This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via 48ec07649f9fdb50fa852bae3eb95fc502b5b0e4 (commit) via 0aec7cbf4161c410bbb0a168fae942b52523b7b0 (commit) via c18dda556b392bcd76ff5f8a611ecfb98a5b377a (commit) via 9f3f612a5fd71372dc3b0be997afd2a0a0d77477 (commit) via d21e6d94cb7d0b6faba8e6b4cf8ae14d431fe554 (commit) via df0635abb584b4598e269efacd6650bfb9831ca7 (commit) via 21b0eff64324be6e687b45b5bc945b8db4df056d (commit) via 5b28df47a5f94bf05cd19de1439e6cf78307b96f (commit) via 53e52b86df520c20222e606ba1b24f6578e20d16 (commit) via 04581dfb77309acd6527172094bba3dc7549c3fb (commit) via 7bcff23c61ef2d25fc8817e78002a7e711a9855c (commit) via cbc279b0704f24869970fc7e8d216628c7153acd (commit) via 0bdff3b945337fe115cfb581004381ddf9d91f06 (commit) via 64ecba3f57f3ccce170edf8e5a80468d5390d54a (commit) via 090ccdb7616e3680b48df27c436d64ae6776ec48 (commit) via 2157a04d3294576455432f833759b869cbf28bd0 (commit) via 7eabdbfc47809f691d4da4f428c8726fb89c4f92 (commit) via d58554470fb29e8a8418de774a0ecdfa42c321e4 (commit) via ff6d2316ef59b9ad7882967a23d81e2ce2d4902e (commit) via ac809b02f5436139a55fef7486f7479cbf38c32d (commit) via cf73af23a7b2dcf130faf3d29804bd16192b6f97 (commit) via 4077bd152f590a415095cf92e5007d8b8cf02f69 (commit) via 59282c857bab662814b8ad9ae5013eca760f660f (commit) via 2cf0aa7cac1206d894d188d57158c2a1d7e029f7 (commit) via 55a9dd6a7454d2ecbc77baba592f02844d011d42 (commit) via 219dacef2c36a00dc5d26a9c42b86513281683fa (commit) via 4d70f59173c0ef521713c8855e03ab92eca11317 (commit) via a02f1323383869f32d43b5576c16f5f42b7fd15a (commit) via 524bbe326ddd4063f8099e99d6436c384a1d1730 (commit) via db9ee62e0addc535b8e3226d42b8ff70850044a0 (commit) via d255e2d1c291915ca20e0f57f9d55bc0d7d8dd87 (commit) via b4c9d299712dfa9f3d4afed2196283e0a0ba2310 (commit) via 215c32eb6435689fd798abdcfaff5ece3033aa02 (commit) via 55f6e62cf70132e31e32ec7a666cf0068878287b (commit) via 02001624d22733f208f7d17b398c076e85c9971d (commit) via c1ba35e8ab74eacb9c098bb1d992607591d5ad0c (commit) via 868274a5c2d5bf10b2e8a0addfec38f38e1bb508 (commit) via e46f6bee51c57287418234206fef9cc0ec4876e0 (commit) via f871a115f4061fa43c8bdbcc991541bf71c6374e (commit) via 97154d057bdbc7fa34309e9a5ad389775eff210d (commit) via e83ae0d43406ad6d988f2ea56d4dbfc6da1bab90 (commit) via a36cd34eac2d1624720eb86e2f3c6985ae184e20 (commit) via 4d25c1f39af51795e61855166a3aa24b6af97a17 (commit) via 0e7bfb1343d28069acfbaacb957cd199f8ead099 (commit) via 7c9820474675638123fdd1b13f4211e135a2f07a (commit) via 86cf6898aabe7d77da08664364e7d4cf4c17d9d5 (commit) via d822bdb5d33785dd14825f7028cedbcc43a33579 (commit) via 96b9c63b571e64a6d0660af378e49af586853542 (commit) via 4d8c7f3b12353a623846522d74a1a88870d08a34 (commit) via b2d22bbc8b9bb1c09e42b3b9715eb5e54abb59b4 (commit) via 8989211723f39ff119c0e8922986e07f39f6c2ea (commit) via 9a2bd851a441dbf74991edbc097d6ea6117c962b (commit) via 4ad5439a9091289f6e893c4bb8eab50c74c51d5f (commit) via 976b84ccb6303a172416e904b7dc431c7b8c46c4 (commit) via b7e1bac2dbdb4ef48e6c99654c88c72ad6d2a790 (commit) via 8bf6f0e88c664190217dee3d36f98baafa8419c4 (commit) via c478bdc2e4a80ef3b409d2843b0a2dd2f7d604d8 (commit) via ddbebd76e4d3d3b9a1978265c2ae52f221145a05 (commit) via c2539fe22eb32dee82e378f2b8de60dd16491362 (commit) via b11d0995824f77ad0d301b0e5cd31ab5b0d32b3f (commit) via 44f511ee1004567fcdf47d5a94dc394321607db6 (commit) via d0c7a72351dce2d1cf726487d12458f4111f959b (commit) via 89df57f3ef6372ce476491ed4199222bc015af3b (commit) via 52457c2e542f03aac458580bd32f397c1e3f653f (commit) via 5e43a17818e6e02933d402910de2932aa4ebeec5 (commit) via 084bd67b6229ed76819d702ed4058ae4920ccbf3 (commit) via 2689bb7138ebf316d7ac83f2cf42483f691f533d (commit) via 7f07763bca2fd369e392ba8403af606b13f6c26a (commit) via d42dd5bf1fc2ff994cdbfa69bd00d3b3f6b09b5d (commit) via 28f0b756ce9fdeace7dd34e523d25c027c120e8b (commit) via 6b6460095e3edf3e7a0727100b69c222b9ab88f0 (commit) via 7052f829edc2f7302b58187a37330f5c6df6ec90 (commit) via 9da013dd6c354da8829519a1108c3096e2c0f9c9 (commit) via a7792b4da1cc7d6dd34a1fe7e7b2f2bcd9c10cc9 (commit) via e501949821f719a701e02e5b5299216b05fca8b3 (commit) via 43164c65570a6ee1d1903a08896ce3bc4b0164d3 (commit) via a55f90e9cd6ca3fcd1ac5caa89df830d5326920e (commit) via 1afb9646cb15fb210f7e56f3eb47f2709e46e45f (commit) via 709fa7f3323961471323538ecb2ee6f8548107ec (commit) via e1e411956089de7c3334b10baacf5a5127558ef1 (commit) via ddd8d0705b3320f890d45c0222de3df0dad0bb76 (commit) via 8c1cc06d5f5766741fd7e5f36688b9773de4c1a2 (commit) via 2f62fd000736f4089c969e76b80cce6e63df1352 (commit) via b822cb159ab273753009f965d7e4abd4b11350d4 (commit) via 9b53f651070ac01bf89582d50a27cbc79f980087 (commit) via 9cfcc7e5467854825d3acd94594797201c25e4f1 (commit) via acbbcde4222e86d4e973e74374510dc7fae5db15 (commit) via e498947d3abf9f341611d97836a5e4dd0703e4da (commit) via 1b71e2b3c6241dc4bf47a9229a899e69ff291753 (commit) via cad087c74efe8e45d0a8b24365beaa868d1a2913 (commit) via dffce1e270675193c15ebc0ab6ce54eb3268707d (commit) via 636a79650bf930f1908cb128012dc567e7f78093 (commit) via ec03b64e9f853af914aa67c2c9f42f1400b4eb80 (commit) via ee87c2e33a9f90c6ce373851b57c58bb43ca1d2f (commit) via ec418b7a0885bc5c31fd26f1a4b4eec191a9caed (commit) via c1ccae1ce33e1f8ecb05eeaff5dc7299acbbc270 (commit) via 43d12991d1024010cb9059ab6c613d3053ee538b (commit) via bb39fac4370be88ff3b4abddaca6e7423733796c (commit) via 9e9d89ae37246ceca5786fcf6e4c7991532c1baf (commit) via 7ccea46172415ff6ae5de3653e6cb841bbd9c8b2 (commit) via 6983a96efff73babf144a4dda3e3aba68fd460e9 (commit) via 5a3e97b8d38c550b99282b5b0c60c83efc9f0c50 (commit) via c68bcbb298f70eb3c3dc5201ee16edb96a533fb0 (commit) via 577e3304953c708bce7f6c067bf34c3f585d3a0f (commit) via 27671216d589381fd6b0e4b0386f61fc6aa6be5d (commit) via 0f1d0b9c3c0fe06d15ffadc51b31fcea5552a919 (commit) via 4d438241c3521582239738198a9070cebdc91c04 (commit) via 057e89535108ea3afa67e469fd73c0cce619e307 (commit) via 14696ced7ec88af28b5244f2f1d30b1d033d97d3 (commit) via 258924ee79cf096fd266a57bab5908155fb37f3a (commit) via fc685a36c54eb0882a7fdb14a8ec698dc83e4a86 (commit) via 969983eba4f2b6917a53f8f817297c75b40e8d9f (commit) via 214f34ec4ee704e33dc4575e03a07ab7278a0bdc (commit) via 63cf95af3fc91bc3f92e053a08875106ef391eed (commit) via 697787c9309c5bfee0067d7486f0b095e968dc73 (commit) via 1e52a25825aaa5db8c3963c0bae78070fec51739 (commit) via 724f98c086a165e7528d0780cb8afe9e95421e93 (commit) via 7131a7bd94ef07f11d6c5971228710ad4445801b (commit) via 302420ad4a736053ae3a076ae48bfaac7b7d4208 (commit) via a081f20390178611d222f61f5d91214df2312ab0 (commit) via a2964e14f80bed8e66b11b2e25f8ade621f1cca9 (commit) via c0727f8b45116cfce1f11e44bc9c1cb991e6fd4d (commit) via cd13dbc544e19337a6ce29d4a5fd7ad47f5196a0 (commit) via f901c7401cda395daad2d267a1f4e4c623b9a77e (commit) via 17b9a1581c53aeaf1f715a986792375025f305be (commit) via 4aa1382e22c13c47f47e22ea092a5e008548716c (commit) via 77b373d62064f3809a35415093ddeac7df78ce41 (commit) via ded4348d0d1b91ddcc8acdc3bb67aa2dbacc6140 (commit) via 58d368d11c0c0a4ff71370e309fa65f469b7868c (commit) via 5b43f9db1576c8c2ea92570c1b9a1274495a75d3 (commit) via 1aa3dbf56df6756c5ad7c695f3c9bd3df942148a (commit) via 6cbed0c213075af4011e3c72aa21887a2254c83a (commit) via 4015d3f499c85cece577e360277cdc0e95a3d083 (commit) via 1b0e555fd37ca59847fc6d1714cada26503bb823 (commit) via 69b3156f7467fd941e904c5f7316a83bc11636ae (commit) via b35e27a28a66410ff0a4c69739b1d98d8bfd2d30 (commit) via 52071c0e9e7956c2e1a42430c01f06a383c2787d (commit) via 1b5aec1b7db40749fb0313f74e2670fc99a891cd (commit) via 01fc880cf3d6a19d1c2809f9adecd78278ebb49a (commit) via 35bc92a30717461a53d070b7a2d49ddcdc1c65ba (commit) via 6875f9ce7c014a9236a1c523f14381a30e1972eb (commit) via 71766c081c7f3a9a8a7c2356d4ac2f23eae27913 (commit) via 515a694d1c8bcd90bf52f35dc59d4990ff6b4935 (commit) via f3d421a3b183802c7d4af1333d73057964d18869 (commit) via 962e58cdd481d2067f78982ae7051bdcbc124426 (commit) via 7e1a09f9255414357a5b8bb6ffc898dbf5c9a791 (commit) via 0c5b2f6da301b5409b79df391f0f73e6c576fcf6 (commit) via ce40fddefc35cd879294c85a4c5eb85db5a4f773 (commit) via eade546821293480220215fea0c503d5f046e75e (commit) via 1d860d89cb59ec4e1b629d632be9bfa9e7ceb24c (commit) via d878d9c01482510220aae1f432ad5c45bc05997d (commit) via 5d523e4161ba6ac6ad568a456821b05ad4f73d33 (commit) via 5b9d877d46f5fc7da1e6d92185dd5810a85a17f8 (commit) via 15832b10c20212fe80aa5ba41521a4ad69965bb2 (commit) via 88eb5626b3e8770740c9dd83a157122f75ddd63c (commit) via 593abb3510687d40771941f49d7aa73e8037b448 (commit) via f580aa8caa691855f443c14c1e9e5a047028beef (commit) via 02fee15e0e004eda37f194d9a01186f4a1ad4372 (commit) via 1fa187335bb641d1f5ae698b21ef7783b228b8e4 (commit) via 4b6cf2a54ab2cbda7d688f4c9cdb45051e354f09 (commit) via 106f00bdbb26b9f84300c79f5b7f28dfb2395fcf (commit) via 0943ad8c3fa747c701f25f527824db3f1c6de501 (commit) via 2fded6d2ad80a05f87ae895deadc58de05073a34 (commit) via a2b4488ae53c92b6ffefa2abb2ee4601e4907014 (commit) via ddaf8ae1a87902389288904280c055e4601dc4ba (commit) via b734df0e1299407e59d38d9054065305f9c9eb00 (commit) via 50f348f681102eae5dc6d26f19292389397e77fb (commit) via e31458de4eea69d01a81e24bba85b3b655f7ae1f (commit) via 6acaa5fa6f6fb4546f058eebc774914e5706ceb3 (commit) via 0130e0d1e1168581ac3bc90d8773d968b1b5c4eb (commit) via 5e20d6cb28a87fca71abd9d4e0b811f6674fd39a (commit) via dae33250b2557e2650f1ac6fb8ced88d33c76ec7 (commit) via 3daa30002576490ec04a290dc777d3060c51d4a0 (commit) via 6563d44997434a442d6162571e8594dc8796c973 (commit) via 61b92664373ef7343a0f4efeaa3a5026bfe5b325 (commit) via aac869c47ef06294da337e80a1794b0b389e33f4 (commit) via 16b2d281ce054a41cbe084d7770fc54553ed747d (commit) via 09f7de97732b12c7bc13b7f7a9b664a975416647 (commit) via b953677b0d05202f69bb2ef06e9b628c39ea37f2 (commit) via 6c9d3eeef24be039b13c12e2ed750556f79a2b04 (commit) via 8bd74e12a9433f0f79e9eeca1028192799c98cc7 (commit) via 8335286b381381e187da787c0c758fa62890104e (commit) via 23b560529ad02c3d6eac37ed60eacf5af99be69d (commit) via 0fbfffea9152715705d1c3c9b318635fd81bb89f (commit) via ae22613224bcdb93454b3035e2a8f48ee40d147f (commit) via 2c02c936075c9eac0196530f61729740d8c01142 (commit) via caae0cf5e342070d04fac84c6b85cf1efc3bfe23 (commit) via b3c2c3364dc816a30db72c3ca79370cfded0f345 (commit) via 788a71f51eedf087b6c91bc5714ed0b1834d202d (commit) via e55fa2f7456d3f4bf16a33a3f5d06582b9e78de9 (commit) via b5350c4d6ee39b4991f1fb0d467b87d514b59a58 (commit) via 923a644107b608ba6965359f75193fbc34647461 (commit) via 73eb03a333067b680e4c77469eb86da5444bdd3d (commit) via 9bf260ded2713a983c62072ee89772884bc14a8a (commit) via 7323c72d03f063c6847df8973ea6abb09b6b1323 (commit) via 2acb3c8d0032cb4056a13d168be9be85f5607df9 (commit) via bb4c30c653314754b8564f6bc41047d5c00eacb6 (commit) via aba3cbe5bc0278132230bf027e54349f1a89b3d6 (commit) via 4c067847c5db9d96aa7d6f1ef613b60f211817f9 (commit) via 18fb2dbd5c17edb58eaba1f6a609bab798795c63 (commit) via a8d36d3e1fe619309b047aabce38b1e105f692c8 (commit) via 2f252efa0dc0625248ecf99917be9887821b5223 (commit) via a49a30d1ba7560c9e394570f4d313a575820c439 (commit) via 77351a6b768c0359cb0a25d540f5f2c1ff03e51f (commit) via 87df37da7abbb04eb83d0803c1237039c8dddfd3 (commit) via 4efc8ccd8aacedbc1c24908fa7ee3989182ba976 (commit) via 2bbe6ede23af14e0a23b77e1aaca8c5a26ecb6ac (commit) via a468b62b62d5a9f777fe1c4d4564ade7d70ed621 (commit) via dd2ce333f74dda68498f4bbcfe5a2115d8aa8202 (commit) via 019e5e9bafd6803792f4beaa68977bd68d015665 (commit) via fed57fe7f04cbea5ea3489b75ff373d975e887bb (commit) via 1033cf2d0a14494952f2e324db35b5029878dafc (commit) via 4e4c3f14599842acd41b577ac1058fd7e2975054 (commit) via 3e12c6e6883d80e4648aeed89a75c0c0de1d120b (commit) via 70cc13158d6d3be97d4094619cf20ec065023492 (commit) via 179b75107e8a8bd0e339e3d5aef8372fafb9a0e9 (commit) via 5e891296f061d5bcccd07147bf1c159703085054 (commit) via 41b52755b83bee943c7293da46209401239b2666 (commit) via d0885624067d40da7f6ff26c6be66fc39ab73d12 (commit) via a52ea4b0085426cc2c7fc08be5496532cb97b622 (commit) via ba154161199f84bb7c80ff6bbebf16e6660af738 (commit) via 7e4f773adc256e964c0b8bbedf0fe91cddac9b9c (commit) via 90d8cb92980bb6ae689605ad36d6f0c46158be7c (commit) via 16d91d7466984faa3af9bdc025aabd6a18c8a428 (commit) via 1c959b88c7ab8b79df61f3e51c633c0455cfb421 (commit) via fb013fdc0a6118d4d5163cf572b41b83530f2a4f (commit) via ae3a88abe5b21a1bfe6310a06b6002f6befca976 (commit) via 0a8a3f70e073dc3fa059e824f9285553c7d56c3a (commit) via 510d3f005c179469111f172556312d8d025d131d (commit) via 2d5b98c80939aec312c97a5368493c621b3cbccb (commit) via c7ee7f60dac6be66c0b45261fd3aa3c3c6852f69 (commit) via 3ed6be83d21ba2c0a819974dfc1936ca7bfff541 (commit) via 40335cecaa67bd8b370e4a90741dd6557a821382 (commit) via cf3806f27ca0d53ed0e1c28e4e23e4cd53816da6 (commit) from 99c7fefd7ecf2404b7b938bff1002679c1fb58e5 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 48ec07649f9fdb50fa852bae3eb95fc502b5b0e4 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Fri Jan 21 16:23:00 2022 +0000
qemu-ga: resolve conflict by using binary from qemu built
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 0aec7cbf4161c410bbb0a168fae942b52523b7b0 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Fri Jan 21 10:09:22 2022 +0000
core164: add kernel to update
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit c18dda556b392bcd76ff5f8a611ecfb98a5b377a Author: Arne Fitzenreiter arne_f@ipfire.org Date: Fri Jan 21 10:06:22 2022 +0000
kernel: update to 5.15.16
Signed-off-by: Arne Fitzenreiter arne_f@ipfire.org
commit 9f3f612a5fd71372dc3b0be997afd2a0a0d77477 Author: Peter Müller peter.mueller@ipfire.org Date: Wed Jan 19 17:47:19 2022 +0000
Core Update 164: Ship and apply sysctl changes
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit d21e6d94cb7d0b6faba8e6b4cf8ae14d431fe554 Author: Peter Müller peter.mueller@ipfire.org Date: Sun Jan 16 14:47:25 2022 +0000
sysctl.conf: Enable Loose Reverse Path Filter according to RFC 3704
For historical reasons, we were always reluctant to reverse path filtering, since configuration changes were tricky to evaluate for a larger userbase, IPFire permits a number of complex scenarios, and due to limited resources.
As a compromise, this patch suggests to enable Loose Reverse Path Filtering, as specified in RFC 3704 (section 2.4), to gain at least some security achievement on this end.
To quote from that:
Loose Reverse Path Forwarding (Loose RPF) is algorithmically similar to strict RPF, but differs in that it checks only for the existence of a route (even a default route, if applicable), not where the route points to. Practically, this could be considered as a "route presence check" ("loose RPF is a misnomer in a sense because there is no "reverse path" check in the first place).
The questionable benefit of Loose RPF is found in asymmetric routing situations: a packet is dropped if there is no route at all, such as to "Martian addresses" or addresses that are not currently routed, but is not dropped if a route exists.
There is no legitimate reason why we cannot enable this: If IPFire receives a packet on some interface it cannot route on _any_ interface at all, there is no sense in processing it.
While testing this change, I was unable to produce a situation where it actually causes any harm. In theory, it shouldn't do so anyways.
In the future, we will hopefully be able to set these sysctl's to "1", using Strict Reverse Path Filtering, as specified in RFC 3704 (section 2.2). Doing so was found to work fine in my testing environment as well, but there is no asymmetric routing in place there.
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit df0635abb584b4598e269efacd6650bfb9831ca7 Author: smooky@v16.de smooky@v16.de Date: Fri Jan 14 21:41:32 2022 +0100
New Addons: qemu-ga 6.0.1 second try
>>> https://www.qemu.org/ <<<
source = https://download.qemu.org/qemu-6.0.1.tar.xz
Hi @ all
I have the addon qemu-ga for people who virtualize IPFire and to read the status without having to install the whole qemu package. Modified following Michael's suggestions.
Signed-off-by: Marcel Follert (Smooky) smooky@v16.de Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit 21b0eff64324be6e687b45b5bc945b8db4df056d Author: Peter Müller peter.mueller@ipfire.org Date: Tue Jan 18 21:23:59 2022 +0000
Core Update 164: Ship shadow
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 5b28df47a5f94bf05cd19de1439e6cf78307b96f Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Jan 18 10:14:55 2022 +0100
shadow: Update to version 4.11.1 and fix bug 12762
- Update from 4.2.1 (2015) to 4.11.1 (2021) - Update rootfile - Update patch for suppression of groups installation - Change default hash from sha512 to yescrypt in lfs and logins.def - Changelog * Release 4.11.1 * build: include lib/shadowlog_internal.h in dist tarballs (Sam James) * Release 4.11 * Handle possible TOCTTOU issues in usermod/userdel (edneville) * (CVE-2013-4235) * Use O_NOFOLLOW when copying file * Kill all user tasks in userdel * Fix useradd -D segfault (Xi Ruoyao) * Clean up obsolete libc feature-check ifdefs (Alejandro Colomar) * Fix -fno-common build breaks due to duplicate Prog declarations (Adam Sampson) * Have single date_to_str definition (Alejandro Colomar) * Fix libsubid SONAME version (Sam James) * Clarify licensing info, use SPDX. * Release 4.10 Note: From this release forward, su from this package should be considered deprecated. Please replace any users of it with su from util-linux. Please open an issue if there is a problem with that. We intend to remove it in an upcoming release. This release features many fixes expecially to the building of libsubid, some SELinux labeling issues, and a few signaling issues. * libsubid fixes (Xi Ruoyao, Serge Hallyn, Iker Pedrosa, Mike Gilbert, GalaxyMaster, and Luís Ferreira) * Rename the test program list_subid_ranges to getsubids, write a manpage, so distros can ship it. (Iker Pedrosa) * Add libeconf dep for new*idmap (Iker Pedrosa) * Allow all group types with usermod -G (Iker Pedrosa) * Avoid useradd generating empty subid range (Iker Pedrosa) * Handle NULL pw_passwd (Jaroslav Jindrak) * Fix default value SHA_get_salt_rounds (Mike Gilbert) * Use https where possible in README (Paul Menzel) * Update content and format of README (Iker Pedrosa) * Translation updates (Balint Reczey, Frans Spiesschaert) * Switch from xml2po to itstool in 'make dist' (Serge Hallyn) * Fix double frees (Michael Vetter) * Add LOG_INIT configurable to useradd (Andy Zaugg) * Add CREATE_MAIL_SPOOL documentation (Andy Zaugg) * Create a security.md * Fix su never being SIGKILLd when trapping TERM (Ruihan li) * Fix wrong SELinux labels in several possible cases (Iker Pedrosa) * Fix missing chmod in chadowtb_move (GalaxyMaster) * Handle malformed hushlogins entries (Tobias Stoeckmann) * Fix groupdel segv when passwd does not exist (François Rigault) * Fix covscan-found newgrp segfault (Iker Pedrosa) * Remove trailing slash on hoedir (Ed Neville) * Fix passwd -l message - it does not change expirey (Ed Neville) * Fix SIGCHLD handling bugs in su and vipw (Tobias Stoeckmann) * Remove special case for "" in usermod (Alejandro Colomar) * Implement usermod -rG to remove a specific group (Andy Zaugg) * call pam_end() after fork in child path for su and login (Björn Fischer) * useradd: In absence of /etc/passwd, assume 0 == root (Ludwig Nussel) * lib: check NULL before freeing data (Iker Pedrosa) * Fix pwck segfault (Iker Pedrosa) * Release 4.9 2021-07-22 Serge Hallyn serge@hallyn.com * Updated translations (Björn Esser, Juergen Hoetzel) * Major salt updates (Björn Esser) * Various coverity and cleanup fixes (Iker Pedrosa) * Consistently use 0 to disable PASS_MIN_DAYS in man (tzccinct) * Implement NSS support for subids and a libsubid (Serge Hallyn) * setfcap: retain setfcap when mapping uid 0 (Christian Brauner) * login.defs: include HMAC_CRYPTO_ALGO key (Iker Pedrosa) * selinux fixes (Christian Göttsche) * Fix path prefix path handling (Lucas Servén Marín) * Manpage updates (tzccinct, Sevan Janiyan, Iker Pedrosa, Geert Ijewski, 谭九鼎, Jamin W. Collins, towerpark, andydna, Frans Spiesschaert) * Treat an empty passwd field as invalid (Haelwenn Monnier) * newxidmap: allow running under alternative gid (Martijn de Gouw) * usermod: check that shell is executable (Geert Ijewski) * Add yescript support (Rodolphe Bréard) * useradd memleak fixes (whzhe) * useradd: use built-in settings by default (Ludwig Nussel) * getdefs: add foreign (non-shadow-utils) items (Karel Zak) * buffer overflow fixes (Tobias Stoeckmann) * Adding run-parts style for pre and post useradd/del (ed@s5h.net) 2020-01-23 Serge Hallyn serge@hallyn.com * selinux: inclue stdio (Michael Vetter) * man: don't suggest making groupmems user-writeable (Michael Weiser) * Makefile: bail out on error in for loops (Wolfgang Bumiller) * Adding logging of SSH_ORIGINAL_COMMAND to nologin. (ed@s5h.net) * add new HOME_MODE login.defs option (Duncan Overbruck) * Add tty logging to useradd (ed@s5h.net) * Useradd: make non-executable shell check only a warning (Tomas Mraz) * Update Dutch translation (Frans-Spiesschaert) * user_busy: Do not mistake a regular user process for a namespaced one (Tomas Mraz) * Revert "Honor --sbindir and --bindir for binary installation" Patrick McLean) 2019-12-20 Dave Reisner dreisner@archlinux.org * Do not auto-enable acct_tools_setuid just because pam is enabled. NOTE - any distros which are relying on this behavior will need to switch to configure --enable-account-tools-setuid * Release 4.8 2019-12-01 Serge Hallyn serge@hallyn.com * Initial optional bcrypt support. * Make build/install of 'su' optional. * Fix for vipw not resuming correctly when suspended * Sync password field descriptions in manpages * Check for valid shell argument in useradd * Allow translation of new strings through POTFILES.in * Migrate to itstool for translations * Migrate to new SELinux api * Support --enable-vendordir * pwck: Only check homedir if set and not a system user * Support nonstandard usernames * sget{pw,gr}ent: check for data at EOL * Add YYY-MM-DD support in chage * Fix failing chmod calls for suidubins * Fix --sbindir and --bindir for binary installations * Fix LASTLOG_UID_MAX in login.defs * Fix configure error with dash * Release 4.7 2019-06-13 Serge Hallyn serge@hallyn.com * Spawn: don't loop forever on ECHILD * Do not fail locking if there is a stale lockfile Tomas Mraz) * Use lckpwdf if prefix not set (Tomas Mraz) * Build: check correct DocBook version (Jan Tojnar) * Usermod: Print 'no changes' to stdout, not stderr (Serge Hallyn) * Add support for btrfs subvolumes for home (Adam Majer) * Fix chpasswd long line handling (Nathan Ruiz) * Use secure_getenv for gettime (Chris Lamb) * Make sp_lstchg reproducible (Chris Lamb) * Do not crash commonio_close if db file is not open (Tomas Mraz) * Don't flush nscd and sssd cache in read-only mode (Charlie Vuillemez) * French manpage update (Alban VIDAL) * Fix manpage defaults for SUB_UID/GID_COUNT (Tomas Mraz) * Sync po files from shadow.pot (Alban VIDAL) * Usermod: guard against unsafe chown of homedir contents (Tomas Mraz) * Add LASTLOG_UID_MAX to login.defs (Tomas Mraz) * new[ug]idmap file capabilities support (Giuseppe Scrivano and Christian Brauner) * Fix segfault in useradd (Tomas Mraz) * Coverity issues (Tomas Mraz) * Flush sssd caches (Jakub Hrozek) * Log UID in nologin (Vladimir Ivanov) * run pam_getenvlist after setup_env in su.c (Michael Vogt) * Support systems with only utmpx (A. Wilcox) * Fix unguarded ENABLE_SUBIDS code (Jan Chren (rindeal)) * Update po/zh_CN translation (Lion Yang) * Create parent dirs for useradd -m (Michael Vetter) * Prevent usermod segv * Fix usermod crash (fariouche) * Release 4.6 2018-04-29 Serge Hallyn serge@hallyn.com * Newgrp: avoid unnecessary lookups * Make language less binary * Add error when turning off man switch * Spelling fixes * Make userdel work with -R * newgidmap: enforce setgroups=deny if self-mapping a group * Norwegian bokmål translation * pwck: prevent crash by not passing O_CREAT * WITH_TCB fixes from Mandriva * Fix pwconv and grpconv entry skips * Fix -- slurping in su * add --prefix option 2017-07-16 Serge Hallyn serge@hallyn.com * Import new Dutch translations. 2017-07-10 Serge Hallyn serge@hallyn.com * Expand error codes for groupmod. 2017-05-17 Serge Hallyn serge@hallyn.com * Release 4.5 2017-05-17 Serge Hallyn serge@hallyn.com * Patch from Tobias Stoeckmann fixing regression in previous CVE fix preventing SIGTERM to su from being propagated to the job. * Patch from Chris Lamb making sp_lstchg shadow field reproducible. * Merge Russian translation updates from Yuri Kozlov * Fix missing close of subuid file on error 2017-02-23 Serge Hallyn serge@hallyn.com * Merge patch by Tobias Stoeckmann tobias@stoeckmann.org to fix the equivalent of util-linux CVE-2017-2616. 2017-02-08 Serge Hallyn serge@hallyn.com * Update Kazakh translations * Consult configuration before calculating subuids * Remove misplaced semicolon 2017-01-29 Serge Hallyn serge@hallyn.com * Patch from Fedora to improve performance with SSSD, Winbind, or nss_ldap. (Tomas Mraz) * Make sure knowndef_table is NULL-terminated. (Bernhard Rosenkränzer) 2016-12-21 Serge Hallyn serge@hallyn.com * Drop leading underscore from _COMMONIO_H and _SHADOWIO_H * Fix readability in usermod error messages. * Reset user in tallylog * Add audit support to su * Changes since 4.4 2016-12-02 Serge Hallyn serge@hallyn.com - Use sizeof rather than hardcoding snprintf args - Fix useradd improper default loading - Update Vietnamese translations - Update Polish translations - Remove non-POSIX chmod option in Makefile - Fix suidubins assignments - Fix --add-subuids etc spelling in manpages - Audit homedir ownership change. - Print error on selinux file context update failure - Keep original file perms when creating a backup * Changes since 4.2.1: 2016-12-02 Serge Hallyn serge@hallyn.com - Documentation, error report and translations updates - Replace path_max with 32 - User namespace support fixes/updates including: - Correct sanity checks in newXidmap - Fix building without subuid support - Add /etc/subuid support for UID matching - Support subuid for nonlocal users - Default to 65536 subuid allocations - Respect -r - Check for range overflows - Add tests from svn tree - Use AC_CHECK_SIZEOF for uid_t size checks - Accomodate missing /etc and login.defs - Support FORCE_SHADOW - Be more robust in hostile environment - Allow removing a primary group - Clear passwords on __pw_dup errors - Memory leak fix in commonio_update and get_map_ranges - Fix resource leak in syslog_sg - Fix user busy error at userdel - Support set/clear lastlog record via lastlog command - Add --no-create-home as longopt for -M - Fix signal races - Reduce syslog priority of common usage events
Fixes: Bug 12762 Tested-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Peter Müller peter.mueller@ipfire.org
commit 53e52b86df520c20222e606ba1b24f6578e20d16 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Jan 18 12:34:55 2022 +0000
dnsdist: Upgrade to 1.7.0
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Reviewed-by: Adolf Belka adolf.belka@ipfire.org
commit 04581dfb77309acd6527172094bba3dc7549c3fb Merge: 7bcff23c6 99c7fefd7 Author: Peter Müller peter.mueller@ipfire.org Date: Tue Jan 18 21:12:56 2022 +0000
Merge branch 'next' into temp-c164-development
commit 7bcff23c61ef2d25fc8817e78002a7e711a9855c Author: Peter Müller peter.mueller@ipfire.org Date: Sat Jan 15 11:28:04 2022 +0000
Fix some more rootfiles
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit cbc279b0704f24869970fc7e8d216628c7153acd Merge: 0bdff3b94 14aa98302 Author: Peter Müller peter.mueller@ipfire.org Date: Sat Jan 15 08:31:48 2022 +0000
Merge branch 'next' into temp-c164-development
commit 0bdff3b945337fe115cfb581004381ddf9d91f06 Author: Peter Müller peter.mueller@ipfire.org Date: Fri Jan 14 20:45:56 2022 +0000
Core Update 164: Ship libusb
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 64ecba3f57f3ccce170edf8e5a80468d5390d54a Author: Peter Müller peter.mueller@ipfire.org Date: Fri Jan 14 20:44:04 2022 +0000
libusb: Update to 1.0.24
Fixes: #12667
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 090ccdb7616e3680b48df27c436d64ae6776ec48 Author: Peter Müller peter.mueller@ipfire.org Date: Fri Jan 14 20:25:49 2022 +0000
Squid: Update rootfile
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 2157a04d3294576455432f833759b869cbf28bd0 Author: Peter Müller peter.mueller@ipfire.org Date: Fri Jan 14 19:16:32 2022 +0000
Core Update 164: Ship hdparm
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 7eabdbfc47809f691d4da4f428c8726fb89c4f92 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Fri Jan 14 19:16:30 2022 +0100
hdparm: Update to 9.63
For details since v9.55, see: https://sourceforge.net/p/hdparm/news/
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Reviewed-by: Peter Müller peter.mueller@ipfire.org
commit d58554470fb29e8a8418de774a0ecdfa42c321e4 Author: Peter Müller peter.mueller@ipfire.org Date: Fri Jan 14 19:15:45 2022 +0000
Fix various rootfiles
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit ff6d2316ef59b9ad7882967a23d81e2ce2d4902e Author: Peter Müller peter.mueller@ipfire.org Date: Fri Jan 14 19:11:07 2022 +0000
Core Update 164: Fix missing "include/" in file path
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit ac809b02f5436139a55fef7486f7479cbf38c32d Author: Matthias Fischer matthias.fischer@ipfire.org Date: Fri Jan 14 17:11:07 2022 +0100
clamav: Update to 0.104.2
For details see: https://blog.clamav.net/2022/01/clamav-01035-and-01042-security-patch.html
"ClamAV 0.104.2 is a critical patch release with the following fixes:
CVE-2022-20698: Fix for invalid pointer read that may cause a crash. Affects 0.104.1, 0.103.4 and prior when ClamAV is compiled with libjson-c and the CL_SCAN_GENERAL_COLLECT_METADATA scan option (the clamscan --gen-json option) is enabled. ..."
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Reviewed-by: Peter Müller peter.mueller@ipfire.org
commit cf73af23a7b2dcf130faf3d29804bd16192b6f97 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Fri Jan 14 17:01:56 2022 +0100
monit: Update to 5.30.0
For details see: https://mmonit.com/monit/changes/
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Reviewed-by: Peter Müller peter.mueller@ipfire.org
commit 4077bd152f590a415095cf92e5007d8b8cf02f69 Author: Peter Müller peter.mueller@ipfire.org Date: Fri Jan 14 14:42:15 2022 +0000
Core Update 164: Ship usbutils
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 59282c857bab662814b8ad9ae5013eca760f660f Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Jun 23 19:30:00 2021 +0200
usbutils: Update to version 013
- Update from 007 (2013) to 013 (2020) - Update rootfile - Changelog usbutils 013 Aurelien Jarno (1): lsusb.8.in: do not mention usb.ids Baruch Siach (1): usb-devices.1: don't mention bash Greg Kroah-Hartman (15): usbhid-dump: move manpage to main directory out of subdir usbhid-dump.8: add SPDX header usbhid-dump.8: autogenerate it with the usbutils version number .gitignore: add usbhid-dump.8 usbhid-dump: add SPDX identifiers to all files. usbhid-dump: remove libusb.h libusb_strerror() implementation usbhid-dump: remove lib directory usbhid-dump: move .h files into src/ directory Makefile.am: add usbhid-dump.8 to distclean list usbhid-dump: some autoconf cleanup usbhid-dump: remove some dev_list functions that were never used dump_audiostreaming_interface(): remove unused variable usbmisc: initialize string buffer before reading from device. lsusb.py: drop trailing space on non-hub devices lsusb.py: strip whitespace from device strings Jakub Wilk (2): lsusb(8): fix formatting lsusb(8): document --tree Pino Toscano (1): lsusb.py: remove private paths for usb.ids Rob Gill (1): Additional device classes for usb-devices script Rosen Penev (1): usbhid-dump: Do not use rindex Thomas Hebb (4): Move read_sysfs_prop() from names.c to its own file sysfs: Don't return bogus data for devices under a hub lsusb: Use vendor and product name fallback logic in -D mode too lsusb: Get manufacturer, product, and serial from sysfs Timothy Robert Bednarzyk (1): bootstrap: change /bin/bash to /bin/sh Torleiv Sundre (1): lsusb: fix two typos in UVC Extension Unit descriptor Tormod Volden (1): usbhid-dump: Put back autoconf check for libusb_set_option() usbutils 012 Greg Kroah-Hartman: Merge usbhid-dump into main usbutils repository usbutils 011 Clemens Fruhwirth (1): Add usbreset.c as noinst_PROGRAMS target. Daniel Schaefer (1): lsusb: Read unkown names from sysfs device desc. Darsey Litzenberger (3): Remove a small hack that no longer has any effect. Cleanup grammar lsusb-t: Emit USB IDs and other handy info when verbosity is increased Emmanuele Bassi (1): Require newer version of libusb Georg Brandl (1): lsusb.py: fix up Python 3 conversion Greg Kroah-Hartman (10): SPDX bill-of-material is supposed to be project_name.spdx usbutils.spdx: rerun report, it is properly sorted. desc-dump.c: fix compiler warning about unused variable add usbreset to .gitignore usbreset: fix some build warnings usbhid-dump: update to latest version fix up standard int types update usbhid-dump git id usbhid-dump: update to a newer version of usbhid-dump again. usbutils.spdx: update with latest information Kurt Garloff (4): lsusb.py: Search multiple paths for usb.ids. lsusb.py: Usb enum for parser state machine. lsusb.py: Add driver names for usbhid. lsusb.py: python2 compatibility Lukas Nykryn (1): Makefile.am: add files with licenses to archive Mantas Mikulėnas (33): lsusb.py: sort devices and interfaces numerically lsusb.py: sort toplevel entries lsusb.py: improve usage text lsusb.py: replace fake deepcopy() lsusb.py: remove -w (warn if usb.ids not sorted) option lsusb.py: ensure all error messages are written to stderr lsusb.py: support long options lsusb.py: use regular print() instead of hand-rolling the same thing lsusb.py: avoid shadowing Python's built-in 'str' lsusb.py: replace usb.ids binary search with dict lookup lsusb.py: remove now-unused bin_search() lsusb.py: avoid manual calls to __foo__() lsusb.py: replace __repr__() for USB IDs with __str__() lsusb.py: insert class FF:FF:FF into usbclasses to avoid special casing lsusb.py: entirely remove Usb* classes lsusb.py: cosmetic - replace tuples-as-"immutable lists" with regular lists lsusb.py: use 'elif' where suitable lsusb.py: remove dead code lsusb.py: move unrelated code out of try..except lsusb.py: allow - as well as _ when matching hci module names lsusb.py: use a constant for the magic class number 9 lsusb.py: Usb* classes: call read() automatically from constructor lsusb.py: UsbEndpoint: indent is a class implementation detail lsusb.py: a few cosmetic changes lsusb.py: shorten find_usb_class() lsusb.py: give all Usb* objects a .path attribute lsusb.py: add an actual __repr__() to classes lsusb.py: give all Usb* classes a superclass lsusb.py: convert readattr() and readlink() to methods of the container lsusb.py: use color by default lsusb.py: rework output for more consistent indent of both columns lsusb.py: fix endpoint interval spacing lsusb.py: visually group USB-version-related fields Michael Drake (4): lsusb: Split out routine that fetches value for given field. lsusb: Split out field name rendering. lsusb: Add support for descriptor extensions. lsusb: Add support for audio processing unit type-specific fields. Philip Langdale (2): lsusb: Added support for Billboard Alternate Mode Capability descriptor lsusb.py: Fix formatting of 10Gbps speeds Ross Burton (1): usb-devices: use /bin/sh hashbang Solomon Peachy (1): lsusb: Add support for decoding IPP printer descriptors Stefan Tauner (1): Depend on libusb 1.0.14 Valerii Zapodovnikov (1): man pages: add information on verbosity levels of -t option junjie (1): fix typo usbutils 010 Aurelien Jarno (2): usbreset.c: add missing <stdlib.h> include Do not create and install usbutils.pc Greg Kroah-Hartman (32): fix dump_videocontrol_interface for unitialized variable usage Add correct SPDX license identifiers to all files Add SPDX identifiers on files that did not have a specific license. wTotalLength should be printed as a hex number usbmisc: fix up some strncpy() issues lsusb-t: fix up error with readlink() lsusb.py.in: add proper SPDX license identifier usb-devices: reword the copyright identifier LICENSES: move the GPL 2 license to the LICENSES directory LICENSES/GPL-3.0.txt: add the file lsusb.h: add copyright notice lsusb-t: add copyright info bom.spdx: Add bill of materials file in SPDX format. ChangeLog: remove it. AUTHORS: remove file do_release: drop file NEWS: add SPDX header and comment autogen.sh: add SPDX and copyright header list.h: add copyright information travis-autogen.sh: add SPDX and copyright information. INSTALL: remove the file, it's boiler-plate configure.ac: add SPDX and copyright man pages: add SPDX and copyright information Makefile.am: add SPDX and copyright information .gitmodules: add SPDX and copyright lines lsusb.py.in: fix up Copyright strings usbreset.c: add Alan's copyright .travis.yml: add correct SPDX and copyright notices bom.spdx: update with latest copyright and SPDX identifier additions README.md: move the README file to markdown README.md: fix fomatting bom.spdx: upate with README -> README.md change Lukas Nykryn (1): lsusb.py: convert to python3 Michael Drake (11): lsusb: Split subtype mapping out of AudioControl interface handling. lsusb: Add declarative definitions for UAC1 and UAC2 descriptors. lsusb: Add code to dump descriptor data using descriptor definition. lsusb: Switch to descriptor-definition based dump for UAC1 and UAC2. lsusb: Add descriptor definitions for UAC3. lsusb: Add initial support for USB Audio Device Class 3. lsusb: Add descriptor definition for USB3 BOS Configuration Summary. lsusb: Dump USB3 BOS Configuration Summary Descriptor. lsusb: Squash Wpointer-compare warning. lsusb: Remove unused function. lsusb: Fix array entry count for variable sized entries. Robby Workman (1): Makefile.am: Include usbreset.c in the release tarball Torleiv Sundre (1): lsusb: Dump UVC Stream based payload descriptor. usbutils 009 Bjørn Mork (1): usbreset: coding style Emmanuele Bassi (1): Don't use C99-ism Greg Kroah-Hartman (22): usbhid-dump: update submodule to latest version add usbreset.c example program update usbhid-dump to latest lsusb.py: Don't dump a trace dump if usb.ids is not present Grueninger, Tobias (1): USB: usb-devices: Interface number can be a string Heinrich Schuchardt (1): autogen.sh: checkout usbhid-dump Jaejoong Kim (4): lsusb : add support for the Encoding Unit Desc for uvc 1.5 device lsusb: fix alignment for Video Streaming interface desc lsusb: parse additional control fileds in USB video control interfaces for UVC1.5 lsusb: proper display hexadecimal value for UVC control interface Jakub Wilk (1): Fix typos Jo-Philipp Wich (1): usbreset.c: import usability improvements from OpenWrt Justin McBride (2): Update lsusb.c Un-indent bVariableSize for Frame-Based Format descriptors Kylie McClain (1): Makefile: install pkgconfig file to arch-dependent location Mathias Nyman (2): lsusb: Allocate the BOS descriptor buffer dynamically lsusb: Add support for the USB 3.1 SuperSpeedPlus device capability desc Muthu M (2): lsusb: Fix issue with lengthy string descriptors lsusb: Added support for Billboard Capability descriptor Nikolai Kondrashov (2): Update usbhid-dump repo URL Update usbhid-dump to v1.4 Stephan Linz (7): travis-ci: add control files borrowed from libusb configure: remove summary about unused USE_ZLIB drop unused input file for usb.ids update script substitute usb.id location in lsusb Python script travis-ci: cleanup before second run travis-ci: rework travis-autogen.sh lsusb: remove unused variable procbususb Tobias Klauser (4): lsusb: Report correct MaxPower for USB 3.0 devices lsusb: Request proper descriptor type for USB 3.1 lsusb: Store link state descriptions without preceding space build: Request at least libusb 1.0.9 Torleiv Sundre (2): Added support for Platform Device Capability descriptor lsusb: change endianness of first three fields when printing UUID/GUIDs. Vianney le Clément de Saint-Marcq (3): lsusb: Fix UVC STILL_IMAGE_FRAME descriptor lsusb: Fix UVC VideoStreaming interface header descriptor lsusb: Fix UVC OUTPUT_TERMINAL descriptor Vincent Palatin (1): lsusb: print WebUSB platform descriptor usbutils 008 Alexandra Yates (2): lsusb: Reports if USB2.0 port is on L1 state lsusb: Reports devices that support BESL on USB2.0 Aurelien Jarno (1): dump_ccid_device: fix a typo Ben Chan (1): lsusb: decode CDC MBIM extended functional descriptor Greg Kroah-Hartman (8): lsusb: fix incorrect printf() for CAPS lsusb-t: handle problem if there is no usb bus list .gitignore: add compile to the list of things we need to ignore John Freed (1): Fix logic error Kurt Garloff (1): Update lsusb.py in usbutils Lukas Nykryn (2): update COPYING file lsusb-t: don't segfault when usbbuslist is empty Peter Wu (1): Ignore invalid string descriptors Raphaël Droz (1): usb-devices: hexadecimal bInterfaceNumber handling Tom Gundersen (2): lsusb: port to hwdb drop dependency on usb.ids Vadim Rutkovsky (1): New path for usbhid-dump submodule
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 2cf0aa7cac1206d894d188d57158c2a1d7e029f7 Author: Peter Müller peter.mueller@ipfire.org Date: Fri Jan 14 14:39:46 2022 +0000
web-user-interface: Add missing pakfire.js to rootfile
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 55a9dd6a7454d2ecbc77baba592f02844d011d42 Author: Peter Müller peter.mueller@ipfire.org Date: Fri Jan 14 14:39:08 2022 +0000
Core Update 164: Ship pakfire.cgi and related changes
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 219dacef2c36a00dc5d26a9c42b86513281683fa Author: Leo-Andres Hofmann hofmann@leo-andres.de Date: Mon Dec 27 14:21:37 2021 +0100
pakfire.cgi: Improve HTML output and layout
Add missing closing tags, indentation and CSS styling. Add link to reboot notice, left-align info list and resize packages lists for better readability.
