_SNORT_PRIORITY_LEVEL'}{'4'}>4</option> + </select></td> + </tr> + <tr> + <td colspan='2'><br></td> + </tr> + <tr> + <td width='20%' class='base'>$Lang::tr{'guardian firewallaction'}:</td> + <td><select name='GUARDIAN_FIREWALL_ACTION'> + <option value='DROP' $selected{'GUARDIAN_FIREWALL_ACTION'}{'DROP'}>Drop</option> + <option value='REJECT' $selected{'GUARDIAN_FIREWALL_ACTION'}{'REJECT'}>Reject</option> + </select></td> + </tr> + <tr> + <td colspan='2'><br></td> + </tr> + <tr> + <td width='20%' class='base'>$Lang::tr{'guardian blockcount'}:</td> + <td><input type='text' name='GUARDIAN_BLOCKCOUNT' value='$settings{'GUARDIAN_BLOCKCOUNT'}' size='5' /></td> + </tr> + <tr> + <td width='20%' class='base'>$Lang::tr{'guardian blocktime'}:</td> + <td><input type='text' name='GUARDIAN_BLOCKTIME' value='$settings{'GUARDIAN_BLOCKTIME'}' size='10' /></td> + </tr> + <tr class="GUARDIAN_LOGFILE"> + <td width='20%' class='base'>$Lang::tr{'guardian logfile'}:</td> + <td><input type='text' name='GUARDIAN_LOGFILE' value='$settings{'GUARDIAN_LOGFILE'}' size='30' /></td> + </tr> + </table> +END + + print <<END; + <hr> + + <table width='95%'> + <tr> + <td> </td> + <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td> + <td> </td> + </tr> + </table> + </form> +END + + &Header::closebox(); +} + +# Function to show elements of the guardian ignorefile and allow to add or remove single members of it. +sub showIgnoreBox() { + &Header::openbox('100%', 'center', $Lang::tr{'guardian ignored hosts'}); + + print <<END; + <table width='80%'> + <tr> + <td class='base' bgcolor='$color{'color20'}'><b>$Lang::tr{'ip address'}</b></td> + <td class='base' bgcolor='$color{'color20'}'><b>$Lang::tr{'remark'}</b></td> + <td class='base' colspan='3' bgcolor='$color{'color20'}'></td> + </tr> +END + # Check if some hosts have been add to be ignored. + if (keys (%ignored)) { + my $col = ""; + + # Loop through all entries of the hash.. + while( (my $key) = each %ignored) { + # Assign data array positions to some nice variable names. + my $address = $ignored{$key}[0]; + my $remark = $ignored{$key}[1]; + my $status = $ignored{$key}[2]; + + # Check if the key (id) number is even or not. + if ($settings{'ID'} eq $key) { + $col="bgcolor='${Header::colouryellow}'"; + } elsif ($key % 2) { + $col="bgcolor='$color{'color22'}'"; + } else { + $col="bgcolor='$color{'color20'}'"; + } + + # Choose icon for the checkbox. + my $gif; + my $gdesc; + + # Check if the status is enabled and select the correct image and description. + if ($status eq 'enabled' ) { + $gif = 'on.gif'; + $gdesc = $Lang::tr{'click to disable'}; + } else { + $gif = 'off.gif'; + $gdesc = $Lang::tr{'click to enable'}; + } + + print <<END; + <tr> + <td width='20%' class='base' $col>$address</td> + <td width='65%' class='base' $col>$remark</td> + + <td align='center' $col> + <form method='post' action='$ENV{'SCRIPT_NAME'}'> + <input type='hidden' name='ACTION' value='$Lang::tr{'toggle enable disable'}' /> + <input type='image' name='$Lang::tr{'toggle enable disable'}' src='/images/$gif' alt='$gdesc' title='$gdesc' /> + <input type='hidden' name='ID' value='$key' /> + </form> + </td> + + <td align='center' $col> + <form method='post' action='$ENV{'SCRIPT_NAME'}'> + <input type='hidden' name='ACTION' value='$Lang::tr{'edit'}' /> + <input type='image' name='$Lang::tr{'edit'}' src='/images/edit.gif' alt='$Lang::tr{'edit'}' title='$Lang::tr{'edit'}' /> + <input type='hidden' name='ID' value='$key' /> + </form> + </td> + + <td align='center' $col> + <form method='post' name='$key' action='$ENV{'SCRIPT_NAME'}'> + <input type='image' name='$Lang::tr{'remove'}' src='/images/delete.gif' title='$Lang::tr{'remove'}' alt='$Lang::tr{'remove'}'> + <input type='hidden' name='ID' value='$key'> + <input type='hidden' name='ACTION' value='$Lang::tr{'remove'}'> + </form> + </td> + </tr> +END + } + } else { + # Print notice that currently no hosts are ignored. + print "<tr>\n"; + print "<td class='base' colspan='2'>$Lang::tr{'guardian no entries'}</td>\n"; + print "</tr>\n"; + } + + print "</table>\n"; + + # Section to add new elements or edit existing ones. + print <<END; + <br> + <hr> + <br> + + <div align='center'> + <table width='100%'> +END + + # Assign correct headline and button text. + my $buttontext; + my $entry_address; + my $entry_remark; + + # Check if an ID (key) has been given, in this case an existing entry should be edited. + if ($settings{'ID'} ne '') { + $buttontext = $Lang::tr{'update'}; + print "<tr><td class='boldbase' colspan='3'><b>$Lang::tr{'update'}</b></td></tr>\n"; + + # Grab address and remark for the given key. + $entry_address = $ignored{$settings{'ID'}}[0]; + $entry_remark = $ignored{$settings{'ID'}}[1]; + } else { + $buttontext = $Lang::tr{'add'}; + print "<tr><td class='boldbase' colspan='3'><b>$Lang::tr{'dnsforward add a new entry'}</b></td></tr>\n"; + } + + print <<END; + <form method='post' action='$ENV{'SCRIPT_NAME'}'> + <input type='hidden' name='ID' value='$settings{'ID'}'> + <tr> + <td width='30%'>$Lang::tr{'ip address'}: </td> + <td width='50%'><input type='text' name='IGNORE_ENTRY_ADDRESS' value='$entry_address' size='24' /></td> + + <td width='30%'>$Lang::tr{'remark'}: </td> + <td wicth='50%'><input type='text' name=IGNORE_ENTRY_REMARK value='$entry_remark' size='24' /></td> + <td align='center' width='20%'><input type='submit' name='ACTION' value='$buttontext' /></td> + </tr> + </form> + </table> + </div> +END + + &Header::closebox(); +} + +# Function to list currently bocked addresses from guardian and unblock them or add custom entries to block. +sub showBlockedBox() { + &Header::openbox('100%', 'center', $Lang::tr{'guardian blocked hosts'}); + + print <<END; + <table width='60%'> + <tr> + <td colspan='2' class='base' bgcolor='$color{'color20'}'><b>$Lang::tr{'guardian blocked hosts'}</b></td> + </tr> +END + + # Lauch function to get the currently blocked hosts. + my @blocked_hosts = &GetBlockedHosts(); + + my $id = 0; + my $col = ""; + + # Loop through our blocked hosts array. + foreach my $blocked_host (@blocked_hosts) { + + # Increase id number for each element in the ignore file. + $id++; + + # Check if the id number is even or not. + if ($id % 2) { + $col="bgcolor='$color{'color22'}'"; + } else { + $col="bgcolor='$color{'color20'}'"; + } + + print <<END; + <tr> + <td width='80%' class='base' $col><a href='/cgi-bin/ipinfo.cgi?ip=$blocked_host'>$blocked_host</a></td> + <td width='20%' align='center' $col> + <form method='post' name='frmb$id' action='$ENV{'SCRIPT_NAME'}'> + <input type='image' name='$Lang::tr{'unblock'}' src='/images/delete.gif' title='$Lang::tr{'unblock'}' alt='$Lang::tr{'unblock'}'> + <input type='hidden' name='ADDRESS_UNBLOCK' value='$blocked_host'> + <input type='hidden' name='ACTION' value='$Lang::tr{'unblock'}'> + </form> + </td> + </tr> +END + } + + # If the loop only has been runs once the id still is "0", which means there are no + # additional entries (blocked hosts) in the iptables chain. + if ($id == 0) { + + # Print notice that currently no hosts are blocked. + print "<tr>\n"; + print "<td class='base' colspan='2'>$Lang::tr{'guardian no entries'}</td>\n"; + print "</tr>\n"; + } + + print "</table>\n"; + + # Section for a manual block of an IP-address. + print <<END; + <br> + <div align='center'> + <table width='60%' border='0'> + <form method='post' action='$ENV{'SCRIPT_NAME'}'> + <tr> + <td width='30%'>$Lang::tr{'guardian block a host'}: </td> + <td width='40%'><input type='text' name='ADDRESS_BLOCK' value='' size='24' /></td> + <td align='center' width='15%'><input type='submit' name='ACTION' value='$Lang::tr{'block'}'></td> + <td align='center' width='15%'><input type='submit' name='ACTION' value='$Lang::tr{'unblock all'}'></td> + </tr> + </form> + </table> + </div> +END + + &Header::closebox(); +} + +&Header::closebigbox(); +&Header::closepage(); + +# Function to check if guardian has been started. +# Grab process id and consumed memory if the daemon is running. +sub daemonstats() { + $memory = 0; + # for pid and memory + open(FILE, '/usr/local/bin/addonctrl guardian status | '); + @guardian = <FILE>; + close(FILE); + $string = join("", @guardian); + $string =~ s/[a-z_]//gi; + $string =~ s/[[0-1];[0-9]+//gi; + $string =~ s/[().]//gi; + $string =~ s/ //gi; + $string =~ s/\e//gi; + @pid = split(/\s/,$string); + if (open(FILE, "/proc/$pid[0]/statm")){ + my $temp = <FILE>; + @memory = split(/ /,$temp); + close(FILE); + } + $memory+=$memory[0]; +} + +sub GetBlockedHosts() { + # Create new, empty array. + my @hosts; + + # Lauch helper to get chains from iptables. + system('/usr/local/bin/getipstat'); + + # Open temporary file which contains the chains and rules. + open (FILE, '/srv/web/ipfire/html/iptables.txt'); + + # Loop through the entire file. + while (<FILE>) { + my $line = $_; + + # Search for the guardian chain and extract + # the lines between it and the next empty line + # which is placed before the next firewall + # chain starts. + if ($line =~ /^Chain GUARDIAN/ .. /^\s*$/) { + # Skip descriptive lines. + next if ($line =~ /^Chain/); + next if ($line =~ /^ pkts/); + + # Generate array, based on the line content (seperator is a single or multiple space's) + my @comps = split(/\s{1,}/, $line); + my ($lead, $pkts, $bytes, $target, $prot, $opt, $in, $out, $source, $destination) = @comps; + + # Assign different variable names. + my $blocked_host = $source; + + # Add host to our hosts array. + if ($blocked_host) { + push(@hosts, $blocked_host); + } + } + } + + # Close filehandle. + close(FILE); + + # Remove recently created temporary files of the "getipstat" binary. + system(rm -f "/srv/web/ipfire/html/iptables.txt"); + system(rm -f "/srv/web/ipfire/html/iptablesmangle.txt"); + system(rm -f "/srv/web/ipfire/html/iptablesnat.txt"); + + # Convert entries, sort them, write back and store the sorted entries into new array. + my @sorted = map { $_->[0] } + sort { $a->[1] <=> $b->[1] } + map { [$_, int sprintf("%03.f%03.f%03.f%03.f", split(/./, $_))] } + @hosts; + + # Return our sorted list. + return @sorted +} + +sub BuildConfiguration() { + my %settings = (); + &General::readhash("${General::swroot}/guardian/settings", %settings); + + my $configfile = "${General::swroot}/guardian/guardian.conf"; + + # Create the configfile if not exist yet. + unless (-e "$configfile") { system("touch $configfile"); } + + # Open configfile for writing. + open(FILE, ">$configfile"); + + # Config file header. + print FILE "# Autogenerated configuration file.\n"; + print FILE "# All user modifications will be overwritten.\n\n"; + + # Settings for the logging mechanism. + print FILE "# Log settings.\n"; + print FILE "LogFacility = $settings{'GUARDIAN_LOG_FACILITY'}\n"; + + if ($settings{'GUARDIAN_LOG_FACILITY'} eq "file") { + print FILE "LogFile = $settings{'GUARDIAN_LOGFILE'}\n"; + } + + print FILE "LogLevel = $settings{'GUARDIAN_LOGLEVEL'}\n\n"; + + # IPFire related static settings. + print FILE "# IPFire related settings.\n"; + print FILE "FirewallEngine = IPtables\n"; + print FILE "SocketOwner = nobody:nobody\n"; + print FILE "IgnoreFile = $ignorefile\n\n"; + + # Configured block values. + print FILE "# Configured block settings.\n"; + print FILE "BlockCount = $settings{'GUARDIAN_BLOCKCOUNT'}\n"; + print FILE "BlockTime = $settings{'GUARDIAN_BLOCKTIME'}\n"; + print FILE "FirewallAction = $settings{'GUARDIAN_FIREWALL_ACTION'}\n\n"; + + # Enabled modules. + # Loop through whole settings hash. + print FILE "# Enabled modules.\n"; + foreach my $option (keys %settings) { + # Search for enabled modules. + if ($option =~ /GUARDIAN_MONITOR_(.*)/) { + # Skip if module is not enabled. + next unless($settings{$option} eq "on"); + + # Skip module if no file location is available. + next unless(exists($module_file_locations{$1})); + + # Add enabled module and defined path to the config file. + print FILE "Monitor_$1 = $module_file_locations{$1}\n"; + } + } + + # Module settings. + print FILE "\n# Module settings.\n"; + # Check if SNORT is enabled and add snort priority. + if ($settings{'GUARDIAN_MONITOR_SNORT'} eq "on") { + print FILE "SnortPriorityLevel = $settings{'GUARDIAN_SNORT_PRIORITY_LEVEL'}\n"; + } + + close(FILE); + + # Generate ignore file. + &GenerateIgnoreFile(); + + # Check if guardian should be started or stopped. + if($settings{'GUARDIAN_ENABLED'} eq 'on') { + if($pid > 0) { + # Send reload command through socket connection. + &Guardian::Socket::Client("reload"); + } else { + # Launch guardian. + system("/usr/local/bin/addonctrl guardian start &>/dev/null"); + } + } else { + # Stop the daemon. + system("/usr/local/bin/addonctrl guardian stop &>/dev/null"); + } +} + +sub GenerateIgnoreFile() { + my %ignored = (); + + # Read-in ignoredfile. + &General::readhasharray($ignoredfile, %ignored); + + # Create the guardian.ignore file if not exist yet. + unless (-e "$ignorefile") { system("touch $ignorefile"); } + + # Open ignorefile for writing. + open(FILE, ">$ignorefile"); + + # Config file header. + print FILE "# Autogenerated configuration file.\n"; + print FILE "# All user modifications will be overwritten.\n\n"; + + # Add IFPire interfaces and gateway to the ignore file. + # + # Assign some temporary variables for the IPFire interfaces. + my $green = $netsettings{'GREEN_ADDRESS'}; + my $blue = $netsettings{'BLUE_ADDRESS'}; + my $orange = $netsettings{'ORANGE_ADDRESS'}; + + # File declarations. + my $public_address_file = "${General::swroot}/red/local-ipaddress"; + my $gatewayfile = "${General::swroot}/red/remote-ipaddress"; + my $dns1file = "${General::swroot}/red/dns1"; + my $dns2file = "${General::swroot}/red/dns2"; + + # Write the obtained addresses to the ignore file. + print FILE "# IPFire local interfaces.\n"; + print FILE "$green\n"; + + # Check if a blue interface exists. + if ($blue) { + # Add blue address. + print FILE "$blue\n"; + } + + # Check if an orange interface exists. + if ($orange) { + # Add orange address. + print FILE "$orange\n"; + } + + print FILE "\n# IPFire red interface, gateway and used DNS-servers.\n"; + print FILE "# Include the corresponding files to obtain the addresses.\n"; + print FILE "Include_File = $public_address_file\n"; + print FILE "Include_File = $gatewayfile\n"; + print FILE "Include_File = $dns1file\n"; + print FILE "Include_File = $dns2file\n"; + + # Add all user defined hosts and networks to the ignore file. + # + # Check if the hash contains any elements. + if (keys (%ignored)) { + # Write headline. + print FILE "\n# User defined hosts/networks.\n"; + + # Loop through the entire hash and write the host/network + # and remark to the ignore file. + while ( (my $key) = each %ignored) { + my $address = $ignored{$key}[0]; + my $remark = $ignored{$key}[1]; + my $status = $ignored{$key}[2]; + + # Check if the status of the entry is "enabled". + if ($status eq "enabled") { + # Check if the address/network is valid. + if ((&General::validip($address)) || (&General::validipandmask($address))) { + # Write the remark to the file. + print FILE "# $remark\n"; + + # Write the address/network to the ignore file. + print FILE "$address\n\n"; + } + } + } + } + + close(FILE); +} + +# Private subfunction to obtain IP-addresses from given file names. +# +sub _get_address_from_file ($) { + my $file = shift; + + # Check if the file exists. + if (-e $file) { + # Open the given file. + open(FILE, "$file") or die "Could not open $file."; + + # Obtain the address from the first line of the file. + my $address = <FILE>; + + # Close filehandle + close(FILE); + + # Remove newlines. + chomp $address; + + # Check if the grabbed address is valid. + if (&General::validip($address)) { + # Return the address. + return $address; + } + } + + # Return nothing. + return; +} diff --git a/html/cgi-bin/ids.cgi b/html/cgi-bin/ids.cgi index f17b16a..bc066a0 100644 --- a/html/cgi-bin/ids.cgi +++ b/html/cgi-bin/ids.cgi @@ -55,16 +55,7 @@ $snortsettings{'ENABLE_SNORT'} = 'off'; $snortsettings{'ENABLE_SNORT_GREEN'} = 'off'; $snortsettings{'ENABLE_SNORT_BLUE'} = 'off'; $snortsettings{'ENABLE_SNORT_ORANGE'} = 'off'; -$snortsettings{'ENABLE_GUARDIAN'} = 'off'; -$snortsettings{'GUARDIAN_INTERFACE'} = `cat /var/ipfire/red/iface`; -$snortsettings{'GUARDIAN_HOSTGATEWAYBYTE'} = '1'; -$snortsettings{'GUARDIAN_LOGFILE'} = '/var/log/guardian/guardian.log'; -$snortsettings{'GUARDIAN_ALERTFILE'} = '/var/log/snort/alert'; -$snortsettings{'GUARDIAN_IGNOREFILE'} = '/var/ipfire/guardian/guardian.ignore'; -$snortsettings{'GUARDIAN_TARGETFILE'} = '/var/ipfire/guardian/guardian.target'; -$snortsettings{'GUARDIAN_TIMELIMIT'} = '86400'; $snortsettings{'ACTION'} = ''; -$snortsettings{'ACTION2'} = ''; $snortsettings{'RULES'} = ''; $snortsettings{'OINKCODE'} = ''; $snortsettings{'INSTALLDATE'} = ''; @@ -263,9 +254,9 @@ if (-e "/etc/snort/snort.conf") { ####################### End added for snort rules control #################################
if ($snortsettings{'RULES'} eq 'subscripted') { - $url=" https://www.snort.org/rules/snortrules-snapshot-2976.tar.gz?oinkcode=$snorts..."; + $url=" https://www.snort.org/rules/snortrules-snapshot-2982.tar.gz?oinkcode=$snorts..."; } elsif ($snortsettings{'RULES'} eq 'registered') { - $url=" https://www.snort.org/rules/snortrules-snapshot-2976.tar.gz?oinkcode=$snorts..."; + $url=" https://www.snort.org/rules/snortrules-snapshot-2982.tar.gz?oinkcode=$snorts..."; } elsif ($snortsettings{'RULES'} eq 'community') { $url=" https://www.snort.org/rules/community"; } else { @@ -311,39 +302,11 @@ if ($snortsettings{'ACTION'} eq $Lang::tr{'save'} && $snortsettings{'ACTION2'} e } else { unlink "${General::swroot}/snort/enable_preprocessor_http_inspect"; } - if ($snortsettings{'ENABLE_GUARDIAN'} eq 'on') - { - system ('/usr/bin/touch', "${General::swroot}/guardian/enable"); - } else { - unlink "${General::swroot}/guardian/enable"; - }
system('/usr/local/bin/snortctrl restart >/dev/null');
-} elsif ($snortsettings{'ACTION'} eq $Lang::tr{'save'} && $snortsettings{'ACTION2'} eq "guardian" ){ - foreach my $key (keys %snortsettings){ - if ( $key !~ /^GUARDIAN/ ){ - delete $snortsettings{$key}; - } - } - &General::writehashpart("${General::swroot}/snort/settings", %snortsettings); - open(IGNOREFILE, ">$snortsettings{'GUARDIAN_IGNOREFILE'}") or die "Unable to write guardian ignore file $snortsettings{'GUARDIAN_IGNOREFILE'}"; - print IGNOREFILE $snortsettings{'GUARDIAN_IGNOREFILE_CONTENT'}; - close(IGNOREFILE); - open(GUARDIAN, ">/var/ipfire/guardian/guardian.conf") or die "Unable to write guardian conf /var/ipfire/guardian/guardian.conf"; - print GUARDIAN <<END -Interface $snortsettings{'GUARDIAN_INTERFACE'} -HostGatewayByte $snortsettings{'GUARDIAN_HOSTGATEWAYBYTE'} -LogFile $snortsettings{'GUARDIAN_LOGFILE'} -AlertFile $snortsettings{'GUARDIAN_ALERTFILE'} -IgnoreFile $snortsettings{'GUARDIAN_IGNOREFILE'} -TargetFile $snortsettings{'GUARDIAN_TARGETFILE'} -TimeLimit $snortsettings{'GUARDIAN_TIMELIMIT'} -END -; - close(GUARDIAN); - system('/usr/local/bin/snortctrl restart >/dev/null'); } + # INSTALLMD5 is not in the form, so not retrieved by getcgihash &General::readhash("${General::swroot}/snort/settings", %snortsettings);
@@ -400,9 +363,6 @@ $checked{'ENABLE_SNORT_BLUE'}{$snortsettings{'ENABLE_SNORT_BLUE'}} = "checked='c $checked{'ENABLE_SNORT_ORANGE'}{'off'} = ''; $checked{'ENABLE_SNORT_ORANGE'}{'on'} = ''; $checked{'ENABLE_SNORT_ORANGE'}{$snortsettings{'ENABLE_SNORT_ORANGE'}} = "checked='checked'"; -$checked{'ENABLE_GUARDIAN'}{'off'} = ''; -$checked{'ENABLE_GUARDIAN'}{'on'} = ''; -$checked{'ENABLE_GUARDIAN'}{$snortsettings{'ENABLE_GUARDIAN'}} = "checked='checked'"; $selected{'RULES'}{'nothing'} = ''; $selected{'RULES'}{'community'} = ''; $selected{'RULES'}{'emerging'} = ''; @@ -504,9 +464,6 @@ if ($netsettings{'ORANGE_DEV'} ne '') { print " <input type='checkbox' name='ENABLE_SNORT_ORANGE' $checked{'ENABLE_SNORT_ORANGE'}{'on'} /> ORANGE Snort"; } print " <input type='checkbox' name='ENABLE_SNORT' $checked{'ENABLE_SNORT'}{'on'} /> RED Snort"; -if ( -e "/var/ipfire/guardian/guardian.conf" ) { - print " <input type='checkbox' name='ENABLE_GUARDIAN' $checked{'ENABLE_GUARDIAN'}{'on'} /> Guardian"; -}
print <<END </td></tr> @@ -564,32 +521,6 @@ if ($results ne '') {
&Header::closebox();
