This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via 95c60d31aaafb7d83aec297f7466f6106df88ec4 (commit) via e300a3d13837841c965a69402536d32099c5ce7d (commit) via 85759cc97346b066c3de48b075cdf5d91f1070b0 (commit) via 5f0726b560de8b94d75f7e6bdf71089bebc2ffdd (commit) via f4b6cdfbe71869fd636e41486f2044c97094cfef (commit) via 01c2ea6b83d61fc216b834a323231b8977c5436d (commit) via c19d29f70162ab7cfef4a69bc7cd32f267faaebe (commit) via 9f60aa96795f8a9f6131c3350f96911ad4dcc389 (commit) from 6104f2e816a215540fd3b08fbba2fd90af59a798 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 95c60d31aaafb7d83aec297f7466f6106df88ec4 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Nov 7 20:27:35 2018 +0000
udev: Do not try to change kernel hotplug handler any more
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit e300a3d13837841c965a69402536d32099c5ce7d Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Nov 7 20:26:34 2018 +0000
udev: Do no try to install any device nodes any more
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 85759cc97346b066c3de48b075cdf5d91f1070b0 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Nov 7 20:17:08 2018 +0000
core125: Ship syslog changes
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 5f0726b560de8b94d75f7e6bdf71089bebc2ffdd Author: Peter Müller peter.mueller@ipfire.org Date: Mon Nov 5 16:44:03 2018 +0100
Tor: update to 0.3.4.9
For details and release announcement, see: https://blog.torproject.org/new-release-tor-0349
Signed-off-by: Peter Müller peter.mueller@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit f4b6cdfbe71869fd636e41486f2044c97094cfef Author: Matthias Fischer matthias.fischer@ipfire.org Date: Sun Nov 4 08:28:07 2018 +0100
bind: Update to 9.11.5
For details see: http://ftp.isc.org/isc/bind9/9.11.5/RELEASE-NOTES-bind-9.11.5.html
Security fixes: "named could crash during recursive processing of DNAME records when deny-answer-aliases was in use. This flaw is disclosed in CVE-2018-5740. [GL #387]
When recursion is enabled but the allow-recursion and allow-query-cache ACLs are not specified, they should be limited to local networks, but they were inadvertently set to match the default allow-query, thus allowing remote queries. This flaw is disclosed in CVE-2018-5738. [GL #309]"
Best, Matthias
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 01c2ea6b83d61fc216b834a323231b8977c5436d Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Nov 7 13:19:31 2018 +0000
observium-agent: New package
This ships the observium agent including a couple of modules.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit c19d29f70162ab7cfef4a69bc7cd32f267faaebe Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Nov 7 12:30:50 2018 +0000
Revert "haproxy: Make /dev/log available in chroot"
This reverts commit 699f0aa710932736d34dabf5a8c17287af29075c.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 9f60aa96795f8a9f6131c3350f96911ad4dcc389 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Nov 7 12:29:19 2018 +0000
syslog: Listen to network and block access from anywhere but localhost
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
-----------------------------------------------------------------------
Summary of changes: config/backup/includes/observium-agent | 2 ++ config/firewall/firewall-policy | 12 +++++++++++ config/rootfiles/core/125/filelists/files | 3 +++ config/rootfiles/packages/observium-agent | 17 +++++++++++++++ lfs/bind | 4 ++-- lfs/haproxy | 2 +- lfs/{rtpproxy => observium-agent} | 35 +++++++++++++++++++++---------- lfs/tor | 6 +++--- make.sh | 1 + src/initscripts/packages/haproxy | 14 ------------- src/initscripts/system/sysklogd | 2 +- src/initscripts/system/udev | 7 ------- 12 files changed, 66 insertions(+), 39 deletions(-) create mode 100644 config/backup/includes/observium-agent create mode 100644 config/rootfiles/packages/observium-agent copy lfs/{rtpproxy => observium-agent} (77%)
