This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via 4a6cfe51a16575c7100862e2cc6f959bc48c6628 (commit) via 75ad2e4e885992c9b17c2d7b722dd3ac3875a7f0 (commit) via 353e08cd7778f2070469842ebe0f553e648f79d4 (commit) via 5d95fd5af11e8631cbaed1e5f8c914facd0b2125 (commit) via ac385b2f17ef142101165bdd9b31206bd86998dc (commit) via d86a24928625c47d46d17daad18f159d28678ee4 (commit) via 68537369b0c9fa551bc9db31ccc2d1b116badde8 (commit) via eea5bfe4656963628c1888afe106a51875752372 (commit) via aced5a957861710fb8b5fc94aa87fc29ceb9b3ec (commit) via 7e90cf38cb0f3fcee6e3e4baf0d629233f769d51 (commit) via defc321f04783b58a1a8ad45c77560d445eed6d6 (commit) via aacab139dc272d9c1b42340100cccb15cd7a302f (commit) via 829b0ba85156fbf3514b3f5d5b13c0f3254fae49 (commit) via 8c065b268d8c04c48e76dde8109381823a601908 (commit) via 2e51e8607e3b45b41a984f95c81c257a41107cff (commit) from 64835e022c52d24432d201bd4d57f1aa962c1f90 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 4a6cfe51a16575c7100862e2cc6f959bc48c6628 Merge: 64835e0 75ad2e4 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Fri Mar 4 07:09:02 2016 +0100
Merge remote-tracking branch 'origin/master' into next
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
-----------------------------------------------------------------------
Summary of changes: config/backup/include | 2 +- config/rootfiles/common/openssh | 1 - config/rootfiles/{oldcore/98 => core/99}/exclude | 0 .../rootfiles/{oldcore/88 => core/99}/filelists/files | 1 + .../97 => core/99}/filelists/i586/openssl-sse2 | 0 .../{oldcore/97 => core/99}/filelists/openssh | 0 .../{oldcore/97 => core/99}/filelists/openssl | 0 config/rootfiles/{oldcore/98 => core/99}/meta | 0 config/rootfiles/{oldcore/97 => core/99}/update.sh | 7 +++++-- config/rootfiles/oldcore/98/update.sh | 5 ++++- lfs/openssh | 6 +++--- lfs/openssl | 7 ++++--- lfs/stunnel | 2 +- make.sh | 2 +- src/patches/openssl-1.0.2g-disable-sslv2v3.patch | 18 ++++++++++++++++++ src/patches/openssl-disable-sslv2-sslv3.patch | 12 ------------ 16 files changed, 38 insertions(+), 25 deletions(-) copy config/rootfiles/{oldcore/98 => core/99}/exclude (100%) copy config/rootfiles/{oldcore/88 => core/99}/filelists/files (52%) copy config/rootfiles/{oldcore/97 => core/99}/filelists/i586/openssl-sse2 (100%) copy config/rootfiles/{oldcore/97 => core/99}/filelists/openssh (100%) copy config/rootfiles/{oldcore/97 => core/99}/filelists/openssl (100%) copy config/rootfiles/{oldcore/98 => core/99}/meta (100%) copy config/rootfiles/{oldcore/97 => core/99}/update.sh (95%) create mode 100644 src/patches/openssl-1.0.2g-disable-sslv2v3.patch delete mode 100644 src/patches/openssl-disable-sslv2-sslv3.patch
Difference in files: diff --git a/config/backup/include b/config/backup/include index 6ecb930..eb76ebf 100644 --- a/config/backup/include +++ b/config/backup/include @@ -33,7 +33,7 @@ /var/log/ip-acct/* /var/log/rrd/* /var/log/rrd/collectd -/var/log/rrd/vnstat +/var/log/vnstat /etc/sysconfig/firewall.local /etc/sysconfig/rc.local /root/.gitconfig diff --git a/config/rootfiles/common/openssh b/config/rootfiles/common/openssh index 1b6ded3..c33003f 100644 --- a/config/rootfiles/common/openssh +++ b/config/rootfiles/common/openssh @@ -14,7 +14,6 @@ etc/ssh/ssh_config etc/ssh/sshd_config usr/bin/scp usr/bin/sftp -usr/bin/slogin usr/bin/ssh usr/bin/ssh-add usr/bin/ssh-agent diff --git a/config/rootfiles/core/99/exclude b/config/rootfiles/core/99/exclude new file mode 100644 index 0000000..d87f175 --- /dev/null +++ b/config/rootfiles/core/99/exclude @@ -0,0 +1,25 @@ +boot/config.txt +etc/alternatives +etc/collectd.custom +etc/ipsec.conf +etc/ipsec.secrets +etc/ipsec.user.conf +etc/ipsec.user.secrets +etc/localtime +etc/shadow +etc/snort/snort.conf +etc/ssh/ssh_config +etc/ssh/sshd_config +etc/ssl/openssl.cnf +etc/sudoers +etc/sysconfig/firewall.local +etc/sysconfig/rc.local +etc/udev/rules.d/30-persistent-network.rules +srv/web/ipfire/html/proxy.pac +var/ipfire/dma +var/ipfire/time +var/ipfire/ovpn +var/lib/alternatives +var/log/cache +var/state/dhcp/dhcpd.leases +var/updatecache diff --git a/config/rootfiles/core/99/filelists/files b/config/rootfiles/core/99/filelists/files new file mode 100644 index 0000000..76b5b4e --- /dev/null +++ b/config/rootfiles/core/99/filelists/files @@ -0,0 +1,3 @@ +etc/system-release +etc/issue +var/ipfire/backup/include diff --git a/config/rootfiles/core/99/filelists/i586/openssl-sse2 b/config/rootfiles/core/99/filelists/i586/openssl-sse2 new file mode 120000 index 0000000..f424713 --- /dev/null +++ b/config/rootfiles/core/99/filelists/i586/openssl-sse2 @@ -0,0 +1 @@ +../../../../common/i586/openssl-sse2 \ No newline at end of file diff --git a/config/rootfiles/core/99/filelists/openssh b/config/rootfiles/core/99/filelists/openssh new file mode 120000 index 0000000..d8c77fd --- /dev/null +++ b/config/rootfiles/core/99/filelists/openssh @@ -0,0 +1 @@ +../../../common/openssh \ No newline at end of file diff --git a/config/rootfiles/core/99/filelists/openssl b/config/rootfiles/core/99/filelists/openssl new file mode 120000 index 0000000..e011a92 --- /dev/null +++ b/config/rootfiles/core/99/filelists/openssl @@ -0,0 +1 @@ +../../../common/openssl \ No newline at end of file diff --git a/config/rootfiles/core/99/meta b/config/rootfiles/core/99/meta new file mode 100644 index 0000000..d547fa8 --- /dev/null +++ b/config/rootfiles/core/99/meta @@ -0,0 +1 @@ +DEPS="" diff --git a/config/rootfiles/core/99/update.sh b/config/rootfiles/core/99/update.sh new file mode 100644 index 0000000..b57d0a7 --- /dev/null +++ b/config/rootfiles/core/99/update.sh @@ -0,0 +1,62 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 3 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2016 IPFire-Team info@ipfire.org. # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh +/usr/local/bin/backupctrl exclude >/dev/null 2>&1 + +# Remove old core updates from pakfire cache to save space... +core=99 +for (( i=1; i<=$core; i++ )) +do + rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire +done + +# Stop services + +# remove slogin which is not included in new OpenSSH +rm /usr/bin/slogin + +# Extract files +extract_files + +# Update Language cache +# /usr/local/bin/update-lang-cache + +# Start services +/etc/init.d/sshd restart +/etc/init.d/apache restart + +# This update need a reboot... +touch /var/run/need_reboot + +# Finish +/etc/init.d/fireinfo start +sendprofile +# Update grub config to display new core version +if [ -e /boot/grub/grub.cfg ]; then + grub-mkconfig -o /boot/grub/grub.cfg +fi +sync + +# Don't report the exitcode last command +exit 0 diff --git a/config/rootfiles/oldcore/98/update.sh b/config/rootfiles/oldcore/98/update.sh index ec9c1aa..7e0cc2d 100644 --- a/config/rootfiles/oldcore/98/update.sh +++ b/config/rootfiles/oldcore/98/update.sh @@ -39,7 +39,10 @@ extract_files # Bugfixes for core96 updater bugs... if [ -e /boot/grub/grub.conf ]; then # legacy grub config on xen or citrix conflicts with grub2 config - rm /boot/grub/grub.cfg + # and core96 contains an empty file + if [ ! -s /boot/grub/grub.cfg ]; then + rm /boot/grub/grub.cfg + fi fi
if [ -e /boot/grub/grub.cfg ]; then diff --git a/lfs/openssh b/lfs/openssh index 546bc7e..ab25d62 100644 --- a/lfs/openssh +++ b/lfs/openssh @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2015 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2016 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 7.1p2 +VER = 7.2p1
