This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via 81e838ebde6879ee91c61ec4d8a17ef100b486bd (commit) via 92505ef00391d1fc58e1a69f23a6ef2b3094a640 (commit) via aeefbca7305ea302bf2e3bee419f799db9f9483c (commit) via 2f1d27e3d847ce723c6c00d2d9757fb4dfcccf05 (commit) via 3ece78597aca14d764fb508fc8920c7d59723c1e (commit) via 1c053ccee29730c1cfde94e50780b48a4fbe23b6 (commit) via 5a40f7aebb0ba46e83260fda2d198362ae72d3a6 (commit) from 3ed2de12510dcca5dea8e96b02f785cb0f8fe10c (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 81e838ebde6879ee91c61ec4d8a17ef100b486bd Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Oct 29 11:30:12 2018 +0000
tzdata: Update to 2018g
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 92505ef00391d1fc58e1a69f23a6ef2b3094a640 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Oct 29 11:27:34 2018 +0000
Drop paxctl
We do not have grsecurity and more and there is no point in shipping this tool.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit aeefbca7305ea302bf2e3bee419f799db9f9483c Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Oct 29 11:25:24 2018 +0000
clamav: Move database directory to /var partition
The clamav database is quite large and occupies valuable space on the root partition that on older systems is only 2GB large. This change moves the virus definition database to the /var partition which is larger and supposed to hold data like this anyway.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 2f1d27e3d847ce723c6c00d2d9757fb4dfcccf05 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Oct 29 11:14:45 2018 +0000
kmod: Build with support for XZ compressed modules
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 3ece78597aca14d764fb508fc8920c7d59723c1e Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Oct 29 11:12:43 2018 +0000
make.sh: Build xz earlier in the build process
XZ compression is becoming more popular and being used by various other libraries and should therefore be available to be linked.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 1c053ccee29730c1cfde94e50780b48a4fbe23b6 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Oct 29 11:10:58 2018 +0000
strongswan: Update to 5.7.1
Fixes security vulnerabilities: CVE-2018-16151, CVE-2018-16152 and CVE-2018-17540.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 5a40f7aebb0ba46e83260fda2d198362ae72d3a6 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Oct 29 11:02:08 2018 +0000
haproxy: Update to 1.8.14
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
-----------------------------------------------------------------------
Summary of changes: config/rootfiles/common/paxctl | 2 - .../{oldcore/106 => core/125}/filelists/strongswan | 0 .../{oldcore/100 => core/125}/filelists/tzdata | 0 config/rootfiles/packages/clamav | 2 +- lfs/clamav | 16 ++--- lfs/grub | 4 -- lfs/haproxy | 6 +- lfs/kmod | 1 + lfs/paxctl | 79 ---------------------- lfs/qemu | 8 --- lfs/strongswan | 4 +- lfs/tzdata | 6 +- make.sh | 3 +- src/initscripts/packages/clamav | 10 +-- src/paks/clamav/update.sh | 4 +- 15 files changed, 25 insertions(+), 120 deletions(-) delete mode 100644 config/rootfiles/common/paxctl copy config/rootfiles/{oldcore/106 => core/125}/filelists/strongswan (100%) copy config/rootfiles/{oldcore/100 => core/125}/filelists/tzdata (100%) delete mode 100644 lfs/paxctl