Difference in files: diff --git a/config/backup/includes/observium-agent b/config/backup/includes/observium-agent new file mode 100644 index 000000000..873b13dc4 --- /dev/null +++ b/config/backup/includes/observium-agent @@ -0,0 +1,2 @@ +etc/xinetd.d/observium_agent_xinetd +usr/lib/observium_agent/scripts-enabled diff --git a/config/firewall/firewall-policy b/config/firewall/firewall-policy index c0a526f22..078c3c515 100755 --- a/config/firewall/firewall-policy +++ b/config/firewall/firewall-policy @@ -57,6 +57,18 @@ HAVE_OPENVPN="true"
# INPUT
+# Drop syslog from anywhere but localhost +# sysklogd cannot bind to specific interface and therefore we need to +# block access by adding firewall rules +case "${FWPOLICY}" in + REJECT) + iptables -A POLICYIN -p udp --dport 514 -j REJECT --reject-with icmp-host-unreachable + ;; + *) + iptables -A POLICYIN -p udp --dport 514 -j DROP + ;; +esac + # Allow access from GREEN if [ -n "${GREEN_DEV}" ]; then iptables -A POLICYIN -i "${GREEN_DEV}" -j ACCEPT diff --git a/config/rootfiles/core/125/filelists/files b/config/rootfiles/core/125/filelists/files index 286ce4c89..889365e1d 100644 --- a/config/rootfiles/core/125/filelists/files +++ b/config/rootfiles/core/125/filelists/files @@ -2,11 +2,14 @@ etc/system-release etc/issue etc/ssh/sshd_config etc/sysctl.conf +etc/rc.d/init.d/sysklogd +etc/rc.d/init.d/udev srv/web/ipfire/cgi-bin/credits.cgi srv/web/ipfire/cgi-bin/hardwaregraphs.cgi srv/web/ipfire/cgi-bin/ids.cgi srv/web/ipfire/cgi-bin/media.cgi srv/web/ipfire/cgi-bin/pakfire.cgi +usr/sbin/firewall-policy usr/local/bin/backupiso usr/local/bin/makegraphs var/ipfire/backup/bin/backup.pl diff --git a/config/rootfiles/packages/observium-agent b/config/rootfiles/packages/observium-agent new file mode 100644 index 000000000..2dd1d4008 --- /dev/null +++ b/config/rootfiles/packages/observium-agent @@ -0,0 +1,17 @@ +etc/xinetd.d/observium_agent_xinetd +usr/bin/observium_agent +#usr/lib/observium_agent +usr/lib/observium_agent/scripts-available +usr/lib/observium_agent/scripts-available/apache +usr/lib/observium_agent/scripts-available/dmi +usr/lib/observium_agent/scripts-available/ksm +usr/lib/observium_agent/scripts-available/lmsensors +usr/lib/observium_agent/scripts-available/nfs +usr/lib/observium_agent/scripts-available/nfsd +usr/lib/observium_agent/scripts-available/nginx +usr/lib/observium_agent/scripts-available/postfix_mailgraph +usr/lib/observium_agent/scripts-available/postfix_qshape +usr/lib/observium_agent/scripts-available/unbound +usr/lib/observium_agent/scripts-available/vmwaretools +usr/lib/observium_agent/scripts-enabled +var/ipfire/backup/addons/includes/observium-agent diff --git a/lfs/bind b/lfs/bind index 085fa005b..d0fcfeda0 100644 --- a/lfs/bind +++ b/lfs/bind @@ -25,7 +25,7 @@
include Config
-VER = 9.11.4-P2 +VER = 9.11.5
THISAPP = bind-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -43,7 +43,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 3b831d1cb9dcb3e0868409cf98d4519b +$(DL_FILE)_MD5 = 17a0d02102117c9a221e857cf2cc8157
install : $(TARGET)
diff --git a/lfs/haproxy b/lfs/haproxy index 2cf23526e..da56f889d 100644 --- a/lfs/haproxy +++ b/lfs/haproxy @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = haproxy -PAK_VER = 6 +PAK_VER = 7
DEPS = ""
diff --git a/lfs/observium-agent b/lfs/observium-agent new file mode 100644 index 000000000..3254a8000 --- /dev/null +++ b/lfs/observium-agent @@ -0,0 +1,100 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007-2018 IPFire Team info@ipfire.org # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include Config + +VER = 18.9.1 + +THISAPP = observium-community-$(VER) +DL_FILE = $(THISAPP).tar.gz +DL_FROM = $(URL_IPFIRE) +DIR_APP = $(DIR_SRC)/observium +TARGET = $(DIR_INFO)/$(THISAPP) +PROG = observium-agent +PAK_VER = 1 + +DEPS = "xinetd" + +############################################################################### +# Top-level Rules +############################################################################### + +objects = $(DL_FILE) + +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) + +$(DL_FILE)_MD5 = 88b978cbcfdac14fd7625ae7404a2771 + +install : $(TARGET) + +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) + +download :$(patsubst %,$(DIR_DL)/%,$(objects)) + +md5 : $(subst %,%_MD5,$(objects)) + +dist: + @$(PAK) + +############################################################################### +# Downloading, checking, md5sum +############################################################################### + +$(patsubst %,$(DIR_CHK)/%,$(objects)) : + @$(CHECK) + +$(patsubst %,$(DIR_DL)/%,$(objects)) : + @$(LOAD) + +$(subst %,%_MD5,$(objects)) : + @$(MD5) + +############################################################################### +# Installation Details +############################################################################### + +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) + @$(PREBUILD) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) + + # Install xinet.d configuration + cd $(DIR_APP) && install -m 644 scripts/observium_agent_xinetd \ + /etc/xinetd.d/observium_agent_xinetd + + # Install the agent script + cd $(DIR_APP) && install -m 755 scripts/observium_agent \ + /usr/bin/observium_agent + + # Install modules + mkdir -pv /usr/lib/observium_agent/scripts-{available,enabled} + install -m 755 $(DIR_APP)/scripts/agent-local/{apache,dmi,ksm,lmsensors,nfs,nfsd,nginx,postfix_mailgraph,postfix_qshape,unbound,vmwaretools} \ + /usr/lib/observium_agent/scripts-available/ + + # Backup + install -v -m 644 $(DIR_SRC)/config/backup/includes/observium-agent \ + /var/ipfire/backup/addons/includes/observium-agent + + @rm -rf $(DIR_APP) + @$(POSTBUILD) + diff --git a/lfs/tor b/lfs/tor index 5b03aba5d..2c3940638 100644 --- a/lfs/tor +++ b/lfs/tor @@ -24,7 +24,7 @@
include Config
-VER = 0.3.3.9 +VER = 0.3.4.9
THISAPP = tor-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = tor -PAK_VER = 30 +PAK_VER = 31
DEPS = ""
@@ -44,7 +44,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 16b24bda0772dc3d5c4c05254ec4bce7 +$(DL_FILE)_MD5 = 8a303c7c2491cd27b1646f6efdc4a5d0
install : $(TARGET)
diff --git a/make.sh b/make.sh index 89ada4679..4e55f684d 100755 --- a/make.sh +++ b/make.sh @@ -1412,6 +1412,7 @@ buildipfire() { lfsmake2 nagios_nrpe lfsmake2 nagios-plugins lfsmake2 icinga + lfsmake2 observium-agent lfsmake2 ebtables lfsmake2 directfb lfsmake2 faad2 diff --git a/src/initscripts/packages/haproxy b/src/initscripts/packages/haproxy index ded627773..78d64cee4 100644 --- a/src/initscripts/packages/haproxy +++ b/src/initscripts/packages/haproxy @@ -11,15 +11,6 @@
case "${1}" in start) - # Prepare chroot - mkdir -p /var/lib/haproxy/dev - - # Create link for syslog socket - if ! mountpoint /var/lib/haproxy/dev/log &>/dev/null; then - touch /var/lib/haproxy/dev/log - mount --bind /dev/log /var/lib/haproxy/dev/log - fi - boot_mesg "Starting HAProxy..." loadproc /usr/sbin/haproxy -D -f /etc/haproxy/haproxy.cfg \ -p /var/run/haproxy.pid @@ -28,11 +19,6 @@ case "${1}" in stop) boot_mesg "Stopping HAProxy..." killproc /usr/sbin/haproxy - - # umount /dev/log - if mountpoint /var/lib/haproxy/dev/log &>/dev/null; then - umount /var/lib/haproxy/dev/log - fi ;;
reload) diff --git a/src/initscripts/system/sysklogd b/src/initscripts/system/sysklogd index 4482559b3..90fe851de 100644 --- a/src/initscripts/system/sysklogd +++ b/src/initscripts/system/sysklogd @@ -21,7 +21,7 @@ case "${1}" in loadproc klogd -c 1
boot_mesg "Starting system log daemon..." - loadproc syslogd -m 0 + loadproc syslogd -m 0 -r
boot_mesg "Saving Bootlog..." if [ -e /var/log/bootlog ]; then diff --git a/src/initscripts/system/udev b/src/initscripts/system/udev index 5e0d9bdfd..e85775f8c 100644 --- a/src/initscripts/system/udev +++ b/src/initscripts/system/udev @@ -51,13 +51,6 @@ case "${1}" in mount -t devpts devpts -o gid=5,mode=620 /dev/pts fi
- # Udev handles uevents itself, so we don't need to have - # the kernel call out to any binary in response to them - echo > /proc/sys/kernel/hotplug - - # Copy static device nodes to /dev - cp -a /lib/udev/devices/* /dev - # Start the udev daemon to continually watch for, and act on, # uevents boot_mesg "Starting udev daemon..."
hooks/post-receive -- IPFire 2.x development tree