-####################### Added for guardian control #################################### -if ( -e "/var/ipfire/guardian/guardian.conf" ) { - &Header::openbox('100%', 'LEFT', $Lang::tr{'guardian configuration'}); -print <<END -<form method='post' action='$ENV{'SCRIPT_NAME'}'><table width='100%'> -<tr><td align='left' width='40%'>$Lang::tr{'guardian interface'}</td><td align='left'><input type='text' name='GUARDIAN_INTERFACE' value='$snortsettings{'GUARDIAN_INTERFACE'}' size="30" /></td></tr> -<tr><td align='left' width='40%'>$Lang::tr{'guardian timelimit'}</td><td align='left'><input type='text' name='GUARDIAN_TIMELIMIT' value='$snortsettings{'GUARDIAN_TIMELIMIT'}' size="30" /></td></tr> -<tr><td align='left' width='40%'>$Lang::tr{'guardian logfile'}</td><td align='left'><input type='text' name='GUARDIAN_LOGFILE' value='$snortsettings{'GUARDIAN_LOGFILE'}' size="30" /></td></tr> -<tr><td align='left' width='40%'>$Lang::tr{'guardian alertfile'}</td><td align='left'><input type='text' name='GUARDIAN_ALERTFILE' value='$snortsettings{'GUARDIAN_ALERTFILE'}' size="30" /></td></tr> -<tr><td align='left' width='40%'>$Lang::tr{'guardian ignorefile'}</td><td align='left'><textarea name='GUARDIAN_IGNOREFILE_CONTENT' cols='32' rows='6' wrap='off'> -END -; - print `cat /var/ipfire/guardian/guardian.ignore`; -print <<END -</textarea></td></tr> -<tr><td align='right' colspan='2'><input type='hidden' name='ACTION2' value='guardian' /><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td></tr> -</table> -</form> -END -; - &Header::closebox(); -} - - - - ####################### Added for snort rules control ################################# if ( -e "${General::swroot}/snort/enable" || -e "${General::swroot}/snort/enable_green" || -e "${General::swroot}/snort/enable_blue" || -e "${General::swroot}/snort/enable_orange" ) { &Header::openbox('100%', 'LEFT', $Lang::tr{'intrusion detection system rules'}); diff --git a/html/cgi-bin/logs.cgi/log.dat b/html/cgi-bin/logs.cgi/log.dat index a8a7ba4..f954213 100644 --- a/html/cgi-bin/logs.cgi/log.dat +++ b/html/cgi-bin/logs.cgi/log.dat @@ -67,7 +67,8 @@ my %sections = ( 'pakfire' => '(pakfire:) ', 'wireless' => '(hostapd:|kernel: ath.*:|kernel: wifi[0-9]:) ', 'squid' => '(squid[.*]: |squid: )', - 'snort' => '(snort[.*]: )' + 'snort' => '(snort[.*]: )', + 'guardian' => '(guardian[.*]: )' );
# Translations for the %sections array. @@ -90,7 +91,8 @@ my %trsections = ( 'pakfire' => 'Pakfire', 'wireless' => 'Wireless', 'squid' => "$Lang::tr{'web proxy'}", - 'snort' => "$Lang::tr{'intrusion detection'}" + 'snort' => "$Lang::tr{'intrusion detection'}", + 'guardian' => "$Lang::tr{'guardian'}" );
diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi index 1c9bb87..0b7d36c 100644 --- a/html/cgi-bin/proxy.cgi +++ b/html/cgi-bin/proxy.cgi @@ -1532,7 +1532,7 @@ END ;
foreach (@throttle_limits) { - print "\t<option value='$_' $selected{'THROTTLING_GREEN_TOTAL'}{$_}>$_ kBit/s</option>\n"; + print "\t<option value='$_' $selected{'THROTTLING_GREEN_TOTAL'}{$_}>$_ kbit/s</option>\n"; }
print <<END @@ -1546,7 +1546,7 @@ END ;
foreach (@throttle_limits) { - print "\t<option value='$_' $selected{'THROTTLING_GREEN_HOST'}{$_}>$_ kBit/s</option>\n"; + print "\t<option value='$_' $selected{'THROTTLING_GREEN_HOST'}{$_}>$_ kbit/s</option>\n"; }
print <<END @@ -1567,7 +1567,7 @@ END ;
foreach (@throttle_limits) { - print "\t<option value='$_' $selected{'THROTTLING_BLUE_TOTAL'}{$_}>$_ kBit/s</option>\n"; + print "\t<option value='$_' $selected{'THROTTLING_BLUE_TOTAL'}{$_}>$_ kbit/s</option>\n"; }
print <<END @@ -1581,7 +1581,7 @@ END ;
foreach (@throttle_limits) { - print "\t<option value='$_' $selected{'THROTTLING_BLUE_HOST'}{$_}>$_ kBit/s</option>\n"; + print "\t<option value='$_' $selected{'THROTTLING_BLUE_HOST'}{$_}>$_ kbit/s</option>\n"; }
print <<END diff --git a/html/cgi-bin/tor.cgi b/html/cgi-bin/tor.cgi index 193e405..fbad2d4 100644 --- a/html/cgi-bin/tor.cgi +++ b/html/cgi-bin/tor.cgi @@ -432,9 +432,9 @@ END
foreach (@bandwidth_limits) { if ($_ >= 1024) { - print "<option value='$_' $selected{'TOR_RELAY_BANDWIDTH_RATE'}{$_}>". $_ / 1024 ." MBit/s</option>\n"; + print "<option value='$_' $selected{'TOR_RELAY_BANDWIDTH_RATE'}{$_}>". $_ / 1024 ." Mbit/s</option>\n"; } else { - print "<option value='$_' $selected{'TOR_RELAY_BANDWIDTH_RATE'}{$_}>$_ kBit/s</option>\n"; + print "<option value='$_' $selected{'TOR_RELAY_BANDWIDTH_RATE'}{$_}>$_ kbit/s</option>\n"; } }
@@ -455,9 +455,9 @@ END
foreach (@bandwidth_limits) { if ($_ >= 1024) { - print "<option value='$_' $selected{'TOR_RELAY_BANDWIDTH_BURST'}{$_}>". $_ / 1024 ." MBit/s</option>\n"; + print "<option value='$_' $selected{'TOR_RELAY_BANDWIDTH_BURST'}{$_}>". $_ / 1024 ." Mbit/s</option>\n"; } else { - print "<option value='$_' $selected{'TOR_RELAY_BANDWIDTH_BURST'}{$_}>$_ kBit/s</option>\n"; + print "<option value='$_' $selected{'TOR_RELAY_BANDWIDTH_BURST'}{$_}>$_ kbit/s</option>\n"; } } print <<END; @@ -978,7 +978,7 @@ sub FormatBytes() { sub FormatBitsPerSecond() { my $bits = shift;
- my @units = ("Bit/s", "KBit/s", "MBit/s", "GBit/s", "TBit/s"); + my @units = ("bit/s", "kbit/s", "Mbit/s", "Gbit/s", "Tbit/s"); my $units_index = 0;
while (($units_index <= $#units) && ($bits >= 1024)) { diff --git a/html/html/themes/ipfire/include/functions.pl b/html/html/themes/ipfire/include/functions.pl index eedf069..7f6000a 100644 --- a/html/html/themes/ipfire/include/functions.pl +++ b/html/html/themes/ipfire/include/functions.pl @@ -70,8 +70,8 @@ sub showmenu() { print <<EOF; <div id='traffic'> <strong>Traffic:</strong> - In <span id='rx_kbs'>--.-- Bit/s</span> - Out <span id='tx_kbs'>--.-- Bit/s</span> + In <span id='rx_kbs'>--.-- bit/s</span> + Out <span id='tx_kbs'>--.-- bit/s</span> </div> EOF } diff --git a/html/html/themes/ipfire/include/js/refreshInetInfo.js b/html/html/themes/ipfire/include/js/refreshInetInfo.js index 259f86e..7d9cf8f 100644 --- a/html/html/themes/ipfire/include/js/refreshInetInfo.js +++ b/html/html/themes/ipfire/include/js/refreshInetInfo.js @@ -51,7 +51,7 @@ function refreshInetInfo() { }
function format_bytes(bytes) { - var units = ["Bit/s", "kBit/s", "MBit/s", "GBit/s", "TBit/s"]; + var units = ["bit/s", "kbit/s", "Mbit/s", "Gbit/s", "Tbit/s"];
var unit = units[0]; for (var i = 1; i < units.length; i++) { diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index 7c330bb..400c2fe 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -786,7 +786,7 @@ 'dos charset' => 'DOS Charset', 'down and up speed' => 'Geben Sie bitte hier ihre Download- bzw. Upload-Geschwindigkeit ein <br /> und klicken Sie danach auf <i>Speichern</i>.', 'downlink' => 'Downlink', -'downlink speed' => 'Downlink-Geschwindigkeit (kBit/sek)', +'downlink speed' => 'Downlink-Geschwindigkeit (kbit/sek)', 'downlink std class' => 'Downloadstandardklasse', 'download' => 'herunterladen', 'download ca certificate' => 'CA-Zertifikat herunterladen', @@ -1217,12 +1217,30 @@ 'green interface' => 'Grünes Interface', 'grouptype' => 'Gruppentyp:', 'guaranteed bandwith' => 'Garantierte Bandbreite', -'guardian alertfile' => 'Alertfile', -'guardian configuration' => 'Guardian Konfiguration', -'guardian ignorefile' => 'Ignorefile', -'guardian interface' => 'Interface', -'guardian logfile' => 'Logfile', -'guardian timelimit' => 'Timelimit', +'guardian' => 'Guardian', +'guardian block a host' => 'Host blocken', +'guardian block httpd brute-force' => 'httpd-Brute-Force-Erkennung', +'guardian block owncloud brute-force' => 'Owncloud-Brute-Force-Erkennung', +'guardian block ssh brute-force' => 'SSH-Brute-Force-Erkennung', +'guardian blockcount' => 'Trefferschwelle', +'guardian blocked hosts' => 'Aktuell geblockte Hosts', +'guardian blocking of this address is not allowed' => 'Diese Addresse darf nicht gelockt werden.', +'guardian blocktime' => 'Blockzeit', +'guardian common settings' => 'Allgemeine Einstellungen', +'guardian configuration' => 'Guardian-Konfiguration', +'guardian daemon' => 'Daemon', +'guardian empty input' => 'Fehlende Angabe: Bitte eine gültige IP-Addresse oder Netzwerk angeben.', +'guardian enabled' => 'Guardian aktivieren', +'guardian firewallaction' => 'Firewall-Aktion', +'guardian ignored hosts' => 'Ignorierte Hosts', +'guardian invalid address or subnet' => 'Ungültige Host-Addresse oder Netzwerk.', +'guardian logfacility' => 'Logziel', +'guardian logfile' => 'Logdatei', +'guardian loglevel' => 'Loglevel', +'guardian no entries' => 'Keine Einträge vorhanden.', +'guardian priority level' => 'Prioritätslevel', +'guardian service' => 'Guardian-Dienst', +'guardian watch snort alertfile' => 'Snort-Alarme auswerten', 'guest ok' => 'Gastzugang gewähren', 'gui settings' => 'Benutzeroberfläche', 'gz with key' => 'Nur ein verschlüsseltes Archiv kann auf dieser Maschine wiederhergestellt werden.', @@ -2323,7 +2341,7 @@ 'updxlrtr maintenance' => 'Wartung', 'updxlrtr marked as' => 'markiert als', 'updxlrtr max disk usage' => 'Max. Festplattennutzung', -'updxlrtr max download rate' => 'Max. externe Downloadrate (kBit/s)', +'updxlrtr max download rate' => 'Max. externe Downloadrate (kbit/s)', 'updxlrtr month' => 'einem Monat', 'updxlrtr monthly' => 'monatlich', 'updxlrtr not accessed' => 'nicht zugegriffen seit', @@ -2357,7 +2375,7 @@ 'updxlrtr year' => 'einem Jahr', 'upgrade' => 'upgrade', 'uplink' => 'Uplink', -'uplink speed' => 'Uplink-Geschwindigkeit (kBit/sek)', +'uplink speed' => 'Uplink-Geschwindigkeit (kbit/sek)', 'uplink std class' => 'Uploadstandardklasse', 'upload' => 'Hochladen', 'upload a certificate' => 'Ein Zertifikat hochladen:', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 23f6310..7a7c104 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -868,25 +868,25 @@ 'eg' => 'e.g.:', 'email config' => 'Configuration', 'email empty field' => 'Empty field', -'email error' => 'ERROR: Testmail could not be sent', +'email error' => 'ERROR: Test mail could not be sent', 'email invalid' => 'Invalid field', -'email invalid mailfqdn' => 'Invalid mailserver fqdn', -'email invalid mailip' => 'Invalid mailserver IP address', -'email invalid mailport' => 'Invalid mailserver port', -'email mailaddr' => 'Mailserver address', +'email invalid mailfqdn' => 'Invalid mail server fqdn', +'email invalid mailip' => 'Invalid mail server IP address', +'email invalid mailport' => 'Invalid mail server port', +'email mailaddr' => 'Mail Server Address', 'email mailpass' => 'Password', -'email mailport' => 'Mailserver port', -'email mailrcpt' => 'Mail recipient', -'email mailsender' => 'Mail sender', +'email mailport' => 'Mail Server Port', +'email mailrcpt' => 'Mail Recipient', +'email mailsender' => 'Mail Sender', 'email mailuser' => 'Username', 'email server can not be empty' => 'E-mail server can not be empty', -'email settings' => 'Mailservice', -'email subject' => 'IPFire Testmail', -'email success' => 'Testmail successfully sent', -'email testmail' => 'Send testmail', -'email text' => 'Testmail from IPFire Mailservice.', +'email settings' => 'Mail Service', +'email subject' => 'IPFire Test Mail', +'email success' => 'Test message successfully sent', +'email testmail' => 'Send test mail', +'email text' => 'Test mail from IPFire Mail Service', 'email tls' => 'Use TLS', -'email usemail' => 'Activate Mailservice', +'email usemail' => 'Activate Mail Service', 'emailreportlevel' => 'E-mailreportlevel', 'emerging rules' => 'Emergingthreats.net Community Rules', 'empty' => 'This field may be left blank', @@ -1246,12 +1246,32 @@ 'green interface' => 'Green Interface', 'grouptype' => 'Grouptype:', 'guaranteed bandwith' => 'Guaranteed bandwith', -'guardian alertfile' => 'Alertfile', +'guardian' => 'Guardian', +'guardian block a host' => 'Block host', +'guardian block httpd brute-force' => 'httpd Brute Force Detection', +'guardian block owncloud brute-force' => 'Owncloud Brute Force detection', +'guardian block ssh brute-force' => 'SSH Brute Force Detection', +'guardian blockcount' => 'Strike Threshold', +'guardian blocked hosts' => 'Currently blocked hosts', +'guardian blocking of this address is not allowed' => 'Blocking of the given address is not allowed.', +'guardian blocktime' => 'Block Time', +'guardian common settings' => 'Common Settings', 'guardian configuration' => 'Guardian Configuration', -'guardian ignorefile' => 'Ignorefile', -'guardian interface' => 'Interface', -'guardian logfile' => 'Logfile', -'guardian timelimit' => 'Timelimit', +'guardian daemon' => 'Daemon', +'guardian empty input' => 'Empty input: Please perform a valid host address or subnet.', +'guardian enabled' => 'Enable Guardian', +'guardian firewallaction' => 'Firewall Action', +'guardian ignored hosts' => 'Ignored Hosts', +'guardian invalid address or subnet' => 'Invalid host address or subnet.', +'guardian logfacility' => 'Log Facility', +'guardian logfile' => 'Log File', +'guardian loglevel' => 'Log Level', +'guardian no entries' => 'No entries at the moment.', +'guardian not running no hosts can be blocked' => 'Guardian is not running. No hosts will be blocked.', +'guardian priority level' => 'Priority Level', +'guardian service' => 'Guardian Service', +'guardian snort alertfile' => 'Snort Alert File', +'guardian watch snort alertfile' => 'Monitor Snort Alert File', 'guest ok' => 'allow guests to access', 'gui settings' => 'GUI Settings', 'gz with key' => 'Only an encrypted archive can be restored on this machine.', @@ -2363,7 +2383,7 @@ 'updxlrtr maintenance' => 'Maintenance', 'updxlrtr marked as' => 'marked as', 'updxlrtr max disk usage' => 'Max. disk usage', -'updxlrtr max download rate' => 'Max. external download rate (kBit/s)', +'updxlrtr max download rate' => 'Max. external download rate (kbit/s)', 'updxlrtr month' => 'one month', 'updxlrtr monthly' => 'monthly', 'updxlrtr not accessed' => 'not accessed since', diff --git a/langs/es/cgi-bin/es.pl b/langs/es/cgi-bin/es.pl index e24e75e..7ac5d11 100644 --- a/langs/es/cgi-bin/es.pl +++ b/langs/es/cgi-bin/es.pl @@ -1813,7 +1813,7 @@ 'updxlrtr maintenance' => 'Mantenimiento', 'updxlrtr marked as' => 'marcado como', 'updxlrtr max disk usage' => 'Máximo uso de disco', -'updxlrtr max download rate' => 'Tasa Máxima de descarga externa (kBit/s)', +'updxlrtr max download rate' => 'Tasa Máxima de descarga externa (kbit/s)', 'updxlrtr month' => 'un mes', 'updxlrtr monthly' => 'mensual', 'updxlrtr not accessed' => 'no se ha accesado desde', diff --git a/langs/fr/cgi-bin/fr.pl b/langs/fr/cgi-bin/fr.pl index 0d173ae..61c514d 100644 --- a/langs/fr/cgi-bin/fr.pl +++ b/langs/fr/cgi-bin/fr.pl @@ -1818,7 +1818,7 @@ 'updxlrtr maintenance' => 'Maintenance', 'updxlrtr marked as' => 'marqué comme', 'updxlrtr max disk usage' => 'Utilisation du disque Max.', -'updxlrtr max download rate' => 'Taux de téléchargement externe Max. (kBit/s)', +'updxlrtr max download rate' => 'Taux de téléchargement externe Max. (kbit/s)', 'updxlrtr month' => 'un mois', 'updxlrtr monthly' => 'mensuellement', 'updxlrtr not accessed' => 'la dernière utilisation date de', diff --git a/langs/it/cgi-bin/it.pl b/langs/it/cgi-bin/it.pl index 950f700..2ed22f2 100644 --- a/langs/it/cgi-bin/it.pl +++ b/langs/it/cgi-bin/it.pl @@ -2281,7 +2281,7 @@ 'updxlrtr maintenance' => 'Maintenance', 'updxlrtr marked as' => 'marked as', 'updxlrtr max disk usage' => 'Max. disk usage', -'updxlrtr max download rate' => 'Max. external download rate (kBit/s)', +'updxlrtr max download rate' => 'Max. external download rate (kbit/s)', 'updxlrtr month' => 'one month', 'updxlrtr monthly' => 'Mensile', 'updxlrtr not accessed' => 'not accessed since', diff --git a/langs/nl/cgi-bin/nl.pl b/langs/nl/cgi-bin/nl.pl index 9d90a08..2469ff2 100644 --- a/langs/nl/cgi-bin/nl.pl +++ b/langs/nl/cgi-bin/nl.pl @@ -2226,7 +2226,7 @@ 'updxlrtr maintenance' => 'Onderhoud', 'updxlrtr marked as' => 'gemarkeerd als', 'updxlrtr max disk usage' => 'Max. schijfgebruik', -'updxlrtr max download rate' => 'Max. externe downloadsnelheid (kBit/s)', +'updxlrtr max download rate' => 'Max. externe downloadsnelheid (kbit/s)', 'updxlrtr month' => 'een maand', 'updxlrtr monthly' => 'maandelijks', 'updxlrtr not accessed' => 'niet benaderd sinds', diff --git a/langs/pl/cgi-bin/pl.pl b/langs/pl/cgi-bin/pl.pl index 47abf2c..9214205 100644 --- a/langs/pl/cgi-bin/pl.pl +++ b/langs/pl/cgi-bin/pl.pl @@ -1826,7 +1826,7 @@ 'updxlrtr maintenance' => 'Konserwacja', 'updxlrtr marked as' => 'oznaczone jako', 'updxlrtr max disk usage' => 'Maks. wykorzystanie dysku', -'updxlrtr max download rate' => 'Maks. prędkość pobierania (kBit/s)', +'updxlrtr max download rate' => 'Maks. prędkość pobierania (kbit/s)', 'updxlrtr month' => 'miesiąca', 'updxlrtr monthly' => 'miesięcznie', 'updxlrtr not accessed' => 'bez żądania od', diff --git a/langs/ru/cgi-bin/ru.pl b/langs/ru/cgi-bin/ru.pl index 6840f81..6a45f7f 100644 --- a/langs/ru/cgi-bin/ru.pl +++ b/langs/ru/cgi-bin/ru.pl @@ -1821,7 +1821,7 @@ 'updxlrtr maintenance' => 'Управление', 'updxlrtr marked as' => 'отмечен как', 'updxlrtr max disk usage' => 'Максимальное использование диска', -'updxlrtr max download rate' => 'Максимальная скорость загрузки (kBit/s)', +'updxlrtr max download rate' => 'Максимальная скорость загрузки (kbit/s)', 'updxlrtr month' => 'один месяц', 'updxlrtr monthly' => 'Ежемесячно', 'updxlrtr not accessed' => 'Не обращались с', diff --git a/lfs/7zip b/lfs/7zip index e3ac3b3..847f89f 100644 --- a/lfs/7zip +++ b/lfs/7zip @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2015 Michael Tremer & Christian Schmidt # +# Copyright (C) 2007-2016 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = 7zip -PAK_VER = 5 +PAK_VER = 6
DEPS = ""
@@ -77,6 +77,8 @@ dist: $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) patch -Np1 < $(DIR_SRC)/src/patches/p7zip/CVE-2016-2334.patch + cd $(DIR_APP) patch -Np1 < $(DIR_SRC)/src/patches/p7zip/CVE-2016-2335.patch cd $(DIR_APP) && make 7z $(MAKETUNING) cd $(DIR_APP) && make install @rm -rf $(DIR_APP) diff --git a/lfs/acl b/lfs/acl index 047ff5e..de3ac49 100644 --- a/lfs/acl +++ b/lfs/acl @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2010 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2016 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,13 +24,13 @@
include Config
-VER = 2.2.47 +VER = 2.2.52
THISAPP = acl-$(VER) -DL_FILE = $(THISAPP).tar.bz2 +DL_FILE = $(THISAPP).src.tar.gz DL_FROM = $(URL_IPFIRE) -DIR_APP = $(DIR_SRC)/$(THISAPP) -TARGET = $(DIR_INFO)/$(THISAPP) +DIR_APP = $(DIR_SRC)/acl-2.2.52 +TARGET = $(DIR_INFO)/acl-2.2.52
############################################################################### # Top-level Rules @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 09c8b9684695527e8f237364afb7811f +$(DL_FILE)_MD5 = a61415312426e9c2212bd7dc7929abda
install : $(TARGET)
@@ -69,11 +69,12 @@ $(subst %,%_MD5,$(objects)) :
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) - @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && ./configure + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && ./configure --prefix=/usr --libexecdir=/usr/lib --disable-static cd $(DIR_APP) && make cd $(DIR_APP) && make install cd $(DIR_APP) && make install-lib cd $(DIR_APP) && make install-dev + chmod -v 755 /usr/lib/libacl.so @rm -rf $(DIR_APP) @$(POSTBUILD) diff --git a/lfs/acpid b/lfs/acpid index 476c9a8..9169857 100644 --- a/lfs/acpid +++ b/lfs/acpid @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2015 Michael Tremer & Christian Schmidt # +# Copyright (C) 2007-2016 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 2.0.23 +VER = 2.0.26
THISAPP = acpid-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -41,7 +41,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = d7bcdcdefcd53b03730e50ba842554ea +$(DL_FILE)_MD5 = f6d772e35ed907f1cc14ad1a546fd473
install : $(TARGET)
@@ -71,7 +71,8 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && ./configure --prefix=/usr + cd $(DIR_APP) && ./configure --prefix=/usr \ + --docdir=/usr/share/doc/acpid-2.0.26 cd $(DIR_APP) && make $(MAKETUNING) OPT="$(CFLAGS)" cd $(DIR_APP) && make install
diff --git a/lfs/backports b/lfs/backports index 3c8e6cd..5706b75 100644 --- a/lfs/backports +++ b/lfs/backports @@ -112,6 +112,11 @@ ifeq "$(KCFG)" "-rpi" cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.10-smsc95xx-add_mac_addr_param.patch endif
+ # Patches form stable linux updates + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/backports/backports-linux-upstream-1.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/backports/backports-linux-upstream-2.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/backports/backports-linux-upstream-3.patch + # generate config cd $(DIR_APP) && make KLIB=/lib/modules/$(KVER)-$(VERSUFIX)/ allmodconfig
diff --git a/lfs/curl b/lfs/curl index 2fcfa7e..eb23544 100644 --- a/lfs/curl +++ b/lfs/curl @@ -24,10 +24,10 @@
include Config
-VER = 7.48.0 +VER = 7.49.1
THISAPP = curl-$(VER) -DL_FILE = $(THISAPP).tar.bz2 +DL_FILE = $(THISAPP).tar.lzma DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = d42e0fc34a5cace5739631cc040974fe +$(DL_FILE)_MD5 = ae5e5e395da413d1fa0864e1d0a3fa57
install : $(TARGET)
@@ -69,10 +69,12 @@ $(subst %,%_MD5,$(objects)) :
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) - @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar xvf $(DIR_DL)/$(DL_FILE) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) cd $(DIR_APP) && ./configure \ --prefix=/usr \ --disable-ipv6 \ + --disable-static \ + --enable-threaded-resolver \ --with-ca-bundle=/etc/ssl/certs/ca-bundle.crt cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install diff --git a/lfs/ddns b/lfs/ddns index 750c728..422f8e3 100644 --- a/lfs/ddns +++ b/lfs/ddns @@ -24,7 +24,7 @@