Signed-off-by: Leo-Andres Hofmann hofmann@leo-andres.de Acked-by: Peter Müller peter.mueller@ipfire.org
commit 4d70f59173c0ef521713c8855e03ab92eca11317 Author: Leo-Andres Hofmann hofmann@leo-andres.de Date: Mon Dec 27 14:21:36 2021 +0100
pakfire: Implement feedback from mailing list discussion
- Improve lockfile test: Return immediately if lockfile is present, to prevent unnecessary and expensive "pidof" calls
- Add better explanation to the log file reading command and JS
- Change user interface: If no errors occurred, the page returns to the main screen (after a short delay). If an error occurred, the log output remains and a message is shown.
Signed-off-by: Leo-Andres Hofmann hofmann@leo-andres.de Acked-by: Peter Müller peter.mueller@ipfire.org
commit a02f1323383869f32d43b5576c16f5f42b7fd15a Author: Leo-Andres Hofmann hofmann@leo-andres.de Date: Thu Dec 2 16:39:55 2021 +0100
pakfire.cgi: Remove "sleep" after running Pakfire command
The extended lockfile test seems to be sufficient to detect a running Pakfire process and display the logs. "Sleep" even proved to be counterproductive, as fast processes can finish in under a second and are then again not detected.
Signed-off-by: Leo-Andres Hofmann hofmann@leo-andres.de
commit 524bbe326ddd4063f8099e99d6436c384a1d1730 Author: Leo-Andres Hofmann hofmann@leo-andres.de Date: Thu Dec 2 16:39:54 2021 +0100
pakfire.cgi: Add new translations
Signed-off-by: Leo-Andres Hofmann hofmann@leo-andres.de
commit db9ee62e0addc535b8e3226d42b8ff70850044a0 Author: Leo-Andres Hofmann hofmann@leo-andres.de Date: Thu Dec 2 16:39:53 2021 +0100
pakfire.cgi: Implement JavaScript log message display
Currently the page becomes unresponsive while Pakfire is busy. This patch implements a AJAX/JSON driven log output, to provide continuous information to the user while Pakfire is running.
The output is updated 1x per second, if the load should be too high, the interval can be change by writing to "pakfire.refreshInterval".
Signed-off-by: Leo-Andres Hofmann hofmann@leo-andres.de
commit d255e2d1c291915ca20e0f57f9d55bc0d7d8dd87 Author: Leo-Andres Hofmann hofmann@leo-andres.de Date: Thu Dec 2 16:39:52 2021 +0100
pakfire.cgi: Extend the lockfile test
This implements a function to determine if Pakfire is already running. It tests the PID and lockfile and can be expanded easily later. 'pidof' checks the full path to avoid confusion.
Removes the unreachable function "refreshpage".
Signed-off-by: Leo-Andres Hofmann hofmann@leo-andres.de
commit b4c9d299712dfa9f3d4afed2196283e0a0ba2310 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Mon Nov 15 21:23:33 2021 +0100
pakfire.cgi: Bring back old logic for log displaying
Trying to get rid of the system backpipe check if a pakfire is running does not work very well. It simply makes the code more complex and only introduced some new problems.
This commit switches back to the old logic which worked well in the past.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org Reviewed-by: Bernhard Bitsch bbitsch@ipfire.org Tested-by: Bernhard Bitsch bbitsch@ipfire.org
commit 215c32eb6435689fd798abdcfaff5ece3033aa02 Author: Peter Müller peter.mueller@ipfire.org Date: Fri Jan 14 14:21:22 2022 +0000
Core Update 164: Ship firewall-related changes
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 55f6e62cf70132e31e32ec7a666cf0068878287b Author: Peter Müller peter.mueller@ipfire.org Date: Sat Dec 18 14:50:27 2021 +0100
configroot: Drop traffic from and to hostile networks by default
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 02001624d22733f208f7d17b398c076e85c9971d Author: Peter Müller peter.mueller@ipfire.org Date: Sat Dec 18 14:50:13 2021 +0100
configroot: Enable logging of spoofed packets/martians by default
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit c1ba35e8ab74eacb9c098bb1d992607591d5ad0c Author: Peter Müller peter.mueller@ipfire.org Date: Sat Dec 18 14:49:56 2021 +0100
graphs.pl: Display spoofed and hostile traffic in firewall hits diagram as well
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 868274a5c2d5bf10b2e8a0addfec38f38e1bb508 Author: Peter Müller peter.mueller@ipfire.org Date: Sat Dec 18 14:49:41 2021 +0100
collectd.conf: Keep track of DROP_{HOSTILE,SPOOFED_MARTIAN}
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit e46f6bee51c57287418234206fef9cc0ec4876e0 Author: Peter Müller peter.mueller@ipfire.org Date: Sat Dec 18 14:49:15 2021 +0100
Update German and English translation files
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit f871a115f4061fa43c8bdbcc991541bf71c6374e Author: Peter Müller peter.mueller@ipfire.org Date: Sat Dec 18 14:49:01 2021 +0100
optionsfw.cgi: Make logging of spoofed/martians packets and the DROP_HOSTILE filter configurable
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 97154d057bdbc7fa34309e9a5ad389775eff210d Author: Peter Müller peter.mueller@ipfire.org Date: Sat Dec 18 14:48:46 2021 +0100
firewall: Introduce DROP_HOSTILE
Similar to the Location block, this chain logs and drops all traffic from and to networks known to pose technical threats to IPFire users.
Doing so in a dedicated chain makes sense for transparency reasons, as we won't interfer with other firewall rules or the Location block, so it is always clear why a packet from or to such a network has been dropped.
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit e83ae0d43406ad6d988f2ea56d4dbfc6da1bab90 Author: Peter Müller peter.mueller@ipfire.org Date: Sat Dec 18 14:48:33 2021 +0100
firewall: Prevent spoofing our own RED IP address
There is no legitimate reason why traffic from our own IP address on RED should ever appear incoming on that interface.
This prevents attackers from impersonating IPFire itself, and is only cleared/reset if the RED interface is brought up. Therefore, an attacker cannot bypass this by foring a dial-up or DHCP connection to break down.
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit a36cd34eac2d1624720eb86e2f3c6985ae184e20 Author: Peter Müller peter.mueller@ipfire.org Date: Sat Dec 18 14:48:17 2021 +0100
firewall: Log and drop spoofed loopback packets
Traffic from and to 127.0.0.0/8 must only appear on the loopback interface, never on any other interface. This ensures offending packets are logged, and the loopback interface cannot be abused for processing traffic from and to any other networks.
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 4d25c1f39af51795e61855166a3aa24b6af97a17 Author: Peter Müller peter.mueller@ipfire.org Date: Sat Dec 18 14:47:56 2021 +0100
firewall: Accept inbound Tor traffic before applying the location filter
Inbound Tor traffic conflicts with Location block as inbound connections have to be accepted from many parts of the world. To solve this, inbound Tor traffic has to be accepted before jumping into Location block chain.
Note this affects Tor relay operators only.
Rolled forward as ongoing from https://patchwork.ipfire.org/project/ipfire/patch/f8ee2e1d-b642-8c63-1f8a-4f..., note the documentation in the wiki needs to be updated once this landed in production.
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 0e7bfb1343d28069acfbaacb957cd199f8ead099 Author: Peter Müller peter.mueller@ipfire.org Date: Sat Dec 18 14:47:25 2021 +0100
firewall: Log packets dropped due to conntrack INVALID state
In case of faulty connection tracking, this ensures such packets are logged, to make analysing network incidents less troublesome. Since NewNotSYN is handled before, where logging can be turned off for systems running on weak flash devices, the amount of log messages emitted here should be neglectible.
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 7c9820474675638123fdd1b13f4211e135a2f07a Author: Peter Müller peter.mueller@ipfire.org Date: Fri Jan 14 14:13:08 2022 +0000
Core Update 164: Ship required files for IDS multiple providers feature
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 86cf6898aabe7d77da08664364e7d4cf4c17d9d5 Merge: d822bdb5d 2f62fd000 Author: Peter Müller peter.mueller@ipfire.org Date: Fri Jan 14 14:05:10 2022 +0000
Merge branch 'master-IDSv3' into temp-c164-development
commit d822bdb5d33785dd14825f7028cedbcc43a33579 Author: Peter Müller peter.mueller@ipfire.org Date: Fri Jan 14 13:59:29 2022 +0000
Core Update 164: Ship changed Squid initscript
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 96b9c63b571e64a6d0660af378e49af586853542 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Wed Sep 8 18:01:52 2021 +0200
squid 5.1: set max number of filedesriptors to 32768
Since the maximum number of filedescriptors which are possible for 'squid 5.1' are now 32768, I modified the initscript accordingly.
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Acked-by: Peter Müller peter.mueller@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit 4d8c7f3b12353a623846522d74a1a88870d08a34 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Wed Sep 8 18:01:51 2021 +0200
squid: Update to 5.1
For details see: http://www.squid-cache.org/Versions/v5/changesets/
There is still no official announcement.
Nevertheless, since 31 Jul 2021, 'squid 5.1' has become "stable" and is listed under "Current versions suitable for production use".
The only problem I found during testing deals with 'privoxy'.
Since 'privoxy' - as parent cache_peer - sometimes replies with a '403', 'squid 5.1' handles this cache_peer connection as 'dead' which is then logged in 'cache_log'. See discussion on list.
Actually this is something that got fixed from 'squid 4.16' to '5.1' - its no bug - its a feature. Everything else works as expected,'squid' and 'privoxy' developers were informed.
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Reviewed-by: Peter Müller peter.mueller@ipfire.org
commit b2d22bbc8b9bb1c09e42b3b9715eb5e54abb59b4 Author: Peter Müller peter.mueller@ipfire.org Date: Fri Jan 14 13:55:06 2022 +0000
Core Update 164: Ship and restart Squid
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 8989211723f39ff119c0e8922986e07f39f6c2ea Author: Matthias Fischer matthias.fischer@ipfire.org Date: Fri Oct 8 19:19:05 2021 +0200
squid: Update to 5.2
For details see: http://www.squid-cache.org/Versions/v5/changesets/
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Reviewed-by: Adolf Belka adolf.belka@ipfire.org
commit 9a2bd851a441dbf74991edbc097d6ea6117c962b Author: Peter Müller peter.mueller@ipfire.org Date: Fri Jan 14 13:48:48 2022 +0000
Core Update 164: Ship changed autoupdate.urls
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 4ad5439a9091289f6e893c4bb8eab50c74c51d5f Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Jan 13 13:32:27 2022 +0000
URL Filter: Remove Shalla Secure Services and MESD
Shallalist is no longer available because of personal reasons.
MESD is unreachable and I am just assuming that it is dead, too.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 976b84ccb6303a172416e904b7dc431c7b8c46c4 Author: Adolf Belka adolf.belka@ipfire.org Date: Sun Jan 2 13:05:12 2022 +0100
perl-libwww: Update to version 6.60 and rename from libwww-perl to perl-libwww
- Update from 5.803 (2004) to 6.60 (2021) - Rename lfs and rootfile from libwww-perl to perl-libwww making it consistent with other perl programs that start with perl rather than end with it in the name - Update of rootfile - Changelog is too long to include here (~900 lines long) The details can be found in the Changes file in the source tarball. Looks like more than 200 bugs fixed between the existing and new versions.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit b7e1bac2dbdb4ef48e6c99654c88c72ad6d2a790 Author: Peter Müller peter.mueller@ipfire.org Date: Fri Jan 14 13:46:20 2022 +0000
Core Update 164: Ship gdbm
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 8bf6f0e88c664190217dee3d36f98baafa8419c4 Author: Adolf Belka adolf.belka@ipfire.org Date: Thu Jul 1 18:15:20 2021 +0200
gdbm: Update to version 1.20
- Update from 1.8.3 (2002) to 1.20 (2021) - Update rootfile - There is no longer a make process for make install-compat To have the compat libraries you have to add --enable-libgdbm-compat to the configure command but then you don't get the non compat libraries. So the full configure, make, make install has to be run twice with --enable-libgdbm-compat added to the second instance. - Both static and shared libs are built by default so added --disable-static to both build instances - Nothing flagged from find-dependencies run against the old library versions - Changelog is too large to include here but full details can be found from the ChangeLog file in the source tarball.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit c478bdc2e4a80ef3b409d2843b0a2dd2f7d604d8 Author: Peter Müller peter.mueller@ipfire.org Date: Fri Jan 14 13:45:48 2022 +0000
Core Update 164: Ship lvm2
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit ddbebd76e4d3d3b9a1978265c2ae52f221145a05 Author: Adolf Belka adolf.belka@ipfire.org Date: Tue Aug 24 23:28:27 2021 +0200
lvm2: Update to 2.02.188
- Update from 2.02.187 to 2.02.188 - Update of rootfile not required - Changelog Version 2.02.188 - 07th May 2021 Fix problem with unbound variable usage within fsadm. Avoid removing LVs on error path of lvconvert during creation volumes. Fix crashing lvdisplay when thin volume was waiting for merge. Support option --errorwhenfull when converting volume to thin-pool. Improve thin-performance profile support conversion to thin-pool. Support resize of cached volumes. Allocation prints better error when metadata cannot fit on a single PV. Pvmove can better resolve full thin-pool tree move. Limit pool metadata spare to 16GiB. Improves convertsion and allocation of pool metadata. Support thin pool metadata 15.88GiB, adds 64MiB, thin_pool_crop_metadata=0. Enhance lvdisplay to report raid availiable/partial. Enhance error handling for fsadm and hanled correct fsck result. Stop logging rename errors from persintent filter. Dmeventd lvm plugin ignores higher reserved_stack lvm.conf values. Support using BLKZEROOUT for clearing devices. Support interruption when wipping LVs. Add configure --enable-editline support as an alternative to readline. Zero pool metadata on allocation (disable with allocation/zero_metadata=0). Failure in zeroing or wiping will fail command (bypass with -Zn, -Wn). Fix support for lvconvert --repair used by foreign apps (i.e. Docker). Support interruption for bcache waiting. Fix bcache when device has too many failing writes. Fix bcache waiting for IO completion with failing disks. Configure use own python path name order to prefer using python3. Enhance reporting and error handling when creating thin volumes. Use revert_lv() on reload error path after vg_revert(). Improve estimation of needed extents when creating thin-pool. Use extra 1% when resizing thin-pool metadata LV with --use-policy. Enhance --use-policy percentage rounding. Switch code base to use flexible array syntax. Preserve uint32_t for seqno handling. Switch from mmap to plain read when loading regular files. Fix running out of free buffers for async writing for larger writes. Fix conversion to raid from striped lagging type. Fix conversion to 'mirrored' mirror log with larger regionsize. Fix support for lvconvert --repair used by foreign apps (i.e. Docker).
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit c2539fe22eb32dee82e378f2b8de60dd16491362 Author: Adolf Belka adolf.belka@ipfire.org Date: Sun Sep 12 14:34:39 2021 +0200
python3-setuptools: Update to version 58.0.4
- Update from 56.2.0 to 58.0.4 - Update rootfile - Changelog v58.0.4 * #2773: Retain case in setup.cfg during sdist. v58.0.3 * #2777: Build does not fail fast when ``use_2to3`` is supplied but set to a false value. v58.0.2 * #2769: Build now fails fast when ``use_2to3`` is supplied. v58.0.1 * #2765: In Distribution.finalize_options, suppress known removed entry points to avoid issues with older Setuptools. v58.0.0 * #2086: Removed support for 2to3 during builds. Projects should port to a unified codebase or pin to an older version of Setuptools using PEP 518 build-requires. * #2746: add python_requires example v57.5.0 * #2712: Added implicit globbing support for `[options.data_files]` values. * #2737: fix various syntax and style errors in code snippets in docs v57.4.0 * #2722: Added support for ``SETUPTOOLS_EXT_SUFFIX`` environment variable to override the suffix normally detected from the ``sysconfig`` module. v57.3.0 * #2465: Documentation is now published using the Furo theme. v57.2.0 * #2724: Added detection of Windows ARM64 build environments using the ``VSCMD_ARG_TGT_ARCH`` environment variable. v57.1.0 * #2692: Globs are now sorted in 'license_files' restoring reproducibility by eliminating variance from disk order. * #2714: Update to distutils at pypa/distutils@e2627b7. * #2715: Removed reliance on deprecated ssl.match_hostname by removing the ssl support. Now any index operations rely on the native SSL implementation. * #2604: Revamped the backward/cross tool compatibility section to remove some confusion. Add some examples and the version since when ``entry_points`` are supported in declarative configuration. Tried to make the reading flow a bit leaner, gather some informations that were a bit dispersed. v57.0.0 * #2645: License files excluded via the ``MANIFEST.in`` but matched by either the ``license_file`` (deprecated) or ``license_files`` options, will be nevertheless included in the source distribution. - by :user:`cdce8p` * #2628: Write long description in message payload of PKG-INFO file. - by :user:`cdce8p` * #2645: Added ``License-File`` (multiple) to the output package metadata. The field will contain the path of a license file, matched by the ``license_file`` (deprecated) and ``license_files`` options, relative to ``.dist-info``. - by :user:`cdce8p` * #2678: Moved Setuptools' own entry points into declarative config. * #2680: Vendored `more_itertools https://pypi.org/project/more-itertools`_ for Setuptools. * #2681: Setuptools own setup.py no longer declares setup_requires, but instead expects wheel to be installed as declared by pyproject.toml. * #2650: Updated the docs build tooling to support the latest version of Towncrier and show the previews of not-yet-released setuptools versions in the changelog -- :user:`webknjaz`
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit b11d0995824f77ad0d301b0e5cd31ab5b0d32b3f Author: Peter Müller peter.mueller@ipfire.org Date: Fri Jan 14 13:44:20 2022 +0000
Core Update 164: Ship libxml2
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 44f511ee1004567fcdf47d5a94dc394321607db6 Author: Adolf Belka adolf.belka@ipfire.org Date: Sun Sep 12 14:33:44 2021 +0200
libxml2: Update to version 2.9.12
- Update from 2.9.10 to 2.9.12 - Update rootfile - Changelog for 2.9.11 is too large to put all of it here. Full details can be found at http://www.xmlsoft.org/news.html Git commit comments:- 2.9.12 Brown paper bag release, some recently added sources were missing from the 2.9.11 tarball 2.9.11 Prompted by CVE-2021-3541, but this includes an awful lot of serious bug fixes by Nick and others
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit d0c7a72351dce2d1cf726487d12458f4111f959b Author: Peter Müller peter.mueller@ipfire.org Date: Fri Jan 14 13:43:43 2022 +0000
Core Update 164: Ship libxslt
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 89df57f3ef6372ce476491ed4199222bc015af3b Author: Adolf Belka adolf.belka@ipfire.org Date: Sun Sep 12 14:34:05 2021 +0200
libxslt: Update to version 1.1.34
- Update from 1.1.28 (2012) to 1.1.34 (2019) - Update rootfile - Changelog Changes for 1.1.29 and 1.1.30 are available on the website http://xmlsoft.org/XSLT/news.html All subsequent change descriptions are only available by reading the git commits at https://gitlab.gnome.org/GNOME/libxslt/-/commits/master but those only seem to go back to Nov 2020
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 52457c2e542f03aac458580bd32f397c1e3f653f Author: Peter Müller peter.mueller@ipfire.org Date: Fri Jan 14 13:43:10 2022 +0000
Core Update 164: Ship poppler-data
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 5e43a17818e6e02933d402910de2932aa4ebeec5 Author: Adolf Belka adolf.belka@ipfire.org Date: Sun Sep 12 14:34:23 2021 +0200
poppler-data: Update to version 0.4.11
- Update from 0.4.10 to 0.4.11 - Update of rootfile not required - Changelog The only change is a "typo fix" in Adobe-Korea1-H-Mac
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 084bd67b6229ed76819d702ed4058ae4920ccbf3 Author: Adolf Belka adolf.belka@ipfire.org Date: Thu Jan 13 13:24:40 2022 +0100
libvirt: Update to version 7.10.0
- Update from 6.5.0 to 7.10.0 (17 releases between these versions) - Update of rootfile - Update of patch as source file contents changed enough that old patch failed to work - Build changed to meson/ninja as autotools option has been removed - Most of the existing options were available as meson options - look in meson_options.txt file in the source tarball. Three options were not available with meson --with-virtualport --with-macvtap --without-dbus - Changelog is too large to include here (~1200 lines) but the detail can be seen in the NEWS.rst file in the source tarball. Many bug fixes identified in the changelog
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
commit 2689bb7138ebf316d7ac83f2cf42483f691f533d Author: Peter Müller peter.mueller@ipfire.org Date: Fri Jan 14 13:41:34 2022 +0000
Core Update 164: Ship zstd
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 7f07763bca2fd369e392ba8403af606b13f6c26a Author: Adolf Belka adolf.belka@ipfire.org Date: Mon Jan 3 13:46:28 2022 +0100
zstd: Update to version 1.5.1
- Update from 1.5.0 to 1.5.1 - Update of rootfile - Changelog v1.5.1 (Dec, 2021) perf: rebalanced compression levels, to better match the intended speed/level curve, by @senhuang42 perf: faster huffman decoder, using x64 assembly, by @terrelln perf: slightly faster high speed modes (strategies fast & dfast), by @felixhandte perf: improved binary size and faster compilation times, by @terrelln perf: new row64 mode, used notably in level 12, by @senhuang42 perf: faster mid-level compression speed in presence of highly repetitive patterns, by @senhuang42 perf: minor compression ratio improvements for small data at high levels, by @cyan4973 perf: reduced stack usage (mostly useful for Linux Kernel), by @terrelln perf: faster compression speed on incompressible data, by @bindhvo perf: on-demand reduced ZSTD_DCtx state size, using build macro ZSTD_DECODER_INTERNAL_BUFFER, at a small cost of performance, by @bindhvo build: allows hiding static symbols in the dynamic library, using build macro, by @skitt build: support for m68k (Motorola 68000's), by @cyan4973 build: improved AIX support, by @Helflym build: improved meson unofficial build, by @eli-schwartz cli : custom memory limit when training dictionary (#2925), by @embg cli : report advanced parameters information when compressing in very verbose mode (``-vv`), by @Svetlitski-FB
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit d42dd5bf1fc2ff994cdbfa69bd00d3b3f6b09b5d Author: Peter Müller peter.mueller@ipfire.org Date: Fri Jan 14 13:41:01 2022 +0000
Core Update 164: Ship freetype
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 28f0b756ce9fdeace7dd34e523d25c027c120e8b Author: Adolf Belka adolf.belka@ipfire.org Date: Mon Jan 3 13:46:08 2022 +0100
freetype: Update to version 2.11.1
- Update from 2.11.0 to 2.11.1 - Update of rootfile - Changelog is too long to include here - more than 1500 lines. Details can be found in the ChangeLog file in the source tarball. 24 bug fixes listed.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit 6b6460095e3edf3e7a0727100b69c222b9ab88f0 Author: Peter Müller peter.mueller@ipfire.org Date: Fri Jan 14 13:40:27 2022 +0000
Core Update 164: Ship expat
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 7052f829edc2f7302b58187a37330f5c6df6ec90 Author: Adolf Belka adolf.belka@ipfire.org Date: Mon Jan 3 13:45:47 2022 +0100
expat: Update to version 2.4.2
- Update from 2.4.1 to 2.4.2 - Update of rootfile - Changelog Release 2.4.2 Sun December 19 2021 Other changes: #509 #510 Link againgst libm for function "isnan" #513 #514 Include expat_config.h as early as possible #498 Autotools: Include files with release archives: - buildconf.sh - fuzz/*.c #507 #519 Autotools: Sync CMake templates #495 #524 CMake: MinGW: Fix pkg-config section "Libs" for - non-release build types (e.g. -DCMAKE_BUILD_TYPE=Debug) - multi-config CMake generators (e.g. Ninja Multi-Config) #502 #503 docs: Document that function XML_GetBuffer may return NULL when asking for a buffer of 0 (zero) bytes size #522 #523 docs: Fix return value docs for both XML_SetBillionLaughsAttackProtection* functions #525 #526 Version info bumped from 9:1:8 to 9:2:8; see https://verbump.de/ for what these numbers do
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit 9da013dd6c354da8829519a1108c3096e2c0f9c9 Author: Peter Müller peter.mueller@ipfire.org Date: Fri Jan 14 13:39:45 2022 +0000
Core Update 164: Ship tcl
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit a7792b4da1cc7d6dd34a1fe7e7b2f2bcd9c10cc9 Author: Adolf Belka adolf.belka@ipfire.org Date: Thu Nov 25 19:17:13 2021 +0100
tcl: Update to version 8.6.12
- Update from 8.6.11 to 8.6.12 - Update of rootfile - Changelog is no longer supported by tcl. All changes are put into a timeline which can be viewed at https://core.tcl-lang.org/tcl/timeline although I can't figure out from the timeline what change goes with what version. Hopefully other people are better able to understand the information. This timelien cannot be easily summarised or copied into this commit.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit e501949821f719a701e02e5b5299216b05fca8b3 Author: Peter Müller peter.mueller@ipfire.org Date: Fri Jan 14 13:38:43 2022 +0000
Core Update 164: Ship pcre2
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 43164c65570a6ee1d1903a08896ce3bc4b0164d3 Author: Adolf Belka adolf.belka@ipfire.org Date: Sun Nov 28 23:17:01 2021 +0100
pcre2: Update to version 10.39
- Update from 10.37 to 10.39 - Update of rootfile - Changelog Version 10.39 29-October-2021 1. Fix incorrect detection of alternatives in first character search in JIT. 2. Merged patch from @carenas (GitHub #28): Visual Studio 2013 includes support for %zu and %td, so let newer versions of it avoid the fallback, and while at it, make sure that the first check is for DISABLE_PERCENT_ZT so it will be always honoured if chosen. prtdiff_t is signed, so use a signed type instead, and make sure that an appropiate width is chosen if pointers are 64bit wide and long is not (ex: Windows 64bit). IMHO removing the cast (and therefore the positibilty of truncation) make the code cleaner and the fallback is likely portable enough with all 64-bit POSIX systems doing LP64 except for Windows. 3. Merged patch from @carenas (GitHub #29) to update to Unicode 14.0.0. 4. Merged patch from @carenas (GitHub #30): * Cleanup: remove references to no longer used stdint.h Since 19c50b9d (Unconditionally use inttypes.h instead of trying for stdint.h (simplification) and remove the now unnecessary inclusion in pcre2_internal.h., 2018-11-14), stdint.h is no longer used. Remove checks for it in autotools and CMake and document better the expected build failures for systems that might have stdint.h (C99) and not inttypes.h (from POSIX), like old Windows. * Cleanup: remove detection for inttypes.h which is a hard dependency CMake checks for standard headers are not meant to be used for hard dependencies, so will prevent a possible fallback to work. Alternatively, the header could be checked to make the configuration fail instead of breaking the build, but that was punted, as it was missing anyway from autotools. 5. Merged patch from @carenas (GitHub #32): * jit: allow building with ancient MSVC versions Visual Studio older than 2013 fails to build with JIT enabled, because it is unable to parse non C89 compatible syntax, with mixed declarations and code. While most recent compilers wouldn't even report this as a warning since it is valid C99, it could be also made visible by adding to gcc/clang the -Wdeclaration-after-statement flag at build time. Move the code below the affected definitions. * pcre2grep: avoid mixing declarations with code Since d5a61ee8 (Patch to detect (and ignore) symlink loops in pcre2grep, 2021-08-28), code will fail to build in a strict C89 compiler. Reformat slightly to make it C89 compatible again. Version 10.38 01-October-2021 1. Fix invalid single character repetition issues in JIT when the repetition is inside a capturing bracket and the bracket is preceeded by character literals. 2. Installed revised CMake configuration files provided by Jan-Willem Blokland. This extends the CMake build system to build both static and shared libraries in one go, builds the static library with PIC, and exposes PCRE2 libraries using the CMake config files. JWB provided these notes: - Introduced CMake variable BUILD_STATIC_LIBS to build the static library. - Make a small modification to config-cmake.h.in by removing the PCRE2_STATIC variable. Added PCRE2_STATIC variable to the static build using the target_compile_definitions() function. - Extended the CMake config files. - Introduced CMake variable PCRE2_USE_STATIC_LIBS to easily switch between the static and shared libraries. - Added the PCRE_STATIC variable to the target compile definitions for the import of the static library. Building static and shared libraries using MSVC results in a name clash of the libraries. Both static and shared library builds create, for example, the file pcre2-8.lib. Therefore, I decided to change the static library names by adding "-static". For example, pcre2-8.lib has become pcre2-8-static.lib. [Comment by PH: this is MSVC-specific. It doesn't happen on Linux.] 3. Increased the minimum release number for CMake to 3.0.0 because older than 2.8.12 is deprecated (it was set to 2.8.5) and causes warnings. Even 3.0.0 is quite old; it was released in 2014. 4. Implemented a modified version of Thomas Tempelmann's pcre2grep patch for detecting symlink loops. This is dependent on the availability of realpath(), which is now tested for in ./configure and CMakeLists.txt. 5. Implemented a modified version of Thomas Tempelmann's patch for faster case-independent "first code unit" searches for unanchored patterns in 8-bit mode in the interpreters. Instead of just remembering whether one case matched or not, it remembers the position of a previous match so as to avoid unnecessary repeated searching. 6. Perl now locks out \K in lookarounds, so PCRE2 now does the same by default. However, just in case anybody was relying on the old behaviour, there is an option called PCRE2_EXTRA_ALLOW_LOOKAROUND_BSK that enables the old behaviour. An option has also been added to pcre2grep to enable this. 7. Re-enable a JIT optimization which was unintentionally disabled in 10.35. 8. There is a loop counter to catch excessively crazy patterns when checking the lengths of lookbehinds at compile time. This was incorrectly getting reset whenever a lookahead was processed, leading to some fuzzer-generated patterns taking a very long time to compile when (?|) was present in the pattern, because (?|) disables caching of group lengths.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit a55f90e9cd6ca3fcd1ac5caa89df830d5326920e Author: Peter Müller peter.mueller@ipfire.org Date: Sun Jan 9 13:54:05 2022 +0100
make.sh: Clarify options need to come before the actual command
This might prevent some misunderstandings, as the help of make.sh does not precisely state where the options (target architecture) needs to be specified.
See: https://lists.ipfire.org/pipermail/development/2022-January/011911.html
Signed-off-by: Peter Müller peter.mueller@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit 1afb9646cb15fb210f7e56f3eb47f2709e46e45f Author: Peter Müller peter.mueller@ipfire.org Date: Fri Jan 14 13:36:40 2022 +0000
Core Update 164: Ship collectd.conf
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 709fa7f3323961471323538ecb2ee6f8548107ec Author: Peter Müller peter.mueller@ipfire.org Date: Sat Jan 8 12:15:50 2022 +0100
Collectd: Stop tracking rtorrent, asterisk, java, and spamd processes
These are all not present on current IPFire versions, so there is no sense in letting collectd keeping track of them.
Signed-off-by: Peter Müller peter.mueller@ipfire.org Reviewed-by: Adolf Belka adolf.belka@ipfire.org
commit e1e411956089de7c3334b10baacf5a5127558ef1 Author: Peter Müller peter.mueller@ipfire.org Date: Fri Jan 14 13:35:37 2022 +0000
Core Update 164: Ship kmod
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit ddd8d0705b3320f890d45c0222de3df0dad0bb76 Author: Peter Müller peter.mueller@ipfire.org Date: Tue Jan 4 19:29:25 2022 +0100
kmod: Update to 29
Full changelog as given in the NEWS file:
kmod 29 =======
- Improvements - Add support to use /usr/local as a place for configuration files. This makes it easier to install locally without overriding distro files.
- Bug fixes - Fix `modinfo -F` when module is builtin: when we asked by a specific field from modinfo, it was not working correctly if the module was builtin
- Documentation fixes on precedence order of /etc and /run: the correct order is /etc/modprobe.d, /run/modprobe.d, /lib/modprobe.d
- Fix the priority order that we use for searching configuration files. The correct one is /etc, /run, /usr/local/lib, /lib, for both modprobe.d and depmo.d
- Fix kernel command line parsing when there are quotes present. Grub mangles the command line and changes it from 'module.option="val with spaces"' to '"module.option=val with spaces"'. Although this is weird behavior and grub could have been fixed, the kernel understands it correctly for builtin modules. So change libkmod to also parse it correctly. This also brings another hidden behavior from the kernel: newline in the kernel command line is also allowed and can be used to separate options.
- Fix a memory leak, overflow and double free on error path
- Fix documentation for return value from kmod_module_get_info(): we return the number of entries we added to the list
- Fix output of modules.builtin.alias.bin index: we were writing an empty file due to the misuse of kmod_module_get_info()
- Infra/internal - Retire integration with semaphoreci
- Declare the github mirror also as an official upstream source: now besides accepting patches via mailing list, PRs on github are also acceptable
- Misc improvements to testsuite, so we can use it reliably regardless of the configuration used: now tests will skip if we don't have the build dependencies)
Signed-off-by: Peter Müller peter.mueller@ipfire.org Reviewed-by: Michael Tremer michael.tremer@ipfire.org
commit 8c1cc06d5f5766741fd7e5f36688b9773de4c1a2 Author: Peter Müller peter.mueller@ipfire.org Date: Fri Jan 14 13:33:55 2022 +0000
Start Core Update 164
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 2f62fd000736f4089c969e76b80cce6e63df1352 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Jan 8 16:25:17 2022 +0100
ids-functions.pl: Create default rules file file.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit b822cb159ab273753009f965d7e4abd4b11350d4 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Jan 8 16:17:09 2022 +0100
suricata: Set correct ownership for default rules file.
The file has to be write-able for the WUI.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 9b53f651070ac01bf89582d50a27cbc79f980087 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Jan 8 16:16:47 2022 +0100
convert-ids-multiple-providers: Set correct ownership for default rules file.
Otherwise the file would belong to root and is not write-able by the WUI.
Fixes #12759.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 9cfcc7e5467854825d3acd94594797201c25e4f1 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Jan 8 15:58:17 2022 +0100
convert-ids-multiple-providers: Do not try to set ownership for file which is not longer used.
Fixes #12758.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit acbbcde4222e86d4e973e74374510dc7fae5db15 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Jan 2 10:34:44 2022 +0100
ruleset-sources: Update download URL for Talos rulesets.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit e498947d3abf9f341611d97836a5e4dd0703e4da Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Jan 2 09:55:59 2022 +0100
ids-functions.pl: Log the download attempt of a ruleset.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 1b71e2b3c6241dc4bf47a9229a899e69ff291753 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Jan 2 09:52:02 2022 +0100
Revert "ids-functions.pl: Check if the generated stored rulesfile of a provider"
This commit causes massive troubles in the downloader and therefore needs to be reverted.
This reverts commit 577e3304953c708bce7f6c067bf34c3f585d3a0f.
commit cad087c74efe8e45d0a8b24365beaa868d1a2913 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Jan 2 09:49:37 2022 +0100
ids-functions.pl: Check if given filename exists bevore call stat on it.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit dffce1e270675193c15ebc0ab6ce54eb3268707d Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Jan 2 09:48:55 2022 +0100
ids-functions.pl: Proper return flase if the downloaded rulestarball cannot be stored.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 636a79650bf930f1908cb128012dc567e7f78093 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Dec 19 15:55:45 2021 +0100
suricata.yaml: Set collection of stat to off.
Suricata will print a warning on startup if the collection of stats is enabled but no stats logger, which will print them out is enabled.
Acctually we do not use any stats so this safely can be disabled.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit ec03b64e9f853af914aa67c2c9f42f1400b4eb80 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Dec 19 15:53:55 2021 +0100
suricata.yaml: Set default log level to Info.
This will prevent suricata from displaying a warning on startup and anyway would be the log level which suricata switches in such a case.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit ee87c2e33a9f90c6ce373851b57c58bb43ca1d2f Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Dec 19 15:51:58 2021 +0100
suricata.yaml: Add config options for modbus, dnp3 and enip protocols.
All of them are disabled by default, but may be needed in some environments and so easily can be enabled there.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit ec418b7a0885bc5c31fd26f1a4b4eec191a9caed Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Dec 19 15:46:05 2021 +0100
ids-functions.pl: Drop accidently commited debug output.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit c1ccae1ce33e1f8ecb05eeaff5dc7299acbbc270 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Dec 19 15:41:43 2021 +0100
ids-functions.pl: Set bypass flag for whitelisted hosts.
When adding a host to the whitelist set the bypass flag to immediate take the load from the IDS.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 43d12991d1024010cb9059ab6c613d3053ee538b Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Dec 19 15:37:16 2021 +0100
ids-functions.pl: Dynamically generate file of default suricata rules.
The "/var/ipfire/suricata/suricata-default-rules.yaml" file, now dynamicall will be generated, based on the enabled application layer protocols.
Only existing rulefiles for enabled app layer protocols will be loaded.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit bb39fac4370be88ff3b4abddaca6e7423733796c Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Dec 19 15:32:52 2021 +0100
ids-functions.pl: Add get_suricata_enable_app_layer_protos().
This function call suricata to obtain a list of enabled application layer protocols (application/protocol parsers).
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 9e9d89ae37246ceca5786fcf6e4c7991532c1baf Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Dec 3 15:57:17 2021 +0100
suricata: Fix ownership of the classification.config file.
The file has to be write-able for the nobody user.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 7ccea46172415ff6ae5de3653e6cb841bbd9c8b2 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Dec 3 15:53:20 2021 +0100
ids-functions.pl: Remove config files when cleaning up the rules directory.
If there are one, they safly can be removed because the *.config files now live in a different folder.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 6983a96efff73babf144a4dda3e3aba68fd460e9 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Dec 3 15:52:19 2021 +0100
ids-functions.pl: Adjust classification file for new path.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 5a3e97b8d38c550b99282b5b0c60c83efc9f0c50 Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Nov 19 17:44:56 2021 +0000
suricata: Load *.config files from default location
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit c68bcbb298f70eb3c3dc5201ee16edb96a533fb0 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Dec 2 07:44:52 2021 +0100
ids-functions.pl: Do not call stat if no file has been given.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 577e3304953c708bce7f6c067bf34c3f585d3a0f Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Dec 2 07:43:00 2021 +0100
ids-functions.pl: Check if the generated stored rulesfile of a provider exists before returning the filename.
This will prevent from using and processing non existing files.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 27671216d589381fd6b0e4b0386f61fc6aa6be5d Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Jun 27 19:22:24 2021 +0200
update-ids-ruleset: Early exit script if lockfile exists.
This prevents from running the script while the WUI is performing operations at the same time or to launch multiple instances of the script.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 0f1d0b9c3c0fe06d15ffadc51b31fcea5552a919 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed May 12 19:51:36 2021 +0200
ids.cgi: Use experimental smartmatch.
This will prevent from spawning the http error log with warnings.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 4d438241c3521582239738198a9070cebdc91c04 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed May 12 19:44:43 2021 +0200
ids.cgi: Do not expect a space after the msg tag has been closed while processing rules.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 057e89535108ea3afa67e469fd73c0cce619e307 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Apr 16 20:27:20 2021 +0200
ids-functions.pl: Proper return N/A if no ruleset date could be determined.
If no timestamp could be grabbed for rulestarball of a given provider, return N/A.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 14696ced7ec88af28b5244f2f1d30b1d033d97d3 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Apr 14 21:12:36 2021 +0200
ids.cgi: Always write used providers rulefiles file.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 258924ee79cf096fd266a57bab5908155fb37f3a Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Apr 14 20:38:59 2021 +0200
ids.cgi: Add the provider handle if the forced update of a provider fails.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit fc685a36c54eb0882a7fdb14a8ec698dc83e4a86 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Apr 14 20:37:50 2021 +0200
ids-functions.pl: Return N/A if not date for a ruleset could be determined.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 969983eba4f2b6917a53f8f817297c75b40e8d9f Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Apr 14 20:32:14 2021 +0200
ids.cgi: Add some more sanity checks when adding a new provider.
* Check if the system is online. * Check if enough free disk space is available. * Abort whith an error message if the ruleset could not be downloaded.
In error case the provider now will be removed again from the file which keeps the configured providers. Sadly it needs to be added first because otherwise the downloader could not read the required values from it.....
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 214f34ec4ee704e33dc4575e03a07ab7278a0bdc Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Apr 14 20:19:27 2021 +0200
ids.cgi: Use newly intruduced functions when removing a provider.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 63cf95af3fc91bc3f92e053a08875106ef391eed Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Apr 14 20:18:47 2021 +0200
ids.cgi: Introduce remove_provider().
This function is used to remove a configured provider by it's ID.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 697787c9309c5bfee0067d7486f0b095e968dc73 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Apr 14 20:18:01 2021 +0200
ids.cgi: Introduce get_provider_handle().
This function is used to get the configured provider handle by a a given ID.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 1e52a25825aaa5db8c3963c0bae78070fec51739 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Apr 13 20:18:46 2021 +0200
ids.cgi: Regenerate ruleset if a provider get re-enabled.
Otherwise it could happen, that there are no rules files for this specific provider.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 724f98c086a165e7528d0780cb8afe9e95421e93 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Apr 13 18:56:49 2021 +0200
ids.cgi: Fix check when changing the IDS to monitor mode or drop mode.
The test condition was wrong here and therefore oinkmaster never has been executed when this setting has been changed.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 7131a7bd94ef07f11d6c5971228710ad4445801b Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Apr 13 18:08:12 2021 +0200
ids.cgi: Allow whitespaces when parsing the rules files.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 302420ad4a736053ae3a076ae48bfaac7b7d4208 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Apr 11 09:02:33 2021 +0200
convert-ids-multiple-providers: Fix setting ownership for the main oinkmaster provider includes file.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit a081f20390178611d222f61f5d91214df2312ab0 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Apr 10 18:59:19 2021 +0200
ids-functions.pl: Fix writing for used provider rulefiles.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit a2964e14f80bed8e66b11b2e25f8ade621f1cca9 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Apr 10 18:54:35 2021 +0200
convert-ids-multiple-providers: Proper open the oinkmaster providers sids file for writing.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit c0727f8b45116cfce1f11e44bc9c1cb991e6fd4d Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Apr 10 18:53:27 2021 +0200
convert-ids-multiple-providers: Fix typo which tried to load the wrong lib.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit cd13dbc544e19337a6ce29d4a5fd7ad47f5196a0 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Apr 7 20:47:07 2021 +0200
convert-ids-multiple-providers: Remove old used rulefiles file.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit f901c7401cda395daad2d267a1f4e4c623b9a77e Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Apr 7 20:45:32 2021 +0200
convert-ids-multiple-providers: Always remove old enabled / disabled sids files.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 17b9a1581c53aeaf1f715a986792375025f305be Author: Stefan Schantl stefan.schantl@ipfire.org Date: Mon Apr 5 08:44:00 2021 +0200
convert-ids-multiple-providers: Restart suricata afterwards.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 4aa1382e22c13c47f47e22ea092a5e008548716c Author: Stefan Schantl stefan.schantl@ipfire.org Date: Mon Apr 5 08:03:38 2021 +0200
backup.pl: Launch convert-ids-multiple-providers if neccessary.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 77b373d62064f3809a35415093ddeac7df78ce41 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Mon Apr 5 07:59:09 2021 +0200
IDS: Add convert-ids-multiple-provider script.
This converter does all the magic to convert any suricata based IPFire version to work with the new multiple providers IDS.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit ded4348d0d1b91ddcc8acdc3bb67aa2dbacc6140 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Mon Apr 5 07:52:30 2021 +0200
ids.cgi: Do not expect a space before the sid when parsing rulefiles.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 58d368d11c0c0a4ff71370e309fa65f469b7868c Author: Stefan Schantl stefan.schantl@ipfire.org Date: Mon Apr 5 07:39:29 2021 +0200
convert-snort: Adjust converter to work with new IDS.
Only in case if somebody tries to import such an old backup.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 5b43f9db1576c8c2ea92570c1b9a1274495a75d3 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Mon Apr 5 07:19:34 2021 +0200
ids-functions.pl: Remove as deprecated marked variables.
They are not needed anymore.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 1aa3dbf56df6756c5ad7c695f3c9bd3df942148a Author: Stefan Schantl stefan.schantl@ipfire.org Date: Mon Apr 5 07:13:45 2021 +0200
ruleset-sources: Update download URL for Talos rulesets.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 6cbed0c213075af4011e3c72aa21887a2254c83a Author: Stefan Schantl stefan.schantl@ipfire.org Date: Mon Apr 5 07:12:00 2021 +0200
ruleset-sources: Add additional providers.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 4015d3f499c85cece577e360277cdc0e95a3d083 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Mon Apr 5 07:11:04 2021 +0200
ids.cgi: Sort elements in providers dropdown menu.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 1b0e555fd37ca59847fc6d1714cada26503bb823 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Apr 4 12:22:13 2021 +0200
ids-functions.pl: Only write existing provider specific used rulesfiles files into main include yaml file.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 69b3156f7467fd941e904c5f7316a83bc11636ae Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Apr 4 10:15:27 2021 +0200
IDS: Move read_enabled_disabled_sids_file() function to ids-functions.pl.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit b35e27a28a66410ff0a4c69739b1d98d8bfd2d30 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Apr 4 08:25:36 2021 +0200
backup: Adjust includes file to include new IDS files into backups.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 52071c0e9e7956c2e1a42430c01f06a383c2787d Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Apr 4 08:15:48 2021 +0200
Revert "ids-functions.pl: Remove config files on rulesdir cleanup."
Not all config files are shipped by the rulesets. For example the "threshold.conf" and the "referneces.conf" are not include in each ruleset.
Therefore it is not a common way to delete all config files. It is much safer to simple keep them and overwrite existing ones by the generated ones.
This reverts commit a71c3c9dcc60541aa4504d0f1fb0a78c0d58ed5e.
commit 1b5aec1b7db40749fb0313f74e2670fc99a891cd Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Apr 2 20:22:15 2021 +0200
ids-functions.pl: Move code to handle plain rules files to extractruleset() function.
Now everithing which is extracting or moving stored ruleset files is easily accessing via one function which takes care about.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 01fc880cf3d6a19d1c2809f9adecd78278ebb49a Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Apr 2 13:47:36 2021 +0200
ids-functions.pl: Only read providers used rulefiles file if it exists.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 35bc92a30717461a53d070b7a2d49ddcdc1c65ba Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Apr 2 13:46:47 2021 +0200
ids-functions.pl: Fix accidently commited debug file path.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 6875f9ce7c014a9236a1c523f14381a30e1972eb Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Apr 2 11:45:00 2021 +0200
update-ids-ruleset: Port script to work with multiple providers.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 71766c081c7f3a9a8a7c2356d4ac2f23eae27913 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Apr 2 11:24:03 2021 +0200
langs-de.pl: Fix grammar.
Even as a native speaker, it seems german sometimes is a very difficult language......
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 515a694d1c8bcd90bf52f35dc59d4990ff6b4935 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Apr 2 11:21:00 2021 +0200
ids.cgi: Add code to handle the reset of a provider to it's defaults.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit f3d421a3b183802c7d4af1333d73057964d18869 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Apr 2 11:00:17 2021 +0200
ids.cgi: Make backend code for forced ruleset update working again.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 962e58cdd481d2067f78982ae7051bdcbc124426 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Apr 2 10:47:55 2021 +0200
ids.cgi: Add section for additional provider actions.