Difference in files: diff --git a/config/rootfiles/common/paxctl b/config/rootfiles/common/paxctl deleted file mode 100644 index c9135a865..000000000 --- a/config/rootfiles/common/paxctl +++ /dev/null @@ -1,2 +0,0 @@ -sbin/paxctl -#usr/share/man/man1/paxctl.1 diff --git a/config/rootfiles/core/125/filelists/strongswan b/config/rootfiles/core/125/filelists/strongswan new file mode 120000 index 000000000..90c727e26 --- /dev/null +++ b/config/rootfiles/core/125/filelists/strongswan @@ -0,0 +1 @@ +../../../common/strongswan \ No newline at end of file diff --git a/config/rootfiles/core/125/filelists/tzdata b/config/rootfiles/core/125/filelists/tzdata new file mode 120000 index 000000000..5a6e3252f --- /dev/null +++ b/config/rootfiles/core/125/filelists/tzdata @@ -0,0 +1 @@ +../../../common/tzdata \ No newline at end of file diff --git a/config/rootfiles/packages/clamav b/config/rootfiles/packages/clamav index ec5e09c84..40ee46fef 100644 --- a/config/rootfiles/packages/clamav +++ b/config/rootfiles/packages/clamav @@ -27,7 +27,6 @@ usr/lib/libclamunrar_iface.so.7.1.1 #usr/lib/pkgconfig/libclamav.pc #usr/lib/pkgconfig/libclammspack.pc usr/sbin/clamd -usr/share/clamav #usr/share/man/man1/clambc.1 #usr/share/man/man1/clamconf.1 #usr/share/man/man1/clamdscan.1 @@ -45,5 +44,6 @@ var/ipfire/clamav/clamd.conf var/ipfire/clamav/clamd.conf.sample var/ipfire/clamav/freshclam.conf var/ipfire/clamav/freshclam.conf.sample +var/lib/clamav etc/rc.d/init.d/clamav usr/local/bin/clamavctrl diff --git a/lfs/clamav b/lfs/clamav index ad89e1356..420ee82b3 100644 --- a/lfs/clamav +++ b/lfs/clamav @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = clamav -PAK_VER = 40 +PAK_VER = 41
DEPS = ""
@@ -40,6 +40,8 @@ ifeq "$(BUILD_PLATFORM)" "arm" CONFIGURE_FLAGS = --disable-fanotify endif
+DATABASE_DIR = /var/lib/clamav + ############################################################################### # Top-level Rules ############################################################################### @@ -84,21 +86,17 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && ./configure \ --prefix=/usr \ --sysconfdir=/var/ipfire/clamav \ + --with-dbdir=$(DATABASE_DIR) \ $(CONFIGURE_FLAGS) cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install - mkdir -p /usr/share/clamav/ - chown clamav.clamav -R /usr/share/clamav/ + mkdir -pv $(DATABASE_DIR) + chown clamav.clamav -R $(DATABASE_DIR) + rm -rfv $(DATABASE_DIR)/*.cvd cp -rf $(DIR_SRC)/config/clamav/* /var/ipfire/clamav/ - rm -rfv /usr/share/clamav/*.cvd mkdir -p /var/run/clamav chown clamav:clamav /var/run/clamav #install initscripts $(call INSTALL_INITSCRIPT,clamav) - # Disable PaX mprotect for clamd, clamscan and freshclam - paxctl -Cm /usr/sbin/clamd - paxctl -Cm /usr/bin/clamscan - paxctl -Cm /usr/bin/freshclam - @rm -rf $(DIR_APP) @$(POSTBUILD) diff --git a/lfs/grub b/lfs/grub index b51566df3..1a10c2aa5 100644 --- a/lfs/grub +++ b/lfs/grub @@ -131,9 +131,5 @@ endif -mkdir -pv /etc/default install -m 644 $(DIR_SRC)/config/grub2/default /etc/default/grub