include Config
-VER = 009 +VER = 010
THISAPP = ddns-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 31f949d9f417ee7f801cf8aac849a92e +$(DL_FILE)_MD5 = 51e74b613732c0d7be3adb3348a5ed95
install : $(TARGET)
diff --git a/lfs/dnsmasq b/lfs/dnsmasq index e425f7d..eb0f0ba 100644 --- a/lfs/dnsmasq +++ b/lfs/dnsmasq @@ -73,6 +73,18 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/001-Calculate_length_of_TFTP_error_reply_correctly.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/002-Zero_newly_malloc_ed_memory.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/003-Check_return_of_expand_always.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/004-Fix_editing_error_on_man_page.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/005-Manpage_typo.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/006-Fix_bad_behaviour_with_some_DHCP_option_arrangements.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/007-Fix_logic_error_in_Linux_netlink_code.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/008-Fix_problem_with_--dnssec-timestamp.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/009-malloc_memset_calloc_for_efficiency.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/010-Zero_packet_buffers_before_building_output_to_reduce_risk_of_information_leakage.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/011-Dont_reset_packet_length_on_transmission_in_case_of_retransmission.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq/012-Compile-time_check_on_buffer_sizes_for_leasefile_parsing_code.patch cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dnsmasq-Add-support-to-read-ISC-DHCP-lease-file.patch
cd $(DIR_APP) && sed -i src/config.h \ diff --git a/lfs/foomatic b/lfs/foomatic index 15abf53..68c19df 100644 --- a/lfs/foomatic +++ b/lfs/foomatic @@ -35,7 +35,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/foomatic-filters-$(VER_FILTERS) TARGET = $(DIR_INFO)/$(THISAPP) PROG = foomatic -PAK_VER = 2 +PAK_VER = 3
DEPS = "cups ghostscript libtiff hplip"
diff --git a/lfs/freeradius b/lfs/freeradius new file mode 100644 index 0000000..d9a80c6 --- /dev/null +++ b/lfs/freeradius @@ -0,0 +1,137 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2016 IPFire Team info@ipfire.org # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include Config + +VER = 3.0.11 + +THISAPP = freeradius-server-$(VER) +DL_FILE = $(THISAPP).tar.gz +DL_FROM = $(URL_IPFIRE) +DIR_APP = $(DIR_SRC)/$(THISAPP) +TARGET = $(DIR_INFO)/$(THISAPP) +PROG = freeradius +PAK_VER = 1 + +DEPS = "samba" + +############################################################################### +# Top-level Rules +############################################################################### + +objects = $(DL_FILE) + +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) + +$(DL_FILE)_MD5 = 9428ba0d25293a2b5acd3b85f3dd46d0 + +install : $(TARGET) + +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) + +download :$(patsubst %,$(DIR_DL)/%,$(objects)) + +md5 : $(subst %,%_MD5,$(objects)) + +dist: + @$(PAK) + +############################################################################### +# Downloading, checking, md5sum +############################################################################### + +$(patsubst %,$(DIR_CHK)/%,$(objects)) : + @$(CHECK) + +$(patsubst %,$(DIR_DL)/%,$(objects)) : + @$(LOAD) + +$(subst %,%_MD5,$(objects)) : + @$(MD5) + +############################################################################### +# Installation Details +############################################################################### + +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) + @$(PREBUILD) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && \ + ./configure \ + --prefix=/usr \ + --sysconfdir=/etc \ + --libdir=/usr/lib/freeradius \ + --localstatedir=/var \ + --with-system-libtool \ + --with-threads \ + --with-thread-pool \ + --disable-ltdl-install \ + --without-rlm_eap_ikev2 \ + --without-rlm_sql_iodbc \ + --without-rlm_sql_firebird \ + --without-rlm_sql_db2 \ + --without-rlm_sql_oracle \ + --without-rlm_sql_sqlite \ + --without-rlm_sql_mysql + + cd $(DIR_APP) && make $(MAKETUNING) + cd $(DIR_APP) && make install + + sed -i /etc/raddb/radiusd.conf \ + -e "s/^#user =.*$$/user = nobody/" \ + -e "s/^#group =.*$$/group = nobody/" + + rm -rvf \ + /root/.rnd \ + /var/run/radiusd \ + /etc/raddb/certs/*.crt \ + /etc/raddb/certs/*.csr \ + /etc/raddb/certs/*.der \ + /etc/raddb/certs/*.key \ + /etc/raddb/certs/*.pem \ + /etc/raddb/certs/*.p12 \ + /etc/raddb/certs/index.* \ + /etc/raddb/certs/serial* \ + /etc/raddb/certs/dh \ + /etc/raddb/certs/random \ + /usr/sbin/rc.radiusd \ + /usr/bin/rbmonkey \ + /etc/raddb/mods-config/sql/main/mssql \ + /etc/raddb/mods-config/sql/ippool/oracle \ + /etc/raddb/mods-config/sql/ippool-dhcp/oracle \ + /etc/raddb/mods-config/sql/main/oracle \ + /etc/raddb/mods-available/unbound \ + /etc/raddb/mods-config/unbound/default.conf \ + /etc/raddb/mods-available/couchbase \ + /etc/raddb/mods-available/abfab* \ + /etc/raddb/policy.d/abfab* \ + /etc/raddb/sites-available/abfab* \ + /usr/lib/freeradius/rlm_test.so \ + /etc/raddb/experimental.conf + + install -v -m 644 $(DIR_SRC)/config/backup/includes/freeradius \ + /var/ipfire/backup/addons/includes/freeradius + + @rm -rf $(DIR_APP) + @$(POSTBUILD) diff --git a/lfs/guardian b/lfs/guardian index a91fbd9..b02ec54 100644 --- a/lfs/guardian +++ b/lfs/guardian @@ -24,46 +24,89 @@
include Config
-VER = ipfire +VER = 2.0
THISAPP = guardian-$(VER) +DL_FILE = $(THISAPP).tar.gz +DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) + PROG = guardian -PAK_VER = 9 +PAK_VER = 10 + +DEPS = "perl-inotify2 perl-Net-IP"
-DEPS = ""
############################################################################### # Top-level Rules ###############################################################################
-objects = +objects = $(DL_FILE) + +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) + +$(DL_FILE)_MD5 = 15be3b14a70e21502368deca74903f5c
install : $(TARGET)
-check : +check : $(patsubst %,$(DIR_CHK)/%,$(objects))
-download : +download :$(patsubst %,$(DIR_DL)/%,$(objects))
-md5 : +md5 : $(subst %,%_MD5,$(objects))
-dist: +dist: @$(PAK)
############################################################################### +# Downloading, checking, md5sum +############################################################################### + +$(patsubst %,$(DIR_CHK)/%,$(objects)) : + @$(CHECK) + +$(patsubst %,$(DIR_DL)/%,$(objects)) : + @$(LOAD) + +$(subst %,%_MD5,$(objects)) : + @$(MD5) + +############################################################################### # Installation Details ###############################################################################
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) - -mkdir -p /var/ipfire/guardian /var/log/guardian - touch /var/log/guardian/guardian.log - touch /var/ipfire/guardian/guardian.ignore - install -v -m 644 $(DIR_SRC)/config/guardian/guardian.conf /var/ipfire/guardian/ - install -v -m 755 $(DIR_SRC)/config/guardian/guardian.pl /usr/local/bin/ - install -v -m 755 $(DIR_SRC)/config/guardian/guardian_block.sh /usr/local/bin/ - install -v -m 755 $(DIR_SRC)/config/guardian/guardian_unblock.sh /usr/local/bin/ + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axvf $(DIR_DL)/$(DL_FILE) + + # Adjust path for firewall binaries. + cd $(DIR_APP) && sed -i "s|/usr/sbin/|/sbin/|g" modules/IPtables.pm + + cd $(DIR_APP) && make + cd $(DIR_APP) && make install + + # Create config directory and create files. + -mkdir -pv /var/ipfire/guardian chown nobody.nobody /var/ipfire/guardian - chown nobody.nobody /var/ipfire/guardian/{guardian.conf,guardian.ignore} + + # Create directory and file for logging. + -mkdir -pv /var/log/guardian + touch /var/log/guardian/guardian.log + + # Create symlinks for runlevel interaction. + ln -svf /etc/rc.d/init.d/guardian /etc/rc.d/rc3.d/S45guardian + ln -svf /etc/rc.d/init.d/guardian /etc/rc.d/rc0.d/K76guardian + ln -svf /etc/rc.d/init.d/guardian /etc/rc.d/rc6.d/K76guardian + + # Install include file for backup. + install -v -m 644 $(DIR_SRC)/config/backup/includes/guardian \ + /var/ipfire/backup/addons/includes/guardian + + # Logrotate. + -mkdir -pv /etc/logrotate.d + install -v -m 644 $(DIR_SRC)/config/guardian/guardian.logrotate \ + /etc/logrotate.d/guardian + + @rm -rf $(DIR_APP) @$(POSTBUILD) diff --git a/lfs/htop b/lfs/htop index 9c0a90c..ee48d65 100644 --- a/lfs/htop +++ b/lfs/htop @@ -24,7 +24,7 @@
include Config
-VER = 2.0.1 +VER = 2.0.2
THISAPP = htop-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = htop -PAK_VER = 8 +PAK_VER = 9
DEPS = ""
@@ -44,7 +44,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = f75fe92b4defaa80d99109830f34b5e2 +$(DL_FILE)_MD5 = 7d354d904bad591a931ad57e99fea84a
install : $(TARGET)
diff --git a/lfs/iputils b/lfs/iputils index bb08793..56ef07c 100644 --- a/lfs/iputils +++ b/lfs/iputils @@ -24,10 +24,10 @@
include Config
-VER = s20121221 +VER = s20160308
THISAPP = iputils-$(VER) -DL_FILE = $(THISAPP).tar.bz2 +DL_FILE = $(THISAPP).tar.gz DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 6072aef64205720dd1893b375e184171 +$(DL_FILE)_MD5 = a3ff521e21a383f562c2f06472c5bca0
install : $(TARGET)
@@ -69,7 +69,7 @@ $(subst %,%_MD5,$(objects)) :
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) - @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) cd $(DIR_APP) && make ping tracepath cd $(DIR_APP) && install -m 4755 ping /usr/bin cd $(DIR_APP) && install -m 0755 tracepath /usr/bin diff --git a/lfs/libarchive b/lfs/libarchive index 43365ee..58b4b6e 100644 --- a/lfs/libarchive +++ b/lfs/libarchive @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2015 IPFire Team info@ipfire.org # +# Copyright (C) 2016 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 3.1.2 +VER = 3.2.1
THISAPP = libarchive-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -41,7 +41,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = efad5a503f66329bb9d2f4308b5de98a +$(DL_FILE)_MD5 = afa257047d1941a565216edbf0171e72
install : $(TARGET)
@@ -74,12 +74,8 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && ./configure \ - --prefix=/usr \ - --disable-static - + cd $(DIR_APP) && ./configure --prefix=/usr --disable-static cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install - @rm -rf $(DIR_APP) @$(POSTBUILD) diff --git a/lfs/libcap b/lfs/libcap index 66ab555..836f9c7 100644 --- a/lfs/libcap +++ b/lfs/libcap @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2014 Michael Tremer & Christian Schmidt # +# Copyright (C) 2016 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,10 +24,10 @@
include Config
-VER = 2.24 +VER = 2.25
THISAPP = libcap-$(VER) -DL_FILE = $(THISAPP).tar.gz +DL_FILE = $(THISAPP).tar.xz DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = ffb154f29b1d28466c6fe6add8286a2d +$(DL_FILE)_MD5 = 6666b839e5d46c2ad33fc8aa2ceb5f77
install : $(TARGET)
@@ -69,11 +69,14 @@ $(subst %,%_MD5,$(objects)) :
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) - @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) + # Prevent a static library from being installed + cd $(DIR_APP) && sed -i '/install.*STALIBNAME/d' libcap/Makefile cd $(DIR_APP) && make cd $(DIR_APP) && make install - # link for old binaries + # links for old binaries ln -svf libcap.so.2 /lib/libcap.so.1 + ln -svf /lib/libcap.so.2.25 /usr/lib/libcap.so chmod +x /lib/libcap.so.* @rm -rf $(DIR_APP) @$(POSTBUILD) diff --git a/lfs/libtiff b/lfs/libtiff index f5e4d57..2a6d32d 100644 --- a/lfs/libtiff +++ b/lfs/libtiff @@ -24,7 +24,7 @@
include Config
-VER = 3.9.4 +VER = 4.0.6
THISAPP = tiff-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = libtiff -PAK_VER = 2 +PAK_VER = 3
DEPS = ""
@@ -44,7 +44,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 2006c1bdd12644dbf02956955175afd6 +$(DL_FILE)_MD5 = d1d2e940dea0b5ad435f21f03d96dd72
install : $(TARGET)
diff --git a/lfs/libvirt b/lfs/libvirt index b18364b..ea8b0e8 100644 --- a/lfs/libvirt +++ b/lfs/libvirt @@ -33,7 +33,7 @@ DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) SUP_ARCH = i586 x86_64 PROG = libvirt -PAK_VER = 1 +PAK_VER = 6
DEPS = "libpciaccess libyajl ncat qemu"
@@ -78,16 +78,20 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/libvirt/0001-Change-default-behavior-of-libvirt-guests.sh-for-IPF.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/libvirt/0002-Change-options-in-libvirtd.conf-for-IPFire.patch cd $(DIR_APP) && ./configure --prefix=/usr --localstatedir=/var --sysconfdir=/etc \ --with-openssl --without-sasl \ --without-uml --without-vbox --without-lxc --without-esx --without-vmware --without-openvz \ --without-firewalld --without-network -with-interface --with-virtualport --with-macvtap \ --disable-nls --without-avahi --without-test-suite -without-dbus \ + --with-qemu-user=nobody --with-qemu-group=kvm \ --with-storage-dir --without-storage-fs --without-storage-lvm --without-storage-iscsi \ --without-storage-scsi --without-storage-mpath --without-storage-disk --without-storage-rbd --without-storage-sheepdog --without-storage-gluster --without-storage-zfs cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE) cd $(DIR_APP) && make install install -v -m 754 $(DIR_SRC)/src/initscripts/init.d/libvirtd /etc/rc.d/init.d/libvirtd mv /usr/libexec/libvirt-guests.sh /etc/rc.d/init.d/libvirt-guests + # Backup + install -v -m 644 $(DIR_SRC)/config/backup/includes/libvirt /var/ipfire/backup/addons/includes/libvirt @rm -rf $(DIR_APP) @$(POSTBUILD) diff --git a/lfs/linux b/lfs/linux index 8e1536c..c643da4 100644 --- a/lfs/linux +++ b/lfs/linux @@ -24,10 +24,10 @@
include Config
-VER = 3.14.65 -RPI_PATCHES = 3.14.65-grsec-ipfire1 -A7M_PATCHES = 3.14.65-grsec-ipfire1 -GRS_PATCHES = grsecurity-3.1ipfire-3.14.65-v1.patch.xz +VER = 3.14.74 +RPI_PATCHES = 3.14.74-grsec-ipfire1 +A7M_PATCHES = 3.14.74-grsec-ipfire1 +GRS_PATCHES = grsecurity-3.1ipfire-3.14.74-v1.patch.xz
THISAPP = linux-$(VER) @@ -37,7 +37,7 @@ DIR_APP = $(DIR_SRC)/$(THISAPP) CFLAGS = CXXFLAGS =
-PAK_VER = 68 +PAK_VER = 69 DEPS = ""
KERNEL_ARCH = $(MACHINE) @@ -83,10 +83,10 @@ rpi-patches-$(RPI_PATCHES).patch.xz = $(URL_IPFIRE)/rpi-patches-$(RPI_PATCHES). arm7-multi-patches-$(A7M_PATCHES).patch.xz = $(URL_IPFIRE)/arm7-multi-patches-$(A7M_PATCHES).patch.xz $(GRS_PATCHES) = $(URL_IPFIRE)/$(GRS_PATCHES)
-$(DL_FILE)_MD5 = cfc70821a04acb80ded45e408e9faf36 -rpi-patches-$(RPI_PATCHES).patch.xz_MD5 = 0d1059c18f4810abbe9aafb6beab445b -arm7-multi-patches-$(A7M_PATCHES).patch.xz_MD5 = 589eb8703fa2ba2944b2f925b7f7ffb3 -$(GRS_PATCHES)_MD5 = 548571a2c70219cce9728eb8b8949030 +$(DL_FILE)_MD5 = f83028755dc380862a91fe75e64b01aa +rpi-patches-$(RPI_PATCHES).patch.xz_MD5 = 32b1101dc51f89c1fb3bfb1907f4bce5 +arm7-multi-patches-$(A7M_PATCHES).patch.xz_MD5 = b9a638c68cefd4c08dfcb9c4434458b1 +$(GRS_PATCHES)_MD5 = 5f4595575e159dd730b222d204cc9b39
install : $(TARGET)
diff --git a/lfs/nano b/lfs/nano index 70991d2..6bf411b 100644 --- a/lfs/nano +++ b/lfs/nano @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2016 Michael Tremer & Christian Schmidt # +# Copyright (C) 2007-2016 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 2.5.3 +VER = 2.6.1
THISAPP = nano-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = nano -PAK_VER = 9 +PAK_VER = 10
DEPS = ""
@@ -44,7 +44,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = a04d77611422ab4b6a7b489650c7a793 +$(DL_FILE)_MD5 = 5154704d2f3461140e6798470e03b711
install : $(TARGET)
diff --git a/lfs/nginx b/lfs/nginx index 63d3698..d27e4de 100644 --- a/lfs/nginx +++ b/lfs/nginx @@ -24,7 +24,7 @@
include Config
-VER = 1.6.2 +VER = 1.8.1
THISAPP = nginx-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = nginx -PAK_VER = 4 +PAK_VER = 5
############################################################################### # Top-level Rules @@ -42,7 +42,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = d1b55031ae6e4bce37f8776b94d8b930 +$(DL_FILE)_MD5 = 2e91695074dbdfbf1bcec0ada9fda462
install : $(TARGET)
@@ -88,13 +88,26 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) --error-log-path=/var/log/nginx/error.log \ --user=nobody \ --group=nobody \ - --with-imap --with-imap_ssl_module --with-http_ssl_module \ + --with-imap \ + --with-imap_ssl_module \ + --with-http_ssl_module \ + --with-http_gunzip_module \ + --with-http_gzip_static_module \ + --with-http_random_index_module \ + --with-http_secure_link_module \ + --with-http_degradation_module \ --with-http_stub_status_module \ --with-http_dav_module \ - --with-http_sub_module + --with-http_sub_module \ + --with-pcre cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install mkdir -p /var/log/nginx /var/spool/nginx cp /usr/src/config/nginx/nginx /etc/init.d/ + + # Backup + install -v -m 644 $(DIR_SRC)/config/backup/includes/nginx \ + /var/ipfire/backup/addons/includes/nginx + @rm -rf $(DIR_APP) @$(POSTBUILD) diff --git a/lfs/ntp b/lfs/ntp index 3393f90..536a4a8 100644 --- a/lfs/ntp +++ b/lfs/ntp @@ -24,7 +24,7 @@
include Config
-VER = 4.2.8p5 +VER = 4.2.8p8
THISAPP = ntp-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 9f02b2a0acc1617ce2716d529a58d2d8 +$(DL_FILE)_MD5 = 4a8636260435b230636f053ffd070e34
install : $(TARGET)
diff --git a/lfs/openssh b/lfs/openssh index c4dff4d..371d0df 100644 --- a/lfs/openssh +++ b/lfs/openssh @@ -24,7 +24,7 @@
include Config
-VER = 7.2p2 +VER = 7.3p1
THISAPP = openssh-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 13009a9156510d8f27e752659075cced +$(DL_FILE)_MD5 = dfadd9f035d38ce5d58a3bf130b86d08
install : $(TARGET)
diff --git a/lfs/pcre b/lfs/pcre index c946714..7b724df 100644 --- a/lfs/pcre +++ b/lfs/pcre @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2016 Michael Tremer & Christian Schmidt # +# Copyright (C) 2007-2016 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,10 +24,10 @@
include Config
-VER = 8.38 +VER = 8.39
THISAPP = pcre-$(VER) -DL_FILE = $(THISAPP).tar.gz +DL_FILE = $(THISAPP).tar.bz2 DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 8a353fe1450216b6655dfcf3561716d9 +$(DL_FILE)_MD5 = e3fca7650a0556a2647821679d81f585
install : $(TARGET)