THISAPP = openssh-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 4d8547670e2a220d5ef805ad9e47acf2 +$(DL_FILE)_MD5 = b984775f0cfff1f7ff18b8797fce8a28
install : $(TARGET)
diff --git a/lfs/openssl b/lfs/openssl index c5b71f7..eb7352f 100644 --- a/lfs/openssl +++ b/lfs/openssl @@ -24,7 +24,7 @@
include Config
-VER = 1.0.2f +VER = 1.0.2g
THISAPP = openssl-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -53,6 +53,7 @@ CONFIGURE_OPTIONS = \ zlib-dynamic \ enable-camellia \ enable-md2 \ + enable-ssl2 \ enable-seed \ enable-tlsext \ enable-rfc3779 \ @@ -86,7 +87,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = b3bf73f507172be9292ea2a8c28b659d +$(DL_FILE)_MD5 = f3c710c045cdee5fd114feb69feba7aa
install : $(TARGET)
@@ -119,7 +120,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.0-beta5-enginesdir.patch cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2a-rpmbuild.patch cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.1m-weak-ciphers.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-disable-sslv2-sslv3.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2g-disable-sslv2v3.patch
# i586 specific patches ifeq "$(MACHINE)" "i586" diff --git a/lfs/stunnel b/lfs/stunnel index f6f27e0..4585151 100644 --- a/lfs/stunnel +++ b/lfs/stunnel @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = stunnel -PAK_VER = 1 +PAK_VER = 2
DEPS = ""
diff --git a/make.sh b/make.sh index bed9230..8392e30 100755 --- a/make.sh +++ b/make.sh @@ -26,7 +26,7 @@ NAME="IPFire" # Software name SNAME="ipfire" # Short name VERSION="2.17" # Version number CORE="100" # Core Level (Filename) -PAKFIRE_CORE="98" # Core Level (PAKFIRE) +PAKFIRE_CORE="99" # Core Level (PAKFIRE) GIT_BRANCH=`git rev-parse --abbrev-ref HEAD` # Git Branch SLOGAN="www.ipfire.org" # Software slogan CONFIG_ROOT=/var/ipfire # Configuration rootdir diff --git a/src/patches/openssl-1.0.2g-disable-sslv2v3.patch b/src/patches/openssl-1.0.2g-disable-sslv2v3.patch new file mode 100644 index 0000000..06f5132 --- /dev/null +++ b/src/patches/openssl-1.0.2g-disable-sslv2v3.patch @@ -0,0 +1,18 @@ +diff -up openssl-1.0.2g/ssl/ssl_lib.c.v2v3 openssl-1.0.2g/ssl/ssl_lib.c +--- openssl-1.0.2g/ssl/ssl_lib.c.v2v3 2016-03-01 16:38:26.879142021 +0100 ++++ openssl-1.0.2g/ssl/ssl_lib.c 2016-03-01 16:41:32.977353769 +0100 +@@ -2055,11 +2055,11 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m + ret->options |= SSL_OP_LEGACY_SERVER_CONNECT; + + /* +- * Disable SSLv2 by default, callers that want to enable SSLv2 will have to +- * explicitly clear this option via either of SSL_CTX_clear_options() or ++ * Disable SSLv2 and SSLv3 by default, callers that want to enable these will have to ++ * explicitly clear these options via either of SSL_CTX_clear_options() or + * SSL_clear_options(). + */ +- ret->options |= SSL_OP_NO_SSLv2; ++ ret->options |= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3; + + return (ret); + err: diff --git a/src/patches/openssl-disable-sslv2-sslv3.patch b/src/patches/openssl-disable-sslv2-sslv3.patch deleted file mode 100644 index e42dfac..0000000 --- a/src/patches/openssl-disable-sslv2-sslv3.patch +++ /dev/null @@ -1,12 +0,0 @@ ---- openssl-1.0.1m/ssl/ssl_lib.c.old 2015-03-19 15:56:40.966287977 +0100 -+++ openssl-1.0.1m/ssl/ssl_lib.c 2015-03-19 15:57:07.976160846 +0100 -@@ -1892,6 +1892,9 @@ - */ - ret->options |= SSL_OP_LEGACY_SERVER_CONNECT; - -+ /* Disable SSLv2 and SSLv3 by default (affects the SSLv23_method() only) */ -+ ret->options |= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3; -+ - return (ret); - err: - SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE);
hooks/post-receive -- IPFire 2.x development tree