- # Disable hardening. - paxctl -Cmpes /usr/sbin/grub-bios-setup /usr/sbin/grub-probe - paxctl -Cmpexs /usr/bin/grub-script-check - @rm -rf $(DIR_APP) $(DIR_APP_PC) $(DIR_APP_EFI) @$(POSTBUILD) diff --git a/lfs/haproxy b/lfs/haproxy index 1103e331a..2cf23526e 100644 --- a/lfs/haproxy +++ b/lfs/haproxy @@ -24,7 +24,7 @@
include Config
-VER = 1.8.0 +VER = 1.8.14
THISAPP = haproxy-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = haproxy -PAK_VER = 5 +PAK_VER = 6
DEPS = ""
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 6ccea4619b7183fbcc8c98bae1f9823d +$(DL_FILE)_MD5 = a050bcb90426d1c939b4b0ce3098a8c4
install : $(TARGET)
diff --git a/lfs/kmod b/lfs/kmod index bb49fbb3c..4ef2088fd 100644 --- a/lfs/kmod +++ b/lfs/kmod @@ -75,6 +75,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) --bindir=/bin \ --sysconfdir=/etc \ --disable-manpages \ + --with-xz \ --with-zlib
cd $(DIR_APP) && make $(MAKETUNING) diff --git a/lfs/paxctl b/lfs/paxctl deleted file mode 100644 index 85e54a5ac..000000000 --- a/lfs/paxctl +++ /dev/null @@ -1,79 +0,0 @@ -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team info@ipfire.org # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see http://www.gnu.org/licenses/. # -# # -############################################################################### - -############################################################################### -# Definitions -############################################################################### - -include Config - -VER = 0.9 - -THISAPP = paxctl-$(VER) -DL_FILE = $(THISAPP).tar.gz -DL_FROM = $(URL_IPFIRE) -DIR_APP = $(DIR_SRC)/$(THISAPP) -TARGET = $(DIR_INFO)/$(THISAPP) - -############################################################################### -# Top-level Rules -############################################################################### - -objects = $(DL_FILE) - -$(DL_FILE) = $(DL_FROM)/$(DL_FILE) - -$(DL_FILE)_MD5 = 9bea59b1987dc4e16c2d22d745374e64 - -install : $(TARGET) - -check : $(patsubst %,$(DIR_CHK)/%,$(objects)) - -download :$(patsubst %,$(DIR_DL)/%,$(objects)) - -md5 : $(subst %,%_MD5,$(objects)) - -dist: - @$(PAK) - -############################################################################### -# Downloading, checking, md5sum -############################################################################### - -$(patsubst %,$(DIR_CHK)/%,$(objects)) : - @$(CHECK) - -$(patsubst %,$(DIR_DL)/%,$(objects)) : - @$(LOAD) - -$(subst %,%_MD5,$(objects)) : - @$(MD5) - -############################################################################### -# Installation Details -############################################################################### - -$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) - @$(PREBUILD) - @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && make $(MAKETUNING) - cd $(DIR_APP) && make install - @rm -rf $(DIR_APP) - @$(POSTBUILD) diff --git a/lfs/qemu b/lfs/qemu index be5d7193d..015837a59 100644 --- a/lfs/qemu +++ b/lfs/qemu @@ -89,14 +89,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) # install wrapper for old kvm parameter handling install -m 755 $(DIR_SRC)/config/qemu/qemu /usr/bin/qemu