@@ -70,13 +70,18 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/pcre-8.38-upstream_fixes-1.patch cd $(DIR_APP) && ./configure \ --prefix=/usr \ --disable-static \ --enable-utf8 \ --disable-jit \ - --enable-unicode-properties + --enable-pcre16 \ + --enable-pcre32 \ + --enable-pcregrep-libz \ + --enable-pcregrep-libbz2 \ + --enable-pcretest-libreadline \ + --enable-unicode-properties \ + --docdir=/usr/share/doc/pcre-$(THISAPP) cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install @rm -rf $(DIR_APP) diff --git a/lfs/perl-Net-IP b/lfs/perl-Net-IP new file mode 100644 index 0000000..e509be3 --- /dev/null +++ b/lfs/perl-Net-IP @@ -0,0 +1,83 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2011 IPFire Team info@ipfire.org # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + + +############################################################################### +# Definitions +############################################################################### +include Config +VER = 1.26 + +THISAPP = Net-IP-$(VER) +DL_FILE = ${THISAPP}.tar.gz +DL_FROM = $(URL_IPFIRE) +DIR_APP = $(DIR_SRC)/$(THISAPP) +TARGET = $(DIR_INFO)/$(THISAPP) + +PROG = perl-Net-IP +DEPS = "" +PAK_VER = 1 + +############################################################################### +# Top-level Rules +############################################################################### + +objects = $(DL_FILE) + +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) + +$(DL_FILE)_MD5 = 3a98e3ac45d69ea38a63a7e678bd716d + +install : $(TARGET) + +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) + +download :$(patsubst %,$(DIR_DL)/%,$(objects)) + +md5 : $(subst %,%_MD5,$(objects)) + +dist: + @$(PAK) + +############################################################################### +# Downloading, checking, md5sum +############################################################################### + +$(patsubst %,$(DIR_CHK)/%,$(objects)) : + @$(CHECK) + +$(patsubst %,$(DIR_DL)/%,$(objects)) : + @$(LOAD) + +$(subst %,%_MD5,$(objects)) : + @$(MD5) + +############################################################################### +# Installation Details +############################################################################### + +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) + @$(PREBUILD) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && perl Makefile.PL + cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE) + cd $(DIR_APP) && make install + @rm -rf $(DIR_APP) + @$(POSTBUILD) diff --git a/lfs/perl-common-sense b/lfs/perl-common-sense new file mode 100644 index 0000000..a2fb1fa --- /dev/null +++ b/lfs/perl-common-sense @@ -0,0 +1,83 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2011 IPFire Team info@ipfire.org # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + + +############################################################################### +# Definitions +############################################################################### +include Config +VER = 3.74 + +THISAPP = common-sense-$(VER) +DL_FILE = ${THISAPP}.tar.gz +DL_FROM = $(URL_IPFIRE) +DIR_APP = $(DIR_SRC)/$(THISAPP) +TARGET = $(DIR_INFO)/$(THISAPP) + +PROG = perl-common-sense +DEPS = "" +PAK_VER = 1 + +############################################################################### +# Top-level Rules +############################################################################### + +objects = $(DL_FILE) + +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) + +$(DL_FILE)_MD5 = 35b273147200c4c95eef7816f83e572d + +install : $(TARGET) + +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) + +download :$(patsubst %,$(DIR_DL)/%,$(objects)) + +md5 : $(subst %,%_MD5,$(objects)) + +dist: + @$(PAK) + +############################################################################### +# Downloading, checking, md5sum +############################################################################### + +$(patsubst %,$(DIR_CHK)/%,$(objects)) : + @$(CHECK) + +$(patsubst %,$(DIR_DL)/%,$(objects)) : + @$(LOAD) + +$(subst %,%_MD5,$(objects)) : + @$(MD5) + +############################################################################### +# Installation Details +############################################################################### + +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) + @$(PREBUILD) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && perl Makefile.PL + cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE) + cd $(DIR_APP) && make install + @rm -rf $(DIR_APP) + @$(POSTBUILD) diff --git a/lfs/perl-inotify2 b/lfs/perl-inotify2 new file mode 100644 index 0000000..bcb9236 --- /dev/null +++ b/lfs/perl-inotify2 @@ -0,0 +1,85 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2013 IPFire Team info@ipfire.org # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + + +############################################################################### +# Definitions +############################################################################### + +include Config + +VER = 1.22 + +THISAPP = Linux-Inotify2-$(VER) +DL_FILE = $(THISAPP).tar.gz +DL_FROM = $(URL_IPFIRE) +DIR_APP = $(DIR_SRC)/$(THISAPP) +TARGET = $(DIR_INFO)/$(THISAPP) + +PROG = perl-inotify2 +DEPS = "perl-common-sense" +PAK_VER = 1 + +############################################################################### +# Top-level Rules +############################################################################### + +objects = $(DL_FILE) + +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) + +$(DL_FILE)_MD5 = bc0a86f04476f9e0aaab026b8081f097 + +install : $(TARGET) + +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) + +download :$(patsubst %,$(DIR_DL)/%,$(objects)) + +md5 : $(subst %,%_MD5,$(objects)) + +dist: + @$(PAK) + +############################################################################### +# Downloading, checking, md5sum +############################################################################### + +$(patsubst %,$(DIR_CHK)/%,$(objects)) : + @$(CHECK) + +$(patsubst %,$(DIR_DL)/%,$(objects)) : + @$(LOAD) + +$(subst %,%_MD5,$(objects)) : + @$(MD5) + +############################################################################### +# Installation Details +############################################################################### + +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) + @$(PREBUILD) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && perl Makefile.PL + cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE) + cd $(DIR_APP) && make install + @rm -rf $(DIR_APP) + @$(POSTBUILD) diff --git a/lfs/popt b/lfs/popt index ee4c3f9..20828de 100644 --- a/lfs/popt +++ b/lfs/popt @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007 Michael Tremer & Christian Schmidt # +# Copyright (C) 2016 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 1.10.4 +VER = 1.16
THISAPP = popt-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = dd22a6873b43d00f75e1c1b7dcfd1ff7 +$(DL_FILE)_MD5 = 3743beefa3dd6247a73f8f7a32c14c33
install : $(TARGET)
@@ -70,7 +70,6 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && sed -i -e "/*origOptString ==/c 0)" popt.c cd $(DIR_APP) && ./configure --prefix=/usr --disable-nls cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install diff --git a/lfs/qemu b/lfs/qemu index 804ec26..62010ee 100644 --- a/lfs/qemu +++ b/lfs/qemu @@ -24,7 +24,7 @@
include Config
-VER = 2.4.0 +VER = 2.6.0
THISAPP = qemu-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -33,7 +33,7 @@ DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) SUP_ARCH = i586 x86_64 PROG = qemu -PAK_VER = 18 +PAK_VER = 20
DEPS = "sdl spice"
@@ -45,7 +45,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 186ee8194140a484a455f8e3c74589f4 +$(DL_FILE)_MD5 = ca3f70b43f093e33e9e014f144067f13
install : $(TARGET)
@@ -79,7 +79,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) cd $(DIR_APP) && ./configure --prefix=/usr --sysconfdir=/etc \ - --enable-kvm --disable-attr \ + --enable-kvm --disable-bluez --disable-attr \ --target-list="i386-linux-user x86_64-linux-user arm-linux-user i386-softmmu x86_64-softmmu arm-softmmu" \ --extra-cflags="$(CFLAGS)" --enable-spice cd $(DIR_APP) && make $(MAKETUNING) @@ -95,6 +95,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) paxctl -m -r /usr/bin/qemu-arm paxctl -m -r /usr/bin/qemu-i386 paxctl -m -r /usr/bin/qemu-x86_64 + # install an udev script to set the permissions of /dev/kvm + cp -avf $(DIR_SRC)/config/qemu/65-kvm.rules /lib/udev/rules.d/65-kvm.rules
@rm -rf $(DIR_APP) @$(POSTBUILD) diff --git a/lfs/sane b/lfs/sane index 39b9603..64f3375 100644 --- a/lfs/sane +++ b/lfs/sane @@ -33,7 +33,7 @@ DIR_APP = $(DIR_SRC)/sane-backends-$(VER) TARGET = $(DIR_INFO)/$(THISAPP)
PROG = sane -PAK_VER = 4 +PAK_VER = 5
DEPS = "cups libtiff"
diff --git a/lfs/shadow b/lfs/shadow index f281431..b4777b9 100644 --- a/lfs/shadow +++ b/lfs/shadow @@ -24,10 +24,10 @@
include Config
-VER = 4.0.15 +VER = 4.2.1
THISAPP = shadow-$(VER) -DL_FILE = $(THISAPP).tar.bz2 +DL_FILE = $(THISAPP).tar.xz DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = a0452fa989f8ba45023cc5a08136568e +$(DL_FILE)_MD5 = 2bfafe7d4962682d31b5eba65dba4fc8
install : $(TARGET)
@@ -69,11 +69,15 @@ $(subst %,%_MD5,$(objects)) :
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) - @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && ./configure --libdir=/lib --enable-shared --without-selinux --disable-nls - cd $(DIR_APP) && sed -i 's/groups$(EXEEXT) //' src/Makefile - cd $(DIR_APP) && find man -name Makefile -exec sed -i '/groups/d' {} ; - cd $(DIR_APP) && sed -i -e 's/ ko//' -e 's/ zh_CN zh_TW//' man/Makefile + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/shadow-4.2.1-suppress_installation_of_groups.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/shadow-4.2.1-SHA512_password_hashing.patch + cd $(DIR_APP) && ./configure --libdir=/lib \ + --sysconfdir=/etc \ + --enable-shared \ + --without-selinux \ + --disable-nls \ + --with-group-name-max-length=32 cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install cd $(DIR_APP) && cp -v etc/{limits,login.access} /etc @@ -81,10 +85,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) -e 's@/var/spool/mail@/var/mail@' \ etc/login.defs > /etc/login.defs mv -v /usr/bin/passwd /bin - mv -v /lib/libshadow.*a /usr/lib - rm -v /lib/libshadow.so ln -sfv ../../lib/libshadow.so.0 /usr/lib/libshadow.so - mkdir -v /etc/default touch /etc/shadow chmod 600 /etc/shadow pwconv diff --git a/lfs/snort b/lfs/snort index 148f539..53fffbb 100644 --- a/lfs/snort +++ b/lfs/snort @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2015 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2016 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 2.9.7.6 +VER = 2.9.8.2
THISAPP = snort-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 65349f3272c4de5b3210f77f1f7ab0e6 +$(DL_FILE)_MD5 = b5005f88a01b42ff7ee0defb94161ffc
install : $(TARGET)
diff --git a/lfs/spandsp b/lfs/spandsp index c10a0e0..9a908aa 100644 --- a/lfs/spandsp +++ b/lfs/spandsp @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/spandsp-0.0.6 TARGET = $(DIR_INFO)/$(THISAPP) PROG = spandsp -PAK_VER = 3 +PAK_VER = 4
DEPS = "libtiff"
diff --git a/lfs/spice b/lfs/spice index 415d5aa..80e88dd 100644 --- a/lfs/spice +++ b/lfs/spice @@ -24,7 +24,7 @@
include Config
-VER = 0.12.6 +VER = 0.12.8
THISAPP = spice-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = spice -PAK_VER = 1 +PAK_VER = 2
DEPS = "opus"
@@ -44,7 +44,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 605a8c8ea80bc95076c4b3539c6dd026 +$(DL_FILE)_MD5 = 376853d11b9921aa34a06c4dbef81874
install : $(TARGET)
diff --git a/lfs/spice-protocol b/lfs/spice-protocol index c399fac..84376f5 100644 --- a/lfs/spice-protocol +++ b/lfs/spice-protocol @@ -24,7 +24,7 @@
include Config
-VER = 0.12.10 +VER = 0.12.11
THISAPP = spice-protocol-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = spice-protocol -PAK_VER = 1 +PAK_VER = 2
DEPS = ""
@@ -44,7 +44,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 1fb9d0dcdd42dce1b476ae8aa7569bcc +$(DL_FILE)_MD5 = 422bf0bc1eb34c8af3479a78b28e969b
install : $(TARGET)
diff --git a/lfs/wget b/lfs/wget index eef2a25..c22a978 100644 --- a/lfs/wget +++ b/lfs/wget @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2014 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2016 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 1.16 +VER = 1.18
THISAPP = wget-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = fe102975ab3a6c049777883f1bb9ad07 +$(DL_FILE)_MD5 = af9ca95a4bb8ac4a9bf10aeae66fa5ec
install : $(TARGET)
diff --git a/lfs/which b/lfs/which index 68041db..75b47b9 100644 --- a/lfs/which +++ b/lfs/which @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007 Michael Tremer & Christian Schmidt # +# Copyright (C) 2007-2016 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 2.16 +VER = 2.21
THISAPP = which-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 830b83af48347a9a3520f561e47cbc9b +$(DL_FILE)_MD5 = 097ff1a324ae02e0a3b0369f07a7544a
install : $(TARGET)
diff --git a/make.sh b/make.sh index 1945a55..fdda3e5 100755 --- a/make.sh +++ b/make.sh @@ -25,7 +25,7 @@ NAME="IPFire" # Software name SNAME="ipfire" # Short name VERSION="2.19" # Version number -CORE="103" # Core Level (Filename) +CORE="104" # Core Level (Filename) PAKFIRE_CORE="103" # Core Level (PAKFIRE) GIT_BRANCH=`git rev-parse --abbrev-ref HEAD` # Git Branch SLOGAN="www.ipfire.org" # Software slogan @@ -350,10 +350,10 @@ buildbase() { lfsmake2 perl lfsmake2 readline lfsmake2 readline-compat + lfsmake2 bzip2 lfsmake2 pcre lfsmake2 pcre-compat lfsmake2 bash - lfsmake2 bzip2 lfsmake2 diffutils lfsmake2 e2fsprogs lfsmake2 ed @@ -869,6 +869,10 @@ buildipfire() { ipfiremake libpciaccess ipfiremake libyajl ipfiremake libvirt + ipfiremake freeradius + ipfiremake perl-common-sense + ipfiremake perl-inotify2 + ipfiremake perl-Net-IP }
buildinstaller() { diff --git a/src/initscripts/init.d/freeradius b/src/initscripts/init.d/freeradius new file mode 100644 index 0000000..7aff463 --- /dev/null +++ b/src/initscripts/init.d/freeradius @@ -0,0 +1,46 @@ +#!/bin/sh +######################################################################## +# Begin $rc_base/init.d/freeradius +# +# Description : Initscript for the FreeRADIUS Server +######################################################################## + +. /etc/sysconfig/rc +. ${rc_functions} + +case "${1}" in + start) + # Create necessary directories + mkdir -p /var/run/radiusd + + boot_mesg "Starting FreeRADIUS server..." + loadproc /usr/sbin/radiusd -d /etc/raddb + ;; + + stop) + boot_mesg "Stopping FreeRADIUS server..." + killproc /usr/sbin/radiusd + ;; + + reload) + boot_mesg "Reloading FreeRADIUS server..." + reloadproc /usr/sbin/radiusd + ;; + + restart) + ${0} stop + sleep 1 + ${0} start + ;; + + status) + statusproc /usr/sbin/radiusd + ;; + + *) + echo "Usage: ${0} {start|stop|reload|restart|status}" + exit 1 + ;; +esac + +# End $rc_base/init.d/freeradius diff --git a/src/initscripts/init.d/guardian b/src/initscripts/init.d/guardian new file mode 100755 index 0000000..0ff59b7 --- /dev/null +++ b/src/initscripts/init.d/guardian @@ -0,0 +1,56 @@ +#!/bin/sh +######################################################################## +# Begin $rc_base/init.d/guardian +# +# Description : Guardian Initscript +# +# Authors : Kim Wölfel for ipfire.org +# +# Version : 01.00 +# +# Notes : +# +######################################################################## + +. /etc/sysconfig/rc +. ${rc_functions} + +eval $(/usr/local/bin/readhash /var/ipfire/guardian/settings) + +function guardian_is_enabled() { + [ "${GUARDIAN_ENABLED}" = "on" ] +} + +case "$1" in + start) + guardian_is_enabled || exit 0 + + boot_mesg "Starting Guardian..." + loadproc /usr/sbin/guardian -c /var/ipfire/guardian/guardian.conf + ;; + + stop) + if ([ -f /run/guardian/guardian.pid ]); then + boot_mesg "Stopping Guardian..." + kill $(cat /run/guardian/guardian.pid) + sleep 1; + fi + ;; + + status) + statusproc /usr/sbin/guardian + ;; + + restart) + $0 stop + sleep 2 + $0 start + ;; + + *) + echo "Usage: $0 {start|stop|restart|status}" + exit 1 + ;; +esac + +# End $rc_base/init.d/guardian diff --git a/src/initscripts/init.d/networking/red.up/35-guardian b/src/initscripts/init.d/networking/red.up/35-guardian new file mode 100644 index 0000000..587762b --- /dev/null +++ b/src/initscripts/init.d/networking/red.up/35-guardian @@ -0,0 +1,3 @@ +#!/bin/bash + +exec /usr/bin/guardianctrl reload-ignore-list 2&>/dev/null diff --git a/src/initscripts/init.d/snort b/src/initscripts/init.d/snort index 58edf1e..5c43042 100644 --- a/src/initscripts/init.d/snort +++ b/src/initscripts/init.d/snort @@ -94,19 +94,8 @@ case "$1" in sleep 1 chmod 644 /var/run/snort_$DEVICE.pid done - - - if [ -r /var/ipfire/guardian/enable ]; then - IFACE=`/bin/cat /var/ipfire/red/iface 2>/dev/null | /usr/bin/tr -d '\012'` - sed -e "s/^Interface.*/Interface ${IFACE}/" /var/ipfire/guardian/guardian.conf > temp - mv temp /var/ipfire/guardian/guardian.conf - chown nobody.root /var/ipfire/guardian/guardian.conf - - boot_mesg "Starting Guardian..." - loadproc /usr/local/bin/guardian.pl -c /var/ipfire/guardian/guardian.conf - fi - ;; - + ;; + stop) DEVICES="" if [ -r /var/run/snort_$BLUE_DEV.pid ]; then @@ -132,11 +121,6 @@ case "$1" in done
rm /var/run/snort_* >/dev/null 2>/dev/null - - if ([ -r /var/ipfire/guardian/enable ] || [ ! -z $(pidofproc /usr/local/bin/guardian.pl) ]); then - boot_mesg "Stopping Guardian..." - killproc /usr/local/bin/guardian.pl - fi
# Don't report returncode of rm if snort was not started exit 0 diff --git a/src/pakfire/lib/functions.sh b/src/pakfire/lib/functions.sh index 3f7dbff..3751697 100644 --- a/src/pakfire/lib/functions.sh +++ b/src/pakfire/lib/functions.sh @@ -86,7 +86,7 @@ start_service() { esac done
- if [ -e "/etc/init.d/${1}" ]; then + if [ -f "/etc/init.d/${1}" ]; then if [ -n "${BACKGROUND}" ]; then (sleep ${DELAY} && /etc/init.d/${1} start) & else @@ -96,7 +96,7 @@ start_service() { }
stop_service() { - if [ -e "/etc/init.d/${1}" ]; then + if [ -f "/etc/init.d/${1}" ]; then /etc/init.d/${1} stop fi } diff --git a/src/paks/freeradius/install.sh b/src/paks/freeradius/install.sh new file mode 100644 index 0000000..d405908 --- /dev/null +++ b/src/paks/freeradius/install.sh @@ -0,0 +1,40 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 2 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2007 IPFire-Team info@ipfire.org. # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh +extract_files +restore_backup ${NAME} + +# Create initial set of certificates +if [ ! -e "/etc/raddb/certs/server.pem" ]; then + ( umask 007; /etc/raddb/certs/bootstrap ) +fi + +start_service --background ${NAME} + +# Enable autostart +ln -sf ../init.d/freeradius /etc/rc.d/rc0.d/K25freeradius +ln -sf ../init.d/freeradius /etc/rc.d/rc3.d/S35freeradius +ln -sf ../init.d/freeradius /etc/rc.d/rc6.d/K25freeradius + +exit 0 diff --git a/src/paks/freeradius/uninstall.sh b/src/paks/freeradius/uninstall.sh new file mode 100644 index 0000000..8b94bdd --- /dev/null +++ b/src/paks/freeradius/uninstall.sh @@ -0,0 +1,28 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 2 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2007 IPFire-Team info@ipfire.org. # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh +rm -rfv /etc/rc.d/rc*.d/*freeradius +stop_service ${NAME} +make_backup ${NAME} +remove_files diff --git a/src/paks/freeradius/update.sh b/src/paks/freeradius/update.sh new file mode 100644 index 0000000..89c40d0 --- /dev/null +++ b/src/paks/freeradius/update.sh @@ -0,0 +1,26 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 2 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2007 IPFire-Team info@ipfire.org. # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh +./uninstall.sh +./install.sh diff --git a/src/paks/libvirt/install.sh b/src/paks/libvirt/install.sh index 2832197..4a693b9 100644 --- a/src/paks/libvirt/install.sh +++ b/src/paks/libvirt/install.sh @@ -22,8 +22,30 @@ ############################################################################ # . /opt/pakfire/lib/functions.sh + +# creates a new user and group called libvirt-remote if they not exist +getent group libvirt-remote >/dev/null || groupadd libvirt-remote +getent passwd libvirt-remote >/dev/null || \ +useradd -m -g libvirt-remote -s /bin/bash "libvirt-remote" + extract_files -start_service --delay 300 --background ${NAME} + +# create diretorys in var +mkdir -p /var/cache/libvirt/qemu \ +/var/lib/libvirt/boot \ +/var/lib/libvirt/filesystems \ +/var/lib/libvirt/images \ +/var/lib/libvirt/lockd/files \ +/var/lib/libvirt/qemu \ +/var/log/libvirt/qemu +# set the permissions +chown -R nobody:kvm /var/cache/libvirt/qemu +chown -R nobody:kvm /var/lib/libvirt/qemu +chown -R nobody:kvm /var/lib/libvirt/images +# restore the backup +restore_backup ${NAME} + +start_service --background libvirtd ln -svf /etc/init.d/libvirtd /etc/rc.d/rc0.d/K20libvirtd ln -svf /etc/init.d/libvirtd /etc/rc.d/rc3.d/S70libvirtd ln -svf /etc/init.d/libvirtd /etc/rc.d/rc6.d/K20libvirtd diff --git a/src/paks/libvirt/uninstall.sh b/src/paks/libvirt/uninstall.sh index a558460..23c86e5 100644 --- a/src/paks/libvirt/uninstall.sh +++ b/src/paks/libvirt/uninstall.sh @@ -22,7 +22,11 @@ ############################################################################ # . /opt/pakfire/lib/functions.sh -stop_service ${NAME} +stop_service libvirtd + +extract_backup_includes +make_backup ${NAME} + remove_files
rm -f /etc/rc.d/rc*.d/*libvirt-guests diff --git a/src/paks/nginx/uninstall.sh b/src/paks/nginx/uninstall.sh index ded53f0..7c7bfe8 100644 --- a/src/paks/nginx/uninstall.sh +++ b/src/paks/nginx/uninstall.sh @@ -23,6 +23,7 @@ # . /opt/pakfire/lib/functions.sh stop_service ${NAME} +extract_backup_includes make_backup ${NAME} remove_files
diff --git a/src/paks/qemu/install.sh b/src/paks/qemu/install.sh index a9f7321..e44ba5e 100644 --- a/src/paks/qemu/install.sh +++ b/src/paks/qemu/install.sh @@ -22,6 +22,8 @@ ############################################################################ # . /opt/pakfire/lib/functions.sh +#create the group kvm when they not exist +getent group kvm >/dev/null || groupadd kvm extract_files restore_backup ${NAME} echo shm /dev/shm tmpfs defaults,size=256M 0 0 >> /etc/fstab diff --git a/src/patches/arm-multi-grsec-compile-fixes.patch b/src/patches/arm-multi-grsec-compile-fixes.patch index fb0d39b..08726f8 100644 --- a/src/patches/arm-multi-grsec-compile-fixes.patch +++ b/src/patches/arm-multi-grsec-compile-fixes.patch @@ -1,17 +1,18 @@ ---- a/arch/arm/mach-omap2/cclock3xxx_data.c~ 2015-12-12 11:00:10.474423373 +0000 -+++ b/arch/arm/mach-omap2/cclock3xxx_data.c 2015-12-12 11:30:31.198452547 +0000 +diff -Naur linux-3.14.74.org/arch/arm/mach-omap2/cclock3xxx_data.c linux-3.14.74/arch/arm/mach-omap2/cclock3xxx_data.c +--- linux-3.14.74.org/arch/arm/mach-omap2/cclock3xxx_data.c 2016-07-27 18:56:02.000000000 +0200 ++++ linux-3.14.74/arch/arm/mach-omap2/cclock3xxx_data.c 2016-07-29 01:47:45.272515907 +0200 @@ -250,7 +250,7 @@
static struct clk dpll1_ck;