This section only will be displayed when an existing provider will be edited and allows to reset a provider back to it's defaults or to force a ruleset update.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 7e1a09f9255414357a5b8bb6ffc898dbf5c9a791 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Apr 2 10:12:02 2021 +0200
ids.cgi: Fix display issue with colum backgound colour in provider list.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 0c5b2f6da301b5409b79df391f0f73e6c576fcf6 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Apr 2 10:05:12 2021 +0200
ids.cgi: Handle oinkmaster provider includes when deleting a provider.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit ce40fddefc35cd879294c85a4c5eb85db5a4f773 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Apr 2 10:04:21 2021 +0200
ids.cgi: Fix function call of get_used_provider_rulesfile_file().
The function is locatated in the IDS module and therefore needs to be called from there.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit eade546821293480220215fea0c503d5f046e75e Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Apr 2 09:35:42 2021 +0200
ids.cgi: Add/Remove provider file include in oinkmaster providers include file when toggeling a provider.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 1d860d89cb59ec4e1b629d632be9bfa9e7ceb24c Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Apr 2 09:34:28 2021 +0200
ids-functions.pl: Check if the file exists bevore adding it to the oinkmaster provider includes file.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit d878d9c01482510220aae1f432ad5c45bc05997d Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Apr 2 09:13:17 2021 +0200
ids-functions.pl: Introduce alter_oinkmaster_provider_includes_file().
This function can be used to directly modify the desired file.
It takes two arguments: * An action which could be "add" or "remove" * A provider handle, which should be added or removed.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 5d523e4161ba6ac6ad568a456821b05ad4f73d33 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Apr 2 08:06:53 2021 +0200
ids.cgi: Use get_oinkmaster_provider_modified_sids_file() function.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 5b9d877d46f5fc7da1e6d92185dd5810a85a17f8 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Apr 2 08:04:46 2021 +0200
ids-functions.pl: Introduce get_oinkmaster_provider_modified_sids_file() function.
This function simply returns the gernerated path and filename for the provider specific modified sids file.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 15832b10c20212fe80aa5ba41521a4ad69965bb2 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Apr 1 20:02:48 2021 +0200
IDS: Redesign backend for enabled/disabled sids in rulefiles.
The enabled or disabled sids now will be written to an own provider exclusive configuration file which dynamically will be included by oinkmaster if needed.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 88eb5626b3e8770740c9dd83a157122f75ddd63c Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Apr 1 16:36:13 2021 +0200
ids-functions.pl: Bring back usage of whitelist.rules and local.rules files.
They now automatically will be included as static includes if the files are present.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 593abb3510687d40771941f49d7aa73e8037b448 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Apr 1 16:02:50 2021 +0200
ids.cgi: Use get_ruleset_date() from ids-functions.pl.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit f580aa8caa691855f443c14c1e9e5a047028beef Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Apr 1 16:02:04 2021 +0200
ids-functions.pl: Introduce get_ruleset_date() function.
This function is used to get the creation date of the stored rules files of a given provider.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 02fee15e0e004eda37f194d9a01186f4a1ad4372 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Apr 1 15:48:44 2021 +0200
ids.cgi: Prevent from chainging the provider when editing an existing one.
This commit locks the dropdown menu for selecting a provider, in case an existing one should be edited.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 1fa187335bb641d1f5ae698b21ef7783b228b8e4 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Apr 1 15:13:30 2021 +0200
ids.cgi: Add hardcoded error message to language files.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 4b6cf2a54ab2cbda7d688f4c9cdb45051e354f09 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Apr 1 15:09:59 2021 +0200
ids.cgi: Fix check and message when trying to enable suricata without any enabled or no provider.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 106f00bdbb26b9f84300c79f5b7f28dfb2395fcf Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Apr 1 12:02:45 2021 +0200
ids.cgi: Lock the CGI when a provder will be deleted.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 0943ad8c3fa747c701f25f527824db3f1c6de501 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Apr 1 11:55:40 2021 +0200
ids.cgi: Drop old code to handle the settings of the ruleset section.
This entirely has been replaced by the providers section and the code to handle the actions of this section.
Therefore this code is not longer needed.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 2fded6d2ad80a05f87ae895deadc58de05073a34 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Apr 1 11:50:44 2021 +0200
ids.cgi: Finish code to handle the removal of a provider from the list.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit a2b4488ae53c92b6ffefa2abb2ee4601e4907014 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Apr 1 11:46:11 2021 +0200
ids.cgi: Finish code to handle toggeling a provider enabled/disabled.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit ddaf8ae1a87902389288904280c055e4601dc4ba Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Apr 1 11:39:57 2021 +0200
IDS: Redesign backend for used provider rulesfiles.
The selected rulesfiles of a provider now will be written to an own provider exclusive yaml file, which will be included dynamically when the provider is enabled or not.
This allows very easy handling to enable or disable a provider, in this case the file which keeps the enabled providers rulesets only needs to be included in the main file or even not.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit b734df0e1299407e59d38d9054065305f9c9eb00 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Mar 31 13:41:28 2021 +0200
ids.cgi: Add action if a new provider is added.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 50f348f681102eae5dc6d26f19292389397e77fb Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Mar 31 13:39:43 2021 +0200
ids-functions.pl: Introduce move_tmp_ruleset() function.
This function is used to move an extracted temporary ruleset to the rules location.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit e31458de4eea69d01a81e24bba85b3b655f7ae1f Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Mar 31 12:31:18 2021 +0200
ids-functions.pl: Fix another typo.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 6acaa5fa6f6fb4546f058eebc774914e5706ceb3 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Mar 31 12:22:17 2021 +0200
ids-functions.pl: Remove accidently commited debug code.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 0130e0d1e1168581ac3bc90d8773d968b1b5c4eb Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Mar 31 12:21:41 2021 +0200
ids-functions.pl: Rework oinkmaster() to use get_enabled_providers function.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 5e20d6cb28a87fca71abd9d4e0b811f6674fd39a Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Mar 31 12:16:24 2021 +0200
ids-functions.pl: Introduce get_enabled_providers() function.
This function simply returns an array with all enabled ruleset providers.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit dae33250b2557e2650f1ac6fb8ced88d33c76ec7 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Mar 31 12:16:01 2021 +0200
ids-functions.pl: Fix typo.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 3daa30002576490ec04a290dc777d3060c51d4a0 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Mar 31 12:02:27 2021 +0200
ids.cgi: Use get_used_rulesfiles function from ids-functions.pl.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 6563d44997434a442d6162571e8594dc8796c973 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Mar 31 12:01:22 2021 +0200
ids-functions.pl: Introduce get_used_rulesfiles() function.
This function simply returns an array which contains the used rulesfiles files.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 61b92664373ef7343a0f4efeaa3a5026bfe5b325 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Mar 31 11:26:24 2021 +0200
ids-functions.pl: Introduce drop_dl_rulesfile().
This tiny function is used, to delete the stored rulesfile in case a provider will be deleted.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit aac869c47ef06294da337e80a1794b0b389e33f4 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Mar 31 10:49:19 2021 +0200
ids-functions.pl: Rework function for modify-sid file to be more generic.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 16b2d281ce054a41cbe084d7770fc54553ed747d Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Mar 31 10:45:14 2021 +0200
ids-functions.pl: Add cleanup_tmp_directory() function.
As the name of the function already says, it is responsible to delete all temporary files after ruleset generation.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 09f7de97732b12c7bc13b7f7a9b664a975416647 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Mon Mar 29 16:53:52 2021 +0200
ids-functions.pl: Remove config files on rulesdir cleanup.
They every time oinkmaster is called will be generated.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit b953677b0d05202f69bb2ef06e9b628c39ea37f2 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Mon Mar 29 16:51:18 2021 +0200
ids-functions.pl: Rework oinkmaster() function.
Rework the function to work with the latest changes and multiple providers.
The function now does the following:
* Extract the stored rules tarballs for all enabled providers. * Copy rules files for enabled providers which provide plain files. * Still calls oinkmaster to set up the rules and modify them. * Calls the merge functions for classification and sid to msg files.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 6c9d3eeef24be039b13c12e2ed750556f79a2b04 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Mon Mar 29 15:50:04 2021 +0200
ids-functions.pl: Assign temporary rules and conf path to variables.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 8bd74e12a9433f0f79e9eeca1028192799c98cc7 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Mon Mar 29 15:27:42 2021 +0200
ids-functions.pl: Introduce merge_sid_msg() function.
This function is used to merge the sid to message mapping files from various providers.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 8335286b381381e187da787c0c758fa62890104e Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Mar 28 12:49:56 2021 +0200
ids-functions.pl: Fix typo.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 23b560529ad02c3d6eac37ed60eacf5af99be69d Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Mar 28 12:47:23 2021 +0200
ids-functions.pl: Introduce merge_classifications() function.
This function is used to merge the individual classification files provided by the providers.
The result will be written to the classification.config which will be used by the IDS.
Fixes #11884.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 0fbfffea9152715705d1c3c9b318635fd81bb89f Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Mar 27 12:07:45 2021 +0100
ids-functions.pl: Introduce extraceruleset() function.
This function is used to extract the required config and rules files from the stored rules tarball for a given ruleset provider.
* The files will be extracted to a temporary directory layout in "/tmp/ids_tmp".
* Names of config files will be adjusted in case multiple providers offers the same config files, which is very common.
* The name of the single rulefiles will be adjusted to start with the vendors name to allow assigning them very easily to a single ruleset provider.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit ae22613224bcdb93454b3035e2a8f48ee40d147f Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Mar 27 12:07:13 2021 +0100
ids-functions.pl: Always delete temporary file.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 2c02c936075c9eac0196530f61729740d8c01142 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Mar 27 12:06:44 2021 +0100
ids-functions.pl: Fix typo.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit caae0cf5e342070d04fac84c6b85cf1efc3bfe23 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Mar 26 13:27:48 2021 +0100
ruleset-sources: Rename file to plain.
This is used if a provider offers a plain rulefile instead an archive.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit b3c2c3364dc816a30db72c3ca79370cfded0f345 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Mar 26 13:24:26 2021 +0100
ids-functions.pl: Allow downloadruleset() function to deal with multiple ruleset providers.
When calling the function now a single ruleset provider handle can be specified to only download this ruleset or by adding "all" or leaving the handle blank a download of all configured rulesets can be triggered.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 788a71f51eedf087b6c91bc5714ed0b1834d202d Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Mar 26 13:19:58 2021 +0100
ids-functions.pl: Introduce private _get_dl_rulesfile() function.
This function can be used to generate/get the absolute file and path for a given ruleset provider.
The files will be stored in the usual "/var/tmp" folder with a new file format based on the dl_file type and the provider.
Examples could be: * /var/ipfire/idsrules-emerging.tar.gz * /var/ipfire/idsrules-registered.tar.gz * /var/ipfire/idsrules-somprovider.rules
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit e55fa2f7456d3f4bf16a33a3f5d06582b9e78de9 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Mar 26 13:17:59 2021 +0100
ids-functions.pl: Run in perl strict mode.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit b5350c4d6ee39b4991f1fb0d467b87d514b59a58 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Mar 26 13:16:40 2021 +0100
ruleset-sources: Fix website url for community ruleset.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 923a644107b608ba6965359f75193fbc34647461 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Mar 26 13:15:04 2021 +0100
ruleset-sources: Replace subscription code placeholder.
Replace the <oinkcode> placeholder by the more generic <subscription_code>.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 73eb03a333067b680e4c77469eb86da5444bdd3d Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Mar 23 17:42:07 2021 +0100
ids.cgi: Add code to handle enable/disable a provider.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 9bf260ded2713a983c62072ee89772884bc14a8a Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Mar 23 17:40:44 2021 +0100
ids.cgi: Add code to handle enable/disable autoupdate for a provider.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 7323c72d03f063c6847df8973ea6abb09b6b1323 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Mar 23 17:40:12 2021 +0100
ids.cgi: Fix type in method.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 2acb3c8d0032cb4056a13d168be9be85f5607df9 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Mar 23 17:39:32 2021 +0100
ids.cgi: Remove accidently commited commented code snipped.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit bb4c30c653314754b8564f6bc41047d5c00eacb6 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Mar 23 17:38:26 2021 +0100
ids.cgi: Correctly use "enabled" for checked checkboxes.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit aba3cbe5bc0278132230bf027e54349f1a89b3d6 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Mar 23 17:37:33 2021 +0100
ids.cgi: Read-in providers settings file when neccessary.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 4c067847c5db9d96aa7d6f1ef613b60f211817f9 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Mar 23 16:20:52 2021 +0100
ids.cgi: Add code to add/edit a ruleset provider.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 18fb2dbd5c17edb58eaba1f6a609bab798795c63 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Mar 23 16:20:17 2021 +0100
Update language files.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit a8d36d3e1fe619309b047aabce38b1e105f692c8 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Mar 23 14:58:09 2021 +0100
ids-functions.pl: Introduce providers_settings_file.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 2f252efa0dc0625248ecf99917be9887821b5223 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Mar 23 14:56:11 2021 +0100
ids.cgi: Rework rulesetsettings section.
* The page and section now supports multiple ruleset providers at once. * Adding / Editing a ruleset provider has been moved to a own sub-page.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit a49a30d1ba7560c9e394570f4d313a575820c439 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Mar 23 12:39:13 2021 +0100
ruleset-sources: Fix website details for emergingthreats provider.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 77351a6b768c0359cb0a25d540f5f2c1ff03e51f Author: Stefan Schantl stefan.schantl@ipfire.org Date: Mon Mar 22 16:27:33 2021 +0100
ids.cgi: Move configuration of ruleset autoupdate intervall to IDS main section.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 87df37da7abbb04eb83d0803c1237039c8dddfd3 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Mon Mar 22 14:42:42 2021 +0100
ids.cgi: Stop showing ruleset date on customize rulest sub-page.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 4efc8ccd8aacedbc1c24908fa7ee3989182ba976 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Mon Mar 22 11:48:58 2021 +0100
ids.cgi: Add "Back" button to customize ruleset sub-page.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 2bbe6ede23af14e0a23b77e1aaca8c5a26ecb6ac Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Mar 21 21:41:42 2021 +0100
ids.cgi: Move / Splitt main page and customize ruleset subpage.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit a468b62b62d5a9f777fe1c4d4564ade7d70ed621 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Mar 21 17:22:29 2021 +0100
ids.cgi: Only read-in ruleset if neccessary.
This process takes some time, especially on huge rulesets.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit dd2ce333f74dda68498f4bbcfe5a2115d8aa8202 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Mar 21 17:17:05 2021 +0100
ids.cgi: Add button to customize the ruleset.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 019e5e9bafd6803792f4beaa68977bd68d015665 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Mar 20 18:07:57 2021 +0100
ids.cgi: Introduce and use get_provider_name() function.
This function is used to grab the name of a provider by the given handle.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit fed57fe7f04cbea5ea3489b75ff373d975e887bb Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Mar 20 16:58:11 2021 +0100
ids.cgi: Move the section to customize the IDS ruleset to a function.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 1033cf2d0a14494952f2e324db35b5029878dafc Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Mar 20 16:54:37 2021 +0100
ids.cgi: Remove unused rulesetsources hashes.
They have been superseeded by the new ruleset sources file.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 4e4c3f14599842acd41b577ac1058fd7e2975054 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Mar 20 15:57:51 2021 +0100
ids-functions.pl: Require ruleset-sources file for provider details.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 3e12c6e6883d80e4648aeed89a75c0c0de1d120b Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Mar 19 21:28:00 2021 +0100
ids.cgi: Make CGI work with new ruleset-sources file.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 70cc13158d6d3be97d4094619cf20ec065023492 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Mar 19 21:27:23 2021 +0100
ids-functions.pl: Add get_ruleset_providers() function.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 179b75107e8a8bd0e339e3d5aef8372fafb9a0e9 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Mar 19 21:26:44 2021 +0100
ids-functions.pl: Make downloader work with new ruleset-sources file format.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 5e891296f061d5bcccd07147bf1c159703085054 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Mar 19 21:24:36 2021 +0100
ruleset-sources: Rework file format and data.
The file now contains a lot more of data and easily can be extended to provide more and new providers.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 41b52755b83bee943c7293da46209401239b2666 Merge: d08856240 68b576108 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Dec 19 13:19:03 2021 +0100
Merge branch 'master' of ssh://git.ipfire.org/pub/git/ipfire-2.x
commit d0885624067d40da7f6ff26c6be66fc39ab73d12 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Dec 16 20:04:41 2021 +0100
suricata: Do not load rules for dnp3 and modbus.
The parsers for those are disabled in the suricata config so the rules are not needed, on the contrary they massively will spam warnings when launching suricate because of the disabled parsers.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit a52ea4b0085426cc2c7fc08be5496532cb97b622 Merge: ba1541611 65d5ec52c Author: Stefan Schantl stefan.schantl@ipfire.org Date: Thu Dec 16 20:00:18 2021 +0100
Merge branch 'master' of ssh://git.ipfire.org/pub/git/ipfire-2.x
commit ba154161199f84bb7c80ff6bbebf16e6660af738 Merge: 7e4f773ad 2c13fafb7 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Dec 8 17:03:31 2021 +0100
Merge branch 'master' of ssh://git.ipfire.org/pub/git/ipfire-2.x
commit 7e4f773adc256e964c0b8bbedf0fe91cddac9b9c Merge: 90d8cb929 191347cc4 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Mon Nov 15 20:55:47 2021 +0100
Merge branch 'master' of ssh://git.ipfire.org/pub/git/ipfire-2.x
commit 90d8cb92980bb6ae689605ad36d6f0c46158be7c Merge: 16d91d746 9d418afb8 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Mon Nov 1 19:12:24 2021 +0100
Merge branch 'master' of ssh://git.ipfire.org/pub/git/ipfire-2.x
commit 16d91d7466984faa3af9bdc025aabd6a18c8a428 Merge: 1c959b88c ff54a798a Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Aug 6 21:11:44 2021 +0200
Merge branch 'master' of ssh://git.ipfire.org/pub/git/ipfire-2.x
commit 1c959b88c7ab8b79df61f3e51c633c0455cfb421 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Jul 30 19:54:15 2021 +0200
qos.cgi: Fix truncated status output
In the past only the fist line of the status output has been passed to the cleanhtml() function and displayed. Now the whole output will be converted to a string, cleaned and displyed on the WUI again.
Fixes #12666.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit fb013fdc0a6118d4d5163cf572b41b83530f2a4f Merge: ae3a88abe 131cfcf22 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Fri Jul 30 19:51:43 2021 +0200
Merge branch 'master' of ssh://git.ipfire.org/pub/git/ipfire-2.x
commit ae3a88abe5b21a1bfe6310a06b6002f6befca976 Merge: 0a8a3f70e 37ef9fe4e Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Jul 11 11:52:00 2021 +0200
Merge branch 'master' of ssh://git.ipfire.org/pub/git/ipfire-2.x
commit 0a8a3f70e073dc3fa059e824f9285553c7d56c3a Merge: 510d3f005 92a5ad86e Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Jul 6 18:04:55 2021 +0200
Merge branch 'master' of ssh://git.ipfire.org/pub/git/ipfire-2.x
commit 510d3f005c179469111f172556312d8d025d131d Merge: 2d5b98c80 0a48e5694 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed Jun 30 20:13:27 2021 +0200
Merge branch 'master' of ssh://git.ipfire.org/pub/git/ipfire-2.x
commit 2d5b98c80939aec312c97a5368493c621b3cbccb Merge: c7ee7f60d addeeb1f7 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Jun 27 10:58:02 2021 +0200
Merge branch 'master' of ssh://git.ipfire.org/pub/git/ipfire-2.x
commit c7ee7f60dac6be66c0b45261fd3aa3c3c6852f69 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Jun 22 14:56:40 2021 +0200
ovpnmain.cgi: Fix typos.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 3ed6be83d21ba2c0a819974dfc1936ca7bfff541 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Jun 22 14:51:35 2021 +0200
ovpnmain.cgi: Call correct system_output() function.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
commit 40335cecaa67bd8b370e4a90741dd6557a821382 Merge: cf3806f27 27ca856f7 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Jun 22 14:45:59 2021 +0200
Merge branch 'master' of ssh://git.ipfire.org/pub/git/ipfire-2.x
commit cf3806f27ca0d53ed0e1c28e4e23e4cd53816da6 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Wed May 12 20:05:55 2021 +0200
ddns: Add upstream patch to fix argparse list-token-providers command.
Fixes #12607.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
-----------------------------------------------------------------------
Summary of changes: config/backup/backup.pl | 6 + config/backup/include | 5 +- config/cfgroot/graphs.pl | 22 +- config/cfgroot/ids-functions.pl | 1090 ++++++++++-- config/collectd/collectd.conf | 6 +- config/etc/sysctl.conf | 4 +- config/kernel/kernel.config.aarch64-ipfire | 2 +- config/kernel/kernel.config.armv6l-ipfire | 2 +- config/kernel/kernel.config.x86_64-ipfire | 3 +- config/oinkmaster/oinkmaster.conf | 7 +- config/rootfiles/common/Net-DNS | 1 + config/rootfiles/common/armv6l/python3 | 2 +- config/rootfiles/common/configroot | 1 + config/rootfiles/common/expat | 22 +- config/rootfiles/common/freetype | 2 +- config/rootfiles/common/gdbm | 25 +- config/rootfiles/common/kmod | 2 +- config/rootfiles/common/libusb | 2 +- config/rootfiles/common/libwww-perl | 102 -- config/rootfiles/common/libxml2 | 322 ++-- config/rootfiles/common/libxslt | 211 ++- config/rootfiles/common/pcre2 | 226 +-- config/rootfiles/common/perl-libwww | 44 + config/rootfiles/common/python3 | 2 +- config/rootfiles/common/shadow | 53 +- config/rootfiles/common/squid | 50 +- config/rootfiles/common/suricata | 3 - config/rootfiles/common/tcl | 76 +- config/rootfiles/common/usbutils | 5 - config/rootfiles/common/web-user-interface | 1 + config/rootfiles/common/zstd | 2 +- config/rootfiles/core/{163 => 164}/core-files | 0 config/rootfiles/core/{163 => 164}/exclude | 0 .../124 => core/164}/filelists/aarch64/linux | 0 .../164}/filelists/aarch64/linux-initrd | 0 .../159 => core/164}/filelists/armv6l/linux | 0 .../159 => core/164}/filelists/armv6l/linux-initrd | 0 .../core/{163 => 164}/filelists/core-files | 0 .../{oldcore/106 => core/164}/filelists/expat | 0 config/rootfiles/core/164/filelists/files | 16 + .../rootfiles/core/{163 => 164}/filelists/freetype | 0 config/rootfiles/core/164/filelists/gdbm | 1 + .../{oldcore/107 => core/164}/filelists/hdparm | 0 .../131 => core/164}/filelists/ids-ruleset-sources | 0 .../{oldcore/125 => core/164}/filelists/kmod | 0 .../{oldcore/145 => core/164}/filelists/libusb | 0 .../{oldcore/101 => core/164}/filelists/libxml2 | 0 .../{oldcore/157 => core/164}/filelists/libxslt | 0 .../{oldcore/125 => core/164}/filelists/lvm2 | 0 .../{oldcore/131 => core/164}/filelists/oinkmaster | 0 .../{oldcore/155 => core/164}/filelists/pcre2 | 0 .../151 => core/164}/filelists/poppler-data | 0 .../rootfiles/core/{163 => 164}/filelists/shadow | 0 config/rootfiles/core/{163 => 164}/filelists/squid | 0 .../{oldcore/155 => core/164}/filelists/tcl | 0 .../{oldcore/66 => core/164}/filelists/usbutils | 0 .../100 => core/164}/filelists/x86_64/linux | 0 .../100 => core/164}/filelists/x86_64/linux-initrd | 0 .../{oldcore/149 => core/164}/filelists/zstd | 0 .../rootfiles/{oldcore/150 => core/164}/update.sh | 39 +- config/rootfiles/{core => oldcore}/163/core-files | 0 config/rootfiles/{core => oldcore}/163/exclude | 0 .../{core => oldcore}/163/filelists/apache2 | 0 .../rootfiles/{core => oldcore}/163/filelists/bash | 0 .../163/filelists/ca-certificates | 0 .../rootfiles/{core => oldcore}/163/filelists/curl | 0 .../{core => oldcore}/163/filelists/e2fsprogs | 0 .../{core => oldcore}/163/filelists/ethtool | 0 .../{core => oldcore}/163/filelists/exfatprogs | 0 .../{core => oldcore}/163/filelists/files | 0 .../{core => oldcore}/163/filelists/freetype | 0 .../{core => oldcore}/163/filelists/fribidi | 0 .../rootfiles/{core => oldcore}/163/filelists/gdb | 0 .../rootfiles/{core => oldcore}/163/filelists/glib | 0 .../rootfiles/{core => oldcore}/163/filelists/grep | 0 .../rootfiles/{core => oldcore}/163/filelists/gzip | 0 .../{core => oldcore}/163/filelists/harfbuzz | 0 .../{core => oldcore}/163/filelists/iproute2 | 0 .../{core => oldcore}/163/filelists/libarchive | 0 .../{core => oldcore}/163/filelists/libcap | 0 .../{core => oldcore}/163/filelists/libedit | 0 .../{core => oldcore}/163/filelists/libgcrypt | 0 .../{core => oldcore}/163/filelists/libgpg-error | 0 .../{core => oldcore}/163/filelists/libloc | 0 .../{core => oldcore}/163/filelists/libtasn1 | 0 .../{core => oldcore}/163/filelists/liburcu | 0 .../{core => oldcore}/163/filelists/linux-firmware | 0 .../rootfiles/{core => oldcore}/163/filelists/m4 | 0 .../{core => oldcore}/163/filelists/ncurses | 0 .../rootfiles/{core => oldcore}/163/filelists/pam | 0 .../{core => oldcore}/163/filelists/pango | 0 .../{core => oldcore}/163/filelists/poppler | 0 .../rootfiles/{core => oldcore}/163/filelists/qpdf | 0 .../{core => oldcore}/163/filelists/rng-tools | 0 .../{core => oldcore}/163/filelists/sdparm | 0 .../{core => oldcore}/163/filelists/shadow | 0 .../{core => oldcore}/163/filelists/sqlite | 0 .../{core => oldcore}/163/filelists/squid | 0 .../rootfiles/{core => oldcore}/163/filelists/sudo | 0 .../{core => oldcore}/163/filelists/sysvinit | 0 .../{core => oldcore}/163/filelists/unbound | 0 .../rootfiles/{core => oldcore}/163/filelists/wget | 0 .../{core => oldcore}/163/filelists/xfsprogs | 0 config/rootfiles/{core => oldcore}/163/files | 0 config/rootfiles/{core => oldcore}/163/update.sh | 0 config/rootfiles/packages/gnu-netcat | 1 + config/rootfiles/packages/libvirt | 359 +--- config/rootfiles/packages/perl-File-ReadBackwards | 1 + config/rootfiles/packages/python3-setuptools | 344 ++-- config/rootfiles/packages/qemu | 2 +- config/rootfiles/packages/qemu-ga | 2 + config/shadow/login.defs | 5 +- config/suricata/convert-ids-multiple-providers | 284 +++ config/suricata/convert-snort | 60 +- config/suricata/ruleset-sources | 174 +- config/suricata/suricata.yaml | 50 +- config/urlfilter/autoupdate.urls | 2 - html/cgi-bin/ids.cgi | 1815 ++++++++++++++------ html/cgi-bin/optionsfw.cgi | 96 +- html/cgi-bin/pakfire.cgi | 376 ++-- html/html/include/pakfire.js | 327 ++++ langs/de/cgi-bin/de.pl | 28 +- langs/en/cgi-bin/en.pl | 29 +- lfs/clamav | 8 +- lfs/configroot | 5 +- lfs/dnsdist | 6 +- lfs/expat | 4 +- lfs/freetype | 4 +- lfs/gdbm | 17 +- lfs/hdparm | 6 +- lfs/kmod | 6 +- lfs/libusb | 6 +- lfs/libvirt | 72 +- lfs/libxml2 | 4 +- lfs/libxslt | 4 +- lfs/linux | 6 +- lfs/lvm2 | 4 +- lfs/monit | 8 +- lfs/pcre2 | 4 +- lfs/{libwww-perl => perl-libwww} | 4 +- lfs/poppler-data | 4 +- lfs/python3-setuptools | 6 +- lfs/qemu | 1 + lfs/{stage1 => qemu-ga} | 33 +- lfs/shadow | 8 +- lfs/squid | 7 +- lfs/suricata | 10 +- lfs/tcl | 4 +- lfs/usbutils | 7 +- lfs/zstd | 4 +- make.sh | 7 +- src/initscripts/packages/qemu-ga | 38 + src/initscripts/system/firewall | 63 +- src/initscripts/system/squid | 1 + src/paks/{xinetd => qemu-ga}/install.sh | 12 +- .../{amazon-ssm-agent => qemu-ga}/uninstall.sh | 10 +- src/paks/{apcupsd => qemu-ga}/update.sh | 2 +- ...ult-behavior-of-libvirt-guests.sh-for-IPF.patch | 33 +- ...ow-4.11.1-suppress_installation_of_groups.patch | 279 +++ ...dow-4.2.1-suppress_installation_of_groups.patch | 446 ----- src/scripts/update-ids-ruleset | 54 +- 161 files changed, 4885 insertions(+), 2624 deletions(-) delete mode 100644 config/rootfiles/common/libwww-perl create mode 100644 config/rootfiles/common/perl-libwww copy config/rootfiles/core/{163 => 164}/core-files (100%) copy config/rootfiles/core/{163 => 164}/exclude (100%) copy config/rootfiles/{oldcore/124 => core/164}/filelists/aarch64/linux (100%) copy config/rootfiles/{oldcore/124 => core/164}/filelists/aarch64/linux-initrd (100%) copy config/rootfiles/{oldcore/159 => core/164}/filelists/armv6l/linux (100%) copy config/rootfiles/{oldcore/159 => core/164}/filelists/armv6l/linux-initrd (100%) rename config/rootfiles/core/{163 => 164}/filelists/core-files (100%) copy config/rootfiles/{oldcore/106 => core/164}/filelists/expat (100%) create mode 100644 config/rootfiles/core/164/filelists/files copy config/rootfiles/core/{163 => 164}/filelists/freetype (100%) create mode 120000 config/rootfiles/core/164/filelists/gdbm copy config/rootfiles/{oldcore/107 => core/164}/filelists/hdparm (100%) copy config/rootfiles/{oldcore/131 => core/164}/filelists/ids-ruleset-sources (100%) copy config/rootfiles/{oldcore/125 => core/164}/filelists/kmod (100%) copy config/rootfiles/{oldcore/145 => core/164}/filelists/libusb (100%) copy config/rootfiles/{oldcore/101 => core/164}/filelists/libxml2 (100%) copy config/rootfiles/{oldcore/157 => core/164}/filelists/libxslt (100%) copy config/rootfiles/{oldcore/125 => core/164}/filelists/lvm2 (100%) copy config/rootfiles/{oldcore/131 => core/164}/filelists/oinkmaster (100%) copy config/rootfiles/{oldcore/155 => core/164}/filelists/pcre2 (100%) copy config/rootfiles/{oldcore/151 => core/164}/filelists/poppler-data (100%) copy config/rootfiles/core/{163 => 164}/filelists/shadow (100%) copy config/rootfiles/core/{163 => 164}/filelists/squid (100%) copy config/rootfiles/{oldcore/155 => core/164}/filelists/tcl (100%) copy config/rootfiles/{oldcore/66 => core/164}/filelists/usbutils (100%) copy config/rootfiles/{oldcore/100 => core/164}/filelists/x86_64/linux (100%) copy config/rootfiles/{oldcore/100 => core/164}/filelists/x86_64/linux-initrd (100%) copy config/rootfiles/{oldcore/149 => core/164}/filelists/zstd (100%) copy config/rootfiles/{oldcore/150 => core/164}/update.sh (86%) rename config/rootfiles/{core => oldcore}/163/core-files (100%) rename config/rootfiles/{core => oldcore}/163/exclude (100%) rename config/rootfiles/{core => oldcore}/163/filelists/apache2 (100%) rename config/rootfiles/{core => oldcore}/163/filelists/bash (100%) rename config/rootfiles/{core => oldcore}/163/filelists/ca-certificates (100%) rename config/rootfiles/{core => oldcore}/163/filelists/curl (100%) rename config/rootfiles/{core => oldcore}/163/filelists/e2fsprogs (100%) rename config/rootfiles/{core => oldcore}/163/filelists/ethtool (100%) rename config/rootfiles/{core => oldcore}/163/filelists/exfatprogs (100%) rename config/rootfiles/{core => oldcore}/163/filelists/files (100%) rename config/rootfiles/{core => oldcore}/163/filelists/freetype (100%) rename config/rootfiles/{core => oldcore}/163/filelists/fribidi (100%) rename config/rootfiles/{core => oldcore}/163/filelists/gdb (100%) rename config/rootfiles/{core => oldcore}/163/filelists/glib (100%) rename config/rootfiles/{core => oldcore}/163/filelists/grep (100%) rename config/rootfiles/{core => oldcore}/163/filelists/gzip (100%) rename config/rootfiles/{core => oldcore}/163/filelists/harfbuzz (100%) rename config/rootfiles/{core => oldcore}/163/filelists/iproute2 (100%) rename config/rootfiles/{core => oldcore}/163/filelists/libarchive (100%) rename config/rootfiles/{core => oldcore}/163/filelists/libcap (100%) rename config/rootfiles/{core => oldcore}/163/filelists/libedit (100%) rename config/rootfiles/{core => oldcore}/163/filelists/libgcrypt (100%) rename config/rootfiles/{core => oldcore}/163/filelists/libgpg-error (100%) rename config/rootfiles/{core => oldcore}/163/filelists/libloc (100%) rename config/rootfiles/{core => oldcore}/163/filelists/libtasn1 (100%) rename config/rootfiles/{core => oldcore}/163/filelists/liburcu (100%) rename config/rootfiles/{core => oldcore}/163/filelists/linux-firmware (100%) rename config/rootfiles/{core => oldcore}/163/filelists/m4 (100%) rename config/rootfiles/{core => oldcore}/163/filelists/ncurses (100%) rename config/rootfiles/{core => oldcore}/163/filelists/pam (100%) rename config/rootfiles/{core => oldcore}/163/filelists/pango (100%) rename config/rootfiles/{core => oldcore}/163/filelists/poppler (100%) rename config/rootfiles/{core => oldcore}/163/filelists/qpdf (100%) rename config/rootfiles/{core => oldcore}/163/filelists/rng-tools (100%) rename config/rootfiles/{core => oldcore}/163/filelists/sdparm (100%) rename config/rootfiles/{core => oldcore}/163/filelists/shadow (100%) rename config/rootfiles/{core => oldcore}/163/filelists/sqlite (100%) rename config/rootfiles/{core => oldcore}/163/filelists/squid (100%) rename config/rootfiles/{core => oldcore}/163/filelists/sudo (100%) rename config/rootfiles/{core => oldcore}/163/filelists/sysvinit (100%) rename config/rootfiles/{core => oldcore}/163/filelists/unbound (100%) rename config/rootfiles/{core => oldcore}/163/filelists/wget (100%) rename config/rootfiles/{core => oldcore}/163/filelists/xfsprogs (100%) rename config/rootfiles/{core => oldcore}/163/files (100%) rename config/rootfiles/{core => oldcore}/163/update.sh (100%) create mode 100644 config/rootfiles/packages/qemu-ga create mode 100644 config/suricata/convert-ids-multiple-providers create mode 100644 html/html/include/pakfire.js rename lfs/{libwww-perl => perl-libwww} (97%) copy lfs/{stage1 => qemu-ga} (87%) create mode 100755 src/initscripts/packages/qemu-ga copy src/paks/{xinetd => qemu-ga}/install.sh (86%) copy src/paks/{amazon-ssm-agent => qemu-ga}/uninstall.sh (90%) copy src/paks/{apcupsd => qemu-ga}/update.sh (96%) create mode 100644 src/patches/shadow-4.11.1-suppress_installation_of_groups.patch delete mode 100644 src/patches/shadow-4.2.1-suppress_installation_of_groups.patch
Difference in files: diff --git a/config/backup/backup.pl b/config/backup/backup.pl index afd8d1663..63004491c 100644 --- a/config/backup/backup.pl +++ b/config/backup/backup.pl @@ -159,6 +159,12 @@ restore_backup() { rm -rf "/var/ipfire/snort" fi
+ # IDS multiple providers converter. + if [ -e "/var/ipfire/suricata/rules-settings" ]; then + # Run the converter + convert-ids-multiple-providers + fi + # Convert DNS settings convert-dns-settings
diff --git a/config/backup/include b/config/backup/include index 5db452cda..3b96b1d62 100644 --- a/config/backup/include +++ b/config/backup/include @@ -49,7 +49,7 @@ /var/ipfire/qos/bin/qos.sh /var/ipfire/suricata/*.conf /var/ipfire/suricata/*.yaml -/var/ipfire/suricata/rules-settings +/var/ipfire/suricata/providers-settings /var/ipfire/*/settings /var/ipfire/time/ /var/ipfire/urlfilter @@ -59,4 +59,5 @@ /var/log/rrd/* /var/log/rrd/collectd /var/log/vnstat -/var/tmp/idsrules.tar.gz +/var/tmp/idsrules-*.tar.gz +/var/tmp/idsrules-*.rules diff --git a/config/cfgroot/graphs.pl b/config/cfgroot/graphs.pl index 02341eb45..b964f1e80 100644 --- a/config/cfgroot/graphs.pl +++ b/config/cfgroot/graphs.pl @@ -3,7 +3,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2005-2010 IPFire Team # +# Copyright (C) 2005-2021 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -106,7 +106,7 @@ foreach (@sensorsdir){
sub makegraphbox { my ($origin, $name, $default_range) = @_; - + # Optional time range: Default to "day" unless otherwise specified $default_range = "day" unless ($default_range ~~ @time_ranges);
@@ -154,7 +154,7 @@ sub updatecpugraph { "COMMENT:".sprintf("%15s",$Lang::tr{'minimal'}), "COMMENT:".sprintf("%15s",$Lang::tr{'current'})."\j" ); - + my $nice = "CDEF:nice="; my $interrupt = "CDEF:interrupt="; my $steal = "CDEF:steal="; @@ -164,7 +164,7 @@ sub updatecpugraph { my $iowait = "CDEF:iowait="; my $irq = "CDEF:irq="; my $addstring = ""; - + for(my $i = 0; $i < $cpucount; $i++) { push(@command,"DEF:iowait".$i."=".$mainsettings{'RRDLOG'}."/collectd/localhost/cpu-".$i."/cpu-wait.rrd:value:AVERAGE" ,"DEF:nice".$i."=".$mainsettings{'RRDLOG'}."/collectd/localhost/cpu-".$i."/cpu-nice.rrd:value:AVERAGE" @@ -184,7 +184,7 @@ sub updatecpugraph { $iowait .= "iowait".$i.","; $irq .= "irq".$i.","; } - + for(my $i = 2; $i < $cpucount; $i++) { $addstring .= "ADDNAN,"; } @@ -692,6 +692,8 @@ sub updatefwhitsgraph { "DEF:forward=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYFWD/ipt_bytes-DROP_FORWARD.rrd:value:AVERAGE", "DEF:newnotsyn=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-NEWNOTSYN/ipt_bytes-DROP_NEWNOTSYN.rrd:value:AVERAGE", "DEF:portscan=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-PSCAN/ipt_bytes-DROP_PScan.rrd:value:AVERAGE", + "DEF:spoofedmartian=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-SPOOFED_MARTIAN/ipt_bytes-DROP_SPOOFED_MARTIAN.rrd:value:AVERAGE", + "DEF:hostile=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-HOSTILE/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE", "COMMENT:".sprintf("%-26s",$Lang::tr{'caption'}), "COMMENT:".sprintf("%15s",$Lang::tr{'maximal'}), "COMMENT:".sprintf("%15s",$Lang::tr{'average'}), @@ -722,6 +724,16 @@ sub updatefwhitsgraph { "GPRINT:portscan:AVERAGE:%8.1lf %sBps", "GPRINT:portscan:MIN:%8.1lf %sBps", "GPRINT:portscan:LAST:%8.1lf %sBps\j", + "STACK:spoofedmartian".$color{"color12"}."A0:".sprintf("%-25s",$Lang::tr{'spoofed or martians'}), + "GPRINT:spoofedmartian:MAX:%8.1lf %sBps", + "GPRINT:spoofedmartian:AVERAGE:%8.1lf %sBps", + "GPRINT:spoofedmartian:MIN:%8.1lf %sBps", + "GPRINT:spoofedmartian:LAST:%8.1lf %sBps\j", + "STACK:hostile".$color{"color13"}."A0:".sprintf("%-25s",$Lang::tr{'hostile networks'}), + "GPRINT:hostile:MAX:%8.1lf %sBps", + "GPRINT:hostile:AVERAGE:%8.1lf %sBps", + "GPRINT:hostile:MIN:%8.1lf %sBps", + "GPRINT:hostile:LAST:%8.1lf %sBps\j", ); $ERROR = RRDs::error; return "Error in RRD::graph for firewallhits: ".$ERROR."\n" if $ERROR; diff --git a/config/cfgroot/ids-functions.pl b/config/cfgroot/ids-functions.pl index 0e397ca19..74d55def6 100644 --- a/config/cfgroot/ids-functions.pl +++ b/config/cfgroot/ids-functions.pl @@ -21,16 +21,22 @@ # # ############################################################################
+use strict; + package IDS;
require '/var/ipfire/general-functions.pl'; require "${General::swroot}/network-functions.pl"; +require "${General::swroot}/suricata/ruleset-sources";
# Location where all config and settings files are stored. our $settingsdir = "${General::swroot}/suricata";
-# File where the used rulefiles are stored. -our $used_rulefiles_file = "$settingsdir/suricata-used-rulefiles.yaml"; +# File where the main file for providers ruleset inclusion exists. +our $suricata_used_providers_file = "$settingsdir/suricata-used-providers.yaml"; + +# File for static ruleset inclusions. +our $suricata_default_rulefiles_file = "$settingsdir/suricata-default-rules.yaml";
# File where the addresses of the homenet are stored. our $homenet_file = "$settingsdir/suricata-homenet.yaml"; @@ -41,11 +47,8 @@ our $dns_servers_file = "$settingsdir/suricata-dns-servers.yaml"; # File where the HTTP ports definition is stored. our $http_ports_file = "$settingsdir/suricata-http-ports.yaml";
-# File which contains the enabled sids. -our $enabled_sids_file = "$settingsdir/oinkmaster-enabled-sids.conf"; - -# File which contains the disabled sids. -our $disabled_sids_file = "$settingsdir/oinkmaster-disabled-sids.conf"; +# File which contains includes for provider specific rule modifications. +our $oinkmaster_provider_includes_file = "$settingsdir/oinkmaster-provider-includes.conf";
# File which contains wheater the rules should be changed. our $modify_sids_file = "$settingsdir/oinkmaster-modify-sids.conf"; @@ -53,14 +56,14 @@ our $modify_sids_file = "$settingsdir/oinkmaster-modify-sids.conf"; # File which stores the configured IPS settings. our $ids_settings_file = "$settingsdir/settings";
-# File which stores the configured rules-settings. -our $rules_settings_file = "$settingsdir/rules-settings"; +# File which stores the used and configured ruleset providers. +our $providers_settings_file = "$settingsdir/providers-settings";
# File which stores the configured settings for whitelisted addresses. our $ignored_file = "$settingsdir/ignored";
-# Location and name of the tarball which contains the ruleset. -our $rulestarball = "/var/tmp/idsrules.tar.gz"; +# Location where the downloaded rulesets are stored. +our $dl_rules_path = "/var/tmp";
# File to store any errors, which also will be read and displayed by the wui. our $storederrorfile = "/tmp/ids_storederror"; @@ -71,6 +74,18 @@ our $ids_page_lock_file = "/tmp/ids_page_locked"; # Location where the rulefiles are stored. our $rulespath = "/var/lib/suricata";
+# Location where the default rulefils are stored. +our $default_rulespath = "/usr/share/suricata/rules"; + +# Location where the addition config files are stored. +our $configspath = "/usr/share/suricata"; + +# Location of the classification file. +our $classification_file = "$configspath/classification.config"; + +# Location of the sid to msg mappings file. +our $sid_msg_file = "$rulespath/sid-msg.map"; + # Location to store local rules. This file will not be touched. our $local_rules_file = "$rulespath/local.rules";