- # disable PaX MPROTECT and RANDMMAP - paxctl -cmr /usr/bin/qemu-system-arm - paxctl -cmr /usr/bin/qemu-system-i386 - paxctl -cmr /usr/bin/qemu-system-x86_64 - paxctl -cmr /usr/bin/qemu-arm - paxctl -cmr /usr/bin/qemu-i386 - paxctl -cmr /usr/bin/qemu-x86_64 - # install an udev script to set the permissions of /dev/kvm cp -avf $(DIR_SRC)/config/qemu/65-kvm.rules /lib/udev/rules.d/65-kvm.rules
diff --git a/lfs/strongswan b/lfs/strongswan index 9dee2613b..fd0b91a25 100644 --- a/lfs/strongswan +++ b/lfs/strongswan @@ -24,7 +24,7 @@
include Config
-VER = 5.6.3 +VER = 5.7.1
THISAPP = strongswan-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = a6a28eeb22aa58080a7581771a5b63f9 +$(DL_FILE)_MD5 = 86b7e9321cde075cf382268fd282e0b0
install : $(TARGET)
diff --git a/lfs/tzdata b/lfs/tzdata index 258fce8d3..5ed32d8d4 100644 --- a/lfs/tzdata +++ b/lfs/tzdata @@ -24,7 +24,7 @@
include Config
-VER = 2018e +VER = 2018g TZDATA_VER = $(VER) TZCODE_VER = $(VER)
@@ -45,8 +45,8 @@ objects = tzdata$(TZDATA_VER).tar.gz tzcode$(TZCODE_VER).tar.gz tzdata$(TZDATA_VER).tar.gz = $(DL_FROM)/tzdata$(TZDATA_VER).tar.gz tzcode$(TZCODE_VER).tar.gz = $(DL_FROM)/tzcode$(TZCODE_VER).tar.gz
-tzdata$(TZDATA_VER).tar.gz_MD5 = 97d654f4d7253173b3eeb76a836dd65e -tzcode$(TZCODE_VER).tar.gz_MD5 = c4d7df0fff7ba5588b32c5f27e2caf97 +tzdata$(TZDATA_VER).tar.gz_MD5 = e71cb1f9d8d53c43904d79d7aeeedc1b +tzcode$(TZCODE_VER).tar.gz_MD5 = b48f0282b80bb7dbe16e35626f446ae9
install : $(TARGET)
diff --git a/make.sh b/make.sh index b9558bc04..c5cfab151 100755 --- a/make.sh +++ b/make.sh @@ -1039,6 +1039,7 @@ buildbase() { lfsmake2 readline lfsmake2 readline-compat lfsmake2 bzip2 + lfsmake2 xz lfsmake2 pcre lfsmake2 pcre-compat lfsmake2 bash @@ -1073,8 +1074,6 @@ buildbase() { lfsmake2 util-linux lfsmake2 udev lfsmake2 vim - lfsmake2 xz - lfsmake2 paxctl }
buildipfire() { diff --git a/src/initscripts/packages/clamav b/src/initscripts/packages/clamav index fa080a67b..d2f63a910 100644 --- a/src/initscripts/packages/clamav +++ b/src/initscripts/packages/clamav @@ -12,12 +12,12 @@ case "$1" in
COUNTER=0 while [ "$COUNTER" -lt "61" ]; do - [ -e "/usr/share/clamav/main.cvd" ] && \ - [ -e "/usr/share/clamav/daily.cvd" ] || \ - [ -e "/usr/share/clamav/daily.cld" ] && \ + [ -e "/var/lib/clamav/main.cvd" ] && \ + [ -e "/var/lib/clamav/daily.cvd" ] || \ + [ -e "/var/lib/clamav/daily.cld" ] && \ break if [ "$COUNTER" -lt "1" ]; then - boot_mesg -n "Download db " + boot_mesg -n "Downloading database" else boot_mesg -n "." fi @@ -46,7 +46,7 @@ case "$1" in stop) boot_mesg "Stopping Clamav Definition Updater..." killproc /usr/bin/freshclam - rm -rf /usr/share/clamav/*.tmp + rm -rf /var/lib/clamav/*.tmp
boot_mesg "Stopping Clamav Daemon..." killproc /usr/sbin/clamd diff --git a/src/paks/clamav/update.sh b/src/paks/clamav/update.sh index 303f036b0..0a4af73c2 100644 --- a/src/paks/clamav/update.sh +++ b/src/paks/clamav/update.sh @@ -22,7 +22,7 @@ ############################################################################ # . /opt/pakfire/lib/functions.sh -mv /usr/share/clamav /usr/share/clamav-update +mv /var/lib/clamav /var/lib/clamav-update ./uninstall.sh -mv /usr/share/clamav-update /usr/share/clamav +mv /var/lib/clamav-update /var/lib/clamav ./install.sh
hooks/post-receive -- IPFire 2.x development tree