--static struct clk_ops dpll1_ck_ops; -+static clk_ops_no_const dpll1_ck_ops; - - static struct clk_ops dpll1_ck_ops_34xx __initdata = { +-static const struct clk_ops dpll1_ck_ops = { ++static clk_ops_no_const dpll1_ck_ops = { .init = &omap2_init_clk_clkdm, -diff -Naur linux-3.14.63-org/net/ipv6/addrconf.c linux-3.14.63/net/ipv6/addrconf.c ---- linux-3.14.63-org/net/ipv6/addrconf.c 2016-03-04 22:56:07.375481749 +0100 -+++ linux-3.14.63/net/ipv6/addrconf.c 2016-03-04 23:08:34.285482105 +0100 + .enable = &omap3_noncore_dpll_enable, + .disable = &omap3_noncore_dpll_disable, +diff -Naur linux-3.14.74.org/net/ipv6/addrconf.c linux-3.14.74/net/ipv6/addrconf.c +--- linux-3.14.74.org/net/ipv6/addrconf.c 2016-07-29 03:47:13.000000000 +0200 ++++ linux-3.14.74/net/ipv6/addrconf.c 2016-07-29 00:47:00.000000000 +0200 @@ -4818,7 +4818,7 @@ { struct inet6_dev *idev = ctl->extra1; diff --git a/src/patches/backports-4.2.6-1-add_usbnet_modules.patch b/src/patches/backports-4.2.6-1-add_usbnet_modules.patch index 660ef8c..7ee228d 100644 --- a/src/patches/backports-4.2.6-1-add_usbnet_modules.patch +++ b/src/patches/backports-4.2.6-1-add_usbnet_modules.patch @@ -1,6 +1,6 @@ diff -Naur backports-4.2.6-1.org/drivers/net/usb/asix_common.c backports-4.2.6-1/drivers/net/usb/asix_common.c --- backports-4.2.6-1.org/drivers/net/usb/asix_common.c 1970-01-01 01:00:00.000000000 +0100 -+++ backports-4.2.6-1/drivers/net/usb/asix_common.c 2015-11-09 23:37:56.000000000 +0100 ++++ backports-4.2.6-1/drivers/net/usb/asix_common.c 2016-06-28 14:35:17.965307221 +0200 @@ -0,0 +1,584 @@ +/* + * ASIX AX8817X based USB 2.0 Ethernet Devices @@ -588,7 +588,7 @@ diff -Naur backports-4.2.6-1.org/drivers/net/usb/asix_common.c backports-4.2.6-1 +} diff -Naur backports-4.2.6-1.org/drivers/net/usb/asix_devices.c backports-4.2.6-1/drivers/net/usb/asix_devices.c --- backports-4.2.6-1.org/drivers/net/usb/asix_devices.c 1970-01-01 01:00:00.000000000 +0100 -+++ backports-4.2.6-1/drivers/net/usb/asix_devices.c 2015-11-09 23:37:56.000000000 +0100 ++++ backports-4.2.6-1/drivers/net/usb/asix_devices.c 2016-06-28 14:35:17.965307221 +0200 @@ -0,0 +1,1107 @@ +/* + * ASIX AX8817X based USB 2.0 Ethernet Devices @@ -1699,7 +1699,7 @@ diff -Naur backports-4.2.6-1.org/drivers/net/usb/asix_devices.c backports-4.2.6- + diff -Naur backports-4.2.6-1.org/drivers/net/usb/asix.h backports-4.2.6-1/drivers/net/usb/asix.h --- backports-4.2.6-1.org/drivers/net/usb/asix.h 1970-01-01 01:00:00.000000000 +0100 -+++ backports-4.2.6-1/drivers/net/usb/asix.h 2015-11-09 23:37:56.000000000 +0100 ++++ backports-4.2.6-1/drivers/net/usb/asix.h 2016-06-28 14:35:17.965307221 +0200 @@ -0,0 +1,234 @@ +/* + * ASIX AX8817X based USB 2.0 Ethernet Devices @@ -1937,7 +1937,7 @@ diff -Naur backports-4.2.6-1.org/drivers/net/usb/asix.h backports-4.2.6-1/driver +#endif /* _ASIX_H */ diff -Naur backports-4.2.6-1.org/drivers/net/usb/ax88172a.c backports-4.2.6-1/drivers/net/usb/ax88172a.c --- backports-4.2.6-1.org/drivers/net/usb/ax88172a.c 1970-01-01 01:00:00.000000000 +0100 -+++ backports-4.2.6-1/drivers/net/usb/ax88172a.c 2015-11-09 23:37:56.000000000 +0100 ++++ backports-4.2.6-1/drivers/net/usb/ax88172a.c 2016-06-28 14:35:17.965307221 +0200 @@ -0,0 +1,422 @@ +/* + * ASIX AX88172A based USB 2.0 Ethernet Devices @@ -2363,7 +2363,7 @@ diff -Naur backports-4.2.6-1.org/drivers/net/usb/ax88172a.c backports-4.2.6-1/dr +}; diff -Naur backports-4.2.6-1.org/drivers/net/usb/ax88179_178a.c backports-4.2.6-1/drivers/net/usb/ax88179_178a.c --- backports-4.2.6-1.org/drivers/net/usb/ax88179_178a.c 1970-01-01 01:00:00.000000000 +0100 -+++ backports-4.2.6-1/drivers/net/usb/ax88179_178a.c 2015-11-09 23:37:56.000000000 +0100 ++++ backports-4.2.6-1/drivers/net/usb/ax88179_178a.c 2016-06-28 14:35:17.968640554 +0200 @@ -0,0 +1,1756 @@ +/* + * ASIX AX88179/178A USB 3.0/2.0 to Gigabit Ethernet Devices @@ -4123,7 +4123,7 @@ diff -Naur backports-4.2.6-1.org/drivers/net/usb/ax88179_178a.c backports-4.2.6- +MODULE_LICENSE("GPL"); diff -Naur backports-4.2.6-1.org/drivers/net/usb/catc.c backports-4.2.6-1/drivers/net/usb/catc.c --- backports-4.2.6-1.org/drivers/net/usb/catc.c 1970-01-01 01:00:00.000000000 +0100 -+++ backports-4.2.6-1/drivers/net/usb/catc.c 2015-11-09 23:37:56.000000000 +0100 ++++ backports-4.2.6-1/drivers/net/usb/catc.c 2016-06-28 14:35:17.975307221 +0200 @@ -0,0 +1,965 @@ +/* + * Copyright (c) 2001 Vojtech Pavlik @@ -5092,7 +5092,7 @@ diff -Naur backports-4.2.6-1.org/drivers/net/usb/catc.c backports-4.2.6-1/driver +module_usb_driver(catc_driver); diff -Naur backports-4.2.6-1.org/drivers/net/usb/cdc_eem.c backports-4.2.6-1/drivers/net/usb/cdc_eem.c --- backports-4.2.6-1.org/drivers/net/usb/cdc_eem.c 1970-01-01 01:00:00.000000000 +0100 -+++ backports-4.2.6-1/drivers/net/usb/cdc_eem.c 2015-11-09 23:37:56.000000000 +0100 ++++ backports-4.2.6-1/drivers/net/usb/cdc_eem.c 2016-06-28 14:35:17.975307221 +0200 @@ -0,0 +1,381 @@ +/* + * USB CDC EEM network interface driver @@ -5477,7 +5477,7 @@ diff -Naur backports-4.2.6-1.org/drivers/net/usb/cdc_eem.c backports-4.2.6-1/dri +MODULE_LICENSE("GPL"); diff -Naur backports-4.2.6-1.org/drivers/net/usb/cdc-phonet.c backports-4.2.6-1/drivers/net/usb/cdc-phonet.c --- backports-4.2.6-1.org/drivers/net/usb/cdc-phonet.c 1970-01-01 01:00:00.000000000 +0100 -+++ backports-4.2.6-1/drivers/net/usb/cdc-phonet.c 2015-11-09 23:37:56.000000000 +0100 ++++ backports-4.2.6-1/drivers/net/usb/cdc-phonet.c 2016-06-28 14:35:17.975307221 +0200 @@ -0,0 +1,466 @@ +/* + * phonet.c -- USB CDC Phonet host driver @@ -5947,7 +5947,7 @@ diff -Naur backports-4.2.6-1.org/drivers/net/usb/cdc-phonet.c backports-4.2.6-1/ +MODULE_LICENSE("GPL"); diff -Naur backports-4.2.6-1.org/drivers/net/usb/cdc_subset.c backports-4.2.6-1/drivers/net/usb/cdc_subset.c --- backports-4.2.6-1.org/drivers/net/usb/cdc_subset.c 1970-01-01 01:00:00.000000000 +0100 -+++ backports-4.2.6-1/drivers/net/usb/cdc_subset.c 2015-11-09 23:37:56.000000000 +0100 ++++ backports-4.2.6-1/drivers/net/usb/cdc_subset.c 2016-06-28 14:35:17.975307221 +0200 @@ -0,0 +1,369 @@ +/* + * Simple "CDC Subset" USB Networking Links @@ -6320,7 +6320,7 @@ diff -Naur backports-4.2.6-1.org/drivers/net/usb/cdc_subset.c backports-4.2.6-1/ +MODULE_LICENSE("GPL"); diff -Naur backports-4.2.6-1.org/drivers/net/usb/cx82310_eth.c backports-4.2.6-1/drivers/net/usb/cx82310_eth.c --- backports-4.2.6-1.org/drivers/net/usb/cx82310_eth.c 1970-01-01 01:00:00.000000000 +0100 -+++ backports-4.2.6-1/drivers/net/usb/cx82310_eth.c 2015-11-09 23:37:56.000000000 +0100 ++++ backports-4.2.6-1/drivers/net/usb/cx82310_eth.c 2016-06-28 14:35:17.978640554 +0200 @@ -0,0 +1,353 @@ +/* + * Driver for USB ethernet port of Conexant CX82310-based ADSL routers @@ -6677,7 +6677,7 @@ diff -Naur backports-4.2.6-1.org/drivers/net/usb/cx82310_eth.c backports-4.2.6-1 +MODULE_LICENSE("GPL"); diff -Naur backports-4.2.6-1.org/drivers/net/usb/dm9601.c backports-4.2.6-1/drivers/net/usb/dm9601.c --- backports-4.2.6-1.org/drivers/net/usb/dm9601.c 1970-01-01 01:00:00.000000000 +0100 -+++ backports-4.2.6-1/drivers/net/usb/dm9601.c 2015-11-09 23:37:56.000000000 +0100 ++++ backports-4.2.6-1/drivers/net/usb/dm9601.c 2016-06-28 14:35:17.978640554 +0200 @@ -0,0 +1,647 @@ +/* + * Davicom DM96xx USB 10/100Mbps ethernet devices @@ -7328,7 +7328,7 @@ diff -Naur backports-4.2.6-1.org/drivers/net/usb/dm9601.c backports-4.2.6-1/driv +MODULE_LICENSE("GPL"); diff -Naur backports-4.2.6-1.org/drivers/net/usb/gl620a.c backports-4.2.6-1/drivers/net/usb/gl620a.c --- backports-4.2.6-1.org/drivers/net/usb/gl620a.c 1970-01-01 01:00:00.000000000 +0100 -+++ backports-4.2.6-1/drivers/net/usb/gl620a.c 2015-11-09 23:37:56.000000000 +0100 ++++ backports-4.2.6-1/drivers/net/usb/gl620a.c 2016-06-28 14:35:17.978640554 +0200 @@ -0,0 +1,242 @@ +/* + * GeneSys GL620USB-A based links @@ -7574,7 +7574,7 @@ diff -Naur backports-4.2.6-1.org/drivers/net/usb/gl620a.c backports-4.2.6-1/driv + diff -Naur backports-4.2.6-1.org/drivers/net/usb/hso.c backports-4.2.6-1/drivers/net/usb/hso.c --- backports-4.2.6-1.org/drivers/net/usb/hso.c 1970-01-01 01:00:00.000000000 +0100 -+++ backports-4.2.6-1/drivers/net/usb/hso.c 2016-01-27 15:03:25.000000000 +0100 ++++ backports-4.2.6-1/drivers/net/usb/hso.c 2016-06-28 14:35:17.981973887 +0200 @@ -0,0 +1,3322 @@ +/****************************************************************************** + * @@ -10900,7 +10900,7 @@ diff -Naur backports-4.2.6-1.org/drivers/net/usb/hso.c backports-4.2.6-1/drivers +module_param(disable_net, int, S_IRUGO | S_IWUSR); diff -Naur backports-4.2.6-1.org/drivers/net/usb/huawei_cdc_ncm.c backports-4.2.6-1/drivers/net/usb/huawei_cdc_ncm.c --- backports-4.2.6-1.org/drivers/net/usb/huawei_cdc_ncm.c 1970-01-01 01:00:00.000000000 +0100 -+++ backports-4.2.6-1/drivers/net/usb/huawei_cdc_ncm.c 2015-11-09 23:37:56.000000000 +0100 ++++ backports-4.2.6-1/drivers/net/usb/huawei_cdc_ncm.c 2016-06-28 14:35:17.981973887 +0200 @@ -0,0 +1,224 @@ +/* huawei_cdc_ncm.c - handles Huawei devices using the CDC NCM protocol as + * transport layer. @@ -11128,7 +11128,7 @@ diff -Naur backports-4.2.6-1.org/drivers/net/usb/huawei_cdc_ncm.c backports-4.2. +MODULE_LICENSE("GPL"); diff -Naur backports-4.2.6-1.org/drivers/net/usb/int51x1.c backports-4.2.6-1/drivers/net/usb/int51x1.c --- backports-4.2.6-1.org/drivers/net/usb/int51x1.c 1970-01-01 01:00:00.000000000 +0100 -+++ backports-4.2.6-1/drivers/net/usb/int51x1.c 2015-11-09 23:37:56.000000000 +0100 ++++ backports-4.2.6-1/drivers/net/usb/int51x1.c 2016-06-28 14:35:17.985307220 +0200 @@ -0,0 +1,199 @@ +/* + * Copyright (c) 2009 Peter Holik @@ -11331,7 +11331,7 @@ diff -Naur backports-4.2.6-1.org/drivers/net/usb/int51x1.c backports-4.2.6-1/dri +MODULE_LICENSE("GPL"); diff -Naur backports-4.2.6-1.org/drivers/net/usb/ipheth.c backports-4.2.6-1/drivers/net/usb/ipheth.c --- backports-4.2.6-1.org/drivers/net/usb/ipheth.c 1970-01-01 01:00:00.000000000 +0100 -+++ backports-4.2.6-1/drivers/net/usb/ipheth.c 2015-11-09 23:37:56.000000000 +0100 ++++ backports-4.2.6-1/drivers/net/usb/ipheth.c 2016-06-28 14:35:17.985307220 +0200 @@ -0,0 +1,588 @@ +/* + * ipheth.c - Apple iPhone USB Ethernet driver @@ -11923,7 +11923,7 @@ diff -Naur backports-4.2.6-1.org/drivers/net/usb/ipheth.c backports-4.2.6-1/driv +MODULE_LICENSE("Dual BSD/GPL"); diff -Naur backports-4.2.6-1.org/drivers/net/usb/kalmia.c backports-4.2.6-1/drivers/net/usb/kalmia.c --- backports-4.2.6-1.org/drivers/net/usb/kalmia.c 1970-01-01 01:00:00.000000000 +0100 -+++ backports-4.2.6-1/drivers/net/usb/kalmia.c 2015-11-09 23:37:56.000000000 +0100 ++++ backports-4.2.6-1/drivers/net/usb/kalmia.c 2016-06-28 14:35:17.985307220 +0200 @@ -0,0 +1,366 @@ +/* + * USB network interface driver for Samsung Kalmia based LTE USB modem like the @@ -12293,7 +12293,7 @@ diff -Naur backports-4.2.6-1.org/drivers/net/usb/kalmia.c backports-4.2.6-1/driv +MODULE_LICENSE("GPL"); diff -Naur backports-4.2.6-1.org/drivers/net/usb/kaweth.c backports-4.2.6-1/drivers/net/usb/kaweth.c --- backports-4.2.6-1.org/drivers/net/usb/kaweth.c 1970-01-01 01:00:00.000000000 +0100 -+++ backports-4.2.6-1/drivers/net/usb/kaweth.c 2015-11-09 23:37:56.000000000 +0100 ++++ backports-4.2.6-1/drivers/net/usb/kaweth.c 2016-06-28 14:35:17.988640553 +0200 @@ -0,0 +1,1331 @@ +/**************************************************************** + * @@ -13628,7 +13628,7 @@ diff -Naur backports-4.2.6-1.org/drivers/net/usb/kaweth.c backports-4.2.6-1/driv +module_usb_driver(kaweth_driver); diff -Naur backports-4.2.6-1.org/drivers/net/usb/Kconfig backports-4.2.6-1/drivers/net/usb/Kconfig --- backports-4.2.6-1.org/drivers/net/usb/Kconfig 2015-11-15 22:19:40.000000000 +0100 -+++ backports-4.2.6-1/drivers/net/usb/Kconfig 2016-01-27 15:58:23.159192032 +0100 ++++ backports-4.2.6-1/drivers/net/usb/Kconfig 2016-06-28 14:35:17.991973886 +0200 @@ -13,7 +13,6 @@ if USB_NET_DRIVERS
@@ -13852,7 +13852,7 @@ diff -Naur backports-4.2.6-1.org/drivers/net/usb/Kconfig backports-4.2.6-1/drive called VL600. This driver only handles the ethernet diff -Naur backports-4.2.6-1.org/drivers/net/usb/Kconfig.orig backports-4.2.6-1/drivers/net/usb/Kconfig.orig --- backports-4.2.6-1.org/drivers/net/usb/Kconfig.orig 1970-01-01 01:00:00.000000000 +0100 -+++ backports-4.2.6-1/drivers/net/usb/Kconfig.orig 2015-11-15 22:19:40.000000000 +0100 ++++ backports-4.2.6-1/drivers/net/usb/Kconfig.orig 2016-06-28 14:35:17.991973886 +0200 @@ -0,0 +1,638 @@ +# +# USB Network devices configuration @@ -14494,7 +14494,7 @@ diff -Naur backports-4.2.6-1.org/drivers/net/usb/Kconfig.orig backports-4.2.6-1/ +endif # USB_NET_DRIVERS diff -Naur backports-4.2.6-1.org/drivers/net/usb/lg-vl600.c backports-4.2.6-1/drivers/net/usb/lg-vl600.c --- backports-4.2.6-1.org/drivers/net/usb/lg-vl600.c 1970-01-01 01:00:00.000000000 +0100 -+++ backports-4.2.6-1/drivers/net/usb/lg-vl600.c 2015-11-09 23:37:56.000000000 +0100 ++++ backports-4.2.6-1/drivers/net/usb/lg-vl600.c 2016-06-28 14:35:17.991973886 +0200 @@ -0,0 +1,353 @@ +/* + * Ethernet interface part of the LG VL600 LTE modem (4G dongle) @@ -14851,7 +14851,7 @@ diff -Naur backports-4.2.6-1.org/drivers/net/usb/lg-vl600.c backports-4.2.6-1/dr +MODULE_LICENSE("GPL"); diff -Naur backports-4.2.6-1.org/drivers/net/usb/Makefile backports-4.2.6-1/drivers/net/usb/Makefile --- backports-4.2.6-1.org/drivers/net/usb/Makefile 2015-11-15 22:19:40.000000000 +0100 -+++ backports-4.2.6-1/drivers/net/usb/Makefile 2016-01-27 15:53:50.000000000 +0100 ++++ backports-4.2.6-1/drivers/net/usb/Makefile 2016-06-28 14:35:17.991973886 +0200 @@ -1,39 +1,40 @@ # # Makefile for USB Network drivers @@ -14923,7 +14923,7 @@ diff -Naur backports-4.2.6-1.org/drivers/net/usb/Makefile backports-4.2.6-1/driv
diff -Naur backports-4.2.6-1.org/drivers/net/usb/mcs7830.c backports-4.2.6-1/drivers/net/usb/mcs7830.c --- backports-4.2.6-1.org/drivers/net/usb/mcs7830.c 1970-01-01 01:00:00.000000000 +0100 -+++ backports-4.2.6-1/drivers/net/usb/mcs7830.c 2015-11-09 23:37:56.000000000 +0100 ++++ backports-4.2.6-1/drivers/net/usb/mcs7830.c 2016-06-28 14:35:17.995307218 +0200 @@ -0,0 +1,643 @@ +/* + * MOSCHIP MCS7830 based (7730/7830/7832) USB 2.0 Ethernet Devices @@ -15570,7 +15570,7 @@ diff -Naur backports-4.2.6-1.org/drivers/net/usb/mcs7830.c backports-4.2.6-1/dri +MODULE_LICENSE("GPL"); diff -Naur backports-4.2.6-1.org/drivers/net/usb/net1080.c backports-4.2.6-1/drivers/net/usb/net1080.c --- backports-4.2.6-1.org/drivers/net/usb/net1080.c 1970-01-01 01:00:00.000000000 +0100 -+++ backports-4.2.6-1/drivers/net/usb/net1080.c 2015-11-09 23:37:56.000000000 +0100 ++++ backports-4.2.6-1/drivers/net/usb/net1080.c 2016-06-28 14:35:17.995307218 +0200 @@ -0,0 +1,544 @@ +/* + * Net1080 based USB host-to-host cables @@ -16118,7 +16118,7 @@ diff -Naur backports-4.2.6-1.org/drivers/net/usb/net1080.c backports-4.2.6-1/dri +MODULE_LICENSE("GPL"); diff -Naur backports-4.2.6-1.org/drivers/net/usb/pegasus.c backports-4.2.6-1/drivers/net/usb/pegasus.c --- backports-4.2.6-1.org/drivers/net/usb/pegasus.c 1970-01-01 01:00:00.000000000 +0100 -+++ backports-4.2.6-1/drivers/net/usb/pegasus.c 2015-11-09 23:37:56.000000000 +0100 ++++ backports-4.2.6-1/drivers/net/usb/pegasus.c 2016-06-28 14:35:17.995307218 +0200 @@ -0,0 +1,1335 @@ +/* + * Copyright (c) 1999-2013 Petko Manolov (petkan@nucleusys.com) @@ -17457,7 +17457,7 @@ diff -Naur backports-4.2.6-1.org/drivers/net/usb/pegasus.c backports-4.2.6-1/dri +module_exit(pegasus_exit); diff -Naur backports-4.2.6-1.org/drivers/net/usb/pegasus.h backports-4.2.6-1/drivers/net/usb/pegasus.h --- backports-4.2.6-1.org/drivers/net/usb/pegasus.h 1970-01-01 01:00:00.000000000 +0100 -+++ backports-4.2.6-1/drivers/net/usb/pegasus.h 2015-11-09 23:37:56.000000000 +0100 ++++ backports-4.2.6-1/drivers/net/usb/pegasus.h 2016-06-28 14:35:17.998640551 +0200 @@ -0,0 +1,308 @@ +/* + * Copyright (c) 1999-2013 Petko Manolov (petkan@nucleusys.com) @@ -17769,7 +17769,7 @@ diff -Naur backports-4.2.6-1.org/drivers/net/usb/pegasus.h backports-4.2.6-1/dri +#endif /* PEGASUS_DEV */ diff -Naur backports-4.2.6-1.org/drivers/net/usb/plusb.c backports-4.2.6-1/drivers/net/usb/plusb.c --- backports-4.2.6-1.org/drivers/net/usb/plusb.c 1970-01-01 01:00:00.000000000 +0100 -+++ backports-4.2.6-1/drivers/net/usb/plusb.c 2015-11-09 23:37:56.000000000 +0100 ++++ backports-4.2.6-1/drivers/net/usb/plusb.c 2016-06-28 14:35:17.998640551 +0200 @@ -0,0 +1,162 @@ +/* + * PL-2301/2302 USB host-to-host link cables @@ -17935,8 +17935,8 @@ diff -Naur backports-4.2.6-1.org/drivers/net/usb/plusb.c backports-4.2.6-1/drive +MODULE_LICENSE("GPL"); diff -Naur backports-4.2.6-1.org/drivers/net/usb/r8152.c backports-4.2.6-1/drivers/net/usb/r8152.c --- backports-4.2.6-1.org/drivers/net/usb/r8152.c 1970-01-01 01:00:00.000000000 +0100 -+++ backports-4.2.6-1/drivers/net/usb/r8152.c 2016-01-27 12:43:25.000000000 +0100 -@@ -0,0 +1,2847 @@ ++++ backports-4.2.6-1/drivers/net/usb/r8152.c 2016-06-28 14:45:32.005250978 +0200 +@@ -0,0 +1,2856 @@ +/* + * Copyright (c) 2014 Realtek Semiconductor Corp. All rights reserved. + * @@ -18385,6 +18385,13 @@ diff -Naur backports-4.2.6-1.org/drivers/net/usb/r8152.c backports-4.2.6-1/drive +#define VENDOR_ID_SAMSUNG 0x04e8 +#define PRODUCT_ID_SAMSUNG 0xa101 + ++#define VENDOR_ID_LENOVO 0x17ef ++#define PRODUCT_ID_LENOVO 0x7205 ++ ++#define VENDOR_ID_NVIDIA 0x0955 ++#define PRODUCT_ID_NVIDIA 0x09ff ++ ++ +#define MCU_TYPE_PLA 0x0100 +#define MCU_TYPE_USB 0x0000 + @@ -20764,6 +20771,8 @@ diff -Naur backports-4.2.6-1.org/drivers/net/usb/r8152.c backports-4.2.6-1/drive + {USB_DEVICE(VENDOR_ID_REALTEK, PRODUCT_ID_RTL8152)}, + {USB_DEVICE(VENDOR_ID_REALTEK, PRODUCT_ID_RTL8153)}, + {USB_DEVICE(VENDOR_ID_SAMSUNG, PRODUCT_ID_SAMSUNG)}, ++ {USB_DEVICE(VENDOR_ID_LENOVO, PRODUCT_ID_LENOVO)}, ++ {USB_DEVICE(VENDOR_ID_NVIDIA, PRODUCT_ID_NVIDIA)}, + {} +}; + @@ -20786,7 +20795,7 @@ diff -Naur backports-4.2.6-1.org/drivers/net/usb/r8152.c backports-4.2.6-1/drive +MODULE_LICENSE("GPL"); diff -Naur backports-4.2.6-1.org/drivers/net/usb/rtl8150.c backports-4.2.6-1/drivers/net/usb/rtl8150.c --- backports-4.2.6-1.org/drivers/net/usb/rtl8150.c 1970-01-01 01:00:00.000000000 +0100 -+++ backports-4.2.6-1/drivers/net/usb/rtl8150.c 2015-11-09 23:37:56.000000000 +0100 ++++ backports-4.2.6-1/drivers/net/usb/rtl8150.c 2016-06-28 14:35:18.001973885 +0200 @@ -0,0 +1,949 @@ +/* + * Copyright (c) 2002 Petko Manolov (petkan@users.sourceforge.net) @@ -21739,7 +21748,7 @@ diff -Naur backports-4.2.6-1.org/drivers/net/usb/rtl8150.c backports-4.2.6-1/dri +MODULE_LICENSE("GPL"); diff -Naur backports-4.2.6-1.org/drivers/net/usb/smsc75xx.c backports-4.2.6-1/drivers/net/usb/smsc75xx.c --- backports-4.2.6-1.org/drivers/net/usb/smsc75xx.c 1970-01-01 01:00:00.000000000 +0100 -+++ backports-4.2.6-1/drivers/net/usb/smsc75xx.c 2015-11-09 23:37:56.000000000 +0100 ++++ backports-4.2.6-1/drivers/net/usb/smsc75xx.c 2016-06-28 14:35:18.008640551 +0200 @@ -0,0 +1,2286 @@ + /*************************************************************************** + * @@ -24029,7 +24038,7 @@ diff -Naur backports-4.2.6-1.org/drivers/net/usb/smsc75xx.c backports-4.2.6-1/dr +MODULE_LICENSE("GPL"); diff -Naur backports-4.2.6-1.org/drivers/net/usb/smsc75xx.h backports-4.2.6-1/drivers/net/usb/smsc75xx.h --- backports-4.2.6-1.org/drivers/net/usb/smsc75xx.h 1970-01-01 01:00:00.000000000 +0100 -+++ backports-4.2.6-1/drivers/net/usb/smsc75xx.h 2015-11-09 23:37:56.000000000 +0100 ++++ backports-4.2.6-1/drivers/net/usb/smsc75xx.h 2016-06-28 14:35:18.008640551 +0200 @@ -0,0 +1,421 @@ + /*************************************************************************** + * @@ -24454,7 +24463,7 @@ diff -Naur backports-4.2.6-1.org/drivers/net/usb/smsc75xx.h backports-4.2.6-1/dr +#endif /* _SMSC75XX_H */ diff -Naur backports-4.2.6-1.org/drivers/net/usb/smsc95xx.c backports-4.2.6-1/drivers/net/usb/smsc95xx.c --- backports-4.2.6-1.org/drivers/net/usb/smsc95xx.c 1970-01-01 01:00:00.000000000 +0100 -+++ backports-4.2.6-1/drivers/net/usb/smsc95xx.c 2015-11-09 23:37:56.000000000 +0100 ++++ backports-4.2.6-1/drivers/net/usb/smsc95xx.c 2016-06-28 14:35:18.011973884 +0200 @@ -0,0 +1,2032 @@ + /*************************************************************************** + * @@ -26490,7 +26499,7 @@ diff -Naur backports-4.2.6-1.org/drivers/net/usb/smsc95xx.c backports-4.2.6-1/dr +MODULE_LICENSE("GPL"); diff -Naur backports-4.2.6-1.org/drivers/net/usb/smsc95xx.h backports-4.2.6-1/drivers/net/usb/smsc95xx.h --- backports-4.2.6-1.org/drivers/net/usb/smsc95xx.h 1970-01-01 01:00:00.000000000 +0100 -+++ backports-4.2.6-1/drivers/net/usb/smsc95xx.h 2015-11-09 23:37:56.000000000 +0100 ++++ backports-4.2.6-1/drivers/net/usb/smsc95xx.h 2016-06-28 14:35:18.011973884 +0200 @@ -0,0 +1,290 @@ + /*************************************************************************** + * @@ -26784,7 +26793,7 @@ diff -Naur backports-4.2.6-1.org/drivers/net/usb/smsc95xx.h backports-4.2.6-1/dr +#endif /* _SMSC95XX_H */ diff -Naur backports-4.2.6-1.org/drivers/net/usb/sr9700.c backports-4.2.6-1/drivers/net/usb/sr9700.c --- backports-4.2.6-1.org/drivers/net/usb/sr9700.c 1970-01-01 01:00:00.000000000 +0100 -+++ backports-4.2.6-1/drivers/net/usb/sr9700.c 2015-11-09 23:37:56.000000000 +0100 ++++ backports-4.2.6-1/drivers/net/usb/sr9700.c 2016-06-28 14:35:18.011973884 +0200 @@ -0,0 +1,559 @@ +/* + * CoreChip-sz SR9700 one chip USB 1.1 Ethernet Devices @@ -27347,7 +27356,7 @@ diff -Naur backports-4.2.6-1.org/drivers/net/usb/sr9700.c backports-4.2.6-1/driv +MODULE_LICENSE("GPL"); diff -Naur backports-4.2.6-1.org/drivers/net/usb/sr9700.h backports-4.2.6-1/drivers/net/usb/sr9700.h --- backports-4.2.6-1.org/drivers/net/usb/sr9700.h 1970-01-01 01:00:00.000000000 +0100 -+++ backports-4.2.6-1/drivers/net/usb/sr9700.h 2015-11-09 23:37:56.000000000 +0100 ++++ backports-4.2.6-1/drivers/net/usb/sr9700.h 2016-06-28 14:35:18.011973884 +0200 @@ -0,0 +1,173 @@ +/* + * CoreChip-sz SR9700 one chip USB 1.1 Ethernet Devices @@ -27524,7 +27533,7 @@ diff -Naur backports-4.2.6-1.org/drivers/net/usb/sr9700.h backports-4.2.6-1/driv +#endif /* _SR9700_H */ diff -Naur backports-4.2.6-1.org/drivers/net/usb/sr9800.c backports-4.2.6-1/drivers/net/usb/sr9800.c --- backports-4.2.6-1.org/drivers/net/usb/sr9800.c 1970-01-01 01:00:00.000000000 +0100 -+++ backports-4.2.6-1/drivers/net/usb/sr9800.c 2015-11-09 23:37:56.000000000 +0100 ++++ backports-4.2.6-1/drivers/net/usb/sr9800.c 2016-06-28 14:35:18.015307217 +0200 @@ -0,0 +1,875 @@ +/* CoreChip-sz SR9800 one chip USB 2.0 Ethernet Devices + * @@ -28403,7 +28412,7 @@ diff -Naur backports-4.2.6-1.org/drivers/net/usb/sr9800.c backports-4.2.6-1/driv +MODULE_LICENSE("GPL"); diff -Naur backports-4.2.6-1.org/drivers/net/usb/sr9800.h backports-4.2.6-1/drivers/net/usb/sr9800.h --- backports-4.2.6-1.org/drivers/net/usb/sr9800.h 1970-01-01 01:00:00.000000000 +0100 -+++ backports-4.2.6-1/drivers/net/usb/sr9800.h 2015-11-09 23:37:56.000000000 +0100 ++++ backports-4.2.6-1/drivers/net/usb/sr9800.h 2016-06-28 14:35:18.015307217 +0200 @@ -0,0 +1,202 @@ +/* CoreChip-sz SR9800 one chip USB 2.0 Ethernet Devices + * @@ -28609,7 +28618,7 @@ diff -Naur backports-4.2.6-1.org/drivers/net/usb/sr9800.h backports-4.2.6-1/driv +#endif /* _SR9800_H */ diff -Naur backports-4.2.6-1.org/drivers/net/usb/zaurus.c backports-4.2.6-1/drivers/net/usb/zaurus.c --- backports-4.2.6-1.org/drivers/net/usb/zaurus.c 1970-01-01 01:00:00.000000000 +0100 -+++ backports-4.2.6-1/drivers/net/usb/zaurus.c 2015-11-09 23:37:56.000000000 +0100 ++++ backports-4.2.6-1/drivers/net/usb/zaurus.c 2016-06-28 14:35:18.015307217 +0200 @@ -0,0 +1,385 @@ +/* + * Copyright (C) 2002 Pavel Machek pavel@ucw.cz diff --git a/src/patches/backports/backports-linux-upstream-1.patch b/src/patches/backports/backports-linux-upstream-1.patch new file mode 100644 index 0000000..c956aeb --- /dev/null +++ b/src/patches/backports/backports-linux-upstream-1.patch @@ -0,0 +1,60 @@ +From 5bb6f6e1d44aa91323857715dfddb63337f8307b Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Bj=C3=B8rn=20Mork?