@@ -87,6 +102,18 @@ our $idspidfile = "/var/run/suricata.pid"; # Location of suricatactrl. my $suricatactrl = "/usr/local/bin/suricatactrl";
+# Prefix for each downloaded ruleset. +my $dl_rulesfile_prefix = "idsrules"; + +# Temporary directory where the rulesets will be extracted. +my $tmp_directory = "/tmp/ids_tmp"; + +# Temporary directory where the extracted rules files will be stored. +my $tmp_rules_directory = "$tmp_directory/rules"; + +# Temporary directory where the extracted additional config files will be stored. +my $tmp_conf_directory = "$tmp_directory/conf"; + # Array with allowed commands of suricatactrl. my @suricatactrl_cmds = ( 'start', 'stop', 'restart', 'reload', 'fix-rules-dir', 'cron' );
@@ -97,21 +124,87 @@ my @cron_intervals = ('off', 'daily', 'weekly' ); # http_ports_file. my @http_ports = ('80', '81');
+# Array which contains a list of rulefiles which always will be included if they exist. +my @static_included_rulefiles = ('local.rules', 'whitelist.rules'); + +# Array which contains a list of allways enabled application layer protocols. +my @static_enabled_app_layer_protos = ('app-layer', 'decoder', 'files', 'stream'); + +# Hash which allows to convert the download type (dl_type) to a file suffix. +my %dl_type_to_suffix = ( + "archive" => ".tar.gz", + "plain" => ".rules", +); + +# Hash to translate an application layer protocol to the application name. +my %tr_app_layer_proto = ( + "ikev2" => "ipsec", + "krb5" => "kerberos", +); + # ## Function to check and create all IDS related files, if the does not exist. # sub check_and_create_filelayout() { # Check if the files exist and if not, create them. - unless (-f "$enabled_sids_file") { &create_empty_file($enabled_sids_file); } - unless (-f "$disabled_sids_file") { &create_empty_file($disabled_sids_file); } + unless (-f "$oinkmaster_provider_includes_file") { &create_empty_file($oinkmaster_provider_includes_file); } unless (-f "$modify_sids_file") { &create_empty_file($modify_sids_file); } - unless (-f "$used_rulefiles_file") { &create_empty_file($used_rulefiles_file); } + unless (-f "$suricata_used_providers_file") { &create_empty_file($suricata_used_providers_file); } + unless (-f "$suricata_default_rulefiles_file") { &create_empty_file($suricata_default_rulefiles_file); } unless (-f "$ids_settings_file") { &create_empty_file($ids_settings_file); } - unless (-f "$rules_settings_file") { &create_empty_file($rules_settings_file); } + unless (-f "$providers_settings_file") { &create_empty_file($providers_settings_file); } unless (-f "$ignored_file") { &create_empty_file($ignored_file); } unless (-f "$whitelist_file" ) { &create_empty_file($whitelist_file); } }
+# +## Function to get a list of all available ruleset providers. +## +## They will be returned as a sorted array. +# +sub get_ruleset_providers() { + my @providers; + + # Loop through the hash of providers. + foreach my $provider ( keys %IDS::Ruleset::Providers ) { + # Add the provider to the array. + push(@providers, $provider); + } + + # Sort and return the array. + return sort(@providers); +} + +# +## Function to get a list of all enabled ruleset providers. +## +## They will be returned as an array. +# +sub get_enabled_providers () { + my %used_providers = (); + + # Array to store the enabled providers. + my @enabled_providers = (); + + # Read-in the providers config file. + &General::readhasharray("$providers_settings_file", %used_providers); + + # Loop through the hash of used_providers. + foreach my $id (keys %used_providers) { + # Skip disabled providers. + next unless ($used_providers{$id}[3] eq "enabled"); + + # Grab the provider handle. + my $provider = "$used_providers{$id}[0]"; + + # Add the provider to the array of enabled providers. + push(@enabled_providers, $provider); + } + + # Return the array. + return @enabled_providers; +} + # ## Function for checking if at least 300MB of free disk space are available ## on the "/var" partition. @@ -147,32 +240,39 @@ sub checkdiskspace () { }
# -## This function is responsible for downloading the configured IDS ruleset. +## This function is responsible for downloading the configured IDS rulesets or if no one is specified +## all configured rulesets will be downloaded. ## -## * At first it obtains from the stored rules settings which ruleset should be downloaded. -## * The next step is to get the download locations for all available rulesets. -## * After that, the function will check if an upstream proxy should be used and grab the settings. -## * The last step will be to generate the final download url, by obtaining the URL for the desired -## ruleset, add the settings for the upstream proxy and final grab the rules tarball from the server. +## * At first it gathers all configured ruleset providers, initialize the downloader and sets an +## upstream proxy if configured. +## * After that, the given ruleset or in case all rulesets should be downloaded, it will determine wether it +## is enabled or not. +## * The next step will be to generate the final download url, by obtaining the URL for the desired +## ruleset, add the settings for the upstream proxy. +## * Finally the function will grab all the rules files or tarballs from the servers. # -sub downloadruleset { - # Get rules settings. - my %rulessettings=(); - &General::readhash("$rules_settings_file", %rulessettings); +sub downloadruleset ($) { + my ($provider) = @_; + + # If no provider is given default to "all". + $provider //= 'all'; + + # Hash to store the providers and access id's, for which rules should be downloaded. + my %sheduled_providers = (); + + # Get used provider settings. + my %used_providers = (); + &General::readhasharray("$providers_settings_file", %used_providers);
# Check if a ruleset has been configured. - unless($rulessettings{'RULES'}) { + unless(%used_providers) { # Log that no ruleset has been configured and abort. - &_log_to_syslog("No ruleset source has been configured."); + &_log_to_syslog("No ruleset provider has been configured.");
# Return "1". return 1; }
- # Get all available ruleset locations. - my %rulesetsources=(); - &General::readhash($rulesetsourcesfile, %rulesetsources); - # Read proxysettings. my %proxysettings=(); &General::readhash("${General::swroot}/proxy/settings", %proxysettings); @@ -204,40 +304,103 @@ sub downloadruleset { $downloader->proxy(['http', 'https'], $proxy_url); }
- # Grab the right url based on the configured vendor. - my $url = $rulesetsources{$rulessettings{'RULES'}}; + # Loop through the hash of configured providers. + foreach my $id ( keys %used_providers ) { + # Skip providers which are not enabled. + next if ($used_providers{$id}[3] ne "enabled");
- # Check if the vendor requires an oinkcode and add it if needed. - $url =~ s/<oinkcode>/$rulessettings{'OINKCODE'}/g; + # Obtain the provider handle. + my $provider_handle = $used_providers{$id}[0];
- # Abort if no url could be determined for the vendor. - unless ($url) { - # Log error and abort. - &_log_to_syslog("Unable to gather a download URL for the selected ruleset."); - return 1; + # Handle update off all providers. + if (($provider eq "all") || ($provider_handle eq "$provider")) { + # Add provider handle and it's id to the hash of sheduled providers. + $sheduled_providers{$provider_handle} = $id; + } }
- # Variable to store the filesize of the remote object. - my $remote_filesize; + # Loop through the hash of sheduled providers. + foreach my $provider ( keys %sheduled_providers) { + # Log download/update of the ruleset. + &_log_to_syslog("Downloading ruleset for provider: $provider.");
- # The sourcfire (snort rules) does not allow to send "HEAD" requests, so skip this check - # for this webserver. - # - # Check if the ruleset source contains "snort.org". - unless ($url =~ /.snort.org/) { - # Pass the requrested url to the downloader. - my $request = HTTP::Request->new(HEAD => $url); + # Grab the download url for the provider. + my $url = $IDS::Ruleset::Providers{$provider}{'dl_url'}; + + # Check if the provider requires a subscription. + if ($IDS::Ruleset::Providers{$provider}{'requires_subscription'} eq "True") { + # Grab the previously stored access id for the provider from hash. + my $id = $sheduled_providers{$provider};
- # Accept the html header. - $request->header('Accept' => 'text/html'); + # Grab the subscription code. + my $subscription_code = $used_providers{$id}[1];
- # Perform the request and fetch the html header. - my $response = $downloader->request($request); + # Add the subscription code to the download url. + $url =~ s/<subscription_code>/$subscription_code/g; + + } + + # Abort if no url could be determined for the provider. + unless ($url) { + # Log error and abort. + &_log_to_syslog("Unable to gather a download URL for the selected ruleset provider."); + return 1; + } + + # Variable to store the filesize of the remote object. + my $remote_filesize; + + # The sourcfire (snort rules) does not allow to send "HEAD" requests, so skip this check + # for this webserver. + # + # Check if the ruleset source contains "snort.org". + unless ($url =~ /.snort.org/) { + # Pass the requrested url to the downloader. + my $request = HTTP::Request->new(HEAD => $url); + + # Accept the html header. + $request->header('Accept' => 'text/html'); + + # Perform the request and fetch the html header. + my $response = $downloader->request($request); + + # Check if there was any error. + unless ($response->is_success) { + # Obtain error. + my $error = $response->status_line(); + + # Log error message. + &_log_to_syslog("Unable to download the ruleset. ($error)"); + + # Return "1" - false. + return 1; + } + + # Assign the fetched header object. + my $header = $response->headers(); + + # Grab the remote file size from the object and store it in the + # variable. + $remote_filesize = $header->content_length; + } + + # Load perl module to deal with temporary files. + use File::Temp; + + # Generate temporary file name, located in "/var/tmp" and with a suffix of ".tmp". + my $tmp = File::Temp->new( SUFFIX => ".tmp", DIR => "/var/tmp/", UNLINK => 0 ); + my $tmpfile = $tmp->filename(); + + # Pass the requested url to the downloader. + my $request = HTTP::Request->new(GET => $url); + + # Perform the request and save the output into the tmpfile. + my $response = $downloader->request($request, $tmpfile);
# Check if there was any error. unless ($response->is_success) { # Obtain error. - my $error = $response->status_line(); + my $error = $response->content;
# Log error message. &_log_to_syslog("Unable to download the ruleset. ($error)"); @@ -246,84 +409,195 @@ sub downloadruleset { return 1; }
- # Assign the fetched header object. - my $header = $response->headers(); - - # Grab the remote file size from the object and store it in the - # variable. - $remote_filesize = $header->content_length; - } + # Load perl stat module. + use File::stat;
- # Load perl module to deal with temporary files. - use File::Temp; + # Perform stat on the tmpfile. + my $stat = stat($tmpfile);
- # Generate temporary file name, located in "/var/tmp" and with a suffix of ".tar.gz". - my $tmp = File::Temp->new( SUFFIX => ".tar.gz", DIR => "/var/tmp/", UNLINK => 0 ); - my $tmpfile = $tmp->filename(); + # Grab the local filesize of the downloaded tarball. + my $local_filesize = $stat->size;
- # Pass the requested url to the downloader. - my $request = HTTP::Request->new(GET => $url); + # Check if both file sizes match. + if (($remote_filesize) && ($remote_filesize ne $local_filesize)) { + # Log error message. + &_log_to_syslog("Unable to completely download the ruleset. "); + &_log_to_syslog("Only got $local_filesize Bytes instead of $remote_filesize Bytes. ");
- # Perform the request and save the output into the tmpfile. - my $response = $downloader->request($request, $tmpfile); + # Delete temporary file. + unlink("$tmpfile");
- # Check if there was any error. - unless ($response->is_success) { - # Obtain error. - my $error = $response->content; + # Return "1" - false. + return 1; + }
- # Log error message. - &_log_to_syslog("Unable to download the ruleset. ($error)"); + # Genarate and assign file name and path to store the downloaded rules file. + my $dl_rulesfile = &_get_dl_rulesfile($provider);
- # Return "1" - false. - return 1; - } + # Check if a file name could be obtained. + unless ($dl_rulesfile) { + # Log error message. + &_log_to_syslog("Unable to store the downloaded rules file. ");
- # Load perl stat module. - use File::stat; + # Delete downloaded temporary file. + unlink("$tmpfile");
- # Perform stat on the tmpfile. - my $stat = stat($tmpfile); + # Return "1" - false. + return 1; + }
- # Grab the local filesize of the downloaded tarball. - my $local_filesize = $stat->size; + # Load file copy module, which contains the move() function. + use File::Copy;
- # Check if both file sizes match. - if (($remote_filesize) && ($remote_filesize ne $local_filesize)) { - # Log error message. - &_log_to_syslog("Unable to completely download the ruleset. "); - &_log_to_syslog("Only got $local_filesize Bytes instead of $remote_filesize Bytes. "); + # Overwrite the may existing rulefile or tarball with the downloaded one. + move("$tmpfile", "$dl_rulesfile");
# Delete temporary file. unlink("$tmpfile");
- # Return "1" - false. - return 1; + # Set correct ownership for the tarball. + set_ownership("$dl_rulesfile"); }
- # Load file copy module, which contains the move() function. + # If we got here, everything worked fine. Return nothing. + return; +} + +# +## Function to extract a given ruleset. +## +## In case the ruleset provider offers a plain file, it simply will +## be copied. +# +sub extractruleset ($) { + my ($provider) = @_; + + # Load perl module to deal with archives. + use Archive::Tar; + + # Load perl module to deal with files and path. + use File::Basename; + + # Load perl module for file copying. use File::Copy;
- # Overwrite existing rules tarball with the new downloaded one. - move("$tmpfile", "$rulestarball"); + # Get full path and downloaded rulesfile for the given provider. + my $tarball = &_get_dl_rulesfile($provider);
- # Set correct ownership for the rulesdir and files. - set_ownership("$rulestarball"); + # Check if the file exists. + unless (-f $tarball) { + &_log_to_syslog("Could not find ruleset file: $tarball");
- # If we got here, everything worked fine. Return nothing. - return; + # Return nothing. + return; + } + + # Check if the temporary directories exist, otherwise create them. + mkdir("$tmp_directory") unless (-d "$tmp_directory"); + mkdir("$tmp_rules_directory") unless (-d "$tmp_rules_directory"); + mkdir("$tmp_conf_directory") unless (-d "$tmp_conf_directory"); + + # Omit the type (dl_type) of the stored ruleset. + my $type = $IDS::Ruleset::Providers{$provider}{'dl_type'}; + + # Handle the different ruleset types. + if ($type eq "plain") { + # Generate destination filename an full path. + my $destination = "$tmp_rules_directory/$provider-ruleset.rules"; + + # Copy the file into the temporary rules directory. + copy($tarball, $destination); + + } elsif ( $type eq "archive") { + # Initialize the tar module. + my $tar = Archive::Tar->new($tarball); + + # Get the filelist inside the tarball. + my @packed_files = $tar->list_files; + + # Loop through the filelist. + foreach my $packed_file (@packed_files) { + my $destination; + + # Splitt the packed file into chunks. + my $file = fileparse($packed_file); + + # Handle msg-id.map file. + if ("$file" eq "sid-msg.map") { + # Set extract destination to temporary config_dir. + $destination = "$tmp_conf_directory/$provider-sid-msg.map"; + + # Handle classification.conf + } elsif ("$file" eq "classification.config") { + # Set extract destination to temporary config_dir. + $destination = "$tmp_conf_directory/$provider-classification.config"; + + # Handle rules files. + } elsif ($file =~ m/.rules$/) { + my $rulesfilename; + + # Splitt the filename into chunks. + my @filename = split("-", $file); + + # Reverse the array. + @filename = reverse(@filename); + + # Get the amount of elements in the array. + my $elements = @filename; + + # Remove last element of the hash. + # It contains the vendor name, which will be replaced. + if ($elements >= 3) { + # Remove last element from hash. + pop(@filename); + } + + # Check if the last element of the filename does not + # contain the providers name. + if ($filename[-1] ne "$provider") { + # Add provider name as last element. + push(@filename, $provider); + } + + # Reverse the array back. + @filename = reverse(@filename); + + # Generate the name for the rulesfile. + $rulesfilename = join("-", @filename); + + # Set extract destination to temporaray rules_dir. + $destination = "$tmp_rules_directory/$rulesfilename"; + } else { + # Skip all other files. + next; + } + + # Extract the file to the temporary directory. + $tar->extract_file("$packed_file", "$destination"); + } + } }
# -## A tiny wrapper function to call the oinkmaster script. +## A wrapper function to call the oinkmaster script, setup the rules structues and +## call the functions to merge the additional config files. (classification, sid-msg, etc.). # sub oinkmaster () { # Check if the files in rulesdir have the correct permissions. &_check_rulesdir_permissions();
- # Cleanup the rules directory before filling it with the new rulest. + # Cleanup the rules directory before filling it with the new rulests. &_cleanup_rulesdir();
+ # Get all enabled providers. + my @enabled_providers = &get_enabled_providers(); + + # Loop through the array of enabled providers. + foreach my $provider (@enabled_providers) { + # Call the extractruleset function. + &extractruleset($provider); + } + # Load perl module to talk to the kernel syslog. use Sys::Syslog qw(:DEFAULT setlogsock);
@@ -331,7 +605,7 @@ sub oinkmaster () { openlog('oinkmaster', 'cons,pid', 'user');
# Call oinkmaster to generate ruleset. - open(OINKMASTER, "/usr/local/bin/oinkmaster.pl -s -u file://$rulestarball -C $settingsdir/oinkmaster.conf -o $rulespath 2>&1 |") or die "Could not execute oinkmaster $!\n"; + open(OINKMASTER, "/usr/local/bin/oinkmaster.pl -s -u dir://$tmp_rules_directory -C $settingsdir/oinkmaster.conf -o $rulespath 2>&1 |") or die "Could not execute oinkmaster $!\n";
# Log output of oinkmaster to syslog. while(<OINKMASTER>) { @@ -348,6 +622,181 @@ sub oinkmaster () {
# Close the log handle. closelog(); + + # Call function to merge the classification files. + &merge_classifications(@enabled_providers); + + # Call function to merge the sid to message mapping files. + &merge_sid_msg(@enabled_providers); + + # Cleanup temporary directory. + &cleanup_tmp_directory(); +} + +# +## Function to merge the classifications for a given amount of providers and write them +## to the classifications file. +# +sub merge_classifications(@) { + my @providers = @_; + + # Hash to store all collected classifications. + my %classifications = (); + + # Loop through the given array of providers. + foreach my $provider (@providers) { + # Generate full path to classification file. + my $classification_file = "$tmp_conf_directory/$provider-classification.config"; + + # Skip provider if no classification file exists. + next unless (-f "$classification_file"); + + # Open the classification file. + open(CLASSIFICATION, $classification_file) or die "Could not open file $classification_file. $!\n"; + + # Loop through the file content. + while(<CLASSIFICATION>) { + # Parse the file and grab the classification details. + if ($_ =~/.*config classification: (.*)/) { + # Split the grabbed details. + my ($short_name, $short_desc, $priority) = split(",", $1); + + # Check if the grabbed classification is allready known and the priority value is greater + # than the stored one (which causes less priority in the IDS). + if (($classifications{$short_name}) && ($classifications{$short_name}[1] >= $priority)) { + #Change the priority value to the stricter one. + $classifications{$short_name} = [ "$classifications{$short_name}[0]", "$priority" ]; + } else { + # Add the classification to the hash. + $classifications{$short_name} = [ "$short_desc", "$priority" ]; + } + } + } + + # Close the file. + close(CLASSIFICATION); + } + + # Open classification file for writing. + open(FILE, ">", "$classification_file") or die "Could not write to $classification_file. $!\n"; + + # Print notice about autogenerated file. + print FILE "#Autogenerated file. Any custom changes will be overwritten!\n\n"; + + # Sort and loop through the hash of classifications. + foreach my $key (sort keys %classifications) { + # Assign some nice variable names for the items. + my $short_name = $key; + my $short_desc = $classifications{$key}[0]; + my $priority = $classifications{$key}[1]; + + # Write the classification to the file. + print FILE "config classification: $short_name,$short_desc,$priority\n"; + } + + # Close file handle. + close(FILE); +} + +# +## Function to merge the "sid to message mapping" files of various given providers. +# +sub merge_sid_msg (@) { + my @providers = @_; + + # Hash which contains all the sid to message mappings. + my %mappings = (); + + # Loop through the array of given providers. + foreach my $provider (@providers) { + # Generate full path and filename. + my $sid_msg_file = "$tmp_conf_directory/$provider-sid-msg.map"; + + # Skip provider if no sid to msg mapping file for this provider exists. + next unless (-f $sid_msg_file); + + # Open the file. + open(MAPPING, $sid_msg_file) or die "Could not open $sid_msg_file. $!\n"; + + # Loop through the file content. + while (<MAPPING>) { + # Remove newlines. + chomp($_); + + # Skip lines which do not start with a number, + next unless ($_ =~ /^\d+/); + + # Split line content and assign it to an array. + my @line = split(/ || /, $_); + + # Grab the first element (and remove it) from the line array. + # It contains the sid. + my $sid = shift(@line); + + # Store the grabbed sid and the remain array as hash value. + # It still contains the messages, references etc. + $mappings{$sid} = [@line]; + } + + # Close file handle. + close(MAPPING); + } + + # Open mappings file for writing. + open(FILE, ">", $sid_msg_file) or die "Could not write $sid_msg_file. $!\n"; + + # Write notice about autogenerated file. + print FILE "#Autogenerated file. Any custom changes will be overwritten!\n\n"; + + # Loop through the hash of mappings. + foreach my $sid ( sort keys %mappings) { + # Grab data for the sid. + my @data = @{$mappings{$sid}}; + + # Add the sid to the data array. + unshift(@data, $sid); + + # Generate line. + my $line = join(" || ", @data); + + print FILE "$line\n"; + + } + + # Close file handle. + close(FILE); +} + +# +## A very tiny function to move an extracted ruleset from the temporary directory into +## the rules directory. +# +sub move_tmp_ruleset() { + # Load perl module. + use File::Copy; + + # Do a directory listing of the temporary directory. + opendir DH, $tmp_rules_directory; + + # Loop over all files. + while(my $file = readdir DH) { + # Move them to the rules directory. + move "$tmp_rules_directory/$file" , "$rulespath/$file"; + } + + # Close directory handle. + closedir DH; +} + +# +## Function to cleanup the temporary IDS directroy. +# +sub cleanup_tmp_directory () { + # Load rmtree() function from file path perl module. + use File::Path 'rmtree'; + + # Delete temporary directory and all containing files. + rmtree([ "$tmp_directory" ]); }
# @@ -411,6 +860,157 @@ sub _store_error_message ($) { &set_ownership("$storederrorfile"); }
+# +## Private function to get the path and filename for a downloaded ruleset by a given provider. +# +sub _get_dl_rulesfile($) { + my ($provider) = @_; + + # Gather the download type for the given provider. + my $dl_type = $IDS::Ruleset::Providers{$provider}{'dl_type'}; + + # Obtain the file suffix for the download file type. + my $suffix = $dl_type_to_suffix{$dl_type}; + + # Check if a suffix has been found. + unless ($suffix) { + # Abort return - nothing. + return; + } + + # Generate the full filename and path for the stored rules file. + my $rulesfile = "$dl_rules_path/$dl_rulesfile_prefix-$provider$suffix"; + + # Return the generated filename. + return $rulesfile; +} + +# +## Tiny function to delete the stored ruleset file or tarball for a given provider. +# +sub drop_dl_rulesfile ($) { + my ($provider) = @_; + + # Gather the full path and name of the stored rulesfile. + my $rulesfile = &_get_dl_rulesfile($provider); + + # Check if the given rulesfile exists. + if (-f $rulesfile) { + # Delete the stored rulesfile. + unlink($rulesfile) or die "Could not delete $rulesfile. $!\n"; + } +} + +# +## Tiny function to get/generate the full path and filename for the providers oinkmaster +## modified sids file. +# +sub get_oinkmaster_provider_modified_sids_file ($) { + my ($provider) = @_; + + # Generate the filename. + my $filename = "$settingsdir/oinkmaster-$provider-modified-sids.conf"; + + # Return the filename. + return $filename; +} + +# +## Function to directly altering the oinkmaster provider includes file. +## +## Requires tha acition "remove" or "add" and a provider handle. +# +sub alter_oinkmaster_provider_includes_file ($$) { + my ($action, $provider) = @_; + + # Call function to get the path and name for the given providers + # oinkmaster modified sids file. + my $provider_modified_sids_file = &get_oinkmaster_provider_modified_sids_file($provider); + + # Open the file for reading.. + open (FILE, $oinkmaster_provider_includes_file) or die "Could not read $oinkmaster_provider_includes_file. $!\n"; + + # Read-in file content. + my @lines = <FILE>; + + # Close file after reading. + close(FILE); + + # Re-open the file for writing. + open(FILE, ">", $oinkmaster_provider_includes_file) or die "Could not write to $oinkmaster_provider_includes_file. $!\n"; + + # Loop through the file content. + foreach my $line (@lines) { + # Remove newlines. + chomp($line); + + # Skip line if we found our given provider and the action should be remove. + next if (($line =~ /$provider/) && ($action eq "remove")); + + # Write the read-in line back to the file. + print FILE "$line\n"; + } + + # Check if the file exists and add the provider if requested. + if ((-f $provider_modified_sids_file) && ($action eq "add")) { + print FILE "include $provider_modified_sids_file\n"; + } + + # Close file handle. + close(FILE); +} + +# +## Function to read-in the given enabled or disables sids file. +# +sub read_enabled_disabled_sids_file($) { + my ($file) = @_; + + # Temporary hash to store the sids and their state. It will be + # returned at the end of this function. + my %temphash; + + # Open the given filename. + open(FILE, "$file") or die "Could not open $file. $!\n"; + + # Loop through the file. + while(<FILE>) { + # Remove newlines. + chomp $_; + + # Skip blank lines. + next if ($_ =~ /^\s*$/); + + # Skip coments. + next if ($_ =~ /^#/); + + # Splitt line into sid and state part. + my ($state, $sid) = split(" ", $_); + + # Skip line if the sid is not numeric. + next unless ($sid =~ /\d+/ ); + + # Check if the sid was enabled. + if ($state eq "enablesid") { + # Add the sid and its state as enabled to the temporary hash. + $temphash{$sid} = "enabled"; + # Check if the sid was disabled. + } elsif ($state eq "disablesid") { + # Add the sid and its state as disabled to the temporary hash. + $temphash{$sid} = "disabled"; + # Invalid state - skip the current sid and state. + } else { + next; + } + } + + # Close filehandle. + close(FILE); + + # Return the hash. + return %temphash; +} + # ## Function to check if the IDS is running. # @@ -550,9 +1150,6 @@ sub _cleanup_rulesdir() { # We only want files. next unless (-f "$rulespath/$file");
- # Skip element if it has config as file extension. - next if ($file =~ m/.config$/); - # Skip rules file for whitelisted hosts. next if ("$rulespath/$file" eq $whitelist_file);
@@ -755,13 +1352,18 @@ sub generate_http_ports_file() { }
# -## Function to generate and write the file for used rulefiles. +## Function to generate and write the file for used rulefiles file for a given provider. +## +## The function requires as first argument a provider handle, and as second an array with files. # -sub write_used_rulefiles_file(@) { - my @files = @_; +sub write_used_provider_rulefiles_file($@) { + my ($provider, @files) = @_; + + # Get the path and file for the provider specific used rulefiles file. + my $used_provider_rulesfile_file = &get_used_provider_rulesfile_file($provider);
# Open file for used rulefiles. - open (FILE, ">$used_rulefiles_file") or die "Could not write to $used_rulefiles_file. $!\n"; + open (FILE, ">", "$used_provider_rulesfile_file") or die "Could not write to $used_provider_rulesfile_file. $!\n";
# Write yaml header to the file. print FILE "%YAML 1.1\n"; @@ -770,9 +1372,6 @@ sub write_used_rulefiles_file(@) { # Write header to file. print FILE "#Autogenerated file. Any custom changes will be overwritten!\n";
- # Allways use the whitelist. - print FILE " - whitelist.rules\n"; - # Loop through the array of given files. foreach my $file (@files) { # Check if the given filename exists and write it to the file of used rulefiles. @@ -785,18 +1384,117 @@ sub write_used_rulefiles_file(@) { close(FILE); }
+# +## Function to write the main file for provider rulesfiles inclusions. +## +## This function requires an array of provider handles. +# +sub write_main_used_rulefiles_file (@) { + my (@providers) = @_; + + # Call function to write the static rulefiles file. + &_write_default_rulefiles_file(); + + # Open file for used rulefils inclusion. + open (FILE, ">", "$suricata_used_providers_file") or die "Could not write to $suricata_used_providers_file. $!\n"; + + # Write yaml header to the file. + print FILE "%YAML 1.1\n"; + print FILE "---\n\n"; + + # Write header to file. + print FILE "#Autogenerated file. Any custom changes will be overwritten!\n"; + + # Loop through the list of given providers. + foreach my $provider (@providers) { + # Call function to get the providers used rulefiles file. + my $filename = &get_used_provider_rulesfile_file($provider); + + # Check if the file exists and write it into the used rulefiles file. + if (-f $filename) { + # Print the provider to the file. + print FILE "include: $filename\n"; + } + } + + # Close the filehandle after writing. + close(FILE); +} + +sub _write_default_rulefiles_file () { + # Get enabled application layer protocols. + my @enabled_app_layer_protos = &get_suricata_enabled_app_layer_protos(); + + # Open file. + open (FILE, ">", $suricata_default_rulefiles_file) or die "Could not write to $suricata_default_rulefiles_file. $!\n"; + + # Write yaml header to the file. + print FILE "%YAML 1.1\n"; + print FILE "---\n\n"; + + # Write notice about autogenerated file. + print FILE "#Autogenerated file. Any custom changes will be overwritten!\n"; + + # Loop through the array of static included rulesfiles. + foreach my $file (@static_included_rulefiles) { + # Check if the file exists. + if (-f "$rulespath/$file") { + # Write the rulesfile name to the file. + print FILE " - $rulespath/$file\n"; + } + } + + print FILE "\n#Default rules for used application layer protocols.\n"; + foreach my $enabled_app_layer_proto (@enabled_app_layer_protos) { + # Check if the current processed app layer proto needs to be translated + # into an application name. + if (exists($tr_app_layer_proto{$enabled_app_layer_proto})) { + # Obtain the translated application name for this protocol. + $enabled_app_layer_proto = $tr_app_layer_proto{$enabled_app_layer_proto}; + } + + # Generate filename. + my $rulesfile = "$default_rulespath/$enabled_app_layer_proto.rules"; + + # Check if such a file exists. + if (-f "$rulesfile") { + # Write the rulesfile name to the file. + print FILE " - $rulesfile\n"; + } + + # Generate filename with "events" in filename. + $rulesfile = "$default_rulespath/$enabled_app_layer_proto-events.rules"; + + # Check if this file exists. + if (-f "$rulesfile" ) { + # Write the rulesfile name to the file. + print FILE " - $rulesfile\n"; + } + } + + # Close the file handle + close(FILE); +} + +# +## Tiny function to generate the full path and name for the used_provider_rulesfile file of a given provider. +# +sub get_used_provider_rulesfile_file ($) { + my ($provider) = @_; + + my $filename = "$settingsdir/suricata-$provider-used-rulefiles.yaml"; + + # Return the gernerated file. + return $filename; +} + # ## Function to generate and write the file for modify the ruleset. # sub write_modify_sids_file() { # Get configured settings. my %idssettings=(); - my %rulessettings=(); &General::readhash("$ids_settings_file", %idssettings); - &General::readhash("$rules_settings_file", %rulessettings); - - # Gather the configured ruleset. - my $ruleset = $rulessettings{'RULES'};
# Open modify sid's file for writing. open(FILE, ">$modify_sids_file") or die "Could not write to $modify_sids_file. $!\n"; @@ -813,38 +1511,69 @@ sub write_modify_sids_file() { # malware in that file. Rules which fall into the first category should stay as # alert since not all flows of that type contain malware.
- if($ruleset eq 'registered' or $ruleset eq 'subscripted' or $ruleset eq 'community') { - # These types of rulesfiles contain meta-data which gives the action that should - # be used when in IPS mode. Do the following: - # - # 1. Disable all rules and set the action to 'drop' - # 2. Set the action back to 'alert' if the rule contains 'flowbits:noalert;' - # This should give rules not in the policy a reasonable default if the user - # manually enables them. - # 3. Enable rules and set actions according to the meta-data strings. + # These types of rulesfiles contain meta-data which gives the action that should + # be used when in IPS mode. Do the following: + # + # 1. Disable all rules and set the action to 'drop' + # 2. Set the action back to 'alert' if the rule contains 'flowbits:noalert;' + # This should give rules not in the policy a reasonable default if the user + # manually enables them. + # 3. Enable rules and set actions according to the meta-data strings.
- my $policy = 'balanced'; # Placeholder to allow policy to be changed. + my $policy = 'balanced'; # Placeholder to allow policy to be changed.
print FILE <<END; -modifysid * "^#?(?:alert|drop)" | "#drop" -modifysid * "^#drop(.+flowbits:noalert;)" | "#alert${1}" modifysid * "^#(?:alert|drop)(.+policy $policy-ips alert)" | "alert${1}" modifysid * "^#(?:alert|drop)(.+policy $policy-ips drop)" | "drop${1}" -END - } else { - # These rulefiles don't have the metadata, so set rules to 'drop' unless they - # contain the string 'flowbits:noalert;'. - print FILE <<END; modifysid * "^(#?)(?:alert|drop)" | "${1}drop" modifysid * "^(#?)drop(.+flowbits:noalert;)" | "${1}alert${2}" END } - }
# Close file handle. close(FILE); }
+# +## Function to get the ruleset date for a given provider. +## +## The function simply return the creation date in a human read-able format +## of the stored providers rulesfile. +# +sub get_ruleset_date($) { + my ($provider) = @_; + my $date; + my $mtime; + + # Load neccessary perl modules for file stat and to format the timestamp. + use File::stat; + use POSIX qw( strftime ); + + # Get the stored rulesfile for this provider. + my $stored_rulesfile = &_get_dl_rulesfile($provider); + + # Check if we got a file. + if (-f $stored_rulesfile) { + # Call stat on the rulestarball. + my $stat = stat("$stored_rulesfile"); + + # Get timestamp the file creation. + $mtime = $stat->mtime; + } + + # Check if the timestamp has not been grabbed. + unless ($mtime) { + # Return N/A for Not available. + return "N/A"; + } + + # Convert into human read-able format. + $date = strftime('%Y-%m-%d %H:%M:%S', localtime($mtime)); + + # Return the date. + return $date; +} + # ## Function to gather the version of suricata. # @@ -882,6 +1611,48 @@ sub get_suricata_version($) { } }
+# +## Function to get the enabled application layer protocols. +# +sub get_suricata_enabled_app_layer_protos() { + # Array to store and return the enabled app layer protos. + my @enabled_app_layer_protos = (); + + # Execute piped suricata command and return the list of + # enabled application layer protocols. + open(SURICATA, "suricata --list-app-layer-protos |") or die "Could not execute program: $!"; + + # Grab and store the list of enabled application layer protocols. + my @output = <SURICATA>; + + # Close pipe. + close(SURICATA); + + # Merge allways enabled static application layers protocols array. + @enabled_app_layer_protos = @static_enabled_app_layer_protos; + + # Loop through the array which contains the output of suricata. + foreach my $line (@output) { + # Skip header line which starts with "===". + next if ($line =~ /^\s*=/); + + # Skip info or warning lines. + next if ($line =~ /\s*--/); + + # Remove newlines. + chomp($line); + + # Add enabled app layer proto to the array. + push(@enabled_app_layer_protos, $line); + } + + # Sort the array. + @enabled_app_layer_protos = sort(@enabled_app_layer_protos); + + # Return the array. + return @enabled_app_layer_protos; +} + # ## Function to generate the rules file with whitelisted addresses. # @@ -918,7 +1689,7 @@ sub generate_ignore_file() { # Check if the address/network is valid. if ((&General::validip($address)) || (&General::validipandmask($address))) { # Write rule line to the file to pass any traffic from this IP - print FILE "pass ip $address any -> any any (msg:"pass all traffic from/to $address"; sid:$sid;)\n"; + print FILE "pass ip $address any -> any any (msg:"pass all traffic from/to $address"; bypass; sid:$sid;)\n";
# Increment sid. $sid++; @@ -1051,6 +1822,53 @@ sub get_red_address() { return; }
+# +## Function to get the used rules files of a given provider. +# +sub read_used_provider_rulesfiles($) { + my ($provider) = @_; + + # Array to store the used rulefiles. + my @used_rulesfiles = (); + + # Get the used rulesefile file for the provider. + my $rulesfile_file = &get_used_provider_rulesfile_file($provider); + + # Check if the a used rulesfile exists for this provider. + if (-f $rulesfile_file) { + # Open the file or used rulefiles and read-in content. + open(FILE, $rulesfile_file) or die "Could not open $rulesfile_file. $!\n"; + + while (<FILE>) { + # Assign the current line to a nice variable. + my $line = $_; + + # Remove newlines. + chomp($line); + + # Skip comments. + next if ($line =~ /#/); + + # Skip blank lines. + next if ($line =~ /^\s*$/); + + # Gather the rulefile. + if ($line =~ /.*- (.*)/) { + my $rulefile = $1; + + # Add the rulefile to the array of used rulesfiles. + push(@used_rulesfiles, $rulefile); + } + } + + # Close the file. + close(FILE); + } + + # Return the array of used rulesfiles. + return @used_rulesfiles; +} + # ## Function to write the lock file for locking the WUI, while ## the autoupdate script runs. diff --git a/config/collectd/collectd.conf b/config/collectd/collectd.conf index 941c631c9..2a0237100 100644 --- a/config/collectd/collectd.conf +++ b/config/collectd/collectd.conf @@ -51,6 +51,8 @@ include "/etc/collectd.precache" Chain filter POLICYFWD DROP_FORWARD Chain filter POLICYOUT DROP_OUTPUT Chain filter POLICYIN DROP_INPUT + Chain filter SPOOFED_MARTIAN DROP_SPOOFED_MARTIAN + Chain filter HOSTILE DROP_HOSTILE </Plugin>
#<Plugin logfile> @@ -73,11 +75,7 @@ include "/etc/collectd.precache" Process "charon" Process "openvpn" Process "qemu" - Process "rtorrent" Process "mpd" - Process "asterisk" - Process "java" - Process "spamd" </Plugin>
<Plugin rrdtool> diff --git a/config/etc/sysctl.conf b/config/etc/sysctl.conf index bc2d21c93..c8c775d13 100644 --- a/config/etc/sysctl.conf +++ b/config/etc/sysctl.conf @@ -12,13 +12,13 @@ net.ipv4.tcp_syn_retries = 3 net.ipv4.tcp_synack_retries = 3
net.ipv4.conf.default.arp_filter = 1 -net.ipv4.conf.default.rp_filter = 0 +net.ipv4.conf.default.rp_filter = 2 net.ipv4.conf.default.accept_redirects = 0 net.ipv4.conf.default.accept_source_route = 0 net.ipv4.conf.default.log_martians = 1
net.ipv4.conf.all.arp_filter = 1 -net.ipv4.conf.all.rp_filter = 0 +net.ipv4.conf.all.rp_filter = 2 net.ipv4.conf.all.accept_redirects = 0 net.ipv4.conf.all.accept_source_route = 0 net.ipv4.conf.all.log_martians = 1 diff --git a/config/kernel/kernel.config.aarch64-ipfire b/config/kernel/kernel.config.aarch64-ipfire index d42eb2b50..f8a5d3bda 100644 --- a/config/kernel/kernel.config.aarch64-ipfire +++ b/config/kernel/kernel.config.aarch64-ipfire @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/arm64 5.15.6-ipfire Kernel Configuration +# Linux/arm64 5.15.16-ipfire Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (GCC) 11.1.0" CONFIG_CC_IS_GCC=y diff --git a/config/kernel/kernel.config.armv6l-ipfire b/config/kernel/kernel.config.armv6l-ipfire index 5971fe34e..a6045d784 100644 --- a/config/kernel/kernel.config.armv6l-ipfire +++ b/config/kernel/kernel.config.armv6l-ipfire @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/arm 5.15.6-ipfire Kernel Configuration +# Linux/arm 5.15.16-ipfire Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (GCC) 11.1.0" CONFIG_CC_IS_GCC=y diff --git a/config/kernel/kernel.config.x86_64-ipfire b/config/kernel/kernel.config.x86_64-ipfire index 9ad4a2a83..7036a204f 100644 --- a/config/kernel/kernel.config.x86_64-ipfire +++ b/config/kernel/kernel.config.x86_64-ipfire @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 5.15.6-ipfire Kernel Configuration +# Linux/x86 5.15.16-ipfire Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (GCC) 11.1.0" CONFIG_CC_IS_GCC=y @@ -6373,7 +6373,6 @@ CONFIG_THINKPAD_ACPI_ALSA_SUPPORT=y CONFIG_THINKPAD_ACPI_VIDEO=y CONFIG_THINKPAD_ACPI_HOTKEY_POLL=y CONFIG_THINKPAD_LMI=m -CONFIG_X86_PLATFORM_DRIVERS_INTEL=y # CONFIG_INTEL_ATOMISP2_LED is not set # CONFIG_INTEL_ATOMISP2_PM is not set # CONFIG_INTEL_SAR_INT1092 is not set diff --git a/config/oinkmaster/oinkmaster.conf b/config/oinkmaster/oinkmaster.conf index 57c328139..4d4ee40ef 100644 --- a/config/oinkmaster/oinkmaster.conf +++ b/config/oinkmaster/oinkmaster.conf @@ -182,11 +182,8 @@ update_files = .rules$|.config$|.conf$|.txt$|.map$ # files from included files. Example to load stuff from "/etc/foo.conf". # include /etc/foo.conf
-# Include file for enabled sids. -include /var/ipfire/suricata/oinkmaster-enabled-sids.conf - -# Include file for disabled sids. -include /var/ipfire/suricata/oinkmaster-disabled-sids.conf +# Include file for provider specific includes. +include /var/ipfire/suricata/oinkmaster-provider-includes.conf