= bjorn@mork.no +Date: Sun, 3 Jul 2016 22:24:50 +0200 +Subject: cdc_ncm: workaround for EM7455 "silent" data interface +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +[ Upstream commit c086e7096170390594c425114d98172bc9aceb8a ] + +Several Lenovo users have reported problems with their Sierra +Wireless EM7455 modem. The driver has loaded successfully and +the MBIM management channel has appeared to work, including +establishing a connection to the mobile network. But no frames +have been received over the data interface. + +The problem affects all EM7455 and MC7455, and is assumed to +affect other modems based on the same Qualcomm chipset and +baseband firmware. + +Testing narrowed the problem down to what seems to be a +firmware timing bug during initialization. Adding a short sleep +while probing is sufficient to make the problem disappear. +Experiments have shown that 1-2 ms is too little to have any +effect, while 10-20 ms is enough to reliably succeed. + +Reported-by: Stefan Armbruster ml001@armbruster-it.de +Reported-by: Ralph Plawetzki ralph@purejava.org +Reported-by: Andreas Fett andreas.fett@secunet.com +Reported-by: Rasmus Lerdorf rasmus@lerdorf.com +Reported-by: Samo Ratnik samo.ratnik@gmail.com +Reported-and-tested-by: Aleksander Morgado aleksander@aleksander.es +Signed-off-by: Bjørn Mork bjorn@mork.no +Signed-off-by: David S. Miller davem@davemloft.net +Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org +--- + drivers/net/usb/cdc_ncm.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/drivers/net/usb/cdc_ncm.c b/drivers/net/usb/cdc_ncm.c +index c663722..584504e 100644 +--- a/drivers/net/usb/cdc_ncm.c ++++ b/drivers/net/usb/cdc_ncm.c +@@ -438,6 +438,13 @@ advance: + if (cdc_ncm_setup(dev)) + goto error2; + ++ /* Some firmwares need a pause here or they will silently fail ++ * to set up the interface properly. This value was decided ++ * empirically on a Sierra Wireless MC7455 running 02.08.02.00 ++ * firmware. ++ */ ++ usleep_range(10000, 20000); ++ + /* configure data interface */ + temp = usb_set_interface(dev->udev, iface_no, data_altsetting); + if (temp) { +-- +cgit v0.12 + diff --git a/src/patches/backports/backports-linux-upstream-2.patch b/src/patches/backports/backports-linux-upstream-2.patch new file mode 100644 index 0000000..4cefcc7 --- /dev/null +++ b/src/patches/backports/backports-linux-upstream-2.patch @@ -0,0 +1,43 @@ +From d6b8a68ac7b6d2e241f8d34b769c98a1793d9124 Mon Sep 17 00:00:00 2001 +From: Ben Hutchings ben@decadent.org.uk +Date: Wed, 20 Apr 2016 23:23:08 +0100 +Subject: atl2: Disable unimplemented scatter/gather feature + +[ Upstream commit f43bfaeddc79effbf3d0fcb53ca477cca66f3db8 ] + +atl2 includes NETIF_F_SG in hw_features even though it has no support +for non-linear skbs. This bug was originally harmless since the +driver does not claim to implement checksum offload and that used to +be a requirement for SG. + +Now that SG and checksum offload are independent features, if you +explicitly enable SG *and* use one of the rare protocols that can use +SG without checkusm offload, this potentially leaks sensitive +information (before you notice that it just isn't working). Therefore +this obscure bug has been designated CVE-2016-2117. + +Reported-by: Justin Yackoski jyackoski@crypto-nite.com +Signed-off-by: Ben Hutchings ben@decadent.org.uk +Fixes: ec5f06156423 ("net: Kill link between CSUM and SG features.") +Signed-off-by: David S. Miller davem@davemloft.net +Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org +--- + drivers/net/ethernet/atheros/atlx/atl2.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/net/ethernet/atheros/atlx/atl2.c b/drivers/net/ethernet/atheros/atlx/atl2.c +index 265ce1b..96fe542 100644 +--- a/drivers/net/ethernet/atheros/atlx/atl2.c ++++ b/drivers/net/ethernet/atheros/atlx/atl2.c +@@ -1413,7 +1413,7 @@ static int atl2_probe(struct pci_dev *pdev, const struct pci_device_id *ent) + + err = -EIO; + +- netdev->hw_features = NETIF_F_SG | NETIF_F_HW_VLAN_CTAG_RX; ++ netdev->hw_features = NETIF_F_HW_VLAN_CTAG_RX; + netdev->features |= (NETIF_F_HW_VLAN_CTAG_TX | NETIF_F_HW_VLAN_CTAG_RX); + + /* Init PHY as early as possible due to power saving issue */ +-- +cgit v0.12 + diff --git a/src/patches/backports/backports-linux-upstream-3.patch b/src/patches/backports/backports-linux-upstream-3.patch new file mode 100644 index 0000000..deb4a4c --- /dev/null +++ b/src/patches/backports/backports-linux-upstream-3.patch @@ -0,0 +1,53 @@ +From fc70a4a5cb616bf390cee03390265045de5cf06a Mon Sep 17 00:00:00 2001 +From: Feng Tang feng.tang@intel.com +Date: Fri, 24 Jun 2016 15:26:05 +0800 +Subject: net: alx: Work around the DMA RX overflow issue + +[ Upstream commit 881d0327db37ad917a367c77aff1afa1ee41e0a9 ] + +Note: This is a verified backported patch for stable 4.4 kernel, and it +could also be applied to 4.3/4.2/4.1/3.18/3.16 + +There is a problem with alx devices, that the network link will be +lost in 1-5 minutes after the device is up. + +>From debugging without datasheet, we found the error always +happen when the DMA RX address is set to 0x....fc0, which is very +likely to be a HW/silicon problem. + +This patch will apply rx skb with 64 bytes longer space, and if the +allocated skb has a 0x...fc0 address, it will use skb_resever(skb, 64) +to advance the address, so that the RX overflow can be avoided. + +Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=70761 +Signed-off-by: Feng Tang feng.tang@intel.com +Suggested-by: Eric Dumazet edumazet@google.com +Tested-by: Ole Lukoie olelukoie@mail.ru +Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org +--- + drivers/net/ethernet/atheros/alx/main.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/drivers/net/ethernet/atheros/alx/main.c b/drivers/net/ethernet/atheros/alx/main.c +index 3e1d7d2..7585960 100644 +--- a/drivers/net/ethernet/atheros/alx/main.c ++++ b/drivers/net/ethernet/atheros/alx/main.c +@@ -86,9 +86,14 @@ static int alx_refill_rx_ring(struct alx_priv *alx, gfp_t gfp) + while (!cur_buf->skb && next != rxq->read_idx) { + struct alx_rfd *rfd = &rxq->rfd[cur]; + +- skb = __netdev_alloc_skb(alx->dev, alx->rxbuf_size, gfp); ++ skb = __netdev_alloc_skb(alx->dev, alx->rxbuf_size + 64, gfp); + if (!skb) + break; ++ ++ /* Workround for the HW RX DMA overflow issue */ ++ if (((unsigned long)skb->data & 0xfff) == 0xfc0) ++ skb_reserve(skb, 64); ++ + dma = dma_map_single(&alx->hw.pdev->dev, + skb->data, alx->rxbuf_size, + DMA_FROM_DEVICE); +-- +cgit v0.12 + diff --git a/src/patches/dnsmasq-Add-support-to-read-ISC-DHCP-lease-file.patch b/src/patches/dnsmasq-Add-support-to-read-ISC-DHCP-lease-file.patch index 25feb8d..97b7749 100644 --- a/src/patches/dnsmasq-Add-support-to-read-ISC-DHCP-lease-file.patch +++ b/src/patches/dnsmasq-Add-support-to-read-ISC-DHCP-lease-file.patch @@ -42,7 +42,7 @@
--- a/src/dnsmasq.c Thu Jul 30 20:59:06 2015 +++ b/src/dnsmasq.c Wed Dec 16 19:38:32 2015 -@@ -1016,6 +1016,11 @@ +@@ -1017,6 +1017,11 @@
poll_resolv(0, daemon->last_resolv != 0, now); daemon->last_resolv = now; @@ -56,7 +56,7 @@
--- a/src/dnsmasq.h Wed Dec 16 19:24:12 2015 +++ b/src/dnsmasq.h Wed Dec 16 19:40:11 2015 -@@ -1514,6 +1514,11 @@ +@@ -1516,6 +1516,11 @@ void poll_listen(int fd, short event); int do_poll(int timeout);
@@ -341,7 +341,7 @@ +#endif --- a/src/option.c Wed Dec 16 19:24:12 2015 +++ b/src/option.c Wed Dec 16 19:42:48 2015 -@@ -1770,7 +1770,7 @@ +@@ -1771,7 +1771,7 @@ ret_err(_("bad MX target")); break;
diff --git a/src/patches/dnsmasq/001-Calculate_length_of_TFTP_error_reply_correctly.patch b/src/patches/dnsmasq/001-Calculate_length_of_TFTP_error_reply_correctly.patch new file mode 100644 index 0000000..43ac068 --- /dev/null +++ b/src/patches/dnsmasq/001-Calculate_length_of_TFTP_error_reply_correctly.patch @@ -0,0 +1,65 @@ +From 294d36df4749e01199ab220d44c170e7db2b0c05 Mon Sep 17 00:00:00 2001 +From: Simon Kelley simon@thekelleys.org.uk +Date: Wed, 6 Jul 2016 21:30:25 +0100 +Subject: [PATCH] Calculate length of TFTP error reply correctly. + +--- + CHANGELOG | 14 ++++++++++++++ + src/tftp.c | 7 +++++-- + 2 files changed, 19 insertions(+), 2 deletions(-) + +diff --git a/CHANGELOG b/CHANGELOG +index 04ff3f0..0559a6f 100644 +--- a/CHANGELOG ++++ b/CHANGELOG +@@ -1,3 +1,17 @@ ++version 2.77 ++ Calculate the length of TFTP error reply packet ++ correctly. This fixes a problem when the error ++ message in a TFTP packet exceeds the arbitrary ++ limit of 500 characters. The message was correctly ++ truncated, but not the packet length, so ++ extra data was appended. This is a possible ++ security risk, since the extra data comes from ++ a buffer which is also used for DNS, so that ++ previous DNS queries or replies may be leaked. ++ Thanks to Mozilla for funding the security audit ++ which spotted this bug. ++ ++ + version 2.76 + Include 0.0.0.0/8 in DNS rebind checks. This range + translates to hosts on the local network, or, at +diff --git a/src/tftp.c b/src/tftp.c +index 5e4a32a..3e1b5c5 100644 +--- a/src/tftp.c ++++ b/src/tftp.c +@@ -652,20 +652,23 @@ static void sanitise(char *buf) + + } + ++#define MAXMESSAGE 500 /* limit to make packet < 512 bytes and definitely smaller than buffer */ + static ssize_t tftp_err(int err, char *packet, char *message, char *file) + { + struct errmess { + unsigned short op, err; + char message[]; + } *mess = (struct errmess *)packet; +- ssize_t ret = 4; ++ ssize_t len, ret = 4; + char *errstr = strerror(errno); + + sanitise(file); + + mess->op = htons(OP_ERR); + mess->err = htons(err); +- ret += (snprintf(mess->message, 500, message, file, errstr) + 1); ++ len = snprintf(mess->message, MAXMESSAGE, message, file, errstr); ++ ret += (len < MAXMESSAGE) ? len + 1 : MAXMESSAGE; /* include terminating zero */ ++ + my_syslog(MS_TFTP | LOG_ERR, "%s", mess->message); + + return ret; +-- +1.7.10.4 + diff --git a/src/patches/dnsmasq/002-Zero_newly_malloc_ed_memory.patch b/src/patches/dnsmasq/002-Zero_newly_malloc_ed_memory.patch new file mode 100644 index 0000000..b748db8 --- /dev/null +++ b/src/patches/dnsmasq/002-Zero_newly_malloc_ed_memory.patch @@ -0,0 +1,36 @@ +From d55f81f5fd53b1dfc2c4b3249b542f2d9679e236 Mon Sep 17 00:00:00 2001 +From: Simon Kelley simon@thekelleys.org.uk +Date: Wed, 6 Jul 2016 21:33:56 +0100 +Subject: [PATCH] Zero newly malloc'ed memory. + +--- + src/util.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/src/util.c b/src/util.c +index 93b24f5..82443c9 100644 +--- a/src/util.c ++++ b/src/util.c +@@ -248,6 +248,8 @@ void *safe_malloc(size_t size) + + if (!ret) + die(_("could not get memory"), NULL, EC_NOMEM); ++ else ++ memset(ret, 0, size); + + return ret; + } +@@ -266,7 +268,9 @@ void *whine_malloc(size_t size) + + if (!ret) + my_syslog(LOG_ERR, _("failed to allocate %d bytes"), (int) size); +- ++ else ++ memset(ret, 0, size); ++ + return ret; + } + +-- +1.7.10.4 + diff --git a/src/patches/dnsmasq/003-Check_return_of_expand_always.patch b/src/patches/dnsmasq/003-Check_return_of_expand_always.patch new file mode 100644 index 0000000..a69f4ce --- /dev/null +++ b/src/patches/dnsmasq/003-Check_return_of_expand_always.patch @@ -0,0 +1,44 @@ +From ce7845bf5429bd2962c9b2e7d75e2659f3b5c1a8 Mon Sep 17 00:00:00 2001 +From: Simon Kelley simon@thekelleys.org.uk +Date: Wed, 6 Jul 2016 21:42:27 +0100 +Subject: [PATCH] Check return of expand() always. + +--- + src/radv.c | 4 +++- + src/slaac.c | 5 ++++- + 2 files changed, 7 insertions(+), 2 deletions(-) + +diff --git a/src/radv.c b/src/radv.c +index 749b666..faa0f6d 100644 +--- a/src/radv.c ++++ b/src/radv.c +@@ -262,7 +262,9 @@ static void send_ra_alias(time_t now, int iface, char *iface_name, struct in6_ad + parm.prio = calc_prio(ra_param); + + save_counter(0); +- ra = expand(sizeof(struct ra_packet)); ++ ++ if (!(ra = expand(sizeof(struct ra_packet)))) ++ return; + + ra->type = ND_ROUTER_ADVERT; + ra->code = 0; +diff --git a/src/slaac.c b/src/slaac.c +index 8034805..07b8ba4 100644 +--- a/src/slaac.c ++++ b/src/slaac.c +@@ -147,7 +147,10 @@ time_t periodic_slaac(time_t now, struct dhcp_lease *leases) + struct sockaddr_in6 addr; + + save_counter(0); +- ping = expand(sizeof(struct ping_packet)); ++ ++ if (!(ping = expand(sizeof(struct ping_packet)))) ++ continue; ++ + ping->type = ICMP6_ECHO_REQUEST; + ping->code = 0; + ping->identifier = ping_id; +-- +1.7.10.4 + diff --git a/src/patches/dnsmasq/004-Fix_editing_error_on_man_page.patch b/src/patches/dnsmasq/004-Fix_editing_error_on_man_page.patch new file mode 100644 index 0000000..f4d0d20 --- /dev/null +++ b/src/patches/dnsmasq/004-Fix_editing_error_on_man_page.patch @@ -0,0 +1,40 @@ +From 5874f3e9222397d82aabd9884d9bf5ce7e4109b0 Mon Sep 17 00:00:00 2001 +From: Simon Kelley simon@thekelleys.org.uk +Date: Sun, 10 Jul 2016 22:12:08 +0100 +Subject: [PATCH] Fix editing error on man page. + +Thanks to Eric Westbrook for spotting this. +--- + man/dnsmasq.8 | 9 ++++----- + 1 file changed, 4 insertions(+), 5 deletions(-) + +diff --git a/man/dnsmasq.8 b/man/dnsmasq.8 +index 0521534..bd8c0b3 100644 +--- a/man/dnsmasq.8 ++++ b/man/dnsmasq.8 +@@ -1037,6 +1037,10 @@ is given, then read all the files contained in that directory. The advantage of + using this option is the same as for --dhcp-hostsfile: the + dhcp-optsfile will be re-read when dnsmasq receives SIGHUP. Note that + it is possible to encode the information in a ++.B --dhcp-boot ++flag as DHCP options, using the options names bootfile-name, ++server-ip-address and tftp-server. This allows these to be included ++in a dhcp-optsfile. + .TP + .B --dhcp-hostsdir=<path> + This is equivalent to dhcp-hostsfile, except for the following. The path MUST be a +@@ -1048,11 +1052,6 @@ is restarted; ie host records are only added dynamically. + .TP + .B --dhcp-optsdir=<path> + This is equivalent to dhcp-optsfile, with the differences noted for --dhcp-hostsdir. +-.TP +-.B --dhcp-boot +-flag as DHCP options, using the options names bootfile-name, +-server-ip-address and tftp-server. This allows these to be included +-in a dhcp-optsfile. + .TP + .B -Z, --read-ethers + Read /etc/ethers for information about hosts for the DHCP server. The +-- +1.7.10.4 + diff --git a/src/patches/dnsmasq/005-Manpage_typo.patch b/src/patches/dnsmasq/005-Manpage_typo.patch new file mode 100644 index 0000000..52f16de --- /dev/null +++ b/src/patches/dnsmasq/005-Manpage_typo.patch @@ -0,0 +1,25 @@ +From 907efeb2dc712603271093bce8a93c7c3e6fe64d Mon Sep 17 00:00:00 2001 +From: Kristjan Onu jeixav@gmail.com +Date: Sun, 10 Jul 2016 22:37:57 +0100 +Subject: [PATCH] Manpage typo. + +--- + man/dnsmasq.8 | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/man/dnsmasq.8 b/man/dnsmasq.8 +index bd8c0b3..ac8d921 100644 +--- a/man/dnsmasq.8 ++++ b/man/dnsmasq.8 +@@ -242,7 +242,7 @@ addresses associated with the interface. + .B --local-service + Accept DNS queries only from hosts whose address is on a local subnet, + ie a subnet for which an interface exists on the server. This option +-only has effect is there are no --interface --except-interface, ++only has effect if there are no --interface --except-interface, + --listen-address or --auth-server options. It is intended to be set as + a default on installation, to allow unconfigured installations to be + useful but also safe from being used for DNS amplification attacks. +-- +1.7.10.4 + diff --git a/src/patches/dnsmasq/006-Fix_bad_behaviour_with_some_DHCP_option_arrangements.patch b/src/patches/dnsmasq/006-Fix_bad_behaviour_with_some_DHCP_option_arrangements.patch new file mode 100644 index 0000000..ec17115 --- /dev/null +++ b/src/patches/dnsmasq/006-Fix_bad_behaviour_with_some_DHCP_option_arrangements.patch @@ -0,0 +1,49 @@ +From 591ed1e90503817938ccf5f127e677a8dd48b6d8 Mon Sep 17 00:00:00 2001 +From: Simon Kelley simon@thekelleys.org.uk +Date: Mon, 11 Jul 2016 18:18:42 +0100 +Subject: [PATCH] Fix bad behaviour with some DHCP option arrangements. + +The check that there's enough space to store the DHCP agent-id +at the end of the packet could succeed when it should fail +if the END option is in either of the oprion-overload areas. +That could overwrite legit options in the request and cause +bad behaviour. It's highly unlikely that any sane DHCP client +would trigger this bug, and it's never been seen, but this +fixes the problem. + +Also fix off-by-one in bounds checking of option processing. +Worst case scenario on that is a read one byte beyond the +end off a buffer with a crafted packet, and maybe therefore +a SIGV crash if the memory after the buffer is not mapped. + +Thanks to Timothy Becker for spotting these. +--- + src/rfc2131.