# Include file which defines the runmode of suricata. include /var/ipfire/suricata/oinkmaster-modify-sids.conf diff --git a/config/rootfiles/common/Net-DNS b/config/rootfiles/common/Net-DNS index 4afc1be07..2944299cc 100644 --- a/config/rootfiles/common/Net-DNS +++ b/config/rootfiles/common/Net-DNS @@ -1,3 +1,4 @@ +#usr/lib/perl5/site_perl/5.32.1/Net #usr/lib/perl5/site_perl/5.32.1/Net/DNS usr/lib/perl5/site_perl/5.32.1/Net/DNS.pm usr/lib/perl5/site_perl/5.32.1/Net/DNS/Domain.pm diff --git a/config/rootfiles/common/armv6l/python3 b/config/rootfiles/common/armv6l/python3 index c84d35b77..fc9d02982 100644 --- a/config/rootfiles/common/armv6l/python3 +++ b/config/rootfiles/common/armv6l/python3 @@ -786,7 +786,7 @@ usr/lib/python3.8/lib-dynload/_ctypes_test.cpython-38-arm-linux-gnueabi.so usr/lib/python3.8/lib-dynload/_curses.cpython-38-arm-linux-gnueabi.so usr/lib/python3.8/lib-dynload/_curses_panel.cpython-38-arm-linux-gnueabi.so usr/lib/python3.8/lib-dynload/_datetime.cpython-38-arm-linux-gnueabi.so -usr/lib/python3.8/lib-dynload/_dbm.cpython-38-arm-linux-gnueabi_failed.so +usr/lib/python3.8/lib-dynload/_dbm.cpython-38-arm-linux-gnueabi.so usr/lib/python3.8/lib-dynload/_decimal.cpython-38-arm-linux-gnueabi.so usr/lib/python3.8/lib-dynload/_elementtree.cpython-38-arm-linux-gnueabi.so usr/lib/python3.8/lib-dynload/_gdbm.cpython-38-arm-linux-gnueabi.so diff --git a/config/rootfiles/common/configroot b/config/rootfiles/common/configroot index 2dfc8ae1f..904c718c3 100644 --- a/config/rootfiles/common/configroot +++ b/config/rootfiles/common/configroot @@ -4,6 +4,7 @@ usr/sbin/convert-portfw usr/sbin/convert-snort usr/sbin/convert-xtaccess usr/sbin/convert-ids-modifysids-file +usr/sbin/convert-ids-multiple-providers usr/sbin/firewall-policy #var/ipfire var/ipfire/addon-lang diff --git a/config/rootfiles/common/expat b/config/rootfiles/common/expat index 4dcfe4a7d..ea0c2ded5 100644 --- a/config/rootfiles/common/expat +++ b/config/rootfiles/common/expat @@ -2,22 +2,22 @@ #usr/include/expat.h #usr/include/expat_config.h #usr/include/expat_external.h -#usr/lib/cmake/expat-2.4.1 -#usr/lib/cmake/expat-2.4.1/expat-config-version.cmake -#usr/lib/cmake/expat-2.4.1/expat-config.cmake -#usr/lib/cmake/expat-2.4.1/expat-noconfig.cmake -#usr/lib/cmake/expat-2.4.1/expat.cmake +#usr/lib/cmake/expat-2.4.2 +#usr/lib/cmake/expat-2.4.2/expat-config-version.cmake +#usr/lib/cmake/expat-2.4.2/expat-config.cmake +#usr/lib/cmake/expat-2.4.2/expat-noconfig.cmake +#usr/lib/cmake/expat-2.4.2/expat.cmake #usr/lib/libexpat.a #usr/lib/libexpat.la #usr/lib/libexpat.so usr/lib/libexpat.so.1 -usr/lib/libexpat.so.1.8.1 +usr/lib/libexpat.so.1.8.2 #usr/lib/pkgconfig/expat.pc #usr/share/doc/expat -#usr/share/doc/expat-2.4.1 -#usr/share/doc/expat-2.4.1/ok.min.css -#usr/share/doc/expat-2.4.1/reference.html -#usr/share/doc/expat-2.4.1/style.css -#usr/share/doc/expat-2.4.1/valid-xhtml10.png +#usr/share/doc/expat-2.4.2 +#usr/share/doc/expat-2.4.2/ok.min.css +#usr/share/doc/expat-2.4.2/reference.html +#usr/share/doc/expat-2.4.2/style.css +#usr/share/doc/expat-2.4.2/valid-xhtml10.png #usr/share/doc/expat/AUTHORS #usr/share/doc/expat/changelog diff --git a/config/rootfiles/common/freetype b/config/rootfiles/common/freetype index 24e9682e6..ceb06b4d6 100644 --- a/config/rootfiles/common/freetype +++ b/config/rootfiles/common/freetype @@ -59,7 +59,7 @@ #usr/lib/libfreetype.la #usr/lib/libfreetype.so usr/lib/libfreetype.so.6 -usr/lib/libfreetype.so.6.18.0 +usr/lib/libfreetype.so.6.18.1 #usr/lib/pkgconfig/freetype2.pc #usr/share/aclocal/freetype2.m4 #usr/share/man/man1/freetype-config.1 diff --git a/config/rootfiles/common/gdbm b/config/rootfiles/common/gdbm index a8289432d..db3814f22 100644 --- a/config/rootfiles/common/gdbm +++ b/config/rootfiles/common/gdbm @@ -1,16 +1,19 @@ +#usr/bin/gdbm_dump +#usr/bin/gdbm_load +#usr/bin/gdbmtool #usr/include/dbm.h #usr/include/gdbm.h #usr/include/ndbm.h -#usr/info/gdbm.info -#usr/lib/libgdbm.a #usr/lib/libgdbm.la -usr/lib/libgdbm.so -usr/lib/libgdbm.so.3 -usr/lib/libgdbm.so.3.0.0 -#usr/lib/libgdbm_compat.a +#usr/lib/libgdbm.so +usr/lib/libgdbm.so.6 +usr/lib/libgdbm.so.6.0.0 #usr/lib/libgdbm_compat.la -usr/lib/libgdbm_compat.so -usr/lib/libgdbm_compat.so.3 -usr/lib/libgdbm_compat.so.3.0.0 -#usr/man/man3 -#usr/man/man3/gdbm.3 +#usr/lib/libgdbm_compat.so +usr/lib/libgdbm_compat.so.4 +usr/lib/libgdbm_compat.so.4.0.0 +#usr/share/info/gdbm.info +#usr/share/man/man1/gdbm_dump.1 +#usr/share/man/man1/gdbm_load.1 +#usr/share/man/man1/gdbmtool.1 +#usr/share/man/man3/gdbm.3 diff --git a/config/rootfiles/common/kmod b/config/rootfiles/common/kmod index 56806fd1f..f46db860b 100644 --- a/config/rootfiles/common/kmod +++ b/config/rootfiles/common/kmod @@ -9,6 +9,6 @@ sbin/rmmod #usr/lib/libkmod.la #usr/lib/libkmod.so usr/lib/libkmod.so.2 -usr/lib/libkmod.so.2.3.6 +usr/lib/libkmod.so.2.3.7 #usr/lib/pkgconfig/libkmod.pc #usr/share/bash-completion/completions/kmod diff --git a/config/rootfiles/common/libusb b/config/rootfiles/common/libusb index 232574159..db0215195 100644 --- a/config/rootfiles/common/libusb +++ b/config/rootfiles/common/libusb @@ -5,5 +5,5 @@ etc/udev/rules.d/23-usb.rules #usr/lib/libusb-1.0.la #usr/lib/libusb-1.0.so usr/lib/libusb-1.0.so.0 -usr/lib/libusb-1.0.so.0.2.0 +usr/lib/libusb-1.0.so.0.3.0 #usr/lib/pkgconfig/libusb-1.0.pc diff --git a/config/rootfiles/common/libwww-perl b/config/rootfiles/common/libwww-perl deleted file mode 100644 index a3f79e4d7..000000000 --- a/config/rootfiles/common/libwww-perl +++ /dev/null @@ -1,102 +0,0 @@ -#usr/lib/perl5/site_perl/5.32.1/Bundle -usr/lib/perl5/site_perl/5.32.1/Bundle/LWP.pm -#usr/lib/perl5/site_perl/5.32.1/File -usr/lib/perl5/site_perl/5.32.1/File/Listing.pm -usr/lib/perl5/site_perl/5.32.1/HTML/Form.pm -#usr/lib/perl5/site_perl/5.32.1/HTTP -#usr/lib/perl5/site_perl/5.32.1/HTTP/Cookies -usr/lib/perl5/site_perl/5.32.1/HTTP/Cookies.pm -usr/lib/perl5/site_perl/5.32.1/HTTP/Cookies/Microsoft.pm -usr/lib/perl5/site_perl/5.32.1/HTTP/Cookies/Netscape.pm -usr/lib/perl5/site_perl/5.32.1/HTTP/Daemon.pm -usr/lib/perl5/site_perl/5.32.1/HTTP/Date.pm -#usr/lib/perl5/site_perl/5.32.1/HTTP/Headers -usr/lib/perl5/site_perl/5.32.1/HTTP/Headers.pm -usr/lib/perl5/site_perl/5.32.1/HTTP/Headers/Auth.pm -usr/lib/perl5/site_perl/5.32.1/HTTP/Headers/ETag.pm -usr/lib/perl5/site_perl/5.32.1/HTTP/Headers/Util.pm -usr/lib/perl5/site_perl/5.32.1/HTTP/Message.pm -usr/lib/perl5/site_perl/5.32.1/HTTP/Negotiate.pm -#usr/lib/perl5/site_perl/5.32.1/HTTP/Request -usr/lib/perl5/site_perl/5.32.1/HTTP/Request.pm -usr/lib/perl5/site_perl/5.32.1/HTTP/Request/Common.pm -usr/lib/perl5/site_perl/5.32.1/HTTP/Response.pm -usr/lib/perl5/site_perl/5.32.1/HTTP/Status.pm -#usr/lib/perl5/site_perl/5.32.1/LWP -usr/lib/perl5/site_perl/5.32.1/LWP.pm -#usr/lib/perl5/site_perl/5.32.1/LWP/Authen -usr/lib/perl5/site_perl/5.32.1/LWP/Authen/Basic.pm -usr/lib/perl5/site_perl/5.32.1/LWP/Authen/Digest.pm -usr/lib/perl5/site_perl/5.32.1/LWP/Authen/Ntlm.pm -usr/lib/perl5/site_perl/5.32.1/LWP/ConnCache.pm -usr/lib/perl5/site_perl/5.32.1/LWP/Debug.pm -usr/lib/perl5/site_perl/5.32.1/LWP/DebugFile.pm -usr/lib/perl5/site_perl/5.32.1/LWP/MediaTypes.pm -usr/lib/perl5/site_perl/5.32.1/LWP/MemberMixin.pm -#usr/lib/perl5/site_perl/5.32.1/LWP/Protocol -usr/lib/perl5/site_perl/5.32.1/LWP/Protocol.pm -usr/lib/perl5/site_perl/5.32.1/LWP/Protocol/GHTTP.pm -usr/lib/perl5/site_perl/5.32.1/LWP/Protocol/cpan.pm -usr/lib/perl5/site_perl/5.32.1/LWP/Protocol/data.pm -usr/lib/perl5/site_perl/5.32.1/LWP/Protocol/file.pm -usr/lib/perl5/site_perl/5.32.1/LWP/Protocol/ftp.pm -usr/lib/perl5/site_perl/5.32.1/LWP/Protocol/gopher.pm -usr/lib/perl5/site_perl/5.32.1/LWP/Protocol/http.pm -usr/lib/perl5/site_perl/5.32.1/LWP/Protocol/http10.pm -usr/lib/perl5/site_perl/5.32.1/LWP/Protocol/https.pm -usr/lib/perl5/site_perl/5.32.1/LWP/Protocol/https10.pm -usr/lib/perl5/site_perl/5.32.1/LWP/Protocol/loopback.pm -usr/lib/perl5/site_perl/5.32.1/LWP/Protocol/mailto.pm -usr/lib/perl5/site_perl/5.32.1/LWP/Protocol/nntp.pm -usr/lib/perl5/site_perl/5.32.1/LWP/Protocol/nogo.pm -usr/lib/perl5/site_perl/5.32.1/LWP/RobotUA.pm -usr/lib/perl5/site_perl/5.32.1/LWP/Simple.pm -usr/lib/perl5/site_perl/5.32.1/LWP/UserAgent.pm -usr/lib/perl5/site_perl/5.32.1/LWP/media.types -#usr/lib/perl5/site_perl/5.32.1/Net -#usr/lib/perl5/site_perl/5.32.1/Net/HTTP -usr/lib/perl5/site_perl/5.32.1/Net/HTTP.pm -usr/lib/perl5/site_perl/5.32.1/Net/HTTP/Methods.pm -usr/lib/perl5/site_perl/5.32.1/Net/HTTP/NB.pm -usr/lib/perl5/site_perl/5.32.1/Net/HTTPS.pm -#usr/lib/perl5/site_perl/5.32.1/WWW -#usr/lib/perl5/site_perl/5.32.1/WWW/RobotRules -usr/lib/perl5/site_perl/5.32.1/WWW/RobotRules.pm -usr/lib/perl5/site_perl/5.32.1/WWW/RobotRules/AnyDBM_File.pm -#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/libwww-perl -#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/libwww-perl/.packlist -#usr/lib/perl5/site_perl/5.32.1/lwpcook.pod -#usr/lib/perl5/site_perl/5.32.1/lwptut.pod -#usr/share/man/man3/Bundle::LWP.3 -#usr/share/man/man3/File::Listing.3 -#usr/share/man/man3/HTML::Form.3 -#usr/share/man/man3/HTTP::Cookies.3 -#usr/share/man/man3/HTTP::Cookies::Microsoft.3 -#usr/share/man/man3/HTTP::Cookies::Netscape.3 -#usr/share/man/man3/HTTP::Daemon.3 -#usr/share/man/man3/HTTP::Date.3 -#usr/share/man/man3/HTTP::Headers.3 -#usr/share/man/man3/HTTP::Headers::Util.3 -#usr/share/man/man3/HTTP::Message.3 -#usr/share/man/man3/HTTP::Negotiate.3 -#usr/share/man/man3/HTTP::Request.3 -#usr/share/man/man3/HTTP::Request::Common.3 -#usr/share/man/man3/HTTP::Response.3 -#usr/share/man/man3/HTTP::Status.3 -#usr/share/man/man3/LWP.3 -#usr/share/man/man3/LWP::Authen::Ntlm.3 -#usr/share/man/man3/LWP::ConnCache.3 -#usr/share/man/man3/LWP::Debug.3 -#usr/share/man/man3/LWP::DebugFile.3 -#usr/share/man/man3/LWP::MediaTypes.3 -#usr/share/man/man3/LWP::MemberMixin.3 -#usr/share/man/man3/LWP::Protocol.3 -#usr/share/man/man3/LWP::RobotUA.3 -#usr/share/man/man3/LWP::Simple.3 -#usr/share/man/man3/LWP::UserAgent.3 -#usr/share/man/man3/Net::HTTP.3 -#usr/share/man/man3/Net::HTTP::NB.3 -#usr/share/man/man3/WWW::RobotRules.3 -#usr/share/man/man3/WWW::RobotRules::AnyDBM_File.3 -#usr/share/man/man3/lwpcook.3 -#usr/share/man/man3/lwptut.3 diff --git a/config/rootfiles/common/libxml2 b/config/rootfiles/common/libxml2 index a1176d7af..e3fbe2ce6 100644 --- a/config/rootfiles/common/libxml2 +++ b/config/rootfiles/common/libxml2 @@ -55,171 +55,169 @@ #usr/lib/libxml2.la #usr/lib/libxml2.so usr/lib/libxml2.so.2 -usr/lib/libxml2.so.2.9.10 +usr/lib/libxml2.so.2.9.12 #usr/lib/pkgconfig/libxml-2.0.pc #usr/lib/xml2Conf.sh #usr/share/aclocal/libxml.m4 -#usr/share/doc/libxml2-2.9.10 -#usr/share/doc/libxml2-2.9.10/Copyright -#usr/share/doc/libxml2-2.9.10/examples -#usr/share/doc/libxml2-2.9.10/examples/testHTML.c -#usr/share/doc/libxml2-2.9.10/examples/testSAX.c -#usr/share/doc/libxml2-2.9.10/examples/testXPath.c -#usr/share/doc/libxml2-2.9.10/examples/xmllint.c -#usr/share/doc/libxml2-2.9.10/html -#usr/share/doc/libxml2-2.9.10/html/DOM.gif -#usr/share/doc/libxml2-2.9.10/html/FAQ.html -#usr/share/doc/libxml2-2.9.10/html/Libxml2-Logo-180x168.gif -#usr/share/doc/libxml2-2.9.10/html/Libxml2-Logo-90x34.gif -#usr/share/doc/libxml2-2.9.10/html/encoding.html -#usr/share/doc/libxml2-2.9.10/html/examples.xml -#usr/share/doc/libxml2-2.9.10/html/examples.xsl -#usr/share/doc/libxml2-2.9.10/html/html -#usr/share/doc/libxml2-2.9.10/html/html/book1.html -#usr/share/doc/libxml2-2.9.10/html/html/home.png -#usr/share/doc/libxml2-2.9.10/html/html/index.html -#usr/share/doc/libxml2-2.9.10/html/html/left.png -#usr/share/doc/libxml2-2.9.10/html/html/libxml-DOCBparser.html -#usr/share/doc/libxml2-2.9.10/html/html/libxml-HTMLparser.html -#usr/share/doc/libxml2-2.9.10/html/html/libxml-HTMLtree.html -#usr/share/doc/libxml2-2.9.10/html/html/libxml-SAX.html -#usr/share/doc/libxml2-2.9.10/html/html/libxml-SAX2.html -#usr/share/doc/libxml2-2.9.10/html/html/libxml-c14n.html -#usr/share/doc/libxml2-2.9.10/html/html/libxml-catalog.html -#usr/share/doc/libxml2-2.9.10/html/html/libxml-chvalid.html -#usr/share/doc/libxml2-2.9.10/html/html/libxml-debugXML.html -#usr/share/doc/libxml2-2.9.10/html/html/libxml-dict.html -#usr/share/doc/libxml2-2.9.10/html/html/libxml-encoding.html -#usr/share/doc/libxml2-2.9.10/html/html/libxml-entities.html -#usr/share/doc/libxml2-2.9.10/html/html/libxml-globals.html -#usr/share/doc/libxml2-2.9.10/html/html/libxml-hash.html -#usr/share/doc/libxml2-2.9.10/html/html/libxml-lib.html -#usr/share/doc/libxml2-2.9.10/html/html/libxml-list.html -#usr/share/doc/libxml2-2.9.10/html/html/libxml-nanoftp.html -#usr/share/doc/libxml2-2.9.10/html/html/libxml-nanohttp.html -#usr/share/doc/libxml2-2.9.10/html/html/libxml-parser.html -#usr/share/doc/libxml2-2.9.10/html/html/libxml-parserInternals.html -#usr/share/doc/libxml2-2.9.10/html/html/libxml-pattern.html -#usr/share/doc/libxml2-2.9.10/html/html/libxml-relaxng.html -#usr/share/doc/libxml2-2.9.10/html/html/libxml-schemasInternals.html -#usr/share/doc/libxml2-2.9.10/html/html/libxml-schematron.html -#usr/share/doc/libxml2-2.9.10/html/html/libxml-threads.html -#usr/share/doc/libxml2-2.9.10/html/html/libxml-tree.html -#usr/share/doc/libxml2-2.9.10/html/html/libxml-uri.html -#usr/share/doc/libxml2-2.9.10/html/html/libxml-valid.html -#usr/share/doc/libxml2-2.9.10/html/html/libxml-xinclude.html -#usr/share/doc/libxml2-2.9.10/html/html/libxml-xlink.html -#usr/share/doc/libxml2-2.9.10/html/html/libxml-xmlIO.html -#usr/share/doc/libxml2-2.9.10/html/html/libxml-xmlautomata.html -#usr/share/doc/libxml2-2.9.10/html/html/libxml-xmlerror.html -#usr/share/doc/libxml2-2.9.10/html/html/libxml-xmlexports.html -#usr/share/doc/libxml2-2.9.10/html/html/libxml-xmlmemory.html -#usr/share/doc/libxml2-2.9.10/html/html/libxml-xmlmodule.html -#usr/share/doc/libxml2-2.9.10/html/html/libxml-xmlreader.html -#usr/share/doc/libxml2-2.9.10/html/html/libxml-xmlregexp.html -#usr/share/doc/libxml2-2.9.10/html/html/libxml-xmlsave.html -#usr/share/doc/libxml2-2.9.10/html/html/libxml-xmlschemas.html -#usr/share/doc/libxml2-2.9.10/html/html/libxml-xmlschemastypes.html -#usr/share/doc/libxml2-2.9.10/html/html/libxml-xmlstring.html -#usr/share/doc/libxml2-2.9.10/html/html/libxml-xmlunicode.html -#usr/share/doc/libxml2-2.9.10/html/html/libxml-xmlversion.html -#usr/share/doc/libxml2-2.9.10/html/html/libxml-xmlwriter.html -#usr/share/doc/libxml2-2.9.10/html/html/libxml-xpath.html -#usr/share/doc/libxml2-2.9.10/html/html/libxml-xpathInternals.html -#usr/share/doc/libxml2-2.9.10/html/html/libxml-xpointer.html -#usr/share/doc/libxml2-2.9.10/html/html/right.png -#usr/share/doc/libxml2-2.9.10/html/html/up.png -#usr/share/doc/libxml2-2.9.10/html/index.html -#usr/share/doc/libxml2-2.9.10/html/io1.c -#usr/share/doc/libxml2-2.9.10/html/io1.res -#usr/share/doc/libxml2-2.9.10/html/io2.c -#usr/share/doc/libxml2-2.9.10/html/io2.res -#usr/share/doc/libxml2-2.9.10/html/libxml.gif -#usr/share/doc/libxml2-2.9.10/html/parse1.c -#usr/share/doc/libxml2-2.9.10/html/parse2.c -#usr/share/doc/libxml2-2.9.10/html/parse3.c -#usr/share/doc/libxml2-2.9.10/html/parse4.c -#usr/share/doc/libxml2-2.9.10/html/reader1.c -#usr/share/doc/libxml2-2.9.10/html/reader1.res -#usr/share/doc/libxml2-2.9.10/html/reader2.c -#usr/share/doc/libxml2-2.9.10/html/reader3.c -#usr/share/doc/libxml2-2.9.10/html/reader3.res -#usr/share/doc/libxml2-2.9.10/html/reader4.c -#usr/share/doc/libxml2-2.9.10/html/reader4.res -#usr/share/doc/libxml2-2.9.10/html/redhat.gif -#usr/share/doc/libxml2-2.9.10/html/smallfootonly.gif -#usr/share/doc/libxml2-2.9.10/html/structure.gif -#usr/share/doc/libxml2-2.9.10/html/test1.xml -#usr/share/doc/libxml2-2.9.10/html/test2.xml -#usr/share/doc/libxml2-2.9.10/html/test3.xml -#usr/share/doc/libxml2-2.9.10/html/testWriter.c -#usr/share/doc/libxml2-2.9.10/html/tree1.c -#usr/share/doc/libxml2-2.9.10/html/tree1.res -#usr/share/doc/libxml2-2.9.10/html/tree2.c -#usr/share/doc/libxml2-2.9.10/html/tree2.res -#usr/share/doc/libxml2-2.9.10/html/tst.xml -#usr/share/doc/libxml2-2.9.10/html/tutorial -#usr/share/doc/libxml2-2.9.10/html/tutorial/apa.html -#usr/share/doc/libxml2-2.9.10/html/tutorial/apb.html -#usr/share/doc/libxml2-2.9.10/html/tutorial/apc.html -#usr/share/doc/libxml2-2.9.10/html/tutorial/apd.html -#usr/share/doc/libxml2-2.9.10/html/tutorial/ape.html -#usr/share/doc/libxml2-2.9.10/html/tutorial/apf.html -#usr/share/doc/libxml2-2.9.10/html/tutorial/apg.html -#usr/share/doc/libxml2-2.9.10/html/tutorial/aph.html -#usr/share/doc/libxml2-2.9.10/html/tutorial/api.html -#usr/share/doc/libxml2-2.9.10/html/tutorial/ar01s02.html -#usr/share/doc/libxml2-2.9.10/html/tutorial/ar01s03.html -#usr/share/doc/libxml2-2.9.10/html/tutorial/ar01s04.html -#usr/share/doc/libxml2-2.9.10/html/tutorial/ar01s05.html -#usr/share/doc/libxml2-2.9.10/html/tutorial/ar01s06.html -#usr/share/doc/libxml2-2.9.10/html/tutorial/ar01s07.html -#usr/share/doc/libxml2-2.9.10/html/tutorial/ar01s08.html -#usr/share/doc/libxml2-2.9.10/html/tutorial/ar01s09.html -#usr/share/doc/libxml2-2.9.10/html/tutorial/images -#usr/share/doc/libxml2-2.9.10/html/tutorial/images/blank.png -#usr/share/doc/libxml2-2.9.10/html/tutorial/images/callouts -#usr/share/doc/libxml2-2.9.10/html/tutorial/images/callouts/1.png -#usr/share/doc/libxml2-2.9.10/html/tutorial/images/callouts/10.png -#usr/share/doc/libxml2-2.9.10/html/tutorial/images/callouts/2.png -#usr/share/doc/libxml2-2.9.10/html/tutorial/images/callouts/3.png -#usr/share/doc/libxml2-2.9.10/html/tutorial/images/callouts/4.png -#usr/share/doc/libxml2-2.9.10/html/tutorial/images/callouts/5.png -#usr/share/doc/libxml2-2.9.10/html/tutorial/images/callouts/6.png -#usr/share/doc/libxml2-2.9.10/html/tutorial/images/callouts/7.png -#usr/share/doc/libxml2-2.9.10/html/tutorial/images/callouts/8.png -#usr/share/doc/libxml2-2.9.10/html/tutorial/images/callouts/9.png -#usr/share/doc/libxml2-2.9.10/html/tutorial/images/caution.png -#usr/share/doc/libxml2-2.9.10/html/tutorial/images/draft.png -#usr/share/doc/libxml2-2.9.10/html/tutorial/images/home.png -#usr/share/doc/libxml2-2.9.10/html/tutorial/images/important.png -#usr/share/doc/libxml2-2.9.10/html/tutorial/images/next.png -#usr/share/doc/libxml2-2.9.10/html/tutorial/images/note.png -#usr/share/doc/libxml2-2.9.10/html/tutorial/images/prev.png -#usr/share/doc/libxml2-2.9.10/html/tutorial/images/tip.png -#usr/share/doc/libxml2-2.9.10/html/tutorial/images/toc-blank.png -#usr/share/doc/libxml2-2.9.10/html/tutorial/images/toc-minus.png -#usr/share/doc/libxml2-2.9.10/html/tutorial/images/toc-plus.png -#usr/share/doc/libxml2-2.9.10/html/tutorial/images/up.png -#usr/share/doc/libxml2-2.9.10/html/tutorial/images/warning.png -#usr/share/doc/libxml2-2.9.10/html/tutorial/includeaddattribute.c -#usr/share/doc/libxml2-2.9.10/html/tutorial/includeaddkeyword.c -#usr/share/doc/libxml2-2.9.10/html/tutorial/includeconvert.c -#usr/share/doc/libxml2-2.9.10/html/tutorial/includegetattribute.c -#usr/share/doc/libxml2-2.9.10/html/tutorial/includekeyword.c -#usr/share/doc/libxml2-2.9.10/html/tutorial/includexpath.c -#usr/share/doc/libxml2-2.9.10/html/tutorial/index.html -#usr/share/doc/libxml2-2.9.10/html/tutorial/ix01.html -#usr/share/doc/libxml2-2.9.10/html/tutorial/xmltutorial.pdf -#usr/share/doc/libxml2-2.9.10/html/w3c.png -#usr/share/doc/libxml2-2.9.10/html/writer.xml -#usr/share/doc/libxml2-2.9.10/html/xml.html -#usr/share/doc/libxml2-2.9.10/html/xpath1.c -#usr/share/doc/libxml2-2.9.10/html/xpath1.res -#usr/share/doc/libxml2-2.9.10/html/xpath2.c -#usr/share/doc/libxml2-2.9.10/html/xpath2.res -#usr/share/gtk-doc -#usr/share/gtk-doc/html +#usr/share/doc/libxml2-2.9.12 +#usr/share/doc/libxml2-2.9.12/Copyright +#usr/share/doc/libxml2-2.9.12/examples +#usr/share/doc/libxml2-2.9.12/examples/testHTML.c +#usr/share/doc/libxml2-2.9.12/examples/testSAX.c +#usr/share/doc/libxml2-2.9.12/examples/testXPath.c +#usr/share/doc/libxml2-2.9.12/examples/xmllint.c +#usr/share/doc/libxml2-2.9.12/html +#usr/share/doc/libxml2-2.9.12/html/DOM.gif +#usr/share/doc/libxml2-2.9.12/html/FAQ.html +#usr/share/doc/libxml2-2.9.12/html/Libxml2-Logo-180x168.gif +#usr/share/doc/libxml2-2.9.12/html/Libxml2-Logo-90x34.gif +#usr/share/doc/libxml2-2.9.12/html/encoding.html +#usr/share/doc/libxml2-2.9.12/html/examples.xml +#usr/share/doc/libxml2-2.9.12/html/examples.xsl +#usr/share/doc/libxml2-2.9.12/html/html +#usr/share/doc/libxml2-2.9.12/html/html/book1.html +#usr/share/doc/libxml2-2.9.12/html/html/home.png +#usr/share/doc/libxml2-2.9.12/html/html/index.html +#usr/share/doc/libxml2-2.9.12/html/html/left.png +#usr/share/doc/libxml2-2.9.12/html/html/libxml-DOCBparser.html +#usr/share/doc/libxml2-2.9.12/html/html/libxml-HTMLparser.html +#usr/share/doc/libxml2-2.9.12/html/html/libxml-HTMLtree.html +#usr/share/doc/libxml2-2.9.12/html/html/libxml-SAX.html +#usr/share/doc/libxml2-2.9.12/html/html/libxml-SAX2.html +#usr/share/doc/libxml2-2.9.12/html/html/libxml-c14n.html +#usr/share/doc/libxml2-2.9.12/html/html/libxml-catalog.html +#usr/share/doc/libxml2-2.9.12/html/html/libxml-chvalid.html +#usr/share/doc/libxml2-2.9.12/html/html/libxml-debugXML.html +#usr/share/doc/libxml2-2.9.12/html/html/libxml-dict.html +#usr/share/doc/libxml2-2.9.12/html/html/libxml-encoding.html +#usr/share/doc/libxml2-2.9.12/html/html/libxml-entities.html +#usr/share/doc/libxml2-2.9.12/html/html/libxml-globals.html +#usr/share/doc/libxml2-2.9.12/html/html/libxml-hash.html +#usr/share/doc/libxml2-2.9.12/html/html/libxml-lib.html +#usr/share/doc/libxml2-2.9.12/html/html/libxml-list.html +#usr/share/doc/libxml2-2.9.12/html/html/libxml-nanoftp.html +#usr/share/doc/libxml2-2.9.12/html/html/libxml-nanohttp.html +#usr/share/doc/libxml2-2.9.12/html/html/libxml-parser.html +#usr/share/doc/libxml2-2.9.12/html/html/libxml-parserInternals.html +#usr/share/doc/libxml2-2.9.12/html/html/libxml-pattern.html +#usr/share/doc/libxml2-2.9.12/html/html/libxml-relaxng.html +#usr/share/doc/libxml2-2.9.12/html/html/libxml-schemasInternals.html +#usr/share/doc/libxml2-2.9.12/html/html/libxml-schematron.html +#usr/share/doc/libxml2-2.9.12/html/html/libxml-threads.html +#usr/share/doc/libxml2-2.9.12/html/html/libxml-tree.html +#usr/share/doc/libxml2-2.9.12/html/html/libxml-uri.html +#usr/share/doc/libxml2-2.9.12/html/html/libxml-valid.html +#usr/share/doc/libxml2-2.9.12/html/html/libxml-xinclude.html +#usr/share/doc/libxml2-2.9.12/html/html/libxml-xlink.html +#usr/share/doc/libxml2-2.9.12/html/html/libxml-xmlIO.html +#usr/share/doc/libxml2-2.9.12/html/html/libxml-xmlautomata.html +#usr/share/doc/libxml2-2.9.12/html/html/libxml-xmlerror.html +#usr/share/doc/libxml2-2.9.12/html/html/libxml-xmlexports.html +#usr/share/doc/libxml2-2.9.12/html/html/libxml-xmlmemory.html +#usr/share/doc/libxml2-2.9.12/html/html/libxml-xmlmodule.html +#usr/share/doc/libxml2-2.9.12/html/html/libxml-xmlreader.html +#usr/share/doc/libxml2-2.9.12/html/html/libxml-xmlregexp.html +#usr/share/doc/libxml2-2.9.12/html/html/libxml-xmlsave.html +#usr/share/doc/libxml2-2.9.12/html/html/libxml-xmlschemas.html +#usr/share/doc/libxml2-2.9.12/html/html/libxml-xmlschemastypes.html +#usr/share/doc/libxml2-2.9.12/html/html/libxml-xmlstring.html +#usr/share/doc/libxml2-2.9.12/html/html/libxml-xmlunicode.html +#usr/share/doc/libxml2-2.9.12/html/html/libxml-xmlversion.html +#usr/share/doc/libxml2-2.9.12/html/html/libxml-xmlwriter.html +#usr/share/doc/libxml2-2.9.12/html/html/libxml-xpath.html +#usr/share/doc/libxml2-2.9.12/html/html/libxml-xpathInternals.html +#usr/share/doc/libxml2-2.9.12/html/html/libxml-xpointer.html +#usr/share/doc/libxml2-2.9.12/html/html/right.png +#usr/share/doc/libxml2-2.9.12/html/html/up.png +#usr/share/doc/libxml2-2.9.12/html/index.html +#usr/share/doc/libxml2-2.9.12/html/io1.c +#usr/share/doc/libxml2-2.9.12/html/io1.res +#usr/share/doc/libxml2-2.9.12/html/io2.c +#usr/share/doc/libxml2-2.9.12/html/io2.res +#usr/share/doc/libxml2-2.9.12/html/libxml.gif +#usr/share/doc/libxml2-2.9.12/html/parse1.c +#usr/share/doc/libxml2-2.9.12/html/parse2.c +#usr/share/doc/libxml2-2.9.12/html/parse3.c +#usr/share/doc/libxml2-2.9.12/html/parse4.c +#usr/share/doc/libxml2-2.9.12/html/reader1.c +#usr/share/doc/libxml2-2.9.12/html/reader1.res +#usr/share/doc/libxml2-2.9.12/html/reader2.c +#usr/share/doc/libxml2-2.9.12/html/reader3.c +#usr/share/doc/libxml2-2.9.12/html/reader3.res +#usr/share/doc/libxml2-2.9.12/html/reader4.c +#usr/share/doc/libxml2-2.9.12/html/reader4.res +#usr/share/doc/libxml2-2.9.12/html/redhat.gif +#usr/share/doc/libxml2-2.9.12/html/smallfootonly.gif +#usr/share/doc/libxml2-2.9.12/html/structure.gif +#usr/share/doc/libxml2-2.9.12/html/test1.xml +#usr/share/doc/libxml2-2.9.12/html/test2.xml +#usr/share/doc/libxml2-2.9.12/html/test3.xml +#usr/share/doc/libxml2-2.9.12/html/testWriter.c +#usr/share/doc/libxml2-2.9.12/html/tree1.c +#usr/share/doc/libxml2-2.9.12/html/tree1.res +#usr/share/doc/libxml2-2.9.12/html/tree2.c +#usr/share/doc/libxml2-2.9.12/html/tree2.res +#usr/share/doc/libxml2-2.9.12/html/tst.xml +#usr/share/doc/libxml2-2.9.12/html/tutorial +#usr/share/doc/libxml2-2.9.12/html/tutorial/apa.html +#usr/share/doc/libxml2-2.9.12/html/tutorial/apb.html +#usr/share/doc/libxml2-2.9.12/html/tutorial/apc.html +#usr/share/doc/libxml2-2.9.12/html/tutorial/apd.html +#usr/share/doc/libxml2-2.9.12/html/tutorial/ape.html +#usr/share/doc/libxml2-2.9.12/html/tutorial/apf.html +#usr/share/doc/libxml2-2.9.12/html/tutorial/apg.html +#usr/share/doc/libxml2-2.9.12/html/tutorial/aph.html +#usr/share/doc/libxml2-2.9.12/html/tutorial/api.html +#usr/share/doc/libxml2-2.9.12/html/tutorial/ar01s02.html +#usr/share/doc/libxml2-2.9.12/html/tutorial/ar01s03.html +#usr/share/doc/libxml2-2.9.12/html/tutorial/ar01s04.html +#usr/share/doc/libxml2-2.9.12/html/tutorial/ar01s05.html +#usr/share/doc/libxml2-2.9.12/html/tutorial/ar01s06.html +#usr/share/doc/libxml2-2.9.12/html/tutorial/ar01s07.html +#usr/share/doc/libxml2-2.9.12/html/tutorial/ar01s08.html +#usr/share/doc/libxml2-2.9.12/html/tutorial/ar01s09.html +#usr/share/doc/libxml2-2.9.12/html/tutorial/images +#usr/share/doc/libxml2-2.9.12/html/tutorial/images/blank.png +#usr/share/doc/libxml2-2.9.12/html/tutorial/images/callouts +#usr/share/doc/libxml2-2.9.12/html/tutorial/images/callouts/1.png +#usr/share/doc/libxml2-2.9.12/html/tutorial/images/callouts/10.png +#usr/share/doc/libxml2-2.9.12/html/tutorial/images/callouts/2.png +#usr/share/doc/libxml2-2.9.12/html/tutorial/images/callouts/3.png +#usr/share/doc/libxml2-2.9.12/html/tutorial/images/callouts/4.png +#usr/share/doc/libxml2-2.9.12/html/tutorial/images/callouts/5.png +#usr/share/doc/libxml2-2.9.12/html/tutorial/images/callouts/6.png +#usr/share/doc/libxml2-2.9.12/html/tutorial/images/callouts/7.png +#usr/share/doc/libxml2-2.9.12/html/tutorial/images/callouts/8.png +#usr/share/doc/libxml2-2.9.12/html/tutorial/images/callouts/9.png +#usr/share/doc/libxml2-2.9.12/html/tutorial/images/caution.png +#usr/share/doc/libxml2-2.9.12/html/tutorial/images/draft.png +#usr/share/doc/libxml2-2.9.12/html/tutorial/images/home.png +#usr/share/doc/libxml2-2.9.12/html/tutorial/images/important.png +#usr/share/doc/libxml2-2.9.12/html/tutorial/images/next.png +#usr/share/doc/libxml2-2.9.12/html/tutorial/images/note.png +#usr/share/doc/libxml2-2.9.12/html/tutorial/images/prev.png +#usr/share/doc/libxml2-2.9.12/html/tutorial/images/tip.png +#usr/share/doc/libxml2-2.9.12/html/tutorial/images/toc-blank.png +#usr/share/doc/libxml2-2.9.12/html/tutorial/images/toc-minus.png +#usr/share/doc/libxml2-2.9.12/html/tutorial/images/toc-plus.png +#usr/share/doc/libxml2-2.9.12/html/tutorial/images/up.png +#usr/share/doc/libxml2-2.9.12/html/tutorial/images/warning.png +#usr/share/doc/libxml2-2.9.12/html/tutorial/includeaddattribute.c +#usr/share/doc/libxml2-2.9.12/html/tutorial/includeaddkeyword.c +#usr/share/doc/libxml2-2.9.12/html/tutorial/includeconvert.c +#usr/share/doc/libxml2-2.9.12/html/tutorial/includegetattribute.c +#usr/share/doc/libxml2-2.9.12/html/tutorial/includekeyword.c +#usr/share/doc/libxml2-2.9.12/html/tutorial/includexpath.c +#usr/share/doc/libxml2-2.9.12/html/tutorial/index.html +#usr/share/doc/libxml2-2.9.12/html/tutorial/ix01.html +#usr/share/doc/libxml2-2.9.12/html/tutorial/xmltutorial.pdf +#usr/share/doc/libxml2-2.9.12/html/w3c.png +#usr/share/doc/libxml2-2.9.12/html/writer.xml +#usr/share/doc/libxml2-2.9.12/html/xml.html +#usr/share/doc/libxml2-2.9.12/html/xpath1.c +#usr/share/doc/libxml2-2.9.12/html/xpath1.res +#usr/share/doc/libxml2-2.9.12/html/xpath2.c +#usr/share/doc/libxml2-2.9.12/html/xpath2.res #usr/share/gtk-doc/html/libxml2 #usr/share/gtk-doc/html/libxml2/general.html #usr/share/gtk-doc/html/libxml2/home.png diff --git a/config/rootfiles/common/libxslt b/config/rootfiles/common/libxslt index 3c8d144a5..fc96538ab 100644 --- a/config/rootfiles/common/libxslt +++ b/config/rootfiles/common/libxslt @@ -26,127 +26,114 @@ usr/bin/xsltproc #usr/include/libxslt/xsltexports.h #usr/include/libxslt/xsltlocale.h #usr/include/libxslt/xsltutils.h -#usr/lib/libexslt.a #usr/lib/libexslt.la -usr/lib/libexslt.so +#usr/lib/libexslt.so usr/lib/libexslt.so.0 -usr/lib/libexslt.so.0.8.17 +usr/lib/libexslt.so.0.8.20 #usr/lib/libxslt-plugins -#usr/lib/libxslt.a #usr/lib/libxslt.la -usr/lib/libxslt.so +#usr/lib/libxslt.so usr/lib/libxslt.so.1 -usr/lib/libxslt.so.1.1.28 +usr/lib/libxslt.so.1.1.34 #usr/lib/pkgconfig/libexslt.pc #usr/lib/pkgconfig/libxslt.pc #usr/lib/xsltConf.sh #usr/share/aclocal/libxslt.m4 -#usr/share/doc/libxslt-1.1.28 -#usr/share/doc/libxslt-1.1.28/html -#usr/share/doc/libxslt-1.1.28/html/API.html -#usr/share/doc/libxslt-1.1.28/html/APIchunk0.html -#usr/share/doc/libxslt-1.1.28/html/APIchunk1.html -#usr/share/doc/libxslt-1.1.28/html/APIchunk10.html -#usr/share/doc/libxslt-1.1.28/html/APIchunk11.html -#usr/share/doc/libxslt-1.1.28/html/APIchunk12.html -#usr/share/doc/libxslt-1.1.28/html/APIchunk13.html -#usr/share/doc/libxslt-1.1.28/html/APIchunk2.html -#usr/share/doc/libxslt-1.1.28/html/APIchunk3.html -#usr/share/doc/libxslt-1.1.28/html/APIchunk4.html -#usr/share/doc/libxslt-1.1.28/html/APIchunk5.html -#usr/share/doc/libxslt-1.1.28/html/APIchunk6.html -#usr/share/doc/libxslt-1.1.28/html/APIchunk7.html -#usr/share/doc/libxslt-1.1.28/html/APIchunk8.html -#usr/share/doc/libxslt-1.1.28/html/APIchunk9.html -#usr/share/doc/libxslt-1.1.28/html/APIconstructors.html -#usr/share/doc/libxslt-1.1.28/html/APIfiles.html -#usr/share/doc/libxslt-1.1.28/html/APIfunctions.html -#usr/share/doc/libxslt-1.1.28/html/APIsymbols.html -#usr/share/doc/libxslt-1.1.28/html/EXSLT -#usr/share/doc/libxslt-1.1.28/html/EXSLT/APIchunk0.html -#usr/share/doc/libxslt-1.1.28/html/EXSLT/APIconstructors.html -#usr/share/doc/libxslt-1.1.28/html/EXSLT/APIfiles.html -#usr/share/doc/libxslt-1.1.28/html/EXSLT/APIfunctions.html -#usr/share/doc/libxslt-1.1.28/html/EXSLT/APIsymbols.html -#usr/share/doc/libxslt-1.1.28/html/EXSLT/bugs.html -#usr/share/doc/libxslt-1.1.28/html/EXSLT/docs.html -#usr/share/doc/libxslt-1.1.28/html/EXSLT/downloads.html -#usr/share/doc/libxslt-1.1.28/html/EXSLT/exslt.html -#usr/share/doc/libxslt-1.1.28/html/EXSLT/help.html -#usr/share/doc/libxslt-1.1.28/html/EXSLT/index.html -#usr/share/doc/libxslt-1.1.28/html/EXSLT/intro.html -#usr/share/doc/libxslt-1.1.28/html/FAQ.html -#usr/share/doc/libxslt-1.1.28/html/Libxslt-Logo-180x168.gif -#usr/share/doc/libxslt-1.1.28/html/Libxslt-Logo-90x34.gif -#usr/share/doc/libxslt-1.1.28/html/bugs.html -#usr/share/doc/libxslt-1.1.28/html/contexts.gif -#usr/share/doc/libxslt-1.1.28/html/contribs.html -#usr/share/doc/libxslt-1.1.28/html/docbook.html -#usr/share/doc/libxslt-1.1.28/html/docs.html -#usr/share/doc/libxslt-1.1.28/html/downloads.html -#usr/share/doc/libxslt-1.1.28/html/extensions.html -#usr/share/doc/libxslt-1.1.28/html/help.html -#usr/share/doc/libxslt-1.1.28/html/html -#usr/share/doc/libxslt-1.1.28/html/html/book1.html -#usr/share/doc/libxslt-1.1.28/html/html/home.png -#usr/share/doc/libxslt-1.1.28/html/html/index.html -#usr/share/doc/libxslt-1.1.28/html/html/left.png -#usr/share/doc/libxslt-1.1.28/html/html/libxslt-attributes.html -#usr/share/doc/libxslt-1.1.28/html/html/libxslt-documents.html -#usr/share/doc/libxslt-1.1.28/html/html/libxslt-extensions.html -#usr/share/doc/libxslt-1.1.28/html/html/libxslt-extra.html -#usr/share/doc/libxslt-1.1.28/html/html/libxslt-functions.html -#usr/share/doc/libxslt-1.1.28/html/html/libxslt-imports.html -#usr/share/doc/libxslt-1.1.28/html/html/libxslt-keys.html -#usr/share/doc/libxslt-1.1.28/html/html/libxslt-lib.html -#usr/share/doc/libxslt-1.1.28/html/html/libxslt-namespaces.html -#usr/share/doc/libxslt-1.1.28/html/html/libxslt-numbersInternals.html -#usr/share/doc/libxslt-1.1.28/html/html/libxslt-pattern.html -#usr/share/doc/libxslt-1.1.28/html/html/libxslt-preproc.html -#usr/share/doc/libxslt-1.1.28/html/html/libxslt-security.html -#usr/share/doc/libxslt-1.1.28/html/html/libxslt-templates.html -#usr/share/doc/libxslt-1.1.28/html/html/libxslt-transform.html -#usr/share/doc/libxslt-1.1.28/html/html/libxslt-variables.html -#usr/share/doc/libxslt-1.1.28/html/html/libxslt-xslt.html -#usr/share/doc/libxslt-1.1.28/html/html/libxslt-xsltInternals.html -#usr/share/doc/libxslt-1.1.28/html/html/libxslt-xsltexports.html -#usr/share/doc/libxslt-1.1.28/html/html/libxslt-xsltlocale.html -#usr/share/doc/libxslt-1.1.28/html/html/libxslt-xsltutils.html -#usr/share/doc/libxslt-1.1.28/html/html/right.png -#usr/share/doc/libxslt-1.1.28/html/html/up.png -#usr/share/doc/libxslt-1.1.28/html/index.html -#usr/share/doc/libxslt-1.1.28/html/internals.html -#usr/share/doc/libxslt-1.1.28/html/intro.html -#usr/share/doc/libxslt-1.1.28/html/news.html -#usr/share/doc/libxslt-1.1.28/html/node.gif -#usr/share/doc/libxslt-1.1.28/html/object.gif -#usr/share/doc/libxslt-1.1.28/html/processing.gif -#usr/share/doc/libxslt-1.1.28/html/python.html -#usr/share/doc/libxslt-1.1.28/html/redhat.gif -#usr/share/doc/libxslt-1.1.28/html/smallfootonly.gif -#usr/share/doc/libxslt-1.1.28/html/stylesheet.gif -#usr/share/doc/libxslt-1.1.28/html/templates.gif -#usr/share/doc/libxslt-1.1.28/html/tutorial -#usr/share/doc/libxslt-1.1.28/html/tutorial/libxslt_tutorial.c -#usr/share/doc/libxslt-1.1.28/html/tutorial/libxslttutorial.html -#usr/share/doc/libxslt-1.1.28/html/tutorial/libxslttutorial.xml -#usr/share/doc/libxslt-1.1.28/html/tutorial2 -#usr/share/doc/libxslt-1.1.28/html/tutorial2/libxslt_pipes.c -#usr/share/doc/libxslt-1.1.28/html/tutorial2/libxslt_pipes.html -#usr/share/doc/libxslt-1.1.28/html/tutorial2/libxslt_pipes.xml -#usr/share/doc/libxslt-1.1.28/html/xslt.html -#usr/share/doc/libxslt-1.1.28/html/xsltproc.html -#usr/share/doc/libxslt-1.1.28/html/xsltproc2.html -#usr/share/doc/libxslt-python-1.1.28 -#usr/share/doc/libxslt-python-1.1.28/TODO -#usr/share/doc/libxslt-python-1.1.28/examples -#usr/share/doc/libxslt-python-1.1.28/examples/basic.py -#usr/share/doc/libxslt-python-1.1.28/examples/exslt.py -#usr/share/doc/libxslt-python-1.1.28/examples/extelem.py -#usr/share/doc/libxslt-python-1.1.28/examples/extfunc.py -#usr/share/doc/libxslt-python-1.1.28/examples/pyxsltproc.py -#usr/share/doc/libxslt-python-1.1.28/examples/test.xml -#usr/share/doc/libxslt-python-1.1.28/examples/test.xsl +#usr/share/doc/libxslt-1.1.34 +#usr/share/doc/libxslt-1.1.34/html +#usr/share/doc/libxslt-1.1.34/html/API.html +#usr/share/doc/libxslt-1.1.34/html/APIchunk0.html +#usr/share/doc/libxslt-1.1.34/html/APIchunk1.html +#usr/share/doc/libxslt-1.1.34/html/APIchunk10.html +#usr/share/doc/libxslt-1.1.34/html/APIchunk11.html +#usr/share/doc/libxslt-1.1.34/html/APIchunk12.html +#usr/share/doc/libxslt-1.1.34/html/APIchunk2.html +#usr/share/doc/libxslt-1.1.34/html/APIchunk3.html +#usr/share/doc/libxslt-1.1.34/html/APIchunk4.html +#usr/share/doc/libxslt-1.1.34/html/APIchunk5.html +#usr/share/doc/libxslt-1.1.34/html/APIchunk6.html +#usr/share/doc/libxslt-1.1.34/html/APIchunk7.html +#usr/share/doc/libxslt-1.1.34/html/APIchunk8.html +#usr/share/doc/libxslt-1.1.34/html/APIchunk9.html +#usr/share/doc/libxslt-1.1.34/html/APIconstructors.html +#usr/share/doc/libxslt-1.1.34/html/APIfiles.html +#usr/share/doc/libxslt-1.1.34/html/APIfunctions.html +#usr/share/doc/libxslt-1.1.34/html/APIsymbols.html +#usr/share/doc/libxslt-1.1.34/html/EXSLT +#usr/share/doc/libxslt-1.1.34/html/EXSLT/APIchunk0.html +#usr/share/doc/libxslt-1.1.34/html/EXSLT/APIconstructors.html +#usr/share/doc/libxslt-1.1.34/html/EXSLT/APIfiles.html +#usr/share/doc/libxslt-1.1.34/html/EXSLT/APIfunctions.html +#usr/share/doc/libxslt-1.1.34/html/EXSLT/APIsymbols.html +#usr/share/doc/libxslt-1.1.34/html/EXSLT/bugs.html +#usr/share/doc/libxslt-1.1.34/html/EXSLT/docs.html +#usr/share/doc/libxslt-1.1.34/html/EXSLT/downloads.html +#usr/share/doc/libxslt-1.1.34/html/EXSLT/exslt.html +#usr/share/doc/libxslt-1.1.34/html/EXSLT/help.html +#usr/share/doc/libxslt-1.1.34/html/EXSLT/index.html +#usr/share/doc/libxslt-1.1.34/html/EXSLT/intro.html +#usr/share/doc/libxslt-1.1.34/html/FAQ.html +#usr/share/doc/libxslt-1.1.34/html/Libxslt-Logo-180x168.gif +#usr/share/doc/libxslt-1.1.34/html/Libxslt-Logo-90x34.gif +#usr/share/doc/libxslt-1.1.34/html/bugs.html +#usr/share/doc/libxslt-1.1.34/html/contexts.gif +#usr/share/doc/libxslt-1.1.34/html/contribs.html +#usr/share/doc/libxslt-1.1.34/html/docbook.html +#usr/share/doc/libxslt-1.1.34/html/docs.html +#usr/share/doc/libxslt-1.1.34/html/downloads.html +#usr/share/doc/libxslt-1.1.34/html/extensions.html +#usr/share/doc/libxslt-1.1.34/html/help.html +#usr/share/doc/libxslt-1.1.34/html/html +#usr/share/doc/libxslt-1.1.34/html/html/book1.html +#usr/share/doc/libxslt-1.1.34/html/html/home.png +#usr/share/doc/libxslt-1.1.34/html/html/index.html +#usr/share/doc/libxslt-1.1.34/html/html/left.png +#usr/share/doc/libxslt-1.1.34/html/html/libxslt-attributes.html +#usr/share/doc/libxslt-1.1.34/html/html/libxslt-documents.html +#usr/share/doc/libxslt-1.1.34/html/html/libxslt-extensions.html +#usr/share/doc/libxslt-1.1.34/html/html/libxslt-extra.html +#usr/share/doc/libxslt-1.1.34/html/html/libxslt-functions.html +#usr/share/doc/libxslt-1.1.34/html/html/libxslt-imports.html +#usr/share/doc/libxslt-1.1.34/html/html/libxslt-keys.html +#usr/share/doc/libxslt-1.1.34/html/html/libxslt-lib.html +#usr/share/doc/libxslt-1.1.34/html/html/libxslt-namespaces.html +#usr/share/doc/libxslt-1.1.34/html/html/libxslt-numbersInternals.html +#usr/share/doc/libxslt-1.1.34/html/html/libxslt-pattern.html +#usr/share/doc/libxslt-1.1.34/html/html/libxslt-preproc.html +#usr/share/doc/libxslt-1.1.34/html/html/libxslt-security.html +#usr/share/doc/libxslt-1.1.34/html/html/libxslt-templates.html +#usr/share/doc/libxslt-1.1.34/html/html/libxslt-transform.html +#usr/share/doc/libxslt-1.1.34/html/html/libxslt-variables.html +#usr/share/doc/libxslt-1.1.34/html/html/libxslt-xslt.html +#usr/share/doc/libxslt-1.1.34/html/html/libxslt-xsltInternals.html +#usr/share/doc/libxslt-1.1.34/html/html/libxslt-xsltexports.html +#usr/share/doc/libxslt-1.1.34/html/html/libxslt-xsltlocale.html +#usr/share/doc/libxslt-1.1.34/html/html/libxslt-xsltutils.html +#usr/share/doc/libxslt-1.1.34/html/html/right.png +#usr/share/doc/libxslt-1.1.34/html/html/up.png +#usr/share/doc/libxslt-1.1.34/html/index.html +#usr/share/doc/libxslt-1.1.34/html/internals.html +#usr/share/doc/libxslt-1.1.34/html/intro.html +#usr/share/doc/libxslt-1.1.34/html/news.html +#usr/share/doc/libxslt-1.1.34/html/node.gif +#usr/share/doc/libxslt-1.1.34/html/object.gif +#usr/share/doc/libxslt-1.1.34/html/processing.gif +#usr/share/doc/libxslt-1.1.34/html/python.html +#usr/share/doc/libxslt-1.1.34/html/redhat.gif +#usr/share/doc/libxslt-1.1.34/html/smallfootonly.gif +#usr/share/doc/libxslt-1.1.34/html/stylesheet.gif +#usr/share/doc/libxslt-1.1.34/html/templates.gif +#usr/share/doc/libxslt-1.1.34/html/tutorial +#usr/share/doc/libxslt-1.1.34/html/tutorial/libxslt_tutorial.c +#usr/share/doc/libxslt-1.1.34/html/tutorial/libxslttutorial.html +#usr/share/doc/libxslt-1.1.34/html/tutorial/libxslttutorial.xml +#usr/share/doc/libxslt-1.1.34/html/tutorial2 +#usr/share/doc/libxslt-1.1.34/html/tutorial2/libxslt_pipes.c +#usr/share/doc/libxslt-1.1.34/html/tutorial2/libxslt_pipes.html +#usr/share/doc/libxslt-1.1.34/html/tutorial2/libxslt_pipes.xml +#usr/share/doc/libxslt-1.1.34/html/xslt.html +#usr/share/doc/libxslt-1.1.34/html/xsltproc.html +#usr/share/doc/libxslt-1.1.34/html/xsltproc2.html #usr/share/man/man1/xsltproc.1 #usr/share/man/man3/libexslt.3 #usr/share/man/man3/libxslt.3 diff --git a/config/rootfiles/common/pcre2 b/config/rootfiles/common/pcre2 index e5b02d1f7..9d3e33496 100644 --- a/config/rootfiles/common/pcre2 +++ b/config/rootfiles/common/pcre2 @@ -6,132 +6,132 @@ #usr/lib/libpcre2-16.la #usr/lib/libpcre2-16.so usr/lib/libpcre2-16.so.0 -usr/lib/libpcre2-16.so.0.10.2 +usr/lib/libpcre2-16.so.0.10.4 #usr/lib/libpcre2-32.la #usr/lib/libpcre2-32.so usr/lib/libpcre2-32.so.0 -usr/lib/libpcre2-32.so.0.10.2 +usr/lib/libpcre2-32.so.0.10.4 #usr/lib/libpcre2-8.la #usr/lib/libpcre2-8.so usr/lib/libpcre2-8.so.0 -usr/lib/libpcre2-8.so.0.10.2 +usr/lib/libpcre2-8.so.0.10.4 #usr/lib/libpcre2-posix.la #usr/lib/libpcre2-posix.so usr/lib/libpcre2-posix.so.3 -usr/lib/libpcre2-posix.so.3.0.0 +usr/lib/libpcre2-posix.so.3.0.1 #usr/lib/pkgconfig/libpcre2-16.pc #usr/lib/pkgconfig/libpcre2-32.pc #usr/lib/pkgconfig/libpcre2-8.pc #usr/lib/pkgconfig/libpcre2-posix.pc -#usr/share/doc/pcre-pcre2-10.37 -#usr/share/doc/pcre-pcre2-10.37/AUTHORS -#usr/share/doc/pcre-pcre2-10.37/COPYING -#usr/share/doc/pcre-pcre2-10.37/ChangeLog -#usr/share/doc/pcre-pcre2-10.37/LICENCE -#usr/share/doc/pcre-pcre2-10.37/NEWS -#usr/share/doc/pcre-pcre2-10.37/README -#usr/share/doc/pcre-pcre2-10.37/html -#usr/share/doc/pcre-pcre2-10.37/html/NON-AUTOTOOLS-BUILD.txt -#usr/share/doc/pcre-pcre2-10.37/html/README.txt -#usr/share/doc/pcre-pcre2-10.37/html/index.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2-config.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2_callout_enumerate.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2_code_copy.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2_code_copy_with_tables.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2_code_free.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2_compile.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2_compile_context_copy.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2_compile_context_create.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2_compile_context_free.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2_config.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2_convert_context_copy.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2_convert_context_create.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2_convert_context_free.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2_converted_pattern_free.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2_dfa_match.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2_general_context_copy.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2_general_context_create.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2_general_context_free.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2_get_error_message.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2_get_mark.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2_get_match_data_size.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2_get_ovector_count.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2_get_ovector_pointer.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2_get_startchar.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2_jit_compile.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2_jit_free_unused_memory.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2_jit_match.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2_jit_stack_assign.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2_jit_stack_create.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2_jit_stack_free.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2_maketables.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2_maketables_free.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2_match.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2_match_context_copy.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2_match_context_create.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2_match_context_free.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2_match_data_create.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2_match_data_create_from_pattern.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2_match_data_free.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2_pattern_convert.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2_pattern_info.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2_serialize_decode.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2_serialize_encode.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2_serialize_free.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2_serialize_get_number_of_codes.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2_set_bsr.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2_set_callout.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2_set_character_tables.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2_set_compile_extra_options.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2_set_compile_recursion_guard.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2_set_depth_limit.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2_set_glob_escape.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2_set_glob_separator.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2_set_heap_limit.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2_set_match_limit.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2_set_max_pattern_length.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2_set_newline.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2_set_offset_limit.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2_set_parens_nest_limit.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2_set_recursion_limit.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2_set_recursion_memory_management.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2_set_substitute_callout.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2_substitute.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2_substring_copy_byname.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2_substring_copy_bynumber.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2_substring_free.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2_substring_get_byname.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2_substring_get_bynumber.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2_substring_length_byname.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2_substring_length_bynumber.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2_substring_list_free.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2_substring_list_get.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2_substring_nametable_scan.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2_substring_number_from_name.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2api.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2build.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2callout.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2compat.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2convert.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2demo.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2grep.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2jit.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2limits.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2matching.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2partial.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2pattern.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2perform.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2posix.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2sample.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2serialize.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2syntax.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2test.html -#usr/share/doc/pcre-pcre2-10.37/html/pcre2unicode.html -#usr/share/doc/pcre-pcre2-10.37/pcre2-config.txt -#usr/share/doc/pcre-pcre2-10.37/pcre2.txt -#usr/share/doc/pcre-pcre2-10.37/pcre2grep.txt -#usr/share/doc/pcre-pcre2-10.37/pcre2test.txt +#usr/share/doc/pcre-pcre2-10.39 +#usr/share/doc/pcre-pcre2-10.39/AUTHORS +#usr/share/doc/pcre-pcre2-10.39/COPYING +#usr/share/doc/pcre-pcre2-10.39/ChangeLog +#usr/share/doc/pcre-pcre2-10.39/LICENCE +#usr/share/doc/pcre-pcre2-10.39/NEWS +#usr/share/doc/pcre-pcre2-10.39/README +#usr/share/doc/pcre-pcre2-10.39/html +#usr/share/doc/pcre-pcre2-10.39/html/NON-AUTOTOOLS-BUILD.txt +#usr/share/doc/pcre-pcre2-10.39/html/README.txt +#usr/share/doc/pcre-pcre2-10.39/html/index.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2-config.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2_callout_enumerate.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2_code_copy.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2_code_copy_with_tables.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2_code_free.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2_compile.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2_compile_context_copy.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2_compile_context_create.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2_compile_context_free.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2_config.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2_convert_context_copy.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2_convert_context_create.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2_convert_context_free.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2_converted_pattern_free.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2_dfa_match.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2_general_context_copy.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2_general_context_create.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2_general_context_free.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2_get_error_message.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2_get_mark.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2_get_match_data_size.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2_get_ovector_count.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2_get_ovector_pointer.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2_get_startchar.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2_jit_compile.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2_jit_free_unused_memory.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2_jit_match.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2_jit_stack_assign.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2_jit_stack_create.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2_jit_stack_free.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2_maketables.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2_maketables_free.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2_match.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2_match_context_copy.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2_match_context_create.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2_match_context_free.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2_match_data_create.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2_match_data_create_from_pattern.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2_match_data_free.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2_pattern_convert.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2_pattern_info.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2_serialize_decode.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2_serialize_encode.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2_serialize_free.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2_serialize_get_number_of_codes.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2_set_bsr.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2_set_callout.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2_set_character_tables.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2_set_compile_extra_options.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2_set_compile_recursion_guard.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2_set_depth_limit.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2_set_glob_escape.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2_set_glob_separator.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2_set_heap_limit.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2_set_match_limit.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2_set_max_pattern_length.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2_set_newline.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2_set_offset_limit.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2_set_parens_nest_limit.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2_set_recursion_limit.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2_set_recursion_memory_management.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2_set_substitute_callout.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2_substitute.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2_substring_copy_byname.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2_substring_copy_bynumber.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2_substring_free.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2_substring_get_byname.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2_substring_get_bynumber.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2_substring_length_byname.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2_substring_length_bynumber.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2_substring_list_free.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2_substring_list_get.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2_substring_nametable_scan.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2_substring_number_from_name.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2api.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2build.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2callout.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2compat.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2convert.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2demo.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2grep.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2jit.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2limits.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2matching.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2partial.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2pattern.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2perform.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2posix.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2sample.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2serialize.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2syntax.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2test.html +#usr/share/doc/pcre-pcre2-10.39/html/pcre2unicode.html +#usr/share/doc/pcre-pcre2-10.39/pcre2-config.txt +#usr/share/doc/pcre-pcre2-10.39/pcre2.txt +#usr/share/doc/pcre-pcre2-10.39/pcre2grep.txt +#usr/share/doc/pcre-pcre2-10.39/pcre2test.txt #usr/share/man/man1/pcre2-config.1 #usr/share/man/man1/pcre2grep.1 #usr/share/man/man1/pcre2test.1 diff --git a/config/rootfiles/common/perl-libwww b/config/rootfiles/common/perl-libwww new file mode 100644 index 000000000..fc275a81f --- /dev/null +++ b/config/rootfiles/common/perl-libwww @@ -0,0 +1,44 @@ +#usr/lib/perl5/site_perl/5.32.1/LWP +usr/lib/perl5/site_perl/5.32.1/LWP.pm +#usr/lib/perl5/site_perl/5.32.1/LWP/Authen +usr/lib/perl5/site_perl/5.32.1/LWP/Authen/Basic.pm +usr/lib/perl5/site_perl/5.32.1/LWP/Authen/Digest.pm +usr/lib/perl5/site_perl/5.32.1/LWP/Authen/Ntlm.pm +usr/lib/perl5/site_perl/5.32.1/LWP/ConnCache.pm +usr/lib/perl5/site_perl/5.32.1/LWP/Debug +usr/lib/perl5/site_perl/5.32.1/LWP/Debug.pm +usr/lib/perl5/site_perl/5.32.1/LWP/Debug/TraceHTTP.pm +usr/lib/perl5/site_perl/5.32.1/LWP/DebugFile.pm +usr/lib/perl5/site_perl/5.32.1/LWP/MemberMixin.pm +#usr/lib/perl5/site_perl/5.32.1/LWP/Protocol +usr/lib/perl5/site_perl/5.32.1/LWP/Protocol.pm +usr/lib/perl5/site_perl/5.32.1/LWP/Protocol/cpan.pm +usr/lib/perl5/site_perl/5.32.1/LWP/Protocol/data.pm +usr/lib/perl5/site_perl/5.32.1/LWP/Protocol/file.pm +usr/lib/perl5/site_perl/5.32.1/LWP/Protocol/ftp.pm +usr/lib/perl5/site_perl/5.32.1/LWP/Protocol/gopher.pm +usr/lib/perl5/site_perl/5.32.1/LWP/Protocol/http.pm +usr/lib/perl5/site_perl/5.32.1/LWP/Protocol/loopback.pm +usr/lib/perl5/site_perl/5.32.1/LWP/Protocol/mailto.pm +usr/lib/perl5/site_perl/5.32.1/LWP/Protocol/nntp.pm +usr/lib/perl5/site_perl/5.32.1/LWP/Protocol/nogo.pm +usr/lib/perl5/site_perl/5.32.1/LWP/RobotUA.pm +usr/lib/perl5/site_perl/5.32.1/LWP/Simple.pm +usr/lib/perl5/site_perl/5.32.1/LWP/UserAgent.pm +#usr/lib/perl5/site_perl/5.32.1/libwww +usr/lib/perl5/site_perl/5.32.1/libwww/lwpcook.pod +usr/lib/perl5/site_perl/5.32.1/libwww/lwptut.pod +#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/libwww +#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/libwww/perl +#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/libwww/perl/.packlist +#usr/share/man/man3/LWP.3 +#usr/share/man/man3/LWP::Authen::Ntlm.3 +#usr/share/man/man3/LWP::ConnCache.3 +#usr/share/man/man3/LWP::Debug.3 +#usr/share/man/man3/LWP::MemberMixin.3 +#usr/share/man/man3/LWP::Protocol.3 +#usr/share/man/man3/LWP::RobotUA.3 +#usr/share/man/man3/LWP::Simple.3 +#usr/share/man/man3/LWP::UserAgent.3 +#usr/share/man/man3/libwww::lwpcook.3 +#usr/share/man/man3/libwww::lwptut.3 diff --git a/config/rootfiles/common/python3 b/config/rootfiles/common/python3 index c479c36eb..ffe058fac 100644 --- a/config/rootfiles/common/python3 +++ b/config/rootfiles/common/python3 @@ -786,7 +786,7 @@ usr/lib/python3.8/lib-dynload/_ctypes_test.cpython-38-xxxMACHINExxx-linux-gnu.so usr/lib/python3.8/lib-dynload/_curses.cpython-38-xxxMACHINExxx-linux-gnu.so usr/lib/python3.8/lib-dynload/_curses_panel.cpython-38-xxxMACHINExxx-linux-gnu.so usr/lib/python3.8/lib-dynload/_datetime.cpython-38-xxxMACHINExxx-linux-gnu.so -usr/lib/python3.8/lib-dynload/_dbm.cpython-38-xxxMACHINExxx-linux-gnu_failed.so +usr/lib/python3.8/lib-dynload/_dbm.cpython-38-xxxMACHINExxx-linux-gnu.so usr/lib/python3.8/lib-dynload/_decimal.cpython-38-xxxMACHINExxx-linux-gnu.so usr/lib/python3.8/lib-dynload/_elementtree.cpython-38-xxxMACHINExxx-linux-gnu.so usr/lib/python3.8/lib-dynload/_gdbm.cpython-38-xxxMACHINExxx-linux-gnu.so diff --git a/config/rootfiles/common/shadow b/config/rootfiles/common/shadow index 0b0c83f57..7fc85235a 100644 --- a/config/rootfiles/common/shadow +++ b/config/rootfiles/common/shadow @@ -2,14 +2,16 @@ bin/login bin/passwd bin/su #etc/.pwd.lock -#etc/default -#etc/default/useradd etc/limits etc/login.access etc/login.defs #etc/passwd- etc/shadow #etc/shadow- +#lib/libsubid.la +#lib/libsubid.so +lib/libsubid.so.4 +lib/libsubid.so.4.0.0 sbin/nologin #usr/bin/chage #usr/bin/chfn @@ -22,6 +24,8 @@ sbin/nologin #usr/bin/newgrp #usr/bin/newuidmap #usr/bin/sg +#usr/include/shadow +#usr/include/shadow/subid.h #usr/lib/libshadow.so #usr/sbin/chgpasswd usr/sbin/chpasswd @@ -42,48 +46,3 @@ usr/sbin/userdel usr/sbin/usermod #usr/sbin/vigr #usr/sbin/vipw -#usr/share/man/man1/chage.1 -#usr/share/man/man1/chfn.1 -#usr/share/man/man1/chsh.1 -#usr/share/man/man1/expiry.1 -#usr/share/man/man1/gpasswd.1 -#usr/share/man/man1/login.1 -#usr/share/man/man1/newgidmap.1 -#usr/share/man/man1/newgrp.1 -#usr/share/man/man1/newuidmap.1 -#usr/share/man/man1/passwd.1 -#usr/share/man/man1/sg.1 -#usr/share/man/man1/su.1 -#usr/share/man/man3/shadow.3 -#usr/share/man/man5/faillog.5 -#usr/share/man/man5/gshadow.5 -#usr/share/man/man5/limits.5 -#usr/share/man/man5/login.access.5 -#usr/share/man/man5/login.defs.5 -#usr/share/man/man5/porttime.5 -#usr/share/man/man5/shadow.5 -#usr/share/man/man5/suauth.5 -#usr/share/man/man5/subgid.5 -#usr/share/man/man5/subuid.5 -#usr/share/man/man8/chgpasswd.8 -#usr/share/man/man8/chpasswd.8 -#usr/share/man/man8/faillog.8 -#usr/share/man/man8/groupadd.8 -#usr/share/man/man8/groupdel.8 -#usr/share/man/man8/groupmems.8 -#usr/share/man/man8/groupmod.8 -#usr/share/man/man8/grpck.8 -#usr/share/man/man8/grpconv.8 -#usr/share/man/man8/grpunconv.8 -#usr/share/man/man8/lastlog.8 -#usr/share/man/man8/logoutd.8 -#usr/share/man/man8/newusers.8 -#usr/share/man/man8/nologin.8 -#usr/share/man/man8/pwck.8 -#usr/share/man/man8/pwconv.8 -#usr/share/man/man8/pwunconv.8 -#usr/share/man/man8/useradd.8 -#usr/share/man/man8/userdel.8 -#usr/share/man/man8/usermod.8 -#usr/share/man/man8/vigr.8 -#usr/share/man/man8/vipw.8 diff --git a/config/rootfiles/common/squid b/config/rootfiles/common/squid index 2a407ed44..50c77a114 100644 --- a/config/rootfiles/common/squid +++ b/config/rootfiles/common/squid @@ -521,15 +521,60 @@ usr/lib/squid/errors/en/error-details.txt #usr/lib/squid/errors/es #usr/lib/squid/errors/es-ar #usr/lib/squid/errors/es-bo +#usr/lib/squid/errors/es-bz #usr/lib/squid/errors/es-cl #usr/lib/squid/errors/es-co #usr/lib/squid/errors/es-cr +#usr/lib/squid/errors/es-cu #usr/lib/squid/errors/es-do #usr/lib/squid/errors/es-ec #usr/lib/squid/errors/es-es #usr/lib/squid/errors/es-gt #usr/lib/squid/errors/es-hn #usr/lib/squid/errors/es-mx +#usr/lib/squid/errors/es-mx/ERR_ACCESS_DENIED +#usr/lib/squid/errors/es-mx/ERR_ACL_TIME_QUOTA_EXCEEDED +#usr/lib/squid/errors/es-mx/ERR_AGENT_CONFIGURE +#usr/lib/squid/errors/es-mx/ERR_AGENT_WPAD +#usr/lib/squid/errors/es-mx/ERR_CACHE_ACCESS_DENIED +#usr/lib/squid/errors/es-mx/ERR_CACHE_MGR_ACCESS_DENIED +#usr/lib/squid/errors/es-mx/ERR_CANNOT_FORWARD +#usr/lib/squid/errors/es-mx/ERR_CONFLICT_HOST +#usr/lib/squid/errors/es-mx/ERR_CONNECT_FAIL +#usr/lib/squid/errors/es-mx/ERR_DIR_LISTING +#usr/lib/squid/errors/es-mx/ERR_DNS_FAIL +#usr/lib/squid/errors/es-mx/ERR_ESI +#usr/lib/squid/errors/es-mx/ERR_FORWARDING_DENIED +#usr/lib/squid/errors/es-mx/ERR_FTP_DISABLED +#usr/lib/squid/errors/es-mx/ERR_FTP_FAILURE +#usr/lib/squid/errors/es-mx/ERR_FTP_FORBIDDEN +#usr/lib/squid/errors/es-mx/ERR_FTP_NOT_FOUND +#usr/lib/squid/errors/es-mx/ERR_FTP_PUT_CREATED +#usr/lib/squid/errors/es-mx/ERR_FTP_PUT_ERROR +#usr/lib/squid/errors/es-mx/ERR_FTP_PUT_MODIFIED +#usr/lib/squid/errors/es-mx/ERR_FTP_UNAVAILABLE +#usr/lib/squid/errors/es-mx/ERR_GATEWAY_FAILURE +#usr/lib/squid/errors/es-mx/ERR_ICAP_FAILURE +#usr/lib/squid/errors/es-mx/ERR_INVALID_REQ +#usr/lib/squid/errors/es-mx/ERR_INVALID_RESP +#usr/lib/squid/errors/es-mx/ERR_INVALID_URL +#usr/lib/squid/errors/es-mx/ERR_LIFETIME_EXP +#usr/lib/squid/errors/es-mx/ERR_NO_RELAY +#usr/lib/squid/errors/es-mx/ERR_ONLY_IF_CACHED_MISS +#usr/lib/squid/errors/es-mx/ERR_PRECONDITION_FAILED +#usr/lib/squid/errors/es-mx/ERR_PROTOCOL_UNKNOWN +#usr/lib/squid/errors/es-mx/ERR_READ_ERROR +#usr/lib/squid/errors/es-mx/ERR_READ_TIMEOUT +#usr/lib/squid/errors/es-mx/ERR_SECURE_CONNECT_FAIL +#usr/lib/squid/errors/es-mx/ERR_SHUTTING_DOWN +#usr/lib/squid/errors/es-mx/ERR_SOCKET_FAILURE +#usr/lib/squid/errors/es-mx/ERR_TOO_BIG +#usr/lib/squid/errors/es-mx/ERR_UNSUP_HTTPVERSION +#usr/lib/squid/errors/es-mx/ERR_UNSUP_REQ +#usr/lib/squid/errors/es-mx/ERR_URN_RESOLVE +#usr/lib/squid/errors/es-mx/ERR_WRITE_ERROR +#usr/lib/squid/errors/es-mx/ERR_ZERO_SIZE_OBJECT +#usr/lib/squid/errors/es-mx/error-details.txt #usr/lib/squid/errors/es-ni #usr/lib/squid/errors/es-pa #usr/lib/squid/errors/es-pe @@ -1673,6 +1718,7 @@ usr/lib/squid/errors/ru/error-details.txt #usr/lib/squid/errors/sl/ERR_WRITE_ERROR #usr/lib/squid/errors/sl/ERR_ZERO_SIZE_OBJECT #usr/lib/squid/errors/sl/error-details.txt +#usr/lib/squid/errors/spq #usr/lib/squid/errors/sr #usr/lib/squid/errors/sr-cyrl #usr/lib/squid/errors/sr-cyrl-cs @@ -2185,10 +2231,10 @@ usr/lib/squid/errors/tr/error-details.txt usr/lib/squid/ext_delayer_acl usr/lib/squid/ext_edirectory_userip_acl usr/lib/squid/ext_file_userip_acl +usr/lib/squid/ext_kerberos_sid_group_acl usr/lib/squid/ext_ldap_group_acl usr/lib/squid/ext_session_acl usr/lib/squid/ext_sql_session_acl -usr/lib/squid/ext_time_quota_acl usr/lib/squid/ext_unix_group_acl usr/lib/squid/ext_wbinfo_group_acl usr/lib/squid/helper-mux @@ -2273,10 +2319,10 @@ usr/sbin/updxlrator #usr/share/man/man8/ext_delayer_acl.8 #usr/share/man/man8/ext_edirectory_userip_acl.8 #usr/share/man/man8/ext_file_userip_acl.8 +#usr/share/man/man8/ext_kerberos_sid_group_acl.8 #usr/share/man/man8/ext_ldap_group_acl.8 #usr/share/man/man8/ext_session_acl.8 #usr/share/man/man8/ext_sql_session_acl.8 -#usr/share/man/man8/ext_time_quota_acl.8 #usr/share/man/man8/ext_unix_group_acl.8 #usr/share/man/man8/ext_wbinfo_group_acl.8 #usr/share/man/man8/helper-mux.8 diff --git a/config/rootfiles/common/suricata b/config/rootfiles/common/suricata index 41193f4ea..7f9ff8156 100644 --- a/config/rootfiles/common/suricata +++ b/config/rootfiles/common/suricata @@ -39,9 +39,6 @@ usr/share/suricata #usr/share/suricata/rules/tls-events.rules var/ipfire/suricata/suricata-default-rules.yaml var/lib/suricata -var/lib/suricata/classification.config -var/lib/suricata/reference.config -var/lib/suricata/threshold.config var/log/suricata #var/log/suricata/certs #var/log/suricata/files diff --git a/config/rootfiles/common/tcl b/config/rootfiles/common/tcl index 5ad0d658a..e0da3a802 100644 --- a/config/rootfiles/common/tcl +++ b/config/rootfiles/common/tcl @@ -25,20 +25,20 @@ usr/bin/tclsh8.6 #usr/include/tdbc.h #usr/include/tdbcDecls.h #usr/include/tdbcInt.h -#usr/lib/itcl4.2.1 -usr/lib/itcl4.2.1/itcl.tcl -usr/lib/itcl4.2.1/itclConfig.sh -usr/lib/itcl4.2.1/itclHullCmds.tcl -usr/lib/itcl4.2.1/itclWidget.tcl -usr/lib/itcl4.2.1/libitcl4.2.1.so -usr/lib/itcl4.2.1/libitclstub4.2.1.a -usr/lib/itcl4.2.1/pkgIndex.tcl +#usr/lib/itcl4.2.2 +usr/lib/itcl4.2.2/itcl.tcl +usr/lib/itcl4.2.2/itclConfig.sh +usr/lib/itcl4.2.2/itclHullCmds.tcl +usr/lib/itcl4.2.2/itclWidget.tcl +usr/lib/itcl4.2.2/libitcl4.2.2.so +usr/lib/itcl4.2.2/libitclstub4.2.2.a +usr/lib/itcl4.2.2/pkgIndex.tcl usr/lib/libtcl8.6.so #usr/lib/libtclstub8.6.a #usr/lib/pkgconfig/tcl.pc -#usr/lib/sqlite3.34.0 -usr/lib/sqlite3.34.0/libsqlite3.34.0.so -usr/lib/sqlite3.34.0/pkgIndex.tcl +#usr/lib/sqlite3.36.0 +usr/lib/sqlite3.36.0/libsqlite3.36.0.so +usr/lib/sqlite3.36.0/pkgIndex.tcl #usr/lib/tcl8 #usr/lib/tcl8.6 usr/lib/tcl8.6/auto.tcl @@ -46,6 +46,7 @@ usr/lib/tcl8.6/clock.tcl usr/lib/tcl8.6/encoding usr/lib/tcl8.6/encoding/ascii.enc usr/lib/tcl8.6/encoding/big5.enc +usr/lib/tcl8.6/encoding/cns11643.enc usr/lib/tcl8.6/encoding/cp1250.enc usr/lib/tcl8.6/encoding/cp1251.enc usr/lib/tcl8.6/encoding/cp1252.enc @@ -89,6 +90,7 @@ usr/lib/tcl8.6/encoding/iso2022-kr.enc usr/lib/tcl8.6/encoding/iso2022.enc usr/lib/tcl8.6/encoding/iso8859-1.enc usr/lib/tcl8.6/encoding/iso8859-10.enc +usr/lib/tcl8.6/encoding/iso8859-11.enc usr/lib/tcl8.6/encoding/iso8859-13.enc usr/lib/tcl8.6/encoding/iso8859-14.enc usr/lib/tcl8.6/encoding/iso8859-15.enc @@ -267,7 +269,7 @@ usr/lib/tcl8.6/tm.tcl usr/lib/tcl8.6/word.tcl #usr/lib/tcl8/8.4 usr/lib/tcl8/8.4/platform -usr/lib/tcl8/8.4/platform-1.0.15.tm +usr/lib/tcl8/8.4/platform-1.0.18.tm usr/lib/tcl8/8.4/platform/shell-1.1.4.tm #usr/lib/tcl8/8.5 usr/lib/tcl8/8.5/msgcat-1.6.1.tm @@ -275,32 +277,33 @@ usr/lib/tcl8/8.5/tcltest-2.5.3.tm #usr/lib/tcl8/8.6 usr/lib/tcl8/8.6/http-2.9.5.tm usr/lib/tcl8/8.6/tdbc -usr/lib/tcl8/8.6/tdbc/sqlite3-1.1.2.tm +usr/lib/tcl8/8.6/tdbc/sqlite3-1.1.3.tm usr/lib/tclConfig.sh usr/lib/tclooConfig.sh -#usr/lib/tdbc1.1.2 -usr/lib/tdbc1.1.2/libtdbc1.1.2.so -usr/lib/tdbc1.1.2/libtdbcstub1.1.2.a -usr/lib/tdbc1.1.2/pkgIndex.tcl -usr/lib/tdbc1.1.2/tdbc.tcl -usr/lib/tdbc1.1.2/tdbcConfig.sh -#usr/lib/tdbcmysql1.1.2 -usr/lib/tdbcmysql1.1.2/libtdbcmysql1.1.2.so -usr/lib/tdbcmysql1.1.2/pkgIndex.tcl -usr/lib/tdbcmysql1.1.2/tdbcmysql.tcl -#usr/lib/tdbcodbc1.1.2 -usr/lib/tdbcodbc1.1.2/libtdbcodbc1.1.2.so -usr/lib/tdbcodbc1.1.2/pkgIndex.tcl -usr/lib/tdbcodbc1.1.2/tdbcodbc.tcl -#usr/lib/tdbcpostgres1.1.2 -usr/lib/tdbcpostgres1.1.2/libtdbcpostgres1.1.2.so -usr/lib/tdbcpostgres1.1.2/pkgIndex.tcl -usr/lib/tdbcpostgres1.1.2/tdbcpostgres.tcl -#usr/lib/thread2.8.6 -usr/lib/thread2.8.6/libthread2.8.6.so -usr/lib/thread2.8.6/pkgIndex.tcl -usr/lib/thread2.8.6/ttrace.tcl +usr/lib/tdbc1.1.3 +usr/lib/tdbc1.1.3/libtdbc1.1.3.so +usr/lib/tdbc1.1.3/libtdbcstub1.1.3.a +usr/lib/tdbc1.1.3/pkgIndex.tcl +usr/lib/tdbc1.1.3/tdbc.tcl +usr/lib/tdbc1.1.3/tdbcConfig.sh +#usr/lib/tdbcmysql1.1.3 +usr/lib/tdbcmysql1.1.3/libtdbcmysql1.1.3.so +usr/lib/tdbcmysql1.1.3/pkgIndex.tcl +usr/lib/tdbcmysql1.1.3/tdbcmysql.tcl +#usr/lib/tdbcodbc1.1.3 +usr/lib/tdbcodbc1.1.3/libtdbcodbc1.1.3.so +usr/lib/tdbcodbc1.1.3/pkgIndex.tcl +usr/lib/tdbcodbc1.1.3/tdbcodbc.tcl +#usr/lib/tdbcpostgres1.1.3 +usr/lib/tdbcpostgres1.1.3/libtdbcpostgres1.1.3.so +usr/lib/tdbcpostgres1.1.3/pkgIndex.tcl +usr/lib/tdbcpostgres1.1.3/tdbcpostgres.tcl +#usr/lib/thread2.8.7 +usr/lib/thread2.8.7/libthread2.8.7.so +usr/lib/thread2.8.7/pkgIndex.tcl +usr/lib/thread2.8.7/ttrace.tcl #usr/man/man1/tclsh.1 +#usr/man/man3 #usr/man/man3/DString.3 #usr/man/man3/Notifier.3 #usr/man/man3/RegExp.3 @@ -603,6 +606,7 @@ usr/lib/thread2.8.6/ttrace.tcl #usr/man/man3/Tcl_GetLongFromObj.3 #usr/man/man3/Tcl_GetMaster.3 #usr/man/man3/Tcl_GetMathFuncInfo.3 +#usr/man/man3/Tcl_GetMemoryInfo.3 #usr/man/man3/Tcl_GetModeFromStat.3 #usr/man/man3/Tcl_GetModificationTimeFromStat.3 #usr/man/man3/Tcl_GetNameOfExecutable.3 @@ -697,6 +701,8 @@ usr/lib/thread2.8.6/ttrace.tcl #usr/man/man3/Tcl_LoadFile.3 #usr/man/man3/Tcl_LogCommandInfo.3 #usr/man/man3/Tcl_Main.3 +#usr/man/man3/Tcl_MainEx.3 +#usr/man/man3/Tcl_MainExW.3 #usr/man/man3/Tcl_MakeFileChannel.3 #usr/man/man3/Tcl_MakeSafe.3 #usr/man/man3/Tcl_MakeTcpClientChannel.3 diff --git a/config/rootfiles/common/usbutils b/config/rootfiles/common/usbutils index 1162c3ab1..2ebf4f95c 100644 --- a/config/rootfiles/common/usbutils +++ b/config/rootfiles/common/usbutils @@ -2,11 +2,6 @@ usr/bin/lsusb usr/bin/lsusb.py usr/bin/usb-devices usr/bin/usbhid-dump -usr/sbin/update-usbids.sh -#usr/share/hwdata -#usr/share/hwdata/usb.ids #usr/share/man/man1/usb-devices.1 #usr/share/man/man8/lsusb.8 #usr/share/man/man8/usbhid-dump.8 -#usr/share/pkgconfig -#usr/share/pkgconfig/usbutils.pc diff --git a/config/rootfiles/common/web-user-interface b/config/rootfiles/common/web-user-interface index 452d6543a..a908053b1 100644 --- a/config/rootfiles/common/web-user-interface +++ b/config/rootfiles/common/web-user-interface @@ -302,6 +302,7 @@ srv/web/ipfire/html/images/view-refresh.png srv/web/ipfire/html/images/wakeup.gif srv/web/ipfire/html/images/window-new.png srv/web/ipfire/html/include +srv/web/ipfire/html/include/pakfire.js srv/web/ipfire/html/include/rrdimage.js srv/web/ipfire/html/include/zoneconf.js srv/web/ipfire/html/index.cgi diff --git a/config/rootfiles/common/zstd b/config/rootfiles/common/zstd index 83e11e4c8..c0f4eee73 100644 --- a/config/rootfiles/common/zstd +++ b/config/rootfiles/common/zstd @@ -10,7 +10,7 @@ usr/bin/zstdmt #usr/lib/libzstd.a #usr/lib/libzstd.so usr/lib/libzstd.so.1 -usr/lib/libzstd.so.1.5.0 +usr/lib/libzstd.so.1.5.1 #usr/lib/pkgconfig/libzstd.pc #usr/share/man/man1/unzstd.1 #usr/share/man/man1/zstd.1 diff --git a/config/rootfiles/core/163/core-files b/config/rootfiles/core/164/core-files similarity index 100% rename from config/rootfiles/core/163/core-files rename to config/rootfiles/core/164/core-files diff --git a/config/rootfiles/core/163/exclude b/config/rootfiles/core/164/exclude similarity index 100% rename from config/rootfiles/core/163/exclude rename to config/rootfiles/core/164/exclude diff --git a/config/rootfiles/core/164/filelists/aarch64/linux b/config/rootfiles/core/164/filelists/aarch64/linux new file mode 120000 index 000000000..3a2532bc7 --- /dev/null +++ b/config/rootfiles/core/164/filelists/aarch64/linux @@ -0,0 +1 @@ +../../../../common/aarch64/linux \ No newline at end of file diff --git a/config/rootfiles/core/164/filelists/aarch64/linux-initrd b/config/rootfiles/core/164/filelists/aarch64/linux-initrd new file mode 120000 index 000000000..8acdb0f31 --- /dev/null +++ b/config/rootfiles/core/164/filelists/aarch64/linux-initrd @@ -0,0 +1 @@ +../../../../common/aarch64/linux-initrd \ No newline at end of file diff --git a/config/rootfiles/core/164/filelists/armv6l/linux b/config/rootfiles/core/164/filelists/armv6l/linux new file mode 120000 index 000000000..aee1f4d73 --- /dev/null +++ b/config/rootfiles/core/164/filelists/armv6l/linux @@ -0,0 +1 @@ +../../../../common/armv6l/linux \ No newline at end of file diff --git a/config/rootfiles/core/164/filelists/armv6l/linux-initrd b/config/rootfiles/core/164/filelists/armv6l/linux-initrd new file mode 120000 index 000000000..4af11bfa1 --- /dev/null +++ b/config/rootfiles/core/164/filelists/armv6l/linux-initrd @@ -0,0 +1 @@ +../../../../common/armv6l/linux-initrd \ No newline at end of file diff --git a/config/rootfiles/core/163/filelists/core-files b/config/rootfiles/core/164/filelists/core-files similarity index 100% rename from config/rootfiles/core/163/filelists/core-files rename to config/rootfiles/core/164/filelists/core-files diff --git a/config/rootfiles/core/164/filelists/expat b/config/rootfiles/core/164/filelists/expat new file mode 120000 index 000000000..e1923cf63 --- /dev/null +++ b/config/rootfiles/core/164/filelists/expat @@ -0,0 +1 @@ +../../../common/expat \ No newline at end of file diff --git a/config/rootfiles/core/164/filelists/files b/config/rootfiles/core/164/filelists/files new file mode 100644 index 000000000..ad6caaac3 --- /dev/null +++ b/config/rootfiles/core/164/filelists/files @@ -0,0 +1,16 @@ +etc/collectd.conf +etc/rc.d/init.d/firewall +etc/rc.d/init.d/squid +etc/suricata/suricata.yaml +etc/sysctl.conf +srv/web/ipfire/cgi-bin/ids.cgi +srv/web/ipfire/cgi-bin/optionsfw.cgi +srv/web/ipfire/cgi-bin/pakfire.cgi +srv/web/ipfire/html/include/pakfire.js +usr/sbin/convert-ids-multiple-providers +usr/sbin/convert-snort +var/ipfire/backup/bin/backup.pl +var/ipfire/backup/include +var/ipfire/graphs.pl +var/ipfire/ids-functions.pl +var/ipfire/urlfilter/autoupdate/autoupdate.urls diff --git a/config/rootfiles/core/163/filelists/freetype b/config/rootfiles/core/164/filelists/freetype similarity index 100% rename from config/rootfiles/core/163/filelists/freetype rename to config/rootfiles/core/164/filelists/freetype diff --git a/config/rootfiles/core/164/filelists/gdbm b/config/rootfiles/core/164/filelists/gdbm new file mode 120000 index 000000000..ecf63bf59 --- /dev/null +++ b/config/rootfiles/core/164/filelists/gdbm @@ -0,0 +1 @@ +../../../common/gdbm \ No newline at end of file diff --git a/config/rootfiles/core/164/filelists/hdparm b/config/rootfiles/core/164/filelists/hdparm new file mode 120000 index 000000000..b6447518a --- /dev/null +++ b/config/rootfiles/core/164/filelists/hdparm @@ -0,0 +1 @@ +../../../common/hdparm \ No newline at end of file diff --git a/config/rootfiles/core/164/filelists/ids-ruleset-sources b/config/rootfiles/core/164/filelists/ids-ruleset-sources new file mode 120000 index 000000000..a226ada39 --- /dev/null +++ b/config/rootfiles/core/164/filelists/ids-ruleset-sources @@ -0,0 +1 @@ +../../../common/ids-ruleset-sources \ No newline at end of file diff --git a/config/rootfiles/core/164/filelists/kmod b/config/rootfiles/core/164/filelists/kmod new file mode 120000 index 000000000..0020e197e --- /dev/null +++ b/config/rootfiles/core/164/filelists/kmod @@ -0,0 +1 @@ +../../../common/kmod \ No newline at end of file diff --git a/config/rootfiles/core/164/filelists/libusb b/config/rootfiles/core/164/filelists/libusb new file mode 120000 index 000000000..edbe8c215 --- /dev/null +++ b/config/rootfiles/core/164/filelists/libusb @@ -0,0 +1 @@ +../../../common/libusb \ No newline at end of file diff --git a/config/rootfiles/core/164/filelists/libxml2 b/config/rootfiles/core/164/filelists/libxml2 new file mode 120000 index 000000000..242e69fa3 --- /dev/null +++ b/config/rootfiles/core/164/filelists/libxml2 @@ -0,0 +1 @@ +../../../common/libxml2 \ No newline at end of file diff --git a/config/rootfiles/core/164/filelists/libxslt b/config/rootfiles/core/164/filelists/libxslt new file mode 120000 index 000000000..bf9d76609 --- /dev/null +++ b/config/rootfiles/core/164/filelists/libxslt @@ -0,0 +1 @@ +../../../common/libxslt \ No newline at end of file diff --git a/config/rootfiles/core/164/filelists/lvm2 b/config/rootfiles/core/164/filelists/lvm2 new file mode 120000 index 000000000..d640870b7 --- /dev/null +++ b/config/rootfiles/core/164/filelists/lvm2 @@ -0,0 +1 @@ +../../../common/lvm2 \ No newline at end of file diff --git a/config/rootfiles/core/164/filelists/oinkmaster b/config/rootfiles/core/164/filelists/oinkmaster new file mode 120000 index 000000000..75029e679 --- /dev/null +++ b/config/rootfiles/core/164/filelists/oinkmaster @@ -0,0 +1 @@ +../../../common/oinkmaster \ No newline at end of file diff --git a/config/rootfiles/core/164/filelists/pcre2 b/config/rootfiles/core/164/filelists/pcre2 new file mode 120000 index 000000000..4482caeae --- /dev/null +++ b/config/rootfiles/core/164/filelists/pcre2 @@ -0,0 +1 @@ +../../../common/pcre2 \ No newline at end of file diff --git a/config/rootfiles/core/164/filelists/poppler-data b/config/rootfiles/core/164/filelists/poppler-data new file mode 120000 index 000000000..957aa9132 --- /dev/null +++ b/config/rootfiles/core/164/filelists/poppler-data @@ -0,0 +1 @@ +../../../common/poppler-data \ No newline at end of file diff --git a/config/rootfiles/core/163/filelists/shadow b/config/rootfiles/core/164/filelists/shadow similarity index 100% rename from config/rootfiles/core/163/filelists/shadow rename to config/rootfiles/core/164/filelists/shadow diff --git a/config/rootfiles/core/163/filelists/squid b/config/rootfiles/core/164/filelists/squid similarity index 100% rename from config/rootfiles/core/163/filelists/squid rename to config/rootfiles/core/164/filelists/squid diff --git a/config/rootfiles/core/164/filelists/tcl b/config/rootfiles/core/164/filelists/tcl new file mode 120000 index 000000000..7f620c687 --- /dev/null +++ b/config/rootfiles/core/164/filelists/tcl @@ -0,0 +1 @@ +../../../common/tcl \ No newline at end of file diff --git a/config/rootfiles/core/164/filelists/usbutils b/config/rootfiles/core/164/filelists/usbutils new file mode 120000 index 000000000..31db5a7ac --- /dev/null +++ b/config/rootfiles/core/164/filelists/usbutils @@ -0,0 +1 @@ +../../../common/usbutils \ No newline at end of file diff --git a/config/rootfiles/core/164/filelists/x86_64/linux b/config/rootfiles/core/164/filelists/x86_64/linux new file mode 120000 index 000000000..0615b5b9a --- /dev/null +++ b/config/rootfiles/core/164/filelists/x86_64/linux @@ -0,0 +1 @@ +../../../../common/x86_64/linux \ No newline at end of file diff --git a/config/rootfiles/core/164/filelists/x86_64/linux-initrd b/config/rootfiles/core/164/filelists/x86_64/linux-initrd new file mode 120000 index 000000000..1b9fff70f --- /dev/null +++ b/config/rootfiles/core/164/filelists/x86_64/linux-initrd @@ -0,0 +1 @@ +../../../../common/x86_64/linux-initrd \ No newline at end of file diff --git a/config/rootfiles/core/164/filelists/zstd b/config/rootfiles/core/164/filelists/zstd new file mode 120000 index 000000000..d6d4a3bf1 --- /dev/null +++ b/config/rootfiles/core/164/filelists/zstd @@ -0,0 +1 @@ +../../../common/zstd \ No newline at end of file diff --git a/config/rootfiles/core/164/update.sh b/config/rootfiles/core/164/update.sh new file mode 100644 index 000000000..a0650dbda --- /dev/null +++ b/config/rootfiles/core/164/update.sh @@ -0,0 +1,146 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 3 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2022 IPFire-Team info@ipfire.org. # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh +/usr/local/bin/backupctrl exclude >/dev/null 2>&1 + +core=164 + +exit_with_error() { + # Set last succesfull installed core. + echo $(($core-1)) > /opt/pakfire/db/core/mine + # force fsck at next boot, this may fix free space on xfs + touch /forcefsck + # don't start pakfire again at error + killall -KILL pak_update + /usr/bin/logger -p syslog.emerg -t ipfire \ + "core-update-${core}: $1" + exit $2 +} + +# Remove old core updates from pakfire cache to save space... +for (( i=1; i<=$core; i++ )); do + rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire +done + +KVER="xxxKVERxxx" + +# Backup uEnv.txt if exist +if [ -e /boot/uEnv.txt ]; then + cp -vf /boot/uEnv.txt /boot/uEnv.txt.org +fi + +# Do some sanity checks. +case $(uname -r) in + *-ipfire*) + # Ok. + ;; + *) + exit_with_error "ERROR cannot update. No IPFire Kernel." 1 + ;; +esac + +# Check diskspace on root +ROOTSPACE=`df / -Pk | sed "s| * | |g" | cut -d" " -f4 | tail -n 1` + +if [ $ROOTSPACE -lt 100000 ]; then + exit_with_error "ERROR cannot update because not enough free space on root." 2 + exit 2 +fi + +# Remove files +# Remove the old kernel +rm -rf /boot/System.map-* +rm -rf /boot/config-* +rm -rf /boot/ipfirerd-* +rm -rf /boot/initramfs-* +rm -rf /boot/vmlinuz-* +rm -rf /boot/uImage-* +rm -rf /boot/zImage-* +rm -rf /boot/uInit-* +rm -rf /boot/dtb-* +rm -rf /lib/modules + +# Stop services +/etc/init.d/collectd stop +/etc/init.d/suricata stop + +# Extract files +extract_files + +# update linker config +ldconfig + +# Update Language cache +/usr/local/bin/update-lang-cache + +# Filesytem cleanup +/usr/local/bin/filesystem-cleanup + +# Run convert script for IDS multiple providers +/usr/sbin/convert-ids-multiple-providers + +# Add missing configuration settings to optionsfw configuration +echo "DROPHOSTILE=off" > /var/ipfire/optionsfw/settings +echo "DROPSPOOFEDMARTIAN=on" > /var/ipfire/optionsfw/settings + +# Apply sysctl changes +/etc/init.d/sysctl start + +# Start services +/etc/init.d/firewall restart +/etc/init.d/collectd start +/etc/init.d/squid restart +/etc/init.d/suricata start + +# remove lm_sensor config after collectd was started +# to reserch sensors at next boot with updated kernel +rm -f /etc/sysconfig/lm_sensors + +# Upadate Kernel version uEnv.txt +if [ -e /boot/uEnv.txt ]; then + sed -i -e "s/KVER=.*/KVER=${KVER}/g" /boot/uEnv.txt +fi + +# call user update script (needed for some arm boards) +if [ -e /boot/pakfire-kernel-update ]; then + /boot/pakfire-kernel-update ${KVER} +fi + +# This update needs a reboot... +touch /var/run/need_reboot + +# Finish +/etc/init.d/fireinfo start +sendprofile + +# Update grub config to display new core version +if [ -e /boot/grub/grub.cfg ]; then + grub-mkconfig -o /boot/grub/grub.cfg +fi + +sync + +# Don't report the exitcode last command +exit 0 + diff --git a/config/rootfiles/oldcore/163/core-files b/config/rootfiles/oldcore/163/core-files new file mode 100644 index 000000000..0dec37e53 --- /dev/null +++ b/config/rootfiles/oldcore/163/core-files @@ -0,0 +1,5 @@ +etc/system-release +etc/issue +etc/os-release +srv/web/ipfire/cgi-bin/credits.cgi +var/ipfire/langs diff --git a/config/rootfiles/oldcore/163/exclude b/config/rootfiles/oldcore/163/exclude new file mode 100644 index 000000000..818039f4a --- /dev/null +++ b/config/rootfiles/oldcore/163/exclude @@ -0,0 +1,34 @@ +boot/config.txt +boot/grub/grub.cfg +boot/grub/grubenv +etc/alternatives +etc/collectd.custom +etc/default/grub +etc/ipsec.conf +etc/ipsec.secrets +etc/ipsec.user.conf +etc/ipsec.user.secrets +etc/localtime +etc/shadow +etc/snort/snort.conf +etc/ssl/openssl.cnf +etc/sudoers +etc/sysconfig/firewall.local +etc/sysconfig/rc.local +etc/udev/rules.d/30-persistent-network.rules +srv/web/ipfire/html/proxy.pac +usr/share/xt_geoip +var/ipfire/dma +var/ipfire/time +var/ipfire/firewall/locationblock +var/ipfire/fwhosts/customlocationgrp +var/ipfire/ovpn +var/ipfire/urlfilter/blacklist +var/ipfire/urlfilter/settings +var/lib/alternatives +var/lib/location/database.db +var/log/cache +var/log/dhcpcd.log +var/log/messages +var/state/dhcp/dhcpd.leases +var/updatecache diff --git a/config/rootfiles/core/163/filelists/apache2 b/config/rootfiles/oldcore/163/filelists/apache2 similarity index 100% rename from config/rootfiles/core/163/filelists/apache2 rename to config/rootfiles/oldcore/163/filelists/apache2 diff --git a/config/rootfiles/core/163/filelists/bash b/config/rootfiles/oldcore/163/filelists/bash similarity index 100% rename from config/rootfiles/core/163/filelists/bash rename to config/rootfiles/oldcore/163/filelists/bash diff --git a/config/rootfiles/core/163/filelists/ca-certificates b/config/rootfiles/oldcore/163/filelists/ca-certificates similarity index 100% rename from config/rootfiles/core/163/filelists/ca-certificates rename to config/rootfiles/oldcore/163/filelists/ca-certificates diff --git a/config/rootfiles/core/163/filelists/curl b/config/rootfiles/oldcore/163/filelists/curl similarity index 100% rename from config/rootfiles/core/163/filelists/curl rename to config/rootfiles/oldcore/163/filelists/curl diff --git a/config/rootfiles/core/163/filelists/e2fsprogs b/config/rootfiles/oldcore/163/filelists/e2fsprogs similarity index 100% rename from config/rootfiles/core/163/filelists/e2fsprogs rename to config/rootfiles/oldcore/163/filelists/e2fsprogs diff --git a/config/rootfiles/core/163/filelists/ethtool b/config/rootfiles/oldcore/163/filelists/ethtool similarity index 100% rename from config/rootfiles/core/163/filelists/ethtool rename to config/rootfiles/oldcore/163/filelists/ethtool diff --git a/config/rootfiles/core/163/filelists/exfatprogs b/config/rootfiles/oldcore/163/filelists/exfatprogs similarity index 100% rename from config/rootfiles/core/163/filelists/exfatprogs rename to config/rootfiles/oldcore/163/filelists/exfatprogs diff --git a/config/rootfiles/core/163/filelists/files b/config/rootfiles/oldcore/163/filelists/files similarity index 100% rename from config/rootfiles/core/163/filelists/files rename to config/rootfiles/oldcore/163/filelists/files diff --git a/config/rootfiles/oldcore/163/filelists/freetype b/config/rootfiles/oldcore/163/filelists/freetype new file mode 120000 index 000000000..79ec5c42e --- /dev/null +++ b/config/rootfiles/oldcore/163/filelists/freetype @@ -0,0 +1 @@ +../../../common/freetype \ No newline at end of file diff --git a/config/rootfiles/core/163/filelists/fribidi b/config/rootfiles/oldcore/163/filelists/fribidi similarity index 100% rename from config/rootfiles/core/163/filelists/fribidi rename to config/rootfiles/oldcore/163/filelists/fribidi diff --git a/config/rootfiles/core/163/filelists/gdb b/config/rootfiles/oldcore/163/filelists/gdb similarity index 100% rename from config/rootfiles/core/163/filelists/gdb rename to config/rootfiles/oldcore/163/filelists/gdb diff --git a/config/rootfiles/core/163/filelists/glib b/config/rootfiles/oldcore/163/filelists/glib similarity index 100% rename from config/rootfiles/core/163/filelists/glib rename to config/rootfiles/oldcore/163/filelists/glib diff --git a/config/rootfiles/core/163/filelists/grep b/config/rootfiles/oldcore/163/filelists/grep similarity index 100% rename from config/rootfiles/core/163/filelists/grep rename to config/rootfiles/oldcore/163/filelists/grep diff --git a/config/rootfiles/core/163/filelists/gzip b/config/rootfiles/oldcore/163/filelists/gzip similarity index 100% rename from config/rootfiles/core/163/filelists/gzip rename to config/rootfiles/oldcore/163/filelists/gzip diff --git a/config/rootfiles/core/163/filelists/harfbuzz b/config/rootfiles/oldcore/163/filelists/harfbuzz similarity index 100% rename from config/rootfiles/core/163/filelists/harfbuzz rename to config/rootfiles/oldcore/163/filelists/harfbuzz diff --git a/config/rootfiles/core/163/filelists/iproute2 b/config/rootfiles/oldcore/163/filelists/iproute2 similarity index 100% rename from config/rootfiles/core/163/filelists/iproute2 rename to config/rootfiles/oldcore/163/filelists/iproute2 diff --git a/config/rootfiles/core/163/filelists/libarchive b/config/rootfiles/oldcore/163/filelists/libarchive similarity index 100% rename from config/rootfiles/core/163/filelists/libarchive rename to config/rootfiles/oldcore/163/filelists/libarchive diff --git a/config/rootfiles/core/163/filelists/libcap b/config/rootfiles/oldcore/163/filelists/libcap similarity index 100% rename from config/rootfiles/core/163/filelists/libcap rename to config/rootfiles/oldcore/163/filelists/libcap diff --git a/config/rootfiles/core/163/filelists/libedit b/config/rootfiles/oldcore/163/filelists/libedit similarity index 100% rename from config/rootfiles/core/163/filelists/libedit rename to config/rootfiles/oldcore/163/filelists/libedit diff --git a/config/rootfiles/core/163/filelists/libgcrypt b/config/rootfiles/oldcore/163/filelists/libgcrypt similarity index 100% rename from config/rootfiles/core/163/filelists/libgcrypt rename to config/rootfiles/oldcore/163/filelists/libgcrypt diff --git a/config/rootfiles/core/163/filelists/libgpg-error b/config/rootfiles/oldcore/163/filelists/libgpg-error similarity index 100% rename from config/rootfiles/core/163/filelists/libgpg-error rename to config/rootfiles/oldcore/163/filelists/libgpg-error diff --git a/config/rootfiles/core/163/filelists/libloc b/config/rootfiles/oldcore/163/filelists/libloc similarity index 100% rename from config/rootfiles/core/163/filelists/libloc rename to config/rootfiles/oldcore/163/filelists/libloc diff --git a/config/rootfiles/core/163/filelists/libtasn1 b/config/rootfiles/oldcore/163/filelists/libtasn1 similarity index 100% rename from config/rootfiles/core/163/filelists/libtasn1 rename to config/rootfiles/oldcore/163/filelists/libtasn1 diff --git a/config/rootfiles/core/163/filelists/liburcu b/config/rootfiles/oldcore/163/filelists/liburcu similarity index 100% rename from config/rootfiles/core/163/filelists/liburcu rename to config/rootfiles/oldcore/163/filelists/liburcu diff --git a/config/rootfiles/core/163/filelists/linux-firmware b/config/rootfiles/oldcore/163/filelists/linux-firmware similarity index 100% rename from config/rootfiles/core/163/filelists/linux-firmware rename to config/rootfiles/oldcore/163/filelists/linux-firmware diff --git a/config/rootfiles/core/163/filelists/m4 b/config/rootfiles/oldcore/163/filelists/m4 similarity index 100% rename from config/rootfiles/core/163/filelists/m4 rename to config/rootfiles/oldcore/163/filelists/m4 diff --git a/config/rootfiles/core/163/filelists/ncurses b/config/rootfiles/oldcore/163/filelists/ncurses similarity index 100% rename from config/rootfiles/core/163/filelists/ncurses rename to config/rootfiles/oldcore/163/filelists/ncurses diff --git a/config/rootfiles/core/163/filelists/pam b/config/rootfiles/oldcore/163/filelists/pam similarity index 100% rename from config/rootfiles/core/163/filelists/pam rename to config/rootfiles/oldcore/163/filelists/pam diff --git a/config/rootfiles/core/163/filelists/pango b/config/rootfiles/oldcore/163/filelists/pango similarity index 100% rename from config/rootfiles/core/163/filelists/pango rename to config/rootfiles/oldcore/163/filelists/pango diff --git a/config/rootfiles/core/163/filelists/poppler b/config/rootfiles/oldcore/163/filelists/poppler similarity index 100% rename from config/rootfiles/core/163/filelists/poppler rename to config/rootfiles/oldcore/163/filelists/poppler diff --git a/config/rootfiles/core/163/filelists/qpdf b/config/rootfiles/oldcore/163/filelists/qpdf similarity index 100% rename from config/rootfiles/core/163/filelists/qpdf rename to config/rootfiles/oldcore/163/filelists/qpdf diff --git a/config/rootfiles/core/163/filelists/rng-tools b/config/rootfiles/oldcore/163/filelists/rng-tools similarity index 100% rename from config/rootfiles/core/163/filelists/rng-tools rename to config/rootfiles/oldcore/163/filelists/rng-tools diff --git a/config/rootfiles/core/163/filelists/sdparm b/config/rootfiles/oldcore/163/filelists/sdparm similarity index 100% rename from config/rootfiles/core/163/filelists/sdparm rename to config/rootfiles/oldcore/163/filelists/sdparm diff --git a/config/rootfiles/oldcore/163/filelists/shadow b/config/rootfiles/oldcore/163/filelists/shadow new file mode 120000 index 000000000..c0824b7b9 --- /dev/null +++ b/config/rootfiles/oldcore/163/filelists/shadow @@ -0,0 +1 @@ +../../../common/shadow \ No newline at end of file diff --git a/config/rootfiles/core/163/filelists/sqlite b/config/rootfiles/oldcore/163/filelists/sqlite similarity index 100% rename from config/rootfiles/core/163/filelists/sqlite rename to config/rootfiles/oldcore/163/filelists/sqlite diff --git a/config/rootfiles/oldcore/163/filelists/squid b/config/rootfiles/oldcore/163/filelists/squid new file mode 120000 index 000000000..2dc8372a0 --- /dev/null +++ b/config/rootfiles/oldcore/163/filelists/squid @@ -0,0 +1 @@ +../../../common/squid \ No newline at end of file diff --git a/config/rootfiles/core/163/filelists/sudo b/config/rootfiles/oldcore/163/filelists/sudo similarity index 100% rename from config/rootfiles/core/163/filelists/sudo rename to config/rootfiles/oldcore/163/filelists/sudo diff --git a/config/rootfiles/core/163/filelists/sysvinit b/config/rootfiles/oldcore/163/filelists/sysvinit similarity index 100% rename from config/rootfiles/core/163/filelists/sysvinit rename to config/rootfiles/oldcore/163/filelists/sysvinit diff --git a/config/rootfiles/core/163/filelists/unbound b/config/rootfiles/oldcore/163/filelists/unbound similarity index 100% rename from config/rootfiles/core/163/filelists/unbound rename to config/rootfiles/oldcore/163/filelists/unbound diff --git a/config/rootfiles/core/163/filelists/wget b/config/rootfiles/oldcore/163/filelists/wget similarity index 100% rename from config/rootfiles/core/163/filelists/wget rename to config/rootfiles/oldcore/163/filelists/wget diff --git a/config/rootfiles/core/163/filelists/xfsprogs b/config/rootfiles/oldcore/163/filelists/xfsprogs similarity index 100% rename from config/rootfiles/core/163/filelists/xfsprogs rename to config/rootfiles/oldcore/163/filelists/xfsprogs diff --git a/config/rootfiles/core/163/files b/config/rootfiles/oldcore/163/files similarity index 100% rename from config/rootfiles/core/163/files rename to config/rootfiles/oldcore/163/files diff --git a/config/rootfiles/core/163/update.sh b/config/rootfiles/oldcore/163/update.sh similarity index 100% rename from config/rootfiles/core/163/update.sh rename to config/rootfiles/oldcore/163/update.sh diff --git a/config/rootfiles/packages/gnu-netcat b/config/rootfiles/packages/gnu-netcat index 241b14b9b..820232797 100644 --- a/config/rootfiles/packages/gnu-netcat +++ b/config/rootfiles/packages/gnu-netcat @@ -1,4 +1,5 @@ usr/bin/netcat +#usr/info #usr/info/dir #usr/info/netcat.info #usr/man/man1/netcat.1 diff --git a/config/rootfiles/packages/libvirt b/config/rootfiles/packages/libvirt index 1c531b820..b6f639901 100644 --- a/config/rootfiles/packages/libvirt +++ b/config/rootfiles/packages/libvirt @@ -6,8 +6,12 @@ etc/libvirt/libvirtd.conf #etc/libvirt/nwfilter/allow-arp.xml #etc/libvirt/nwfilter/allow-dhcp-server.xml #etc/libvirt/nwfilter/allow-dhcp.xml +#etc/libvirt/nwfilter/allow-dhcpv6-server.xml +#etc/libvirt/nwfilter/allow-dhcpv6.xml #etc/libvirt/nwfilter/allow-incoming-ipv4.xml +#etc/libvirt/nwfilter/allow-incoming-ipv6.xml #etc/libvirt/nwfilter/allow-ipv4.xml +#etc/libvirt/nwfilter/allow-ipv6.xml #etc/libvirt/nwfilter/clean-traffic-gateway.xml #etc/libvirt/nwfilter/clean-traffic.xml #etc/libvirt/nwfilter/no-arp-ip-spoofing.xml @@ -15,6 +19,8 @@ etc/libvirt/libvirtd.conf #etc/libvirt/nwfilter/no-arp-spoofing.xml #etc/libvirt/nwfilter/no-ip-multicast.xml #etc/libvirt/nwfilter/no-ip-spoofing.xml +#etc/libvirt/nwfilter/no-ipv6-multicast.xml +#etc/libvirt/nwfilter/no-ipv6-spoofing.xml #etc/libvirt/nwfilter/no-mac-broadcast.xml #etc/libvirt/nwfilter/no-mac-spoofing.xml #etc/libvirt/nwfilter/no-other-l2-traffic.xml @@ -24,6 +30,7 @@ etc/libvirt/libvirtd.conf etc/libvirt/qemu-lockd.conf etc/libvirt/qemu.conf etc/libvirt/virt-login-shell.conf +etc/libvirt/virtchd.conf etc/libvirt/virtinterfaced.conf etc/libvirt/virtlockd.conf etc/libvirt/virtlogd.conf @@ -44,8 +51,10 @@ usr/bin/virsh usr/bin/virt-admin usr/bin/virt-host-validate usr/bin/virt-login-shell +usr/bin/virt-pki-query-dn usr/bin/virt-pki-validate usr/bin/virt-qemu-run +usr/bin/virt-ssh-helper usr/bin/virt-xml-validate #usr/include/libvirt #usr/include/libvirt/libvirt-admin.h @@ -67,45 +76,33 @@ usr/bin/virt-xml-validate #usr/include/libvirt/libvirt.h #usr/include/libvirt/virterror.h #usr/lib/libvirt -#usr/lib/libvirt-admin.la #usr/lib/libvirt-admin.so usr/lib/libvirt-admin.so.0 -usr/lib/libvirt-admin.so.0.6005.0 -#usr/lib/libvirt-lxc.la +usr/lib/libvirt-admin.so.0.7010.0 #usr/lib/libvirt-lxc.so usr/lib/libvirt-lxc.so.0 -usr/lib/libvirt-lxc.so.0.6005.0 -#usr/lib/libvirt-qemu.la +usr/lib/libvirt-lxc.so.0.7010.0 #usr/lib/libvirt-qemu.so usr/lib/libvirt-qemu.so.0 -usr/lib/libvirt-qemu.so.0.6005.0 -#usr/lib/libvirt.la +usr/lib/libvirt-qemu.so.0.7010.0 #usr/lib/libvirt.so usr/lib/libvirt.so.0 -usr/lib/libvirt.so.0.6005.0 +usr/lib/libvirt.so.0.7010.0 #usr/lib/libvirt/connection-driver -#usr/lib/libvirt/connection-driver/libvirt_driver_interface.la +usr/lib/libvirt/connection-driver/libvirt_driver_ch.so usr/lib/libvirt/connection-driver/libvirt_driver_interface.so -#usr/lib/libvirt/connection-driver/libvirt_driver_nodedev.la usr/lib/libvirt/connection-driver/libvirt_driver_nodedev.so -#usr/lib/libvirt/connection-driver/libvirt_driver_nwfilter.la usr/lib/libvirt/connection-driver/libvirt_driver_nwfilter.so -#usr/lib/libvirt/connection-driver/libvirt_driver_qemu.la usr/lib/libvirt/connection-driver/libvirt_driver_qemu.so -#usr/lib/libvirt/connection-driver/libvirt_driver_secret.la usr/lib/libvirt/connection-driver/libvirt_driver_secret.so -#usr/lib/libvirt/connection-driver/libvirt_driver_storage.la usr/lib/libvirt/connection-driver/libvirt_driver_storage.so #usr/lib/libvirt/lock-driver -#usr/lib/libvirt/lock-driver/lockd.la usr/lib/libvirt/lock-driver/lockd.so #usr/lib/libvirt/storage-backend -#usr/lib/libvirt/storage-backend/libvirt_storage_backend_fs.la usr/lib/libvirt/storage-backend/libvirt_storage_backend_fs.so -#usr/lib/libvirt/storage-backend/libvirt_storage_backend_logical.la usr/lib/libvirt/storage-backend/libvirt_storage_backend_logical.so +usr/lib/libvirt/storage-backend/libvirt_storage_backend_vstorage.so #usr/lib/libvirt/storage-file -#usr/lib/libvirt/storage-file/libvirt_storage_file_fs.la usr/lib/libvirt/storage-file/libvirt_storage_file_fs.so #usr/lib/pkgconfig/libvirt-admin.pc #usr/lib/pkgconfig/libvirt-lxc.pc @@ -116,6 +113,7 @@ usr/lib/sysctl.d/60-libvirtd.conf usr/libexec/libvirt_iohelper usr/libexec/virt-login-shell-helper usr/sbin/libvirtd +usr/sbin/virtchd usr/sbin/virtinterfaced usr/sbin/virtlockd usr/sbin/virtlogd @@ -134,6 +132,7 @@ usr/sbin/virtstoraged #usr/share/augeas/lenses/tests/test_libvirt_lockd.aug #usr/share/augeas/lenses/tests/test_libvirtd.aug #usr/share/augeas/lenses/tests/test_libvirtd_qemu.aug +#usr/share/augeas/lenses/tests/test_virtchd.aug #usr/share/augeas/lenses/tests/test_virtinterfaced.aug #usr/share/augeas/lenses/tests/test_virtlockd.aug #usr/share/augeas/lenses/tests/test_virtlogd.aug @@ -143,6 +142,7 @@ usr/sbin/virtstoraged #usr/share/augeas/lenses/tests/test_virtqemud.aug #usr/share/augeas/lenses/tests/test_virtsecretd.aug #usr/share/augeas/lenses/tests/test_virtstoraged.aug +#usr/share/augeas/lenses/virtchd.aug #usr/share/augeas/lenses/virtinterfaced.aug #usr/share/augeas/lenses/virtlockd.aug #usr/share/augeas/lenses/virtlogd.aug @@ -204,238 +204,12 @@ usr/sbin/virtstoraged #usr/share/doc/libvirt/examples/xml/test/testnodeinline.xml #usr/share/doc/libvirt/examples/xml/test/testpool.xml #usr/share/doc/libvirt/examples/xml/test/testvol.xml -#usr/share/doc/libvirt/html -#usr/share/doc/libvirt/html/404.html -#usr/share/doc/libvirt/html/acl.html -#usr/share/doc/libvirt/html/aclpolkit.html -#usr/share/doc/libvirt/html/advanced-tests.html -#usr/share/doc/libvirt/html/android-chrome-192x192.png -#usr/share/doc/libvirt/html/android-chrome-256x256.png -#usr/share/doc/libvirt/html/api.html -#usr/share/doc/libvirt/html/api_extension.html -#usr/share/doc/libvirt/html/apple-touch-icon.png -#usr/share/doc/libvirt/html/apps.html -#usr/share/doc/libvirt/html/architecture.gif -#usr/share/doc/libvirt/html/architecture.html -#usr/share/doc/libvirt/html/auditlog.html -#usr/share/doc/libvirt/html/auth.html -#usr/share/doc/libvirt/html/best-practices.html -#usr/share/doc/libvirt/html/bindings.html -#usr/share/doc/libvirt/html/browserconfig.xml -#usr/share/doc/libvirt/html/bugs.html -#usr/share/doc/libvirt/html/cgroups.html -#usr/share/doc/libvirt/html/ci.html -#usr/share/doc/libvirt/html/coding-style.html -#usr/share/doc/libvirt/html/committer-guidelines.html -#usr/share/doc/libvirt/html/compiling.html -#usr/share/doc/libvirt/html/contact.html -#usr/share/doc/libvirt/html/contribute.html -#usr/share/doc/libvirt/html/csharp.html -#usr/share/doc/libvirt/html/daemons.html -#usr/share/doc/libvirt/html/dbus.html -#usr/share/doc/libvirt/html/developer-tooling.html -#usr/share/doc/libvirt/html/devguide.html -#usr/share/doc/libvirt/html/docs.html -#usr/share/doc/libvirt/html/downloads.html -#usr/share/doc/libvirt/html/drivers.html -#usr/share/doc/libvirt/html/drvbhyve.html -#usr/share/doc/libvirt/html/drvesx.html -#usr/share/doc/libvirt/html/drvhyperv.html -#usr/share/doc/libvirt/html/drvlxc.html -#usr/share/doc/libvirt/html/drvnodedev.html -#usr/share/doc/libvirt/html/drvopenvz.html -#usr/share/doc/libvirt/html/drvqemu.html -#usr/share/doc/libvirt/html/drvremote.html -#usr/share/doc/libvirt/html/drvsecret.html -#usr/share/doc/libvirt/html/drvtest.html -#usr/share/doc/libvirt/html/drvvbox.html -#usr/share/doc/libvirt/html/drvvirtuozzo.html -#usr/share/doc/libvirt/html/drvvmware.html -#usr/share/doc/libvirt/html/drvxen.html -#usr/share/doc/libvirt/html/errors.html -#usr/share/doc/libvirt/html/favicon-16x16.png -#usr/share/doc/libvirt/html/favicon-32x32.png -#usr/share/doc/libvirt/html/favicon.ico -#usr/share/doc/libvirt/html/firewall.html -#usr/share/doc/libvirt/html/fonts -#usr/share/doc/libvirt/html/fonts/LICENSE.rst -#usr/share/doc/libvirt/html/fonts/overpass-bold-italic.woff -#usr/share/doc/libvirt/html/fonts/overpass-bold.woff -#usr/share/doc/libvirt/html/fonts/overpass-italic.woff -#usr/share/doc/libvirt/html/fonts/overpass-light-italic.woff -#usr/share/doc/libvirt/html/fonts/overpass-light.woff -#usr/share/doc/libvirt/html/fonts/overpass-mono-bold.woff -#usr/share/doc/libvirt/html/fonts/overpass-mono-light.woff -#usr/share/doc/libvirt/html/fonts/overpass-mono-regular.woff -#usr/share/doc/libvirt/html/fonts/overpass-mono-semibold.woff -#usr/share/doc/libvirt/html/fonts/overpass-regular.woff -#usr/share/doc/libvirt/html/fonts/stylesheet.css -#usr/share/doc/libvirt/html/format.html -#usr/share/doc/libvirt/html/formatbackup.html -#usr/share/doc/libvirt/html/formatcaps.html -#usr/share/doc/libvirt/html/formatcheckpoint.html -#usr/share/doc/libvirt/html/formatdomain.html -#usr/share/doc/libvirt/html/formatdomaincaps.html -#usr/share/doc/libvirt/html/formatnetwork.html -#usr/share/doc/libvirt/html/formatnetworkport.html -#usr/share/doc/libvirt/html/formatnode.html -#usr/share/doc/libvirt/html/formatnwfilter.html -#usr/share/doc/libvirt/html/formatsecret.html -#usr/share/doc/libvirt/html/formatsnapshot.html -#usr/share/doc/libvirt/html/formatstorage.html -#usr/share/doc/libvirt/html/formatstoragecaps.html -#usr/share/doc/libvirt/html/formatstorageencryption.html -#usr/share/doc/libvirt/html/generic.css -#usr/share/doc/libvirt/html/goals.html -#usr/share/doc/libvirt/html/governance.html -#usr/share/doc/libvirt/html/hacking.html -#usr/share/doc/libvirt/html/hooks.html -#usr/share/doc/libvirt/html/html -#usr/share/doc/libvirt/html/html/home.png -#usr/share/doc/libvirt/html/html/index-admin.html -#usr/share/doc/libvirt/html/html/index-lxc.html -#usr/share/doc/libvirt/html/html/index-qemu.html -#usr/share/doc/libvirt/html/html/index.html -#usr/share/doc/libvirt/html/html/left.png -#usr/share/doc/libvirt/html/html/libvirt-libvirt-admin.html -#usr/share/doc/libvirt/html/html/libvirt-libvirt-common.html -#usr/share/doc/libvirt/html/html/libvirt-libvirt-domain-checkpoint.html -#usr/share/doc/libvirt/html/html/libvirt-libvirt-domain-snapshot.html -#usr/share/doc/libvirt/html/html/libvirt-libvirt-domain.html -#usr/share/doc/libvirt/html/html/libvirt-libvirt-event.html -#usr/share/doc/libvirt/html/html/libvirt-libvirt-host.html -#usr/share/doc/libvirt/html/html/libvirt-libvirt-interface.html -#usr/share/doc/libvirt/html/html/libvirt-libvirt-lxc.html -#usr/share/doc/libvirt/html/html/libvirt-libvirt-network.html -#usr/share/doc/libvirt/html/html/libvirt-libvirt-nodedev.html -#usr/share/doc/libvirt/html/html/libvirt-libvirt-nwfilter.html -#usr/share/doc/libvirt/html/html/libvirt-libvirt-qemu.html -#usr/share/doc/libvirt/html/html/libvirt-libvirt-secret.html -#usr/share/doc/libvirt/html/html/libvirt-libvirt-storage.html -#usr/share/doc/libvirt/html/html/libvirt-libvirt-stream.html -#usr/share/doc/libvirt/html/html/libvirt-virterror.html -#usr/share/doc/libvirt/html/html/right.png -#usr/share/doc/libvirt/html/html/up.png -#usr/share/doc/libvirt/html/hvsupport.html -#usr/share/doc/libvirt/html/index.html -#usr/share/doc/libvirt/html/internals -#usr/share/doc/libvirt/html/internals.html -#usr/share/doc/libvirt/html/internals/command.html -#usr/share/doc/libvirt/html/internals/eventloop.html -#usr/share/doc/libvirt/html/internals/locking.html -#usr/share/doc/libvirt/html/internals/rpc.html -#usr/share/doc/libvirt/html/java.html -#usr/share/doc/libvirt/html/js -#usr/share/doc/libvirt/html/js/main.js -#usr/share/doc/libvirt/html/kbase -#usr/share/doc/libvirt/html/kbase.html -#usr/share/doc/libvirt/html/kbase/backing_chains.html -#usr/share/doc/libvirt/html/kbase/domainstatecapture.html -#usr/share/doc/libvirt/html/kbase/incrementalbackupinternals.html -#usr/share/doc/libvirt/html/kbase/kvm-realtime.html -#usr/share/doc/libvirt/html/kbase/launch_security_sev.html -#usr/share/doc/libvirt/html/kbase/locking-lockd.html -#usr/share/doc/libvirt/html/kbase/locking-sanlock.html -#usr/share/doc/libvirt/html/kbase/locking.html -#usr/share/doc/libvirt/html/kbase/qemu-passthrough-security.html -#usr/share/doc/libvirt/html/kbase/rpm-deployment.html -#usr/share/doc/libvirt/html/kbase/s390_protected_virt.html -#usr/share/doc/libvirt/html/kbase/secureusage.html -#usr/share/doc/libvirt/html/kbase/virtiofs.html -#usr/share/doc/libvirt/html/libvirt-daemon-arch.png -#usr/share/doc/libvirt/html/libvirt-driver-arch.png -#usr/share/doc/libvirt/html/libvirt-go-xml.html -#usr/share/doc/libvirt/html/libvirt-go.html -#usr/share/doc/libvirt/html/libvirt-object-model.png -#usr/share/doc/libvirt/html/libvirt-virConnect-example.png -#usr/share/doc/libvirt/html/libvirt.css -#usr/share/doc/libvirt/html/logging.html -#usr/share/doc/libvirt/html/logos -#usr/share/doc/libvirt/html/logos/logo-banner-dark-256.png -#usr/share/doc/libvirt/html/logos/logo-banner-dark-800.png -#usr/share/doc/libvirt/html/logos/logo-banner-dark.svg -#usr/share/doc/libvirt/html/logos/logo-banner-light-256.png -#usr/share/doc/libvirt/html/logos/logo-banner-light-800.png -#usr/share/doc/libvirt/html/logos/logo-banner-light.svg -#usr/share/doc/libvirt/html/logos/logo-base.svg -#usr/share/doc/libvirt/html/logos/logo-square-128.png -#usr/share/doc/libvirt/html/logos/logo-square-192.png -#usr/share/doc/libvirt/html/logos/logo-square-256.png -#usr/share/doc/libvirt/html/logos/logo-square-96.png -#usr/share/doc/libvirt/html/logos/logo-square-powered-128.png -#usr/share/doc/libvirt/html/logos/logo-square-powered-192.png -#usr/share/doc/libvirt/html/logos/logo-square-powered-256.png -#usr/share/doc/libvirt/html/logos/logo-square-powered-96.png -#usr/share/doc/libvirt/html/logos/logo-square-powered.svg -#usr/share/doc/libvirt/html/logos/logo-square.svg -#usr/share/doc/libvirt/html/main.css -#usr/share/doc/libvirt/html/manifest.json -#usr/share/doc/libvirt/html/manpages -#usr/share/doc/libvirt/html/manpages/index.html -#usr/share/doc/libvirt/html/manpages/libvirtd.html -#usr/share/doc/libvirt/html/manpages/virkeycode-atset1.html -#usr/share/doc/libvirt/html/manpages/virkeycode-atset2.html -#usr/share/doc/libvirt/html/manpages/virkeycode-atset3.html -#usr/share/doc/libvirt/html/manpages/virkeycode-linux.html -#usr/share/doc/libvirt/html/manpages/virkeycode-osx.html -#usr/share/doc/libvirt/html/manpages/virkeycode-qnum.html -#usr/share/doc/libvirt/html/manpages/virkeycode-usb.html -#usr/share/doc/libvirt/html/manpages/virkeycode-win32.html -#usr/share/doc/libvirt/html/manpages/virkeycode-xtkbd.html -#usr/share/doc/libvirt/html/manpages/virkeyname-linux.html -#usr/share/doc/libvirt/html/manpages/virkeyname-osx.html -#usr/share/doc/libvirt/html/manpages/virkeyname-win32.html -#usr/share/doc/libvirt/html/manpages/virsh.html -#usr/share/doc/libvirt/html/manpages/virt-admin.html -#usr/share/doc/libvirt/html/manpages/virt-host-validate.html -#usr/share/doc/libvirt/html/manpages/virt-login-shell.html -#usr/share/doc/libvirt/html/manpages/virt-pki-validate.html -#usr/share/doc/libvirt/html/manpages/virt-qemu-run.html -#usr/share/doc/libvirt/html/manpages/virt-sanlock-cleanup.html -#usr/share/doc/libvirt/html/manpages/virt-xml-validate.html -#usr/share/doc/libvirt/html/manpages/virtlockd.html -#usr/share/doc/libvirt/html/manpages/virtlogd.html -#usr/share/doc/libvirt/html/migration-managed-direct.png -#usr/share/doc/libvirt/html/migration-managed-p2p.png -#usr/share/doc/libvirt/html/migration-native.png -#usr/share/doc/libvirt/html/migration-tunnel.png -#usr/share/doc/libvirt/html/migration-unmanaged-direct.png -#usr/share/doc/libvirt/html/migration.html -#usr/share/doc/libvirt/html/mobile.css -#usr/share/doc/libvirt/html/mstile-150x150.png -#usr/share/doc/libvirt/html/newreposetup.html -#usr/share/doc/libvirt/html/news.html -#usr/share/doc/libvirt/html/node.gif -#usr/share/doc/libvirt/html/nss.html -#usr/share/doc/libvirt/html/pci-addresses.html -#usr/share/doc/libvirt/html/pci-hotplug.html -#usr/share/doc/libvirt/html/php.html -#usr/share/doc/libvirt/html/platforms.html -#usr/share/doc/libvirt/html/programming-languages.html -#usr/share/doc/libvirt/html/python.html -#usr/share/doc/libvirt/html/remote.html -#usr/share/doc/libvirt/html/securityprocess.html -#usr/share/doc/libvirt/html/storage.html -#usr/share/doc/libvirt/html/strategy.html -#usr/share/doc/libvirt/html/styleguide.html -#usr/share/doc/libvirt/html/submitting-patches.html -#usr/share/doc/libvirt/html/support.html -#usr/share/doc/libvirt/html/testapi.html -#usr/share/doc/libvirt/html/testsuites.html -#usr/share/doc/libvirt/html/testtck.html -#usr/share/doc/libvirt/html/tlscerts.html -#usr/share/doc/libvirt/html/uri.html -#usr/share/doc/libvirt/html/virshcmdref.html -#usr/share/doc/libvirt/html/windows.html #usr/share/libvirt -#usr/share/libvirt/api -usr/share/libvirt/api/libvirt-admin-api.xml -usr/share/libvirt/api/libvirt-api.xml -usr/share/libvirt/api/libvirt-lxc-api.xml -usr/share/libvirt/api/libvirt-qemu-api.xml #usr/share/libvirt/cpu_map +#usr/share/libvirt/cpu_map/arm_FT-2000plus.xml #usr/share/libvirt/cpu_map/arm_Falkor.xml #usr/share/libvirt/cpu_map/arm_Kunpeng-920.xml +#usr/share/libvirt/cpu_map/arm_Tengyun-S2500.xml #usr/share/libvirt/cpu_map/arm_ThunderX299xx.xml #usr/share/libvirt/cpu_map/arm_cortex-a53.xml #usr/share/libvirt/cpu_map/arm_cortex-a57.xml @@ -461,6 +235,8 @@ usr/share/libvirt/cpu_map/x86_Conroe.xml usr/share/libvirt/cpu_map/x86_Cooperlake.xml usr/share/libvirt/cpu_map/x86_Dhyana.xml usr/share/libvirt/cpu_map/x86_EPYC-IBPB.xml +usr/share/libvirt/cpu_map/x86_EPYC-Milan.xml +usr/share/libvirt/cpu_map/x86_EPYC-Rome.xml usr/share/libvirt/cpu_map/x86_EPYC.xml usr/share/libvirt/cpu_map/x86_Haswell-IBRS.xml usr/share/libvirt/cpu_map/x86_Haswell-noTSX-IBRS.xml @@ -488,6 +264,7 @@ usr/share/libvirt/cpu_map/x86_Skylake-Client.xml usr/share/libvirt/cpu_map/x86_Skylake-Server-IBRS.xml usr/share/libvirt/cpu_map/x86_Skylake-Server-noTSX-IBRS.xml usr/share/libvirt/cpu_map/x86_Skylake-Server.xml +usr/share/libvirt/cpu_map/x86_Snowridge.xml usr/share/libvirt/cpu_map/x86_Westmere-IBRS.xml usr/share/libvirt/cpu_map/x86_Westmere.xml usr/share/libvirt/cpu_map/x86_athlon.xml @@ -507,57 +284,57 @@ usr/share/libvirt/cpu_map/x86_phenom.xml usr/share/libvirt/cpu_map/x86_qemu32.xml usr/share/libvirt/cpu_map/x86_qemu64.xml usr/share/libvirt/cpu_map/x86_vendors.xml -#usr/share/libvirt/schemas -usr/share/libvirt/schemas/basictypes.rng -usr/share/libvirt/schemas/capability.rng -usr/share/libvirt/schemas/cputypes.rng -usr/share/libvirt/schemas/domain.rng -#usr/share/libvirt/schemas/domainbackup.rng -usr/share/libvirt/schemas/domaincaps.rng -usr/share/libvirt/schemas/domaincheckpoint.rng -usr/share/libvirt/schemas/domaincommon.rng -usr/share/libvirt/schemas/domainsnapshot.rng -usr/share/libvirt/schemas/interface.rng -usr/share/libvirt/schemas/network.rng -usr/share/libvirt/schemas/networkcommon.rng -usr/share/libvirt/schemas/networkport.rng -usr/share/libvirt/schemas/nodedev.rng -usr/share/libvirt/schemas/nwfilter.rng -usr/share/libvirt/schemas/nwfilter_params.rng -usr/share/libvirt/schemas/nwfilterbinding.rng -usr/share/libvirt/schemas/secret.rng -usr/share/libvirt/schemas/storagecommon.rng -usr/share/libvirt/schemas/storagepool.rng -usr/share/libvirt/schemas/storagepoolcaps.rng -usr/share/libvirt/schemas/storagevol.rng #usr/share/libvirt/test-screenshot.png -#usr/share/man/man1/virsh.1 -#usr/share/man/man1/virt-admin.1 -#usr/share/man/man1/virt-host-validate.1 -#usr/share/man/man1/virt-login-shell.1 -#usr/share/man/man1/virt-pki-validate.1 -#usr/share/man/man1/virt-qemu-run.1 -#usr/share/man/man1/virt-xml-validate.1 -#usr/share/man/man7/virkeycode-atset1.7 -#usr/share/man/man7/virkeycode-atset2.7 -#usr/share/man/man7/virkeycode-atset3.7 -#usr/share/man/man7/virkeycode-linux.7 -#usr/share/man/man7/virkeycode-osx.7 -#usr/share/man/man7/virkeycode-qnum.7 -#usr/share/man/man7/virkeycode-usb.7 -#usr/share/man/man7/virkeycode-win32.7 -#usr/share/man/man7/virkeycode-xtkbd.7 -#usr/share/man/man7/virkeyname-linux.7 -#usr/share/man/man7/virkeyname-osx.7 -#usr/share/man/man7/virkeyname-win32.7 -#usr/share/man/man8/libvirtd.8 -#usr/share/man/man8/virtlockd.8 -#usr/share/man/man8/virtlogd.8 +#usr/share/locale/as/LC_MESSAGES/libvirt.mo +#usr/share/locale/bg/LC_MESSAGES/libvirt.mo +#usr/share/locale/bn_IN/LC_MESSAGES/libvirt.mo +#usr/share/locale/bs/LC_MESSAGES/libvirt.mo +#usr/share/locale/ca/LC_MESSAGES/libvirt.mo +#usr/share/locale/cs/LC_MESSAGES/libvirt.mo +#usr/share/locale/da/LC_MESSAGES/libvirt.mo +#usr/share/locale/de/LC_MESSAGES/libvirt.mo +#usr/share/locale/el/LC_MESSAGES/libvirt.mo +#usr/share/locale/en_GB/LC_MESSAGES/libvirt.mo +#usr/share/locale/es/LC_MESSAGES/libvirt.mo +#usr/share/locale/fi/LC_MESSAGES/libvirt.mo +#usr/share/locale/fr/LC_MESSAGES/libvirt.mo +#usr/share/locale/gu/LC_MESSAGES/libvirt.mo +#usr/share/locale/hi/LC_MESSAGES/libvirt.mo +#usr/share/locale/hu/LC_MESSAGES/libvirt.mo +#usr/share/locale/id/LC_MESSAGES/libvirt.mo +#usr/share/locale/it/LC_MESSAGES/libvirt.mo +#usr/share/locale/ja/LC_MESSAGES/libvirt.mo +#usr/share/locale/kn/LC_MESSAGES/libvirt.mo +#usr/share/locale/ko/LC_MESSAGES/libvirt.mo +#usr/share/locale/mk/LC_MESSAGES/libvirt.mo +#usr/share/locale/ml/LC_MESSAGES/libvirt.mo +#usr/share/locale/mr/LC_MESSAGES/libvirt.mo +#usr/share/locale/ms/LC_MESSAGES/libvirt.mo +#usr/share/locale/nb/LC_MESSAGES/libvirt.mo +#usr/share/locale/nl/LC_MESSAGES/libvirt.mo +#usr/share/locale/or/LC_MESSAGES/libvirt.mo +#usr/share/locale/pa/LC_MESSAGES/libvirt.mo +#usr/share/locale/pl/LC_MESSAGES/libvirt.mo +#usr/share/locale/pt/LC_MESSAGES/libvirt.mo +#usr/share/locale/pt_BR/LC_MESSAGES/libvirt.mo +#usr/share/locale/ru/LC_MESSAGES/libvirt.mo +#usr/share/locale/si/LC_MESSAGES/libvirt.mo +#usr/share/locale/sr/LC_MESSAGES/libvirt.mo +#usr/share/locale/sr@latin/LC_MESSAGES/libvirt.mo +#usr/share/locale/sv/LC_MESSAGES/libvirt.mo +#usr/share/locale/ta/LC_MESSAGES/libvirt.mo +#usr/share/locale/te/LC_MESSAGES/libvirt.mo +#usr/share/locale/tr/LC_MESSAGES/libvirt.mo +#usr/share/locale/uk/LC_MESSAGES/libvirt.mo +#usr/share/locale/vi/LC_MESSAGES/libvirt.mo +#usr/share/locale/zh_CN/LC_MESSAGES/libvirt.mo +#usr/share/locale/zh_TW/LC_MESSAGES/libvirt.mo #var/cache/libvirt #var/cache/libvirt/qemu var/ipfire/backup/addons/includes/libvirt #var/lib/libvirt #var/lib/libvirt/boot +#var/lib/libvirt/ch #var/lib/libvirt/filesystems #var/lib/libvirt/images #var/lib/libvirt/lockd diff --git a/config/rootfiles/packages/perl-File-ReadBackwards b/config/rootfiles/packages/perl-File-ReadBackwards index eed7b0303..c1253037e 100644 --- a/config/rootfiles/packages/perl-File-ReadBackwards +++ b/config/rootfiles/packages/perl-File-ReadBackwards @@ -1,3 +1,4 @@ +#usr/lib/perl5/site_perl/5.32.1/File usr/lib/perl5/site_perl/5.32.1/File/ReadBackwards.pm #usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/File #usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/File/ReadBackwards diff --git a/config/rootfiles/packages/python3-setuptools b/config/rootfiles/packages/python3-setuptools index cb6e9b037..b3576d39f 100644 --- a/config/rootfiles/packages/python3-setuptools +++ b/config/rootfiles/packages/python3-setuptools @@ -1,175 +1,177 @@ #usr/lib/python3.8/site-packages/easy-install.pth -#usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg -#usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/EGG-INFO -#usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/EGG-INFO/PKG-INFO -#usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/EGG-INFO/SOURCES.txt -#usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/EGG-INFO/dependency_links.txt -#usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/EGG-INFO/entry_points.txt -#usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/EGG-INFO/not-zip-safe -#usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/EGG-INFO/requires.txt -#usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/EGG-INFO/top_level.txt -#usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/_distutils_hack -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/_distutils_hack/__init__.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/_distutils_hack/override.py -#usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/pkg_resources -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/pkg_resources/__init__.py -#usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/pkg_resources/_vendor -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/pkg_resources/_vendor/__init__.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/pkg_resources/_vendor/appdirs.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/pkg_resources/_vendor/packaging -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/pkg_resources/_vendor/packaging/__about__.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/pkg_resources/_vendor/packaging/__init__.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/pkg_resources/_vendor/packaging/_compat.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/pkg_resources/_vendor/packaging/_structures.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/pkg_resources/_vendor/packaging/_typing.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/pkg_resources/_vendor/packaging/markers.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/pkg_resources/_vendor/packaging/requirements.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/pkg_resources/_vendor/packaging/specifiers.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/pkg_resources/_vendor/packaging/tags.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/pkg_resources/_vendor/packaging/utils.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/pkg_resources/_vendor/packaging/version.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/pkg_resources/_vendor/pyparsing.py -#usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/pkg_resources/extern -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/pkg_resources/extern/__init__.py -#usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/pkg_resources/tests -#usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/pkg_resources/tests/data -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/pkg_resources/tests/data/my-test-package-source -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/pkg_resources/tests/data/my-test-package-source/setup.py -#usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/__init__.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_deprecation_warning.py -#usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/__init__.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/_msvccompiler.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/archive_util.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/bcppcompiler.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/ccompiler.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/cmd.py -#usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/command -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/command/__init__.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/command/bdist.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/command/bdist_dumb.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/command/bdist_msi.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/command/bdist_rpm.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/command/bdist_wininst.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/command/build.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/command/build_clib.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/command/build_ext.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/command/build_py.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/command/build_scripts.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/command/check.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/command/clean.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/command/config.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/command/install.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/command/install_data.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/command/install_egg_info.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/command/install_headers.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/command/install_lib.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/command/install_scripts.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/command/py37compat.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/command/register.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/command/sdist.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/command/upload.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/config.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/core.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/cygwinccompiler.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/debug.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/dep_util.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/dir_util.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/dist.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/errors.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/extension.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/fancy_getopt.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/file_util.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/filelist.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/log.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/msvc9compiler.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/msvccompiler.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/py35compat.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/py38compat.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/spawn.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/sysconfig.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/text_file.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/unixccompiler.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/util.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/version.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_distutils/versionpredicate.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_imp.py -#usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_vendor -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_vendor/__init__.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_vendor/ordered_set.py -#usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_vendor/packaging -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_vendor/packaging/__about__.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_vendor/packaging/__init__.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_vendor/packaging/_compat.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_vendor/packaging/_structures.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_vendor/packaging/_typing.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_vendor/packaging/markers.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_vendor/packaging/requirements.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_vendor/packaging/specifiers.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_vendor/packaging/tags.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_vendor/packaging/utils.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_vendor/packaging/version.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/_vendor/pyparsing.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/archive_util.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/build_meta.py -#usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/cli-32.exe -#usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/cli-64.exe -#usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/cli.exe -#usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/command -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/command/__init__.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/command/alias.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/command/bdist_egg.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/command/bdist_rpm.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/command/build_clib.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/command/build_ext.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/command/build_py.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/command/develop.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/command/dist_info.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/command/easy_install.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/command/egg_info.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/command/install.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/command/install_egg_info.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/command/install_lib.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/command/install_scripts.py -#usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/command/launcher +#usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg +#usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/EGG-INFO +#usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/EGG-INFO/PKG-INFO +#usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/EGG-INFO/SOURCES.txt +#usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/EGG-INFO/dependency_links.txt +#usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/EGG-INFO/entry_points.txt +#usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/EGG-INFO/not-zip-safe +#usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/EGG-INFO/requires.txt +#usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/EGG-INFO/top_level.txt +#usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/_distutils_hack +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/_distutils_hack/__init__.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/_distutils_hack/override.py +#usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/pkg_resources +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/pkg_resources/__init__.py +#usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/pkg_resources/_vendor +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/pkg_resources/_vendor/__init__.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/pkg_resources/_vendor/appdirs.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/pkg_resources/_vendor/packaging +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/pkg_resources/_vendor/packaging/__about__.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/pkg_resources/_vendor/packaging/__init__.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/pkg_resources/_vendor/packaging/_compat.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/pkg_resources/_vendor/packaging/_structures.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/pkg_resources/_vendor/packaging/_typing.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/pkg_resources/_vendor/packaging/markers.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/pkg_resources/_vendor/packaging/requirements.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/pkg_resources/_vendor/packaging/specifiers.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/pkg_resources/_vendor/packaging/tags.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/pkg_resources/_vendor/packaging/utils.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/pkg_resources/_vendor/packaging/version.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/pkg_resources/_vendor/pyparsing.py +#usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/pkg_resources/extern +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/pkg_resources/extern/__init__.py +#usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/pkg_resources/tests +#usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/pkg_resources/tests/data +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/pkg_resources/tests/data/my-test-package-source +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/pkg_resources/tests/data/my-test-package-source/setup.py +#usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/__init__.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_deprecation_warning.py +#usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/__init__.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/_msvccompiler.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/archive_util.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/bcppcompiler.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/ccompiler.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/cmd.py +#usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/command +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/command/__init__.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/command/bdist.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/command/bdist_dumb.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/command/bdist_msi.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/command/bdist_rpm.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/command/bdist_wininst.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/command/build.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/command/build_clib.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/command/build_ext.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/command/build_py.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/command/build_scripts.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/command/check.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/command/clean.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/command/config.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/command/install.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/command/install_data.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/command/install_egg_info.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/command/install_headers.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/command/install_lib.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/command/install_scripts.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/command/py37compat.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/command/register.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/command/sdist.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/command/upload.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/config.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/core.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/cygwinccompiler.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/debug.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/dep_util.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/dir_util.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/dist.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/errors.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/extension.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/fancy_getopt.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/file_util.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/filelist.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/log.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/msvc9compiler.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/msvccompiler.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/py35compat.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/py38compat.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/spawn.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/sysconfig.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/text_file.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/unixccompiler.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/util.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/version.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_distutils/versionpredicate.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_imp.py +#usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_vendor +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_vendor/__init__.py +#usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_vendor/more_itertools +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_vendor/more_itertools/__init__.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_vendor/more_itertools/more.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_vendor/more_itertools/recipes.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_vendor/ordered_set.py +#usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_vendor/packaging +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_vendor/packaging/__about__.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_vendor/packaging/__init__.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_vendor/packaging/_compat.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_vendor/packaging/_structures.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_vendor/packaging/_typing.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_vendor/packaging/markers.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_vendor/packaging/requirements.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_vendor/packaging/specifiers.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_vendor/packaging/tags.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_vendor/packaging/utils.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_vendor/packaging/version.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/_vendor/pyparsing.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/archive_util.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/build_meta.py +#usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/cli-32.exe +#usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/cli-64.exe +#usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/cli.exe +#usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/command +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/command/__init__.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/command/alias.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/command/bdist_egg.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/command/bdist_rpm.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/command/build_clib.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/command/build_ext.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/command/build_py.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/command/develop.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/command/dist_info.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/command/easy_install.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/command/egg_info.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/command/install.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/command/install_egg_info.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/command/install_lib.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/command/install_scripts.py +#usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/command/launcher #manifest.xml -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/command/py36compat.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/command/register.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/command/rotate.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/command/saveopts.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/command/sdist.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/command/setopt.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/command/test.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/command/upload.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/command/upload_docs.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/config.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/dep_util.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/depends.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/dist.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/errors.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/extension.py -#usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/extern -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/extern/__init__.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/glob.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/gui-32.exe -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/gui-64.exe -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/gui.exe -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/installer.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/launch.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/lib2to3_ex.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/monkey.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/msvc.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/namespaces.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/package_index.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/py34compat.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/sandbox.py -#usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/script +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/command/py36compat.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/command/register.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/command/rotate.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/command/saveopts.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/command/sdist.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/command/setopt.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/command/test.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/command/upload.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/command/upload_docs.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/config.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/dep_util.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/depends.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/dist.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/errors.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/extension.py +#usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/extern +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/extern/__init__.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/glob.py +#usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/gui-32.exe +#usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/gui-64.exe +#usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/gui.exe +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/installer.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/launch.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/monkey.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/msvc.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/namespaces.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/package_index.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/py34compat.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/sandbox.py +#usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/script #(dev).tmpl -#usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/script.tmpl -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/ssl_support.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/unicode_utils.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/version.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/wheel.py -usr/lib/python3.8/site-packages/setuptools-56.2.0-py3.8.egg/setuptools/windows_support.py +#usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/script.tmpl +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/unicode_utils.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/version.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/wheel.py +usr/lib/python3.8/site-packages/setuptools-58.0.4-py3.8.egg/setuptools/windows_support.py #usr/lib/python3.8/site-packages/setuptools.pth diff --git a/config/rootfiles/packages/qemu b/config/rootfiles/packages/qemu index 443264334..721c7f1db 100644 --- a/config/rootfiles/packages/qemu +++ b/config/rootfiles/packages/qemu @@ -3,7 +3,7 @@ usr/bin/elf2dmp usr/bin/qemu usr/bin/qemu-arm usr/bin/qemu-edid -usr/bin/qemu-ga +#usr/bin/qemu-ga usr/bin/qemu-i386 usr/bin/qemu-img usr/bin/qemu-io diff --git a/config/rootfiles/packages/qemu-ga b/config/rootfiles/packages/qemu-ga new file mode 100644 index 000000000..78f368862 --- /dev/null +++ b/config/rootfiles/packages/qemu-ga @@ -0,0 +1,2 @@ +usr/bin/qemu-ga +etc/rc.d/init.d/qemu-ga diff --git a/config/shadow/login.defs b/config/shadow/login.defs index d99597aa6..a9559d6c4 100644 --- a/config/shadow/login.defs +++ b/config/shadow/login.defs @@ -251,13 +251,16 @@ CHFN_RESTRICT rwh # If set to MD5, MD5-based algorithm will be used for encrypting password # If set to SHA256, SHA256-based algorithm will be used for encrypting password # If set to SHA512, SHA512-based algorithm will be used for encrypting password +# If set to BCRYPT, BCRYPT-based algorithm will be used for encrypting password +# If set to YESCRYPT, YESCRYPT-based algorithm will be used for encrypting password # If set to DES, DES-based algorithm will be used for encrypting password (default) +# MD5 and DES should not be used for new hashes, see crypt(5) for recommendations. # Overrides the MD5_CRYPT_ENAB option # # Note: If you use PAM, it is recommended to use a value consistent with # the PAM modules configuration. # -ENCRYPT_METHOD SHA512 +ENCRYPT_METHOD YESCRYPT
# # Only works if ENCRYPT_METHOD is set to SHA256 or SHA512. diff --git a/config/suricata/convert-ids-multiple-providers b/config/suricata/convert-ids-multiple-providers new file mode 100644 index 000000000..a08250841 --- /dev/null +++ b/config/suricata/convert-ids-multiple-providers @@ -0,0 +1,284 @@ +#!/usr/bin/perl +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2021 IPFire Development Team info@ipfire.org # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +use strict; + +require '/var/ipfire/general-functions.pl'; +require "${General::swroot}/ids-functions.pl"; + +# Old file declarations +my $old_rules_settings_file = "$IDS::settingsdir/rules-settings"; +my $old_used_rulefiles_file = "$IDS::settingsdir/suricata-used-rulefiles.yaml"; +my $old_enabled_sids_file = "$IDS::settingsdir/oinkmaster-enabled-sids.conf"; +my $old_disabled_sids_file = "$IDS::settingsdir/oinkmaster-disabled-sids.conf"; +my $old_rules_tarball = "/var/tmp/idsrules.tar.gz"; + +# Script wide variable to store the used ruleset provider. +my $ruleset_provider; + +# Hashes to store the old and new settings. +my %old_rules_settings = (); +my %idssettings = (); +my %providers_settings = (); + +exit unless(-f $IDS::ids_settings_file and -f $old_rules_settings_file); + +# Read-in all settings. +&General::readhash($old_rules_settings_file, %old_rules_settings); +&General::readhash($IDS::ids_settings_file, %idssettings); + +# +## Step 1: Create new file layout +# +&IDS::check_and_create_filelayout(); + +# +## Step 2: Migrate automatic update interval. +# + +# Get old configured autoupdate interval. +my $autoupdate_interval = $old_rules_settings{'AUTOUPDATE_INTERVAL'}; + +# Check for valid intervals. +if ($autoupdate_interval eq "off" || $autoupdate_interval eq "daily" || $autoupdate_interval eq "weekly") { + # Put the setting to the new configuration location. + $idssettings{'AUTOUPDATE_INTERVAL'} = $autoupdate_interval; +} else { + # Swith to default which should be weekly. + $idssettings{'AUTOUPDATE_INTERVAL'} = "weekly"; +} + +# Store the updated idssettings file. +&General::writehash($IDS::ids_settings_file, %idssettings); + +# +## Step 3: Migrate the providers settings. +# + +# Try to get the previously configured provider. +$ruleset_provider = $old_rules_settings{'RULES'}; + +# Exit the script if no ruleset provider has configured. +exit unless ($ruleset_provider); + +# Defaults. +my $id = "1"; +my $enabled = "enabled"; +my $autoupdate_status = "enabled"; + +# Try to get a configured subscription code. +my $subscription_code = $old_rules_settings{'OINKCODE'}; + +# Check if the autoupdate should be disabled. +if ($idssettings{'AUTOUPDATE_INTERVAL'} eq "off") { + # Set the autoupdate for the provider to disabled. + $autoupdate_status = "disabled"; +} + +# Create and assign the provider structure to the providers hash. +$providers_settings{$id} = [ "$ruleset_provider", "$subscription_code", "$autoupdate_status", "$enabled" ]; + +# Write the converted provider settings to the new providers-settings file. +&General::writehasharray($IDS::providers_settings_file, %providers_settings); + +# Set correct ownership. +&IDS::set_ownership("$IDS::providers_settings_file"); + +# Remove old rules settings file. +unlink($old_rules_settings_file); + +# +## Step 4: Rename downloaded rulestarball to new name sheme. +# + +# Check if a rulestarball exists. +if (-f $old_rules_tarball) { + # Load perl module which contains the move command. + use File::Copy; + + # Call function to generate the path and filename for the new rules tarball name. + my $new_rules_tarball = &IDS::_get_dl_rulesfile($ruleset_provider); + + # Move the rulestarball to the new location. + move($old_rules_tarball, $new_rules_tarball); + + # Set correct ownership. + &IDS::set_ownership("$new_rules_tarball"); +} + +# +## Step 5: Migrate oinkmaster configuration files for enabled and disabled rules. +# + +# Read-in old enabled / disabled sids files. +my %enabled_disabled_sids = ( + &IDS::read_enabled_disabled_sids_file($old_enabled_sids_file), + &IDS::read_enabled_disabled_sids_file($old_disabled_sids_file) +); + +# Check if any modifications have been done. +if (%enabled_disabled_sids) { + # Get path and filename for new file. + my $oinkmaster_provider_modified_sids_file = &IDS::get_oinkmaster_provider_modified_sids_file($ruleset_provider); + + # Open the new file for writing. + open (FILE, ">", $oinkmaster_provider_modified_sids_file) or die "Could not write to $oinkmaster_provider_modified_sids_file. $!\n"; + + # Write header to the files. + print PROVIDER_MOD_FILE "#Autogenerated file. Any custom changes will be overwritten!\n"; + + # Loop through the hash. + foreach my $sid (keys %enabled_disabled_sids) { + # Check if the sid is enabled. + if ($enabled_disabled_sids{$sid} eq "enabled") { + # Print the sid as enabled to the file. + print FILE "enablesid $sid\n"; + # Check if the sid is disabled. + } elsif ($enabled_disabled_sids{$sid} eq "disabled") { + # Print the sid as disabled to the file. + print FILE "disablesid $sid\n"; + # Something strange happende - skip the current sid. + } else { + next; + } + } + + # Close the file handle. + close(FILE); + + # Add the provider modifications file to the oinkmaster provider includes file. + &IDS::alter_oinkmaster_provider_includes_file("add", "$ruleset_provider"); + + # Set correct ownership for the new generated file. + &IDS::set_ownership("$oinkmaster_provider_modified_sids_file"); +} + +# Set correct ownership for the main file. +&IDS::set_ownership("$IDS::oinkmaster_provider_includes_file"); + +# Remove old files. +unlink($old_enabled_sids_file); +unlink($old_disabled_sids_file); + +# +## Step 6: Call oinkmaster and regenerate the ruleset structures. +# +&IDS::oinkmaster(); + +# Set correct ownerships. +&IDS::set_ownership("$IDS::rulespath"); + +# +## Step 7: Migrate used rulefiles into new format. +# + +# Check if the a used rulesfile exists. +if (-f $old_used_rulefiles_file) { + # Array to collect the used rulefiles. + my @used_rulefiles = (); + + # Open the file or used rulefiles and read-in content. + open(FILE, $old_used_rulefiles_file) or die "Could not open $old_used_rulefiles_file. $!\n"; + + while (<FILE>) { + # Assign the current line to a nice variable. + my $line = $_; + + # Remove newlines. + chomp($line); + + # Skip comments. + next if ($line =~ /#/); + + # Skip blank lines. + next if ($line =~ /^\s*$/); + + # Gather the rulefile. + if ($line =~ /.*- (.*)/) { + my $rulefile = $1; + + # Skip whitelist.rules and local.rules + next if ($rulefile eq "whitelist.rules" || $rulefile eq "local.rules"); + + # Splitt the filename into chunks. + my @filename = split("-", $rulefile); + + # Reverse the array. + @filename = reverse(@filename); + + # Get the amount of elements in the array. + my $elements = @filename; + + # Remove last element of the hash. + # It contains the vendor name, which will be replaced. + if ($elements >= 3) { + # Remove last element from hash. + pop(@filename); + } + + # Check if the last element of the filename does not + # contain the providers name. + if ($filename[-1] ne "$ruleset_provider") { + # Add provider name as last element. + push(@filename, $ruleset_provider); + } + + # Reverse the array back. + @filename = reverse(@filename); + + # Generate the name for the rulesfile. + $rulefile = join("-", @filename); + + # Add the rulefile to the array of used rulesfiles. + push(@used_rulefiles, $rulefile); + } + } + + # Close the file. + close(FILE); + + # Write the new provider exclusive used rulesfiles file. + &IDS::write_used_provider_rulefiles_file($ruleset_provider, @used_rulefiles); + + # Write main used rulefiles file. + &IDS::write_main_used_rulefiles_file("$ruleset_provider"); + + # Get the provider specific used rulefiles file name. + my $provider_used_rulefiles_file = &IDS::get_used_provider_rulesfile_file($ruleset_provider); + + # Set correct ownerships. + &IDS::set_ownership("$provider_used_rulefiles_file"); + &IDS::set_ownership("$IDS::suricata_used_providers_file"); + &IDS::set_ownership("$IDS::suricata_default_rulefiles_file"); +} + +# Remove old used rulefiles file. +unlink($old_used_rulefiles_file); + +# +## Step 8: Reload the IDS ruleset if running. +# + +# Check if the IDS is running. +if(&IDS::ids_is_running()) { + # Call suricatactrl to restart it. + &IDS::call_suricatactrl("restart"); +} diff --git a/config/suricata/convert-snort b/config/suricata/convert-snort index 7d75233b4..dc068eb2f 100644 --- a/config/suricata/convert-snort +++ b/config/suricata/convert-snort @@ -118,14 +118,10 @@ my %snortsettings; # # Add default value for MONITOR_TRAFFIC_ONLY which will be "on" # when migrating from snort to the new IDS. -my %idssettings = ( - "MONITOR_TRAFFIC_ONLY" => "on", -); - -# Hash which contains the RULES settings. # # Set default value for UPDATE_INTERVAL to weekly. -my %rulessettings = ( +my %idssettings = ( + "MONITOR_TRAFFIC_ONLY" => "on", "AUTOUPDATE_INTERVAL" => "weekly", );
@@ -159,17 +155,27 @@ foreach my $zone (@network_zones) { } }
-# Grab the choosen ruleset from snort settings hash and store it in the rules -# settings hash. -$rulessettings{"RULES"} = $snortsettings{"RULES"}; +# Hash to store the provider settings. +my %providersettings = (); + +# Default ID. +$id = "1"; + +# Grab the choosen ruleset from snort settings hash. +my $provider = $snortsettings{"RULES"}; +my $subscription_code;
# Check if an oinkcode has been provided. if($snortsettings{"OINKCODE"}) { - # Take the oinkcode from snort settings hash and store it in the rules - # settings hash. - $rulessettings{"OINKCODE"} = $snortsettings{"OINKCODE"}; + # Take the oinkcode from snort settings hash. + $subscription_code = $snortsettings{"OINKCODE"}; }
+# Generate providers config line and add it to the provider settings hash. +# +# Enabled automatic ruleste updates and the usage of the provider. +$providersettings{$id} = [ "$provider", "$subscription_code", "enabled", "enabled" ]; + # ## Step 4: Import guardian settings and whitelist if the addon is installed. # @@ -225,8 +231,8 @@ if (-f $guardian_meta) { # Write IDS settings. &General::writehash("$IDS::ids_settings_file", %idssettings);
-# Write rules settings. -&General::writehash("$IDS::rules_settings_file", %rulessettings); +# Write provider settings. +&General::writehash("$IDS::providers_settings_file", %providersettings);
# ## Step 6: Generate and write the file to modify the ruleset. @@ -242,16 +248,19 @@ if (-f $guardian_meta) { ## Step 7: Move rulestarball to its new location. #
+# Grab file and path to store the provider rules tarball. +my $rulestarball = &IDS::_get_dl_rulesfile($provider); + # Check if a rulestarball has been downloaded yet. if (-f $snort_rules_tarball) { # Load perl module which contains the move command. use File::Copy;
# Move the rulestarball to the new location. - move($snort_rules_tarball, $IDS::rulestarball); + move($snort_rules_tarball, $rulestarball);
# Set correct ownership. - &IDS::set_ownership("$IDS::rulestarball"); + &IDS::set_ownership("$rulestarball");
# In case no tarball is present, try to download the ruleset. } else { @@ -270,7 +279,7 @@ if (-f $snort_rules_tarball) { #
# Check if a rulestarball is present. -if (-f $IDS::rulestarball) { +if (-f $rulestarball) { # Launch oinkmaster by calling the subfunction. &IDS::oinkmaster();
@@ -312,10 +321,10 @@ if (-f $IDS::rulestarball) { ## Step 12: Setup automatic ruleset updates. #
-# Check if a ruleset is configured. -if($rulessettings{"RULES"}) { +# Check if a provider is configured. +if(%providersettings) { # Call suricatactrl and setup the periodic update mechanism. - &IDS::call_suricatactrl("cron", $rulessettings{'AUTOUPDATE_INTERVAL'}); + &IDS::call_suricatactrl("cron", $idssettings{'AUTOUPDATE_INTERVAL'}); }
# @@ -362,7 +371,16 @@ while (my $line = <SNORTCONF>) { close(SNORTCONF);
# Pass the array of enabled rule files to the subfunction and write the file. -&IDS::write_used_rulefiles_file(@enabled_rule_files); +&IDS::write_used_provider_rulefiles_file("$provider", @enabled_rule_files); +&IDS::write_main_used_rulefiles_file("$provider"); + +# Grab the used provider rulesfile file path and name. +my $used_provider_rulesfile_file = &IDS::get_used_provider_rulesfile_file("$provider"); + +# Set correct ownership for new files. +&IDS::set_ownership("$suricata_used_providers_file"); +&IDS::set_ownership("$suricata_static_rulefiles_file"); +&IDS::set_ownership("$used_provider_rulesfile_file");
# ## Step 14: Start the IDS if enabled. diff --git a/config/suricata/ruleset-sources b/config/suricata/ruleset-sources index a00cef945..7da1ecc1d 100644 --- a/config/suricata/ruleset-sources +++ b/config/suricata/ruleset-sources @@ -1,15 +1,169 @@ -# Ruleset for registered sourcefire users. -registered = https://www.snort.org/rules/snortrules-snapshot-29161.tar.gz?oinkcode=<oinkcode> +package IDS::Ruleset;
-# Ruleset for registered sourcefire users with valid subscription. -subscripted = https://www.snort.org/rules/snortrules-snapshot-29161.tar.gz?oinkcode=<oinkcode> +# This file contains the supported ruleset providers. +# +# Each one is defined as a hash in the main hash. +# It's name acts as handle/key and the key/value pair acts as data part. +# So the structure is like the following: +# +# handle => { +# summary => A short summary of the service. This also will be shown if no translation string is available for the WUI. +# website => The website of the ruleset provider. +# tr_string => The translation string which is used by the WUI and part of the language files. +# requires_subscription => "True/False" - If some kind of registration code is required in order to download the ruleset. +# dl_url => The download URL to grab the ruleset. +# dl_type => "archive/plain" - To specify, if the downloaded file is a packed archive or a plain text file. +# },
-# Community rules from sourcefire. -community = https://www.snort.org/rules/community +# Hash which contains the supported ruleset providers. +our %Providers = ( + # Ruleset for registered sourcefire users. + registered => { + summary => "Talos VRT rules for registered users", + website => "https://www.snort.org", + tr_string => "registered user rules", + requires_subscription => "True", + dl_url => "https://www.snort.org/rules/snortrules-snapshot-29190.tar.gz?oinkcode=<subscription_code>", + dl_type => "archive", + },
-# Emerging threads community rules. -emerging = https://rules.emergingthreats.net/open/suricata-5.0/emerging.rules.tar.gz + # Ruleset for registered sourcefire users with a valid subsription. + subscripted => { + summary => "Talos VRT rules with subscription", + website => "https://www.snort.org", + tr_string => "subscripted user rules", + requires_subscription => "True", + dl_url => "https://www.snort.org/rules/snortrules-snapshot-29190.tar.gz?oinkcode=<subscription_code>", + dl_type => "archive", + },
-# Emerging threads pro rules. -emerging_pro = https://rules.emergingthreatspro.com/<oinkcode>/suricata-5.0/etpro.rules.tar.gz + # Community rules from sourcefire. + community => { + summary => "Snort/VRT GPLv2 Community Rules", + website => "https://www.snort.org", + tr_string => "community rules", + requires_subscription => "False", + dl_url => "https://www.snort.org/rules/community", + dl_type => "archive", + },
+ # Emerging threads community rules. + emerging => { + summary => "Emergingthreats.net Community Rules", + website => "https://emergingthreats.net/", + tr_string => "emerging rules", + requires_subscription => "False", + dl_url => "https://rules.emergingthreats.net/open/suricata-5.0/emerging.rules.tar.gz", + dl_type => "archive", + }, + + # Emerging threads Pro rules. + emerging_pro => { + summary => "Emergingthreats.net Pro Rules", + website => "https://emergingthreats.net/", + tr_string => "emerging pro rules", + requires_subscription => "True", + dl_url => "https://rules.emergingthreatspro.com/<subscription_code>/suricata-5.0/etpro.rules.tar.gz", + dl_type => "archive", + }, + + # Abuse.ch SSLBL JA3 fingerprint rules. + sslbl_ja3 => { + summary => "Abuse.ch SSLBL JA3 Rules", + website => "https://sslbl.abuse.ch/", + tr_string => "sslbl ja3 fingerprint rules", + requires_subscription => "False", + dl_url => "https://sslbl.abuse.ch/blacklist/ja3_fingerprints.rules", + dl_type => "plain", + }, + + # Abuse.ch SSLBL Blacklist rules. + sslbl_blacklist => { + summary => "Abuse.ch SSLBL Blacklist Rules", + website => "https://sslbl.abuse.ch/", + tr_string => "sslbl blacklist rules", + requires_subscription => "False", + dl_url => "https://sslbl.abuse.ch/blacklist/sslblacklist.rules", + dl_type => "plain", + }, + + # Abuse.ch URLhaus Blacklist rules. + urlhaus => { + summary => "Abuse.ch URLhaus Blacklist Rules", + website => "https://urlhaus.abuse.ch/", + tr_string => "urlhaus blacklist rules", + requires_subscription => "False", + dl_url => "https://urlhaus.abuse.ch/downloads/urlhaus_suricata.tar.gz", + dl_type => "archive", + }, + + # Etnetera Aggressive Blacklist. + etnetera_aggresive => { + summary => "Etnetera Aggressive Blacklist Rules", + website => "https://security.etnetera.cz/", + tr_string => "etnetera aggressive blacklist rules", + requires_subscription => "False", + dl_url => "https://security.etnetera.cz/feeds/etn_aggressive.rules", + dl_type => "plain", + }, + + # OISF Traffic ID rules. + oisf_trafficid => { + summary => "OISF Traffic ID Rules", + website => "https://www.openinfosecfoundation.org/", + tr_string => "oisf traffic id rules", + requires_subscription => "False", + dl_url => "https://openinfosecfoundation.org/rules/trafficid/trafficid.rules", + dl_type => "plain", + }, + + # Positive Technologies Attack Detection Team rules. + attack_detection => { + summary => "PT Attack Detection Team Rules", + website => "https://github.com/ptresearch/AttackDetection", + tr_string => "attack detection team rules", + requires_subscription => "False", + dl_url => "https://raw.githubusercontent.com/ptresearch/AttackDetection/master/pt.rules...", + dl_type => "archive", + }, + + # Secureworks Security rules. + secureworks_security => { + summary => "Secureworks Security Ruleset", + website => "https://www.secureworks.com", + tr_string => "secureworks security ruleset", + requires_subscription => "True", + dl_url => "https://ws.secureworks.com/ti/ruleset/<subscription_code>/Suricata_suricata-security_latest.tgz", + dl_type => "archive", + }, + + # Secureworks Malware rules. + secureworks_malware => { + summary => "Secureworks Malware Ruleset", + website => "https://www.secureworks.com", + tr_string => "secureworks malware ruleset", + requires_subscription => "True", + dl_url => "https://ws.secureworks.com/ti/ruleset/<subscription_code>/Suricata_suricata-malware_latest.tgz", + dl_type => "archive", + }, + + # Secureworks Enhanced rules. + secureworks_enhanced => { + summary => "Secureworks Enhanced Ruleset", + website => "https://www.secureworks.com", + tr_string => "secureworks enhanced ruleset", + requires_subscription => "True", + dl_url => "https://ws.secureworks.com/ti/ruleset/<subscription_code>/Suricata_suricata-enhanced_latest.tgz", + dl_type => "archive", + }, + + # Travis B. Green hunting rules. + tgreen => { + summary => "Travis Green - Hunting rules", + website => "https://github.com/travisbgreen/hunting-rules", + tr_string => "travis green hunting rules", + requires_subscription => "False", + dl_url => "https://raw.githubusercontent.com/travisbgreen/hunting-rules/master/hunting....", + dl_type => "plain", + }, +); diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml index b4a188d40..6fbc7b3ee 100644 --- a/config/suricata/suricata.yaml +++ b/config/suricata/suricata.yaml @@ -46,16 +46,15 @@ vars: ## default-rule-path: /var/lib/suricata rule-files: - # Include enabled ruleset files from external file - include: /var/ipfire/suricata/suricata-used-rulefiles.yaml + # Include enabled ruleset files from external file. + include: /var/ipfire/suricata/suricata-used-providers.yaml
# Include default rules. include: /var/ipfire/suricata/suricata-default-rules.yaml
-classification-file: /var/lib/suricata/classification.config -reference-config-file: /var/lib/suricata/reference.config -threshold-file: /var/lib/suricata/threshold.config - +classification-file: /usr/share/suricata/classification.config +reference-config-file: /usr/share/suricata/reference.config +threshold-file: /usr/share/suricata/threshold.config
## ## Logging options. @@ -64,7 +63,7 @@ default-log-dir: /var/log/suricata/
# global stats configuration stats: - enabled: yes + enabled: no # The interval field (in seconds) controls at what interval # the loggers are invoked. interval: 8 @@ -318,7 +317,7 @@ logging: # compiled with the --enable-debug configure option. # # This value is overriden by the SC_LOG_LEVEL env var. - default-log-level: notice + default-log-level: Info
# A regex to filter output. Can be overridden in an output section. # Defaults to empty (no filter). @@ -522,6 +521,41 @@ app-layer: double-decode-path: no double-decode-query: no
+ # Note: Modbus probe parser is minimalist due to the poor significant field + # Only Modbus message length (greater than Modbus header length) + # And Protocol ID (equal to 0) are checked in probing parser + # It is important to enable detection port and define Modbus port + # to avoid false positive + modbus: + # How many unreplied Modbus requests are considered a flood. + # If the limit is reached, app-layer-event:modbus.flooded; will match. + #request-flood: 500 + + enabled: no + detection-ports: + dp: 502 + # According to MODBUS Messaging on TCP/IP Implementation Guide V1.0b, it + # is recommended to keep the TCP connection opened with a remote device + # and not to open and close it for each MODBUS/TCP transaction. In that + # case, it is important to set the depth of the stream reassembling as + # unlimited (stream.reassembly.depth: 0) + + # Stream reassembly size for modbus. By default track it completely. + stream-depth: 0 + + # DNP3 + dnp3: + enabled: no + detection-ports: + dp: 20000 + + # SCADA EtherNet/IP and CIP protocol support + enip: + enabled: no + detection-ports: + dp: 44818 + sp: 44818 + ntp: enabled: yes dhcp: diff --git a/config/urlfilter/autoupdate.urls b/config/urlfilter/autoupdate.urls index fbf0d29be..db99501f8 100644 --- a/config/urlfilter/autoupdate.urls +++ b/config/urlfilter/autoupdate.urls @@ -1,3 +1 @@ -Shalla Secure Services,http://www.shallalist.de/Downloads/shallalist.tar.gz -MESD,http://squidguard.mesd.k12.or.us/blacklists.tgz Univ. Toulouse,ftp://ftp.univ-tlse1.fr/pub/reseau/cache/squidguard_contrib/blacklists.tar.gz diff --git a/html/cgi-bin/ids.cgi b/html/cgi-bin/ids.cgi index 4e8b28fd8..161464d0d 100644 --- a/html/cgi-bin/ids.cgi +++ b/html/cgi-bin/ids.cgi @@ -20,6 +20,7 @@ ###############################################################################
use strict; +use experimental 'smartmatch';
# enable only the following on debugging purpose #use warnings; @@ -31,12 +32,14 @@ require "${General::swroot}/header.pl"; require "${General::swroot}/ids-functions.pl"; require "${General::swroot}/network-functions.pl";
+# Import ruleset providers file. +require "$IDS::rulesetsourcesfile"; + my %color = (); my %mainsettings = (); my %idsrules = (); my %idssettings=(); -my %rulessettings=(); -my %rulesetsources = (); +my %used_providers=(); my %cgiparams=(); my %checked=(); my %selected=(); @@ -248,63 +251,57 @@ if (-e $IDS::storederrorfile) { unlink($IDS::storederrorfile); }
-## Grab all available rules and store them in the idsrules hash. -# -# Open rules directory and do a directory listing. -opendir(DIR, $IDS::rulespath) or die $!; - # Loop through the direcory. - while (my $file = readdir(DIR)) { - - # We only want files. - next unless (-f "$IDS::rulespath/$file"); +# Gather ruleset details. +if ($cgiparams{'RULESET'}) { + ## Grab all available rules and store them in the idsrules hash. + #
- # Ignore empty files. - next if (-z "$IDS::rulespath/$file"); + # Get enabled providers. + my @enabled_providers = &IDS::get_enabled_providers();
- # Use a regular expression to find files ending in .rules - next unless ($file =~ m/.rules$/); + # Open rules directory and do a directory listing. + opendir(DIR, $IDS::rulespath) or die $!; + # Loop through the direcory. + while (my $file = readdir(DIR)) {
- # Ignore files which are not read-able. - next unless (-R "$IDS::rulespath/$file"); + # We only want files. + next unless (-f "$IDS::rulespath/$file");
- # Skip whitelist rules file. - next if( $file eq "whitelist.rules"); + # Ignore empty files. + next if (-z "$IDS::rulespath/$file");
- # Call subfunction to read-in rulefile and add rules to - # the idsrules hash. - &readrulesfile("$file"); - } + # Use a regular expression to find files ending in .rules + next unless ($file =~ m/.rules$/);
-closedir(DIR); + # Ignore files which are not read-able. + next unless (-R "$IDS::rulespath/$file");
-# Gather used rulefiles. -# -# Check if the file for activated rulefiles is not empty. -if(-f $IDS::used_rulefiles_file) { - # Open the file for used rulefile and read-in content. - open(FILE, $IDS::used_rulefiles_file) or die "Could not open $IDS::used_rulefiles_file. $!\n"; + # Skip whitelist rules file. + next if( $file eq "whitelist.rules");
- # Read-in content. - my @lines = <FILE>; + # Splitt vendor from filename. + my @filename_parts = split(/-/, $file);
- # Close file. - close(FILE); + # Assign vendor name for easy processing. + my $vendor = @filename_parts[0];
- # Loop through the array. - foreach my $line (@lines) { - # Remove newlines. - chomp($line); + # Skip rulefile if the provider is disabled. + next unless ($vendor ~~ @enabled_providers);
- # Skip comments. - next if ($line =~ /#/); + # Call subfunction to read-in rulefile and add rules to + # the idsrules hash. + &readrulesfile("$file"); + }
- # Skip blank lines. - next if ($line =~ /^\s*$/); + closedir(DIR);
- # Gather rule sid and message from the ruleline. - if ($line =~ /.*- (.*)/) { - my $rulefile = $1; + # Loop through the array of used providers. + foreach my $provider (@enabled_providers) { + # Gather used rulefiles. + my @used_rulesfiles = &IDS::read_used_provider_rulesfiles($provider);
+ # Loop through the array of used rulesfiles. + foreach my $rulefile (@used_rulesfiles) { # Check if the current rulefile exists in the %idsrules hash. # If not, the file probably does not exist anymore or contains # no rules. @@ -316,103 +313,11 @@ if(-f $IDS::used_rulefiles_file) { } }
-# Save ruleset configuration. -if ($cgiparams{'RULESET'} eq $Lang::tr{'save'}) { - my %oldsettings; - my %rulesetsources; - - # Read-in current (old) IDS settings. - &General::readhash("$IDS::rules_settings_file", %oldsettings); - - # Get all available ruleset locations. - &General::readhash("$IDS::rulesetsourcesfile", %rulesetsources); - - # Prevent form name from been stored in conf file. - delete $cgiparams{'RULESET'}; - - # Grab the URL based on the choosen vendor. - my $url = $rulesetsources{$cgiparams{'RULES'}}; - - # Check if the choosen vendor (URL) requires an subscription/oinkcode. - if ($url =~ /<oinkcode>/ ) { - # Check if an subscription/oinkcode has been provided. - if ($cgiparams{'OINKCODE'}) { - # Check if the oinkcode contains unallowed chars. - unless ($cgiparams{'OINKCODE'} =~ /^[a-z0-9]+$/) { - $errormessage = $Lang::tr{'invalid input for oink code'}; - } - } else { - # Print an error message, that an subsription/oinkcode is required for this - # vendor. - $errormessage = $Lang::tr{'ids oinkcode required'}; - } - } - - # Go on if there are no error messages. - if (!$errormessage) { - # Store settings into settings file. - &General::writehash("$IDS::rules_settings_file", %cgiparams); - - # Check if the the automatic rule update hass been touched. - if($cgiparams{'AUTOUPDATE_INTERVAL'} ne $oldsettings{'AUTOUPDATE_INTERVAL'}) { - # Call suricatactrl to set the new interval. - &IDS::call_suricatactrl("cron", $cgiparams{'AUTOUPDATE_INTERVAL'}); - } - - # Check if a ruleset is present - if not or the source has been changed download it. - if((! %idsrules) || ($oldsettings{'RULES'} ne $cgiparams{'RULES'})) { - # Check if the red device is active. - unless (-e "${General::swroot}/red/active") { - $errormessage = "$Lang::tr{'could not download latest updates'} - $Lang::tr{'system is offline'}"; - } - - # Check if enough free disk space is availabe. - if(&IDS::checkdiskspace()) { - $errormessage = "$Lang::tr{'not enough disk space'}"; - } - - # Check if any errors happend. - unless ($errormessage) { - # Lock the webpage and print notice about downloading - # a new ruleset. - &working_notice("$Lang::tr{'ids working'}"); - - # Write the modify sid's file and pass the taken ruleaction. - &IDS::write_modify_sids_file(); - - # Call subfunction to download the ruleset. - if(&IDS::downloadruleset()) { - $errormessage = $Lang::tr{'could not download latest updates'}; - - # Call function to store the errormessage. - &IDS::_store_error_message($errormessage); - } else { - # Call subfunction to launch oinkmaster. - &IDS::oinkmaster(); - } - - # Check if the IDS is running. - if(&IDS::ids_is_running()) { - # Call suricatactrl to stop the IDS - because of the changed - # ruleset - the use has to configure it before suricata can be - # used again. - &IDS::call_suricatactrl("stop"); - } - - # Perform a reload of the page. - &reload(); - } - } - } - # Save ruleset. -} elsif ($cgiparams{'RULESET'} eq $Lang::tr{'ids apply'}) { +if ($cgiparams{'RULESET'} eq $Lang::tr{'ids apply'}) { # Arrays to store which rulefiles have been enabled and will be used. my @enabled_rulefiles;
- # Hash to store the user-enabled and disabled sids. - my %enabled_disabled_sids; - # Store if a restart of suricata is required. my $suricata_restart_required;
@@ -434,86 +339,138 @@ if ($cgiparams{'RULESET'} eq $Lang::tr{'save'}) { } }
- # Read-in the files for enabled/disabled sids. - # This will be done by calling the read_enabled_disabled_sids_file function two times - # and merge the returned hashes together into the enabled_disabled_sids hash. - %enabled_disabled_sids = ( - &read_enabled_disabled_sids_file($IDS::disabled_sids_file), - &read_enabled_disabled_sids_file($IDS::enabled_sids_file)); + # Open oinkmaster main include file for provider modifications. + open(OINKM_INCL_FILE, ">", "$IDS::oinkmaster_provider_includes_file") or die "Could not open $IDS::oinkmaster_provider_includes_file. $!\n";
- # Loop through the hash of idsrules. - foreach my $rulefile (keys %idsrules) { - # Loop through the single rules of the rulefile. - foreach my $sid (keys %{$idsrules{$rulefile}}) { - # Skip the current sid if it is not numeric. - next unless ($sid =~ /\d+/ ); - - # Check if there exists a key in the cgiparams hash for this sid. - if (exists($cgiparams{$sid})) { - # Look if the rule is disabled. - if ($idsrules{$rulefile}{$sid}{'State'} eq "off") { - # Check if the state has been set to 'on'. - if ($cgiparams{$sid} eq "on") { - # Add/Modify the sid to/in the enabled_disabled_sids hash. - $enabled_disabled_sids{$sid} = "enabled"; + # Print file header and notice about autogenerated file. + print OINKM_INCL_FILE "#Autogenerated file. Any custom changes will be overwritten!\n"; + + # Get enabled providers. + my @enabled_providers = &IDS::get_enabled_providers(); + + # Loop through the array of enabled providers. + foreach my $provider (@enabled_providers) { + # Hash to store the used-enabled and disabled sids. + my %enabled_disabled_sids; + + # Generate modified sids file name for the current processed provider. + my $providers_modified_sids_file = &IDS::get_oinkmaster_provider_modified_sids_file($provider); + + # Check if a modified sids file for this provider exists. + if (-f $providers_modified_sids_file) { + # Read-in the file for enabled/disabled sids. + %enabled_disabled_sids = &IDS::read_enabled_disabled_sids_file($providers_modified_sids_file); + } + + # Loop through the hash of idsrules. + foreach my $rulefile (keys %idsrules) { + # Split the rulefile to get the vendor. + my @filename_parts = split(/-/, $rulefile); + + # Assign rulefile vendor. + my $rulefile_vendor = @filename_parts[0]; + + # Skip the rulefile if the vendor is not our current processed provider. + next unless ($rulefile_vendor eq $provider); + + # Loop through the single rules of the rulefile. + foreach my $sid (keys %{$idsrules{$rulefile}}) { + # Skip the current sid if it is not numeric. + next unless ($sid =~ /\d+/ ); + + # Check if there exists a key in the cgiparams hash for this sid. + if (exists($cgiparams{$sid})) { + # Look if the rule is disabled. + if ($idsrules{$rulefile}{$sid}{'State'} eq "off") { + # Check if the state has been set to 'on'. + if ($cgiparams{$sid} eq "on") { + # Add/Modify the sid to/in the enabled_disabled_sids hash. + $enabled_disabled_sids{$sid} = "enabled"; + + # Drop item from cgiparams hash. + delete $cgiparams{$rulefile}{$sid}; + } + } + } else { + # Look if the rule is enabled. + if ($idsrules{$rulefile}{$sid}{'State'} eq "on") { + # Check if the state is 'on' and should be disabled. + # In this case there is no entry + # for the sid in the cgiparams hash. + # Add/Modify it to/in the enabled_disabled_sids hash. + $enabled_disabled_sids{$sid} = "disabled";
# Drop item from cgiparams hash. delete $cgiparams{$rulefile}{$sid}; } } - } else { - # Look if the rule is enabled. - if ($idsrules{$rulefile}{$sid}{'State'} eq "on") { - # Check if the state is 'on' and should be disabled. - # In this case there is no entry - # for the sid in the cgiparams hash. - # Add/Modify it to/in the enabled_disabled_sids hash. - $enabled_disabled_sids{$sid} = "disabled"; - - # Drop item from cgiparams hash. - delete $cgiparams{$rulefile}{$sid}; - } } } - }
- # Open enabled sid's file for writing. - open(ENABLED_FILE, ">$IDS::enabled_sids_file") or die "Could not write to $IDS::enabled_sids_file. $!\n"; - - # Open disabled sid's file for writing. - open(DISABLED_FILE, ">$IDS::disabled_sids_file") or die "Could not write to $IDS::disabled_sids_file. $!\n"; - - # Write header to the files. - print ENABLED_FILE "#Autogenerated file. Any custom changes will be overwritten!\n"; - print DISABLED_FILE "#Autogenerated file. Any custom changes will be overwritten!\n"; - - # Check if the hash for enabled/disabled files contains any entries. - if (%enabled_disabled_sids) { - # Loop through the hash. - foreach my $sid (keys %enabled_disabled_sids) { - # Check if the sid is enabled. - if ($enabled_disabled_sids{$sid} eq "enabled") { - # Print the sid to the enabled_sids file. - print ENABLED_FILE "enablesid $sid\n"; - # Check if the sid is disabled. - } elsif ($enabled_disabled_sids{$sid} eq "disabled") { - # Print the sid to the disabled_sids file. - print DISABLED_FILE "disablesid $sid\n"; - # Something strange happende - skip the current sid. - } else { - next; + # Check if the hash for enabled/disabled sids contains any entries. + if (%enabled_disabled_sids) { + # Open providers modified sids file for writing. + open(PROVIDER_MOD_FILE, ">$providers_modified_sids_file") or die "Could not write to $providers_modified_sids_file. $!\n"; + + # Write header to the files. + print PROVIDER_MOD_FILE "#Autogenerated file. Any custom changes will be overwritten!\n"; + + # Loop through the hash. + foreach my $sid (keys %enabled_disabled_sids) { + # Check if the sid is enabled. + if ($enabled_disabled_sids{$sid} eq "enabled") { + # Print the sid to the enabled_sids file. + print PROVIDER_MOD_FILE "enablesid $sid\n"; + # Check if the sid is disabled. + } elsif ($enabled_disabled_sids{$sid} eq "disabled") { + # Print the sid to the disabled_sids file. + print PROVIDER_MOD_FILE "disablesid $sid\n"; + # Something strange happende - skip the current sid. + } else { + next; + } } + + # Close file handle for the providers modified sids file. + close(PROVIDER_MOD_FILE); + + # Add the file to the oinkmasters include file. + print OINKM_INCL_FILE "include $providers_modified_sids_file\n"; } }
- # Close file for enabled_sids after writing. - close(ENABLED_FILE); + # Close the file handle after writing. + close(OINKM_INCL_FILE); + + # Handle enabled / disabled rulefiles. + # + + # Loop through the array of enabled providers. + foreach my $provider(@enabled_providers) { + # Array to store the rulefiles which belong to the current processed provider. + my @provider_rulefiles = (); + + # Loop through the array of enabled rulefiles. + foreach my $rulesfile (@enabled_rulefiles) { + # Split the rulefile name. + my @filename_parts = split(/-/, "$rulesfile"); + + # Assign vendor name for easy processings. + my $vendor = @filename_parts[0]; + + # Check if the rulesvendor is our current processed enabled provider. + if ("$vendor" eq "$provider") { + # Add the rulesfile to the array of provider rulesfiles. + push(@provider_rulefiles, $rulesfile); + }
- # Close file for disabled_sids after writing. - close(DISABLED_FILE); + # Call function and write the providers used rulesfile file. + &IDS::write_used_provider_rulefiles_file($provider, @provider_rulefiles); + } + }
# Call function to generate and write the used rulefiles file. - &IDS::write_used_rulefiles_file(@enabled_rulefiles); + &IDS::write_main_used_rulefiles_file(@enabled_providers);
# Lock the webpage and print message. &working_notice("$Lang::tr{'ids apply ruleset changes'}"); @@ -537,7 +494,10 @@ if ($cgiparams{'RULESET'} eq $Lang::tr{'save'}) { &reload();
# Download new ruleset. -} elsif ($cgiparams{'RULESET'} eq $Lang::tr{'update ruleset'}) { +} elsif ($cgiparams{'PROVIDERS'} eq $Lang::tr{'ids force ruleset update'}) { + # Assign given provider handle. + my $provider = $cgiparams{'PROVIDER'}; + # Check if the red device is active. unless (-e "${General::swroot}/red/active") { $errormessage = "$Lang::tr{'could not download latest updates'} - $Lang::tr{'system is offline'}"; @@ -555,8 +515,8 @@ if ($cgiparams{'RULESET'} eq $Lang::tr{'save'}) { &working_notice("$Lang::tr{'ids download new ruleset'}");
# Call subfunction to download the ruleset. - if(&IDS::downloadruleset()) { - $errormessage = $Lang::tr{'could not download latest updates'}; + if(&IDS::downloadruleset($provider)) { + $errormessage = "$provider - $Lang::tr{'could not download latest updates'}";
# Call function to store the errormessage. &IDS::_store_error_message($errormessage); @@ -577,6 +537,61 @@ if ($cgiparams{'RULESET'} eq $Lang::tr{'save'}) { &reload(); } } + +# Reset a provider to it's defaults. +} elsif ($cgiparams{'PROVIDERS'} eq "$Lang::tr{'ids reset provider'}") { + # Grab provider handle from cgihash. + my $provider = $cgiparams{'PROVIDER'}; + + # Lock the webpage and print message. + &working_notice("$Lang::tr{'ids apply ruleset changes'}"); + + # Create new empty file for used rulefiles + # for this provider. + &IDS::write_used_provider_rulefiles_file($provider); + + # Call function to get the path and name for the given providers + # oinkmaster modified sids file. + my $provider_modified_sids_file = &IDS::get_oinkmaster_provider_modified_sids_file($provider); + + # Check if the file exists. + if (-f $provider_modified_sids_file) { + # Remove the file, as requested. + unlink("$provider_modified_sids_file"); + } + + # Alter the oinkmaster provider includes file and remove the provider. + &IDS::alter_oinkmaster_provider_includes_file("remove", $provider); + + # Regenerate ruleset. + &IDS::oinkmaster(); + + # Check if the IDS is running. + if(&IDS::ids_is_running()) { + # Get enabled providers. + my @enabled_providers = &IDS::get_enabled_providers(); + + # Get amount of enabled providers. + my $amount = @enabled_providers; + + # Check if at least one enabled provider remains. + if ($amount >= 1) { + # Call suricatactrl to perform a reload. + &IDS::call_suricatactrl("restart"); + + # Stop suricata if no enabled provider remains. + } else { + # Call suricatactrel to perform the stop. + &IDS::call_suricatactrl("stop"); + } + } + + # Undefine providers flag. + undef($cgiparams{'PROVIDERS'}); + + # Reload page. + &reload(); + # Save IDS settings. } elsif ($cgiparams{'IDS'} eq $Lang::tr{'save'}) { my %oldidssettings; @@ -586,14 +601,17 @@ if ($cgiparams{'RULESET'} eq $Lang::tr{'save'}) { # Read-in current (old) IDS settings. &General::readhash("$IDS::ids_settings_file", %oldidssettings);
+ # Get enabled providers. + my @enabled_providers = &IDS::get_enabled_providers(); + # Prevent form name from been stored in conf file. delete $cgiparams{'IDS'};
# Check if the IDS should be enabled. if ($cgiparams{'ENABLE_IDS'} eq "on") { - # Check if any ruleset is available. Otherwise abort and display an error. - unless(%idsrules) { - $errormessage = $Lang::tr{'ids no ruleset available'}; + # Check if at least one provider is enabled. Otherwise abort and display an error. + unless(@enabled_providers) { + $errormessage = $Lang::tr{'ids no enabled ruleset provider'}; }
# Loop through the array of available interfaces. @@ -620,6 +638,12 @@ if ($cgiparams{'RULESET'} eq $Lang::tr{'save'}) { &General::writehash("$IDS::ids_settings_file", %cgiparams); }
+ # Check if the the automatic rule update hass been touched. + if($cgiparams{'AUTOUPDATE_INTERVAL'} ne $