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/src/rfc2131.c b/src/rfc2131.c +index b7c167e..8b99d4b 100644 +--- a/src/rfc2131.c ++++ b/src/rfc2131.c +@@ -186,7 +186,8 @@ size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index, + be enough free space at the end of the packet to copy the option. */ + unsigned char *sopt; + unsigned int total = option_len(opt) + 2; +- unsigned char *last_opt = option_find(mess, sz, OPTION_END, 0); ++ unsigned char *last_opt = option_find1(&mess->options[0] + sizeof(u32), ((unsigned char *)mess) + sz, ++ OPTION_END, 0); + if (last_opt && last_opt < end - total) + { + end -= total; +@@ -1606,7 +1607,7 @@ static unsigned char *option_find1(unsigned char *p, unsigned char *end, int opt + { + while (1) + { +- if (p > end) ++ if (p >= end) + return NULL; + else if (*p == OPTION_END) + return opt == OPTION_END ? p : NULL; +-- +1.7.10.4 + diff --git a/src/patches/dnsmasq/007-Fix_logic_error_in_Linux_netlink_code.patch b/src/patches/dnsmasq/007-Fix_logic_error_in_Linux_netlink_code.patch new file mode 100644 index 0000000..6a79eac --- /dev/null +++ b/src/patches/dnsmasq/007-Fix_logic_error_in_Linux_netlink_code.patch @@ -0,0 +1,55 @@ +From 1d07667ac77c55b9de56b1b2c385167e0e0ec27a Mon Sep 17 00:00:00 2001 +From: Ivan Kokshaysky ink@jurassic.park.msu.ru +Date: Mon, 11 Jul 2016 18:36:05 +0100 +Subject: [PATCH] Fix logic error in Linux netlink code. + +This could cause dnsmasq to enter a tight loop on systems +with a very large number of network interfaces. +--- + CHANGELOG | 6 ++++++ + src/netlink.c | 8 +++++++- + 2 files changed, 13 insertions(+), 1 deletion(-) + +diff --git a/CHANGELOG b/CHANGELOG +index 0559a6f..59c9c49 100644 +--- a/CHANGELOG ++++ b/CHANGELOG +@@ -11,6 +11,12 @@ version 2.77 + Thanks to Mozilla for funding the security audit + which spotted this bug. + ++ Fix logic error in Linux netlink code. This could ++ cause dnsmasq to enter a tight loop on systems ++ with a very large number of network interfaces. ++ Thanks to Ivan Kokshaysky for the diagnosis and ++ patch. ++ + + version 2.76 + Include 0.0.0.0/8 in DNS rebind checks. This range +diff --git a/src/netlink.c b/src/netlink.c +index 049247b..8cd51af 100644 +--- a/src/netlink.c ++++ b/src/netlink.c +@@ -188,11 +188,17 @@ int iface_enumerate(int family, void *parm, int (*callback)()) + } + + for (h = (struct nlmsghdr *)iov.iov_base; NLMSG_OK(h, (size_t)len); h = NLMSG_NEXT(h, len)) +- if (h->nlmsg_seq != seq || h->nlmsg_pid != netlink_pid || h->nlmsg_type == NLMSG_ERROR) ++ if (h->nlmsg_pid != netlink_pid || h->nlmsg_type == NLMSG_ERROR) + { + /* May be multicast arriving async */ + nl_async(h); + } ++ else if (h->nlmsg_seq != seq) ++ { ++ /* May be part of incomplete response to previous request after ++ ENOBUFS. Drop it. */ ++ continue; ++ } + else if (h->nlmsg_type == NLMSG_DONE) + return callback_ok; + else if (h->nlmsg_type == RTM_NEWADDR && family != AF_UNSPEC && family != AF_LOCAL) +-- +1.7.10.4 + diff --git a/src/patches/dnsmasq/008-Fix_problem_with_--dnssec-timestamp.patch b/src/patches/dnsmasq/008-Fix_problem_with_--dnssec-timestamp.patch new file mode 100644 index 0000000..b32d17a --- /dev/null +++ b/src/patches/dnsmasq/008-Fix_problem_with_--dnssec-timestamp.patch @@ -0,0 +1,93 @@ +From 06093a9a845bb597005d892d5d1bc7859933ada4 Mon Sep 17 00:00:00 2001 +From: Kevin Darbyshire-Bryant kevin@darbyshire-bryant.me.uk +Date: Mon, 11 Jul 2016 21:03:27 +0100 +Subject: [PATCH] Fix problem with --dnssec-timestamp whereby receipt of + SIGHUP would erroneously engage timestamp checking. + +--- + CHANGELOG | 4 ++++ + src/dnsmasq.c | 7 ++++--- + src/dnsmasq.h | 1 + + src/dnssec.c | 5 +++-- + 4 files changed, 12 insertions(+), 5 deletions(-) + +diff --git a/CHANGELOG b/CHANGELOG +index 59c9c49..9f1e404 100644 +--- a/CHANGELOG ++++ b/CHANGELOG +@@ -17,6 +17,10 @@ version 2.77 + Thanks to Ivan Kokshaysky for the diagnosis and + patch. + ++ Fix problem with --dnssec-timestamp whereby receipt ++ of SIGHUP would erroneously engage timestamp checking. ++ Thanks to Kevin Darbyshire-Bryant for this work. ++ + + version 2.76 + Include 0.0.0.0/8 in DNS rebind checks. This range +diff --git a/src/dnsmasq.c b/src/dnsmasq.c +index 045ec53..a47273f 100644 +--- a/src/dnsmasq.c ++++ b/src/dnsmasq.c +@@ -750,7 +750,8 @@ int main (int argc, char **argv) + + my_syslog(LOG_INFO, _("DNSSEC validation enabled")); + +- if (option_bool(OPT_DNSSEC_TIME)) ++ daemon->dnssec_no_time_check = option_bool(OPT_DNSSEC_TIME); ++ if (option_bool(OPT_DNSSEC_TIME) && !daemon->back_to_the_future) + my_syslog(LOG_INFO, _("DNSSEC signature timestamps not checked until first cache reload")); + + if (rc == 1) +@@ -1226,10 +1227,10 @@ static void async_event(int pipe, time_t now) + { + case EVENT_RELOAD: + #ifdef HAVE_DNSSEC +- if (option_bool(OPT_DNSSEC_VALID) && option_bool(OPT_DNSSEC_TIME)) ++ if (daemon->dnssec_no_time_check && option_bool(OPT_DNSSEC_VALID) && option_bool(OPT_DNSSEC_TIME)) + { + my_syslog(LOG_INFO, _("now checking DNSSEC signature timestamps")); +- reset_option_bool(OPT_DNSSEC_TIME); ++ daemon->dnssec_no_time_check = 0; + } + #endif + /* fall through */ +diff --git a/src/dnsmasq.h b/src/dnsmasq.h +index 1896a64..be27ae0 100644 +--- a/src/dnsmasq.h ++++ b/src/dnsmasq.h +@@ -992,6 +992,7 @@ extern struct daemon { + #endif + #ifdef HAVE_DNSSEC + struct ds_config *ds; ++ int dnssec_no_time_check; + int back_to_the_future; + char *timestamp_file; + #endif +diff --git a/src/dnssec.c b/src/dnssec.c +index 3c77c7d..64358fa 100644 +--- a/src/dnssec.c ++++ b/src/dnssec.c +@@ -522,15 +522,16 @@ static int check_date_range(u32 date_start, u32 date_end) + if (utime(daemon->timestamp_file, NULL) != 0) + my_syslog(LOG_ERR, _("failed to update mtime on %s: %s"), daemon->timestamp_file, strerror(errno)); + ++ my_syslog(LOG_INFO, _("system time considered valid, now checking DNSSEC signature timestamps.")); + daemon->back_to_the_future = 1; +- set_option_bool(OPT_DNSSEC_TIME); ++ daemon->dnssec_no_time_check = 0; + queue_event(EVENT_RELOAD); /* purge cache */ + } + + if (daemon->back_to_the_future == 0) + return 1; + } +- else if (option_bool(OPT_DNSSEC_TIME)) ++ else if (daemon->dnssec_no_time_check) + return 1; + + /* We must explicitly check against wanted values, because of SERIAL_UNDEF */ +-- +1.7.10.4 + diff --git a/src/patches/dnsmasq/009-malloc_memset_calloc_for_efficiency.patch b/src/patches/dnsmasq/009-malloc_memset_calloc_for_efficiency.patch new file mode 100644 index 0000000..0300853 --- /dev/null +++ b/src/patches/dnsmasq/009-malloc_memset_calloc_for_efficiency.patch @@ -0,0 +1,46 @@ +From d6dce53e08b3a06be16d43e1bf566c6c1988e4a9 Mon Sep 17 00:00:00 2001 +From: Simon Kelley simon@thekelleys.org.uk +Date: Mon, 11 Jul 2016 21:34:31 +0100 +Subject: [PATCH] malloc(); memset() -> calloc() for efficiency. + +--- + src/util.c | 10 +++------- + 1 file changed, 3 insertions(+), 7 deletions(-) + +diff --git a/src/util.c b/src/util.c +index 82443c9..211690e 100644 +--- a/src/util.c ++++ b/src/util.c +@@ -244,13 +244,11 @@ unsigned char *do_rfc1035_name(unsigned char *p, char *sval) + /* for use during startup */ + void *safe_malloc(size_t size) + { +- void *ret = malloc(size); ++ void *ret = calloc(1, size); + + if (!ret) + die(_("could not get memory"), NULL, EC_NOMEM); +- else +- memset(ret, 0, size); +- ++ + return ret; + } + +@@ -264,12 +262,10 @@ void safe_pipe(int *fd, int read_noblock) + + void *whine_malloc(size_t size) + { +- void *ret = malloc(size); ++ void *ret = calloc(1, size); + + if (!ret) + my_syslog(LOG_ERR, _("failed to allocate %d bytes"), (int) size); +- else +- memset(ret, 0, size); + + return ret; + } +-- +1.7.10.4 + diff --git a/src/patches/dnsmasq/010-Zero_packet_buffers_before_building_output_to_reduce_risk_of_information_leakage.patch b/src/patches/dnsmasq/010-Zero_packet_buffers_before_building_output_to_reduce_risk_of_information_leakage.patch new file mode 100644 index 0000000..a8c10a4 --- /dev/null +++ b/src/patches/dnsmasq/010-Zero_packet_buffers_before_building_output_to_reduce_risk_of_information_leakage.patch @@ -0,0 +1,169 @@ +From fa78573778cb23337f67f5d0c9de723169919047 Mon Sep 17 00:00:00 2001 +From: Simon Kelley simon@thekelleys.org.uk +Date: Fri, 22 Jul 2016 20:56:01 +0100 +Subject: [PATCH] Zero packet buffers before building output, to reduce risk + of information leakage. + +--- + src/auth.c | 5 +++++ + src/dnsmasq.h | 1 + + src/outpacket.c | 10 ++++++++++ + src/radv.c | 2 +- + src/rfc1035.c | 5 +++++ + src/rfc3315.c | 6 +++--- + src/slaac.c | 2 +- + src/tftp.c | 5 ++++- + 8 files changed, 30 insertions(+), 6 deletions(-) + +diff --git a/src/auth.c b/src/auth.c +index 198572d..3c5c37f 100644 +--- a/src/auth.c ++++ b/src/auth.c +@@ -101,6 +101,11 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n + struct all_addr addr; + struct cname *a; + ++ /* Clear buffer beyond request to avoid risk of ++ information disclosure. */ ++ memset(((char *)header) + qlen, 0, ++ (limit - ((char *)header)) - qlen); ++ + if (ntohs(header->qdcount) == 0 || OPCODE(header) != QUERY ) + return 0; + +diff --git a/src/dnsmasq.h b/src/dnsmasq.h +index be27ae0..2bda5d0 100644 +--- a/src/dnsmasq.h ++++ b/src/dnsmasq.h +@@ -1471,6 +1471,7 @@ void log_relay(int family, struct dhcp_relay *relay); + /* outpacket.c */ + #ifdef HAVE_DHCP6 + void end_opt6(int container); ++void reset_counter(void); + int save_counter(int newval); + void *expand(size_t headroom); + int new_opt6(int opt); +diff --git a/src/outpacket.c b/src/outpacket.c +index a414efa..2caacd9 100644 +--- a/src/outpacket.c ++++ b/src/outpacket.c +@@ -29,9 +29,19 @@ void end_opt6(int container) + PUTSHORT(len, p); + } + ++void reset_counter(void) ++{ ++ /* Clear out buffer when starting from begining */ ++ if (daemon->outpacket.iov_base) ++ memset(daemon->outpacket.iov_base, 0, daemon->outpacket.iov_len); ++ ++ save_counter(0); ++} ++ + int save_counter(int newval) + { + int ret = outpacket_counter; ++ + if (newval != -1) + outpacket_counter = newval; + +diff --git a/src/radv.c b/src/radv.c +index faa0f6d..39c9217 100644 +--- a/src/radv.c ++++ b/src/radv.c +@@ -261,7 +261,7 @@ static void send_ra_alias(time_t now, int iface, char *iface_name, struct in6_ad + parm.adv_interval = calc_interval(ra_param); + parm.prio = calc_prio(ra_param); + +- save_counter(0); ++ reset_counter(); + + if (!(ra = expand(sizeof(struct ra_packet)))) + return; +diff --git a/src/rfc1035.c b/src/rfc1035.c +index 24d08c1..9e730a9 100644 +--- a/src/rfc1035.c ++++ b/src/rfc1035.c +@@ -1209,6 +1209,11 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen, + int nxdomain = 0, auth = 1, trunc = 0, sec_data = 1; + struct mx_srv_record *rec; + size_t len; ++ ++ /* Clear buffer beyond request to avoid risk of ++ information disclosure. */ ++ memset(((char *)header) + qlen, 0, ++ (limit - ((char *)header)) - qlen); + + if (ntohs(header->ancount) != 0 || + ntohs(header->nscount) != 0 || +diff --git a/src/rfc3315.c b/src/rfc3315.c +index 3f4d69c..e1271a1 100644 +--- a/src/rfc3315.c ++++ b/src/rfc3315.c +@@ -89,7 +89,7 @@ unsigned short dhcp6_reply(struct dhcp_context *context, int interface, char *if + for (vendor = daemon->dhcp_vendors; vendor; vendor = vendor->next) + vendor->netid.next = &vendor->netid; + +- save_counter(0); ++ reset_counter(); + state.context = context; + state.interface = interface; + state.iface_name = iface_name; +@@ -2084,7 +2084,7 @@ void relay_upstream6(struct dhcp_relay *relay, ssize_t sz, + if (hopcount > 32) + return; + +- save_counter(0); ++ reset_counter(); + + if ((header = put_opt6(NULL, 34))) + { +@@ -2161,7 +2161,7 @@ unsigned short relay_reply6(struct sockaddr_in6 *peer, ssize_t sz, char *arrival + (!relay->interface || wildcard_match(relay->interface, arrival_interface))) + break; + +- save_counter(0); ++ reset_counter(); + + if (relay) + { +diff --git a/src/slaac.c b/src/slaac.c +index 07b8ba4..bd6c9b4 100644 +--- a/src/slaac.c ++++ b/src/slaac.c +@@ -146,7 +146,7 @@ time_t periodic_slaac(time_t now, struct dhcp_lease *leases) + struct ping_packet *ping; + struct sockaddr_in6 addr; + +- save_counter(0); ++ reset_counter(); + + if (!(ping = expand(sizeof(struct ping_packet)))) + continue; +diff --git a/src/tftp.c b/src/tftp.c +index 3e1b5c5..618c406 100644 +--- a/src/tftp.c ++++ b/src/tftp.c +@@ -662,8 +662,9 @@ static ssize_t tftp_err(int err, char *packet, char *message, char *file) + ssize_t len, ret = 4; + char *errstr = strerror(errno); + ++ memset(packet, 0, daemon->packet_buff_sz); + sanitise(file); +- ++ + mess->op = htons(OP_ERR); + mess->err = htons(err); + len = snprintf(mess->message, MAXMESSAGE, message, file, errstr); +@@ -684,6 +685,8 @@ static ssize_t tftp_err_oops(char *packet, char *file) + /* return -1 for error, zero for done. */ + static ssize_t get_block(char *packet, struct tftp_transfer *transfer) + { ++ memset(packet, 0, daemon->packet_buff_sz); ++ + if (transfer->block == 0) + { + /* send OACK */ +-- +1.7.10.4 + diff --git a/src/patches/dnsmasq/011-Dont_reset_packet_length_on_transmission_in_case_of_retransmission.patch b/src/patches/dnsmasq/011-Dont_reset_packet_length_on_transmission_in_case_of_retransmission.patch new file mode 100644 index 0000000..ab8ba28 --- /dev/null +++ b/src/patches/dnsmasq/011-Dont_reset_packet_length_on_transmission_in_case_of_retransmission.patch @@ -0,0 +1,54 @@ +From 6b1c464d6de3d7d2afc9b53afe78cda6d6e3316f Mon Sep 17 00:00:00 2001 +From: Simon Kelley simon@thekelleys.org.uk +Date: Fri, 22 Jul 2016 20:59:16 +0100 +Subject: [PATCH] Don't reset packet length on transmission, in case of + retransmission. + +--- + src/radv.c | 2 +- + src/rfc3315.c | 2 +- + src/slaac.c | 2 +- + 3 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/radv.c b/src/radv.c +index 39c9217..ffc37f2 100644 +--- a/src/radv.c ++++ b/src/radv.c +@@ -528,7 +528,7 @@ static void send_ra_alias(time_t now, int iface, char *iface_name, struct in6_ad + } + + while (retry_send(sendto(daemon->icmp6fd, daemon->outpacket.iov_base, +- save_counter(0), 0, (struct sockaddr *)&addr, ++ save_counter(-1), 0, (struct sockaddr *)&addr, + sizeof(addr)))); + + } +diff --git a/src/rfc3315.c b/src/rfc3315.c +index e1271a1..c7bf46f 100644 +--- a/src/rfc3315.c ++++ b/src/rfc3315.c +@@ -2127,7 +2127,7 @@ void relay_upstream6(struct dhcp_relay *relay, ssize_t sz, + my_syslog(MS_DHCP | LOG_ERR, _("Cannot multicast to DHCPv6 server without correct interface")); + } + +- send_from(daemon->dhcp6fd, 0, daemon->outpacket.iov_base, save_counter(0), &to, &from, 0); ++ send_from(daemon->dhcp6fd, 0, daemon->outpacket.iov_base, save_counter(-1), &to, &from, 0); + + if (option_bool(OPT_LOG_OPTS)) + { +diff --git a/src/slaac.c b/src/slaac.c +index bd6c9b4..7ecf127 100644 +--- a/src/slaac.c ++++ b/src/slaac.c +@@ -164,7 +164,7 @@ time_t periodic_slaac(time_t now, struct dhcp_lease *leases) + addr.sin6_port = htons(IPPROTO_ICMPV6); + addr.sin6_addr = slaac->addr; + +- if (sendto(daemon->icmp6fd, daemon->outpacket.iov_base, save_counter(0), 0, ++ if (sendto(daemon->icmp6fd, daemon->outpacket.iov_base, save_counter(-1), 0, + (struct sockaddr *)&addr, sizeof(addr)) == -1 && + errno == EHOSTUNREACH) + slaac->ping_time = 0; /* Give up */ +-- +1.7.10.4 + diff --git a/src/patches/dnsmasq/012-Compile-time_check_on_buffer_sizes_for_leasefile_parsing_code.patch b/src/patches/dnsmasq/012-Compile-time_check_on_buffer_sizes_for_leasefile_parsing_code.patch new file mode 100644 index 0000000..c71f470 --- /dev/null +++ b/src/patches/dnsmasq/012-Compile-time_check_on_buffer_sizes_for_leasefile_parsing_code.patch @@ -0,0 +1,103 @@ +From bf4e62c19e619f7edf8d03d58d33a5752f190bfd Mon Sep 17 00:00:00 2001 +From: Simon Kelley simon@thekelleys.org.uk +Date: Fri, 22 Jul 2016 21:37:59 +0100 +Subject: [PATCH] Compile-time check on buffer sizes for leasefile parsing + code. + +--- + src/dhcp-common.c | 16 ++++++++-------- + src/dhcp-protocol.h | 4 ++++ + src/lease.c | 9 ++++++++- + src/rfc3315.c | 2 +- + 4 files changed, 21 insertions(+), 10 deletions(-) + +diff --git a/src/dhcp-common.c b/src/dhcp-common.c +index 08528e8..ecc752b 100644 +--- a/src/dhcp-common.c ++++ b/src/dhcp-common.c +@@ -20,11 +20,11 @@ + + void dhcp_common_init(void) + { +- /* These each hold a DHCP option max size 255 +- and get a terminating zero added */ +- daemon->dhcp_buff = safe_malloc(256); +- daemon->dhcp_buff2 = safe_malloc(256); +- daemon->dhcp_buff3 = safe_malloc(256); ++ /* These each hold a DHCP option max size 255 ++ and get a terminating zero added */ ++ daemon->dhcp_buff = safe_malloc(DHCP_BUFF_SZ); ++ daemon->dhcp_buff2 = safe_malloc(DHCP_BUFF_SZ); ++ daemon->dhcp_buff3 = safe_malloc(DHCP_BUFF_SZ); + + /* dhcp_packet is used by v4 and v6, outpacket only by v6 + sizeof(struct dhcp_packet) is as good an initial size as any, +@@ -855,14 +855,14 @@ void log_context(int family, struct dhcp_context *context) + if (context->flags & CONTEXT_RA_STATELESS) + { + if (context->flags & CONTEXT_TEMPLATE) +- strncpy(daemon->dhcp_buff, context->template_interface, 256); ++ strncpy(daemon->dhcp_buff, context->template_interface, DHCP_BUFF_SZ); + else + strcpy(daemon->dhcp_buff, daemon->addrbuff); + } + else + #endif +- inet_ntop(family, start, daemon->dhcp_buff, 256); +- inet_ntop(family, end, daemon->dhcp_buff3, 256); ++ inet_ntop(family, start, daemon->dhcp_buff, DHCP_BUFF_SZ); ++ inet_ntop(family, end, daemon->dhcp_buff3, DHCP_BUFF_SZ); + my_syslog(MS_DHCP | LOG_INFO, + (context->flags & CONTEXT_RA_STATELESS) ? + _("%s stateless on %s%.0s%.0s%s") : +diff --git a/src/dhcp-protocol.h b/src/dhcp-protocol.h +index a31d829..0ea449b 100644 +--- a/src/dhcp-protocol.h ++++ b/src/dhcp-protocol.h +@@ -19,6 +19,10 @@ + #define DHCP_CLIENT_ALTPORT 1068 + #define PXE_PORT 4011 + ++/* These each hold a DHCP option max size 255 ++ and get a terminating zero added */ ++#define DHCP_BUFF_SZ 256 ++ + #define BOOTREQUEST 1 + #define BOOTREPLY 2 + #define DHCP_COOKIE 0x63825363 +diff --git a/src/lease.c b/src/lease.c +index 20cac90..ca62cc5 100644 +--- a/src/lease.c ++++ b/src/lease.c +@@ -65,7 +65,14 @@ void lease_init(time_t now) + } + + /* client-id max length is 255 which is 255*2 digits + 254 colons +- borrow DNS packet buffer which is always larger than 1000 bytes */ ++ borrow DNS packet buffer which is always larger than 1000 bytes ++ ++ Check various buffers are big enough for the code below */ ++ ++#if (DHCP_BUFF_SZ < 255) || (MAXDNAME < 64) || (PACKETSZ+MAXDNAME+RRFIXEDSZ < 764) ++# error Buffer size breakage in leasfile parsing. ++#endif ++ + if (leasestream) + while (fscanf(leasestream, "%255s %255s", daemon->dhcp_buff3, daemon->dhcp_buff2) == 2) + { +diff --git a/src/rfc3315.c b/src/rfc3315.c +index c7bf46f..568b0c8 100644 +--- a/src/rfc3315.c ++++ b/src/rfc3315.c +@@ -1975,7 +1975,7 @@ static void log6_packet(struct state *state, char *type, struct in6_addr *addr, + + if (addr) + { +- inet_ntop(AF_INET6, addr, daemon->dhcp_buff2, 255); ++ inet_ntop(AF_INET6, addr, daemon->dhcp_buff2, DHCP_BUFF_SZ - 1); + strcat(daemon->dhcp_buff2, " "); + } + else +-- +1.7.10.4 + diff --git a/src/patches/libvirt/0002-Change-options-in-libvirtd.conf-for-IPFire.patch b/src/patches/libvirt/0002-Change-options-in-libvirtd.conf-for-IPFire.patch new file mode 100644 index 0000000..ed685e8 --- /dev/null +++ b/src/patches/libvirt/0002-Change-options-in-libvirtd.conf-for-IPFire.patch @@ -0,0 +1,43 @@ +From 69d6e8ce6c636f78d1db0eebe7fb1cc02ae4fb9a Mon Sep 17 00:00:00 2001 +From: Jonatan Schlag jonatan.schlag@ipfire.org +Date: Mon, 6 Jun 2016 19:40:50 +0200 +Subject: [PATCH 2/2] Change options in libvirtd.conf for IPFire + +Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org +--- + daemon/libvirtd.conf | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/daemon/libvirtd.conf b/daemon/libvirtd.conf +index ac06cdd..1a41914 100644 +--- a/daemon/libvirtd.conf ++++ b/daemon/libvirtd.conf +@@ -87,14 +87,14 @@ + # without becoming root. + # + # This is restricted to 'root' by default. +-#unix_sock_group = "libvirt" ++unix_sock_group = "libvirt-remote" + + # Set the UNIX socket permissions for the R/O socket. This is used + # for monitoring VM status only + # + # Default allows any user. If setting group ownership, you may want to + # restrict this too. +-#unix_sock_ro_perms = "0777" ++unix_sock_ro_perms = "0770" + + # Set the UNIX socket permissions for the R/W socket. This is used + # for full management of VMs +@@ -104,7 +104,7 @@ + # + # If not using PolicyKit and setting group ownership for access + # control, then you may want to relax this too. +-#unix_sock_rw_perms = "0770" ++unix_sock_rw_perms = "0770" + + # Set the UNIX socket permissions for the admin interface socket. + # +-- +2.1.4 + diff --git a/src/patches/p7zip/CVE-2016-2334.patch b/src/patches/p7zip/CVE-2016-2334.patch new file mode 100644 index 0000000..1eb5163 --- /dev/null +++ b/src/patches/p7zip/CVE-2016-2334.patch @@ -0,0 +1,24 @@ +Index: p7zip_15.14.1/CPP/7zip/Archive/HfsHandler.cpp +=================================================================== +--- p7zip_15.14.1.orig/CPP/7zip/Archive/HfsHandler.cpp ++++ p7zip_15.14.1/CPP/7zip/Archive/HfsHandler.cpp +@@ -987,7 +987,9 @@ HRESULT CDatabase::LoadCatalog(const CFo + item.GroupID = Get32(r + 0x24); + item.AdminFlags = r[0x28]; + item.OwnerFlags = r[0x29]; ++ */ + item.FileMode = Get16(r + 0x2A); ++ /* + item.special.iNodeNum = Get16(r + 0x2C); // or .linkCount + item.FileType = Get32(r + 0x30); + item.FileCreator = Get32(r + 0x34); +@@ -1572,6 +1574,9 @@ HRESULT CHandler::ExtractZlibFile( + + UInt32 size = GetUi32(tableBuf + i * 8 + 4); + ++ if (size > buf.Size() || size > kCompressionBlockSize + 1) ++ return S_FALSE; ++ + RINOK(ReadStream_FALSE(inStream, buf, size)); + + if ((buf[0] & 0xF) == 0xF) diff --git a/src/patches/p7zip/CVE-2016-2335.patch b/src/patches/p7zip/CVE-2016-2335.patch new file mode 100644 index 0000000..a00d6a3 --- /dev/null +++ b/src/patches/p7zip/CVE-2016-2335.patch @@ -0,0 +1,17 @@ +Index: p7zip_15.14.1/CPP/7zip/Archive/Udf/UdfIn.cpp +=================================================================== +--- p7zip_15.14.1.orig/CPP/7zip/Archive/Udf/UdfIn.cpp ++++ p7zip_15.14.1/CPP/7zip/Archive/Udf/UdfIn.cpp +@@ -389,7 +389,11 @@ HRESULT CInArchive::ReadFileItem(int vol + return S_FALSE; + CFile &file = Files.Back(); + const CLogVol &vol = LogVols[volIndex]; +- CPartition &partition = Partitions[vol.PartitionMaps[lad.Location.PartitionRef].PartitionIndex]; ++ unsigned partitionRef = lad.Location.PartitionRef; ++ ++ if (partitionRef >= vol.PartitionMaps.Size()) ++ return S_FALSE; ++ CPartition &partition = Partitions[vol.PartitionMaps[partitionRef].PartitionIndex]; + + UInt32 key = lad.Location.Pos; + UInt32 value; diff --git a/src/patches/shadow-4.2.1-SHA512_password_hashing.patch b/src/patches/shadow-4.2.1-SHA512_password_hashing.patch new file mode 100644 index 0000000..7fc5bc9 --- /dev/null +++ b/src/patches/shadow-4.2.1-SHA512_password_hashing.patch @@ -0,0 +1,38 @@ +diff -crB shadow-4.2.1-a/etc/login.defs shadow-4.2.1-b/etc/login.defs +*** shadow-4.2.1-a/etc/login.defs 2014-05-09 10:20:28.000000000 +0000 +--- shadow-4.2.1-b/etc/login.defs 2016-03-13 10:51:09.680171239 +0000 +*************** +*** 118,124 **** + # Directory where mailboxes reside, _or_ name of file, relative to the + # home directory. If you _do_ define both, MAIL_DIR takes precedence. + # +! MAIL_DIR /var/spool/mail + #MAIL_FILE .mail + + # +--- 118,124 ---- + # Directory where mailboxes reside, _or_ name of file, relative to the + # home directory. If you _do_ define both, MAIL_DIR takes precedence. + # +! MAIL_DIR /var/mail + #MAIL_FILE .mail + + # +*************** +*** 317,323 **** + # Note: If you use PAM, it is recommended to use a value consistent with + # the PAM modules configuration. + # +! #ENCRYPT_METHOD DES + + # + # Only works if ENCRYPT_METHOD is set to SHA256 or SHA512. +--- 317,323 ---- + # Note: If you use PAM, it is recommended to use a value consistent with + # the PAM modules configuration. + # +! ENCRYPT_METHOD SHA512 + + # + # Only works if ENCRYPT_METHOD is set to SHA256 or SHA512. +Only in shadow-4.2.1-b: SHA512_password_hashing.patch diff --git a/src/patches/shadow-4.2.1-suppress_installation_of_groups.patch b/src/patches/shadow-4.2.1-suppress_installation_of_groups.patch new file mode 100644 index 0000000..f9f09c4 --- /dev/null +++ b/src/patches/shadow-4.2.1-suppress_installation_of_groups.patch @@ -0,0 +1,446 @@ +diff -crB shadow-4.2.1-a/man/cs/Makefile.in shadow-4.2.1-b/man/cs/Makefile.in +*** shadow-4.2.1-a/man/cs/Makefile.in 2014-05-09 16:49:46.000000000 +0000 +--- shadow-4.2.1-b/man/cs/Makefile.in 2016-03-13 10:47:55.924166976 +0000 +*************** +*** 300,311 **** + man8/groupadd.8 \ + man8/groupdel.8 \ + man8/groupmod.8 \ +! man1/groups.1 \ + man8/grpck.8 \ + man5/gshadow.5 \ + man8/lastlog.8 \ + man8/nologin.8 \ +! man5/passwd.5 \ + man5/shadow.5 \ + man1/su.1 \ + man8/vipw.8 +--- 300,311 ---- + man8/groupadd.8 \ + man8/groupdel.8 \ + man8/groupmod.8 \ +! man1/ \ + man8/grpck.8 \ + man5/gshadow.5 \ + man8/lastlog.8 \ + man8/nologin.8 \ +! man5/ \ + man5/shadow.5 \ + man1/su.1 \ + man8/vipw.8 +diff -crB shadow-4.2.1-a/man/da/Makefile.in shadow-4.2.1-b/man/da/Makefile.in +*** shadow-4.2.1-a/man/da/Makefile.in 2014-05-09 16:49:46.000000000 +0000 +--- shadow-4.2.1-b/man/da/Makefile.in 2016-03-13 10:47:55.928166977 +0000 +*************** +*** 298,304 **** + top_srcdir = @top_srcdir@ + + # 2012.01.28 - activate manpages with more than 50% translated messages +! man_MANS = man1/chfn.1 man8/groupdel.8 man1/groups.1 man5/gshadow.5 \ + man8/logoutd.8 man1/newgrp.1 man8/nologin.8 man1/sg.1 \ + man8/vigr.8 man8/vipw.8 $(am__append_1) + man_nopam = +--- 298,304 ---- + top_srcdir = @top_srcdir@ + + # 2012.01.28 - activate manpages with more than 50% translated messages +! man_MANS = man1/chfn.1 man8/groupdel.8 man1/ man5/gshadow.5 \ + man8/logoutd.8 man1/newgrp.1 man8/nologin.8 man1/sg.1 \ + man8/vigr.8 man8/vipw.8 $(am__append_1) + man_nopam = +diff -crB shadow-4.2.1-a/man/de/Makefile.in shadow-4.2.1-b/man/de/Makefile.in +*** shadow-4.2.1-a/man/de/Makefile.in 2014-05-09 16:49:46.000000000 +0000 +--- shadow-4.2.1-b/man/de/Makefile.in 2016-03-13 10:47:55.916166976 +0000 +*************** +*** 299,309 **** + top_srcdir = @top_srcdir@ + man_MANS = man1/chage.1 man1/chfn.1 man8/chgpasswd.8 man8/chpasswd.8 \ + man1/chsh.1 man1/expiry.1 man5/faillog.5 man8/faillog.8 \ +! man3/getspnam.3 man1/gpasswd.1 man8/groupadd.8 man8/groupdel.8 \ +! man8/groupmems.8 man8/groupmod.8 man1/groups.1 man8/grpck.8 \ + man8/grpconv.8 man8/grpunconv.8 man5/gshadow.5 man8/lastlog.8 \ + man1/login.1 man5/login.defs.5 man8/logoutd.8 man1/newgrp.1 \ +! man8/newusers.8 man8/nologin.8 man1/passwd.1 man5/passwd.5 \ + man8/pwck.8 man8/pwconv.8 man8/pwunconv.8 man1/sg.1 \ + man3/shadow.3 man5/shadow.5 man1/su.1 man5/suauth.5 \ + man8/useradd.8 man8/userdel.8 man8/usermod.8 man8/vigr.8 \ +--- 299,309 ---- + top_srcdir = @top_srcdir@ + man_MANS = man1/chage.1 man1/chfn.1 man8/chgpasswd.8 man8/chpasswd.8 \ + man1/chsh.1 man1/expiry.1 man5/faillog.5 man8/faillog.8 \ +! man3/ man1/gpasswd.1 man8/groupadd.8 man8/groupdel.8 \ +! man8/groupmems.8 man8/groupmod.8 man1/ man8/grpck.8 \ + man8/grpconv.8 man8/grpunconv.8 man5/gshadow.5 man8/lastlog.8 \ + man1/login.1 man5/login.defs.5 man8/logoutd.8 man1/newgrp.1 \ +! man8/newusers.8 man8/nologin.8 man1/passwd.1 man5/ \ + man8/pwck.8 man8/pwconv.8 man8/pwunconv.8 man1/sg.1 \ + man3/shadow.3 man5/shadow.5 man1/su.1 man5/suauth.5 \ + man8/useradd.8 man8/userdel.8 man8/usermod.8 man8/vigr.8 \ +diff -crB shadow-4.2.1-a/man/es/Makefile.in shadow-4.2.1-b/man/es/Makefile.in +*** shadow-4.2.1-a/man/es/Makefile.in 2014-05-09 16:49:46.000000000 +0000 +--- shadow-4.2.1-b/man/es/Makefile.in 2016-03-13 10:47:55.872166975 +0000 +*************** +*** 266,272 **** + # man1/login.1 \ + # man1/newgrp.1 \ + # man1/passwd.1 \ +! # man5/passwd.5 \ + # man1/su.1 \ + # man8/vigr.8 \ + # man8/vipw.8 +--- 266,272 ---- + # man1/login.1 \ + # man1/newgrp.1 \ + # man1/passwd.1 \ +! # man5/ \ + # man1/su.1 \ + # man8/vigr.8 \ + # man8/vipw.8 +diff -crB shadow-4.2.1-a/man/fr/Makefile.in shadow-4.2.1-b/man/fr/Makefile.in +*** shadow-4.2.1-a/man/fr/Makefile.in 2014-05-09 16:49:46.000000000 +0000 +--- shadow-4.2.1-b/man/fr/Makefile.in 2016-03-13 10:47:55.984166978 +0000 +*************** +*** 301,311 **** + top_srcdir = @top_srcdir@ + man_MANS = man1/chage.1 man1/chfn.1 man8/chgpasswd.8 man8/chpasswd.8 \ + man1/chsh.1 man1/expiry.1 man5/faillog.5 man8/faillog.8 \ +! man3/getspnam.3 man1/gpasswd.1 man8/groupadd.8 man8/groupdel.8 \ +! man8/groupmems.8 man8/groupmod.8 man1/groups.1 man8/grpck.8 \ + man8/grpconv.8 man8/grpunconv.8 man5/gshadow.5 man8/lastlog.8 \ + man1/login.1 man5/login.defs.5 man8/logoutd.8 man1/newgrp.1 \ +! man8/newusers.8 man8/nologin.8 man1/passwd.1 man5/passwd.5 \ + man8/pwck.8 man8/pwconv.8 man8/pwunconv.8 man1/sg.1 \ + man3/shadow.3 man5/shadow.5 man1/su.1 man5/suauth.5 \ + man8/useradd.8 man8/userdel.8 man8/usermod.8 man8/vigr.8 \ +--- 301,311 ---- + top_srcdir = @top_srcdir@ + man_MANS = man1/chage.1 man1/chfn.1 man8/chgpasswd.8 man8/chpasswd.8 \ + man1/chsh.1 man1/expiry.1 man5/faillog.5 man8/faillog.8 \ +! man3/ man1/gpasswd.1 man8/groupadd.8 man8/groupdel.8 \ +! man8/groupmems.8 man8/groupmod.8 man1/ man8/grpck.8 \ + man8/grpconv.8 man8/grpunconv.8 man5/gshadow.5 man8/lastlog.8 \ + man1/login.1 man5/login.defs.5 man8/logoutd.8 man1/newgrp.1 \ +! man8/newusers.8 man8/nologin.8 man1/passwd.1 man5/ \ + man8/pwck.8 man8/pwconv.8 man8/pwunconv.8 man1/sg.1 \ + man3/shadow.3 man5/shadow.5 man1/su.1 man5/suauth.5 \ + man8/useradd.8 man8/userdel.8 man8/usermod.8 man8/vigr.8 \ +diff -crB shadow-4.2.1-a/man/hu/Makefile.in shadow-4.2.1-b/man/hu/Makefile.in +*** shadow-4.2.1-a/man/hu/Makefile.in 2014-05-09 16:49:46.000000000 +0000 +--- shadow-4.2.1-b/man/hu/Makefile.in 2016-03-13 10:47:55.972166978 +0000 +*************** +*** 295,306 **** + man_MANS = \ + man1/chsh.1 \ + man1/gpasswd.1 \ +! man1/groups.1 \ + man8/lastlog.8 \ + man1/login.1 \ + man1/newgrp.1 \ + man1/passwd.1 \ +! man5/passwd.5 \ + man1/sg.1 \ + man1/su.1 + +--- 295,306 ---- + man_MANS = \ + man1/chsh.1 \ + man1/gpasswd.1 \ +! man1/ \ + man8/lastlog.8 \ + man1/login.1 \ + man1/newgrp.1 \ + man1/passwd.1 \ +! man5/ \ + man1/sg.1 \ + man1/su.1 + +diff -crB shadow-4.2.1-a/man/it/Makefile.in shadow-4.2.1-b/man/it/Makefile.in +*** shadow-4.2.1-a/man/it/Makefile.in 2014-05-09 16:49:47.000000000 +0000 +--- shadow-4.2.1-b/man/it/Makefile.in 2016-03-13 10:47:55.896166976 +0000 +*************** +*** 299,309 **** + top_srcdir = @top_srcdir@ + man_MANS = man1/chage.1 man1/chfn.1 man8/chgpasswd.8 man8/chpasswd.8 \ + man1/chsh.1 man1/expiry.1 man5/faillog.5 man8/faillog.8 \ +! man3/getspnam.3 man1/gpasswd.1 man8/groupadd.8 man8/groupdel.8 \ +! man8/groupmems.8 man8/groupmod.8 man1/groups.1 man8/grpck.8 \ + man8/grpconv.8 man8/grpunconv.8 man5/gshadow.5 man8/lastlog.8 \ + man1/login.1 man5/login.defs.5 man8/logoutd.8 man1/newgrp.1 \ +! man8/newusers.8 man8/nologin.8 man1/passwd.1 man5/passwd.5 \ + man8/pwck.8 man8/pwconv.8 man8/pwunconv.8 man1/sg.1 \ + man3/shadow.3 man5/shadow.5 man1/su.1 man5/suauth.5 \ + man8/useradd.8 man8/userdel.8 man8/usermod.8 man8/vigr.8 \ +--- 299,309 ---- + top_srcdir = @top_srcdir@ + man_MANS = man1/chage.1 man1/chfn.1 man8/chgpasswd.8 man8/chpasswd.8 \ + man1/chsh.1 man1/expiry.1 man5/faillog.5 man8/faillog.8 \ +! man3/ man1/gpasswd.1 man8/groupadd.8 man8/groupdel.8 \ +! man8/groupmems.8 man8/groupmod.8 man1/ man8/grpck.8 \ + man8/grpconv.8 man8/grpunconv.8 man5/gshadow.5 man8/lastlog.8 \ + man1/login.1 man5/login.defs.5 man8/logoutd.8 man1/newgrp.1 \ +! man8/newusers.8 man8/nologin.8 man1/passwd.1 man5/ \ + man8/pwck.8 man8/pwconv.8 man8/pwunconv.8 man1/sg.1 \ + man3/shadow.3 man5/shadow.5 man1/su.1 man5/suauth.5 \ + man8/useradd.8 man8/userdel.8 man8/usermod.8 man8/vigr.8 \ +diff -crB shadow-4.2.1-a/man/ja/Makefile.in shadow-4.2.1-b/man/ja/Makefile.in +*** shadow-4.2.1-a/man/ja/Makefile.in 2014-05-09 16:49:47.000000000 +0000 +--- shadow-4.2.1-b/man/ja/Makefile.in 2016-03-13 10:47:55.932166977 +0000 +*************** +*** 296,305 **** + top_srcdir = @top_srcdir@ + man_MANS = man1/chage.1 man1/chfn.1 man8/chpasswd.8 man1/chsh.1 \ + man1/expiry.1 man5/faillog.5 man8/faillog.8 man1/gpasswd.1 \ +! man8/groupadd.8 man8/groupdel.8 man8/groupmod.8 man1/groups.1 \ + man8/grpck.8 man8/grpconv.8 man8/grpunconv.8 man8/lastlog.8 \ + man1/login.1 man5/login.defs.5 man8/logoutd.8 man1/newgrp.1 \ +! man8/newusers.8 man1/passwd.1 man5/passwd.5 man8/pwck.8 \ + man8/pwconv.8 man8/pwunconv.8 man1/sg.1 man5/shadow.5 \ + man1/su.1 man5/suauth.5 man8/useradd.8 man8/userdel.8 \ + man8/usermod.8 man8/vigr.8 man8/vipw.8 $(am__append_1) +--- 296,305 ---- + top_srcdir = @top_srcdir@ + man_MANS = man1/chage.1 man1/chfn.1 man8/chpasswd.8 man1/chsh.1 \ + man1/expiry.1 man5/faillog.5 man8/faillog.8 man1/gpasswd.1 \ +! man8/groupadd.8 man8/groupdel.8 man8/groupmod.8 man1/ \ + man8/grpck.8 man8/grpconv.8 man8/grpunconv.8 man8/lastlog.8 \ + man1/login.1 man5/login.defs.5 man8/logoutd.8 man1/newgrp.1 \ +! man8/newusers.8 man1/passwd.1 man5/ man8/pwck.8 \ + man8/pwconv.8 man8/pwunconv.8 man1/sg.1 man5/shadow.5 \ + man1/su.1 man5/suauth.5 man8/useradd.8 man8/userdel.8 \ + man8/usermod.8 man8/vigr.8 man8/vipw.8 $(am__append_1) +diff -crB shadow-4.2.1-a/man/ko/Makefile.in shadow-4.2.1-b/man/ko/Makefile.in +*** shadow-4.2.1-a/man/ko/Makefile.in 2014-05-09 16:49:47.000000000 +0000 +--- shadow-4.2.1-b/man/ko/Makefile.in 2016-03-13 10:47:55.940166977 +0000 +*************** +*** 295,303 **** + man_MANS = \ + man1/chfn.1 \ + man1/chsh.1 \ +! man1/groups.1 \ + man1/login.1 \ +! man5/passwd.5 \ + man1/su.1 \ + man8/vigr.8 \ + man8/vipw.8 +--- 295,303 ---- + man_MANS = \ + man1/chfn.1 \ + man1/chsh.1 \ +! man1/ \ + man1/login.1 \ +! man5/ \ + man1/su.1 \ + man8/vigr.8 \ + man8/vipw.8 +diff -crB shadow-4.2.1-a/man/Makefile.in shadow-4.2.1-b/man/Makefile.in +*** shadow-4.2.1-a/man/Makefile.in 2014-05-09 16:49:46.000000000 +0000 +--- shadow-4.2.1-b/man/Makefile.in 2016-03-13 10:47:55.880166976 +0000 +*************** +*** 365,375 **** + @USE_NLS_TRUE@SUBDIRS = po cs da de es fi fr hu id it ja ko pl pt_BR ru sv tr zh_CN zh_TW + man_MANS = man1/chage.1 man1/chfn.1 man8/chgpasswd.8 man8/chpasswd.8 \ + man1/chsh.1 man1/expiry.1 man5/faillog.5 man8/faillog.8 \ +! man3/getspnam.3 man1/gpasswd.1 man8/groupadd.8 man8/groupdel.8 \ +! man8/groupmems.8 man8/groupmod.8 man1/groups.1 man8/grpck.8 \ + man8/grpconv.8 man8/grpunconv.8 man5/gshadow.5 man8/lastlog.8 \ + man1/login.1 man5/login.defs.5 man8/logoutd.8 man1/newgrp.1 \ +! man8/newusers.8 man8/nologin.8 man1/passwd.1 man5/passwd.5 \ + man8/pwck.8 man8/pwconv.8 man8/pwunconv.8 man1/sg.1 \ + man3/shadow.3 man5/shadow.5 man1/su.1 man5/suauth.5 \ + man8/useradd.8 man8/userdel.8 man8/usermod.8 man8/vigr.8 \ +--- 365,375 ---- + @USE_NLS_TRUE@SUBDIRS = po cs da de es fi fr hu id it ja ko pl pt_BR ru sv tr zh_CN zh_TW + man_MANS = man1/chage.1 man1/chfn.1 man8/chgpasswd.8 man8/chpasswd.8 \ + man1/chsh.1 man1/expiry.1 man5/faillog.5 man8/faillog.8 \ +! man3/ man1/gpasswd.1 man8/groupadd.8 man8/groupdel.8 \ +! man8/groupmems.8 man8/groupmod.8 man1/ man8/grpck.8 \ + man8/grpconv.8 man8/grpunconv.8 man5/gshadow.5 man8/lastlog.8 \ + man1/login.1 man5/login.defs.5 man8/logoutd.8 man1/newgrp.1 \ +! man8/newusers.8 man8/nologin.8 man1/passwd.1 man5/ \ + man8/pwck.8 man8/pwconv.8 man8/pwunconv.8 man1/sg.1 \ + man3/shadow.3 man5/shadow.5 man1/su.1 man5/suauth.5 \ + man8/useradd.8 man8/userdel.8 man8/usermod.8 man8/vigr.8 \ +diff -crB shadow-4.2.1-a/man/pl/Makefile.in shadow-4.2.1-b/man/pl/Makefile.in +*** shadow-4.2.1-a/man/pl/Makefile.in 2014-05-09 16:49:47.000000000 +0000 +--- shadow-4.2.1-b/man/pl/Makefile.in 2016-03-13 10:47:55.912166976 +0000 +*************** +*** 300,307 **** + + # 2012.01.28 - activate manpages with more than 50% translated messages + man_MANS = man1/chage.1 man1/chsh.1 man1/expiry.1 man5/faillog.5 \ +! man8/faillog.8 man3/getspnam.3 man8/groupadd.8 man8/groupdel.8 \ +! man8/groupmems.8 man8/groupmod.8 man1/groups.1 man8/grpck.8 \ + man8/lastlog.8 man8/logoutd.8 man1/newgrp.1 man1/sg.1 \ + man3/shadow.3 man8/userdel.8 man8/usermod.8 man8/vigr.8 \ + man8/vipw.8 $(am__append_1) +--- 300,307 ---- + + # 2012.01.28 - activate manpages with more than 50% translated messages + man_MANS = man1/chage.1 man1/chsh.1 man1/expiry.1 man5/faillog.5 \ +! man8/faillog.8 man3/ man8/groupadd.8 man8/groupdel.8 \ +! man8/groupmems.8 man8/groupmod.8 man1/ man8/grpck.8 \ + man8/lastlog.8 man8/logoutd.8 man1/newgrp.1 man1/sg.1 \ + man3/shadow.3 man8/userdel.8 man8/usermod.8 man8/vigr.8 \ + man8/vipw.8 $(am__append_1) +diff -crB shadow-4.2.1-a/man/pt_BR/Makefile.in shadow-4.2.1-b/man/pt_BR/Makefile.in +*** shadow-4.2.1-a/man/pt_BR/Makefile.in 2014-05-09 16:49:47.000000000 +0000 +--- shadow-4.2.1-b/man/pt_BR/Makefile.in 2016-03-13 10:47:55.904166976 +0000 +*************** +*** 297,303 **** + man8/groupadd.8 \ + man8/groupdel.8 \ + man8/groupmod.8 \ +! man5/passwd.5 \ + man5/shadow.5 + + EXTRA_DIST = $(man_MANS) +--- 297,303 ---- + man8/groupadd.8 \ + man8/groupdel.8 \ + man8/groupmod.8 \ +! man5/ \ + man5/shadow.5 + + EXTRA_DIST = $(man_MANS) +diff -crB shadow-4.2.1-a/man/ru/Makefile.in shadow-4.2.1-b/man/ru/Makefile.in +*** shadow-4.2.1-a/man/ru/Makefile.in 2014-05-09 16:49:47.000000000 +0000 +--- shadow-4.2.1-b/man/ru/Makefile.in 2016-03-13 10:47:55.944166977 +0000 +*************** +*** 299,309 **** + top_srcdir = @top_srcdir@ + man_MANS = man1/chage.1 man1/chfn.1 man8/chgpasswd.8 man8/chpasswd.8 \ + man1/chsh.1 man1/expiry.1 man5/faillog.5 man8/faillog.8 \ +! man3/getspnam.3 man1/gpasswd.1 man8/groupadd.8 man8/groupdel.8 \ +! man8/groupmems.8 man8/groupmod.8 man1/groups.1 man8/grpck.8 \ + man8/grpconv.8 man8/grpunconv.8 man5/gshadow.5 man8/lastlog.8 \ + man1/login.1 man5/login.defs.5 man8/logoutd.8 man1/newgrp.1 \ +! man8/newusers.8 man8/nologin.8 man1/passwd.1 man5/passwd.5 \ + man8/pwck.8 man8/pwconv.8 man8/pwunconv.8 man1/sg.1 \ + man3/shadow.3 man5/shadow.5 man1/su.1 man5/suauth.5 \ + man8/useradd.8 man8/userdel.8 man8/usermod.8 man8/vigr.8 \ +--- 299,309 ---- + top_srcdir = @top_srcdir@ + man_MANS = man1/chage.1 man1/chfn.1 man8/chgpasswd.8 man8/chpasswd.8 \ + man1/chsh.1 man1/expiry.1 man5/faillog.5 man8/faillog.8 \ +! man3/ man1/gpasswd.1 man8/groupadd.8 man8/groupdel.8 \ +! man8/groupmems.8 man8/groupmod.8 man1/ man8/grpck.8 \ + man8/grpconv.8 man8/grpunconv.8 man5/gshadow.5 man8/lastlog.8 \ + man1/login.1 man5/login.defs.5 man8/logoutd.8 man1/newgrp.1 \ +! man8/newusers.8 man8/nologin.8 man1/passwd.1 man5/ \ + man8/pwck.8 man8/pwconv.8 man8/pwunconv.8 man1/sg.1 \ + man3/shadow.3 man5/shadow.5 man1/su.1 man5/suauth.5 \ + man8/useradd.8 man8/userdel.8 man8/usermod.8 man8/vigr.8 \ +diff -crB shadow-4.2.1-a/man/sv/Makefile.in shadow-4.2.1-b/man/sv/Makefile.in +*** shadow-4.2.1-a/man/sv/Makefile.in 2014-05-09 16:49:47.000000000 +0000 +--- shadow-4.2.1-b/man/sv/Makefile.in 2016-03-13 10:47:55.988166978 +0000 +*************** +*** 300,309 **** + + # 2012.01.28 - activate manpages with more than 50% translated messages + man_MANS = man1/chage.1 man1/chsh.1 man1/expiry.1 man5/faillog.5 \ +! man8/faillog.8 man3/getspnam.3 man8/groupadd.8 man8/groupdel.8 \ +! man8/groupmems.8 man8/groupmod.8 man1/groups.1 man8/grpck.8 \ + man5/gshadow.5 man8/lastlog.8 man8/logoutd.8 man1/newgrp.1 \ +! man8/nologin.8 man1/passwd.1 man5/passwd.5 man8/pwck.8 \ + man1/sg.1 man3/shadow.3 man5/suauth.5 man8/userdel.8 \ + man8/vigr.8 man8/vipw.8 $(am__append_1) + man_nopam = \ +--- 300,309 ---- + + # 2012.01.28 - activate manpages with more than 50% translated messages + man_MANS = man1/chage.1 man1/chsh.1 man1/expiry.1 man5/faillog.5 \ +! man8/faillog.8 man3/ man8/groupadd.8 man8/groupdel.8 \ +! man8/groupmems.8 man8/groupmod.8 man1/ man8/grpck.8 \ + man5/gshadow.5 man8/lastlog.8 man8/logoutd.8 man1/newgrp.1 \ +! man8/nologin.8 man1/passwd.1 man5/ man8/pwck.8 \ + man1/sg.1 man3/shadow.3 man5/suauth.5 man8/userdel.8 \ + man8/vigr.8 man8/vipw.8 $(am__append_1) + man_nopam = \ +diff -crB shadow-4.2.1-a/man/tr/Makefile.in shadow-4.2.1-b/man/tr/Makefile.in +*** shadow-4.2.1-a/man/tr/Makefile.in 2014-05-09 16:49:47.000000000 +0000 +--- shadow-4.2.1-b/man/tr/Makefile.in 2016-03-13 10:47:55.964166977 +0000 +*************** +*** 300,306 **** + man8/groupmod.8 \ + man1/login.1 \ + man1/passwd.1 \ +! man5/passwd.5 \ + man5/shadow.5 \ + man1/su.1 \ + man8/useradd.8 \ +--- 300,306 ---- + man8/groupmod.8 \ + man1/login.1 \ + man1/passwd.1 \ +! man5/ \ + man5/shadow.5 \ + man1/su.1 \ + man8/useradd.8 \ +diff -crB shadow-4.2.1-a/man/zh_CN/Makefile.in shadow-4.2.1-b/man/zh_CN/Makefile.in +*** shadow-4.2.1-a/man/zh_CN/Makefile.in 2014-05-09 16:49:47.000000000 +0000 +--- shadow-4.2.1-b/man/zh_CN/Makefile.in 2016-03-13 10:47:55.952166977 +0000 +*************** +*** 299,309 **** + top_srcdir = @top_srcdir@ + man_MANS = man1/chage.1 man1/chfn.1 man8/chgpasswd.8 man8/chpasswd.8 \ + man1/chsh.1 man1/expiry.1 man5/faillog.5 man8/faillog.8 \ +! man3/getspnam.3 man1/gpasswd.1 man8/groupadd.8 man8/groupdel.8 \ +! man8/groupmems.8 man8/groupmod.8 man1/groups.1 man8/grpck.8 \ + man8/grpconv.8 man8/grpunconv.8 man5/gshadow.5 man8/lastlog.8 \ + man1/login.1 man5/login.defs.5 man8/logoutd.8 man1/newgrp.1 \ +! man8/newusers.8 man8/nologin.8 man1/passwd.1 man5/passwd.5 \ + man8/pwck.8 man8/pwconv.8 man8/pwunconv.8 man1/sg.1 \ + man3/shadow.3 man5/shadow.5 man1/su.1 man5/suauth.5 \ + man8/useradd.8 man8/userdel.8 man8/usermod.8 man8/vigr.8 \ +--- 299,309 ---- + top_srcdir = @top_srcdir@ + man_MANS = man1/chage.1 man1/chfn.1 man8/chgpasswd.8 man8/chpasswd.8 \ + man1/chsh.1 man1/expiry.1 man5/faillog.5 man8/faillog.8 \ +! man3/ man1/gpasswd.1 man8/groupadd.8 man8/groupdel.8 \ +! man8/groupmems.8 man8/groupmod.8 man1/ man8/grpck.8 \ + man8/grpconv.8 man8/grpunconv.8 man5/gshadow.5 man8/lastlog.8 \ + man1/login.1 man5/login.defs.5 man8/logoutd.8 man1/newgrp.1 \ +! man8/newusers.8 man8/nologin.8 man1/passwd.1 man5/ \ + man8/pwck.8 man8/pwconv.8 man8/pwunconv.8 man1/sg.1 \ + man3/shadow.3 man5/shadow.5 man1/su.1 man5/suauth.5 \ + man8/useradd.8 man8/userdel.8 man8/usermod.8 man8/vigr.8 \ +diff -crB shadow-4.2.1-a/man/zh_TW/Makefile.in shadow-4.2.1-b/man/zh_TW/Makefile.in +*** shadow-4.2.1-a/man/zh_TW/Makefile.in 2014-05-09 16:49:48.000000000 +0000 +--- shadow-4.2.1-b/man/zh_TW/Makefile.in 2016-03-13 10:47:55.956166977 +0000 +*************** +*** 302,308 **** + man8/groupadd.8 \ + man8/groupdel.8 \ + man8/groupmod.8 \ +! man5/passwd.5 \ + man1/su.1 \ + man8/useradd.8 \ + man8/userdel.8 \ +--- 302,308 ---- + man8/groupadd.8 \ + man8/groupdel.8 \ + man8/groupmod.8 \ +! man5/ \ + man1/su.1 \ + man8/useradd.8 \ + man8/userdel.8 \ +diff -crB shadow-4.2.1-a/src/Makefile.in shadow-4.2.1-b/src/Makefile.in +*** shadow-4.2.1-a/src/Makefile.in 2014-05-09 16:49:48.000000000 +0000 +--- shadow-4.2.1-b/src/Makefile.in 2016-03-13 10:47:38.824166600 +0000 +*************** +*** 78,84 **** + POST_UNINSTALL = : + build_triplet = @build@ + host_triplet = @host@ +! bin_PROGRAMS = groups$(EXEEXT) login$(EXEEXT) su$(EXEEXT) + sbin_PROGRAMS = nologin$(EXEEXT) + ubin_PROGRAMS = faillog$(EXEEXT) lastlog$(EXEEXT) chage$(EXEEXT) \ + chfn$(EXEEXT) chsh$(EXEEXT) expiry$(EXEEXT) gpasswd$(EXEEXT) \ +--- 78,84 ---- + POST_UNINSTALL = : + build_triplet = @build@ + host_triplet = @host@ +! bin_PROGRAMS = login$(EXEEXT) su$(EXEEXT) + sbin_PROGRAMS = nologin$(EXEEXT) + ubin_PROGRAMS = faillog$(EXEEXT) lastlog$(EXEEXT) chage$(EXEEXT) \ + chfn$(EXEEXT) chsh$(EXEEXT) expiry$(EXEEXT) gpasswd$(EXEEXT) \
hooks/post-receive -- IPFire 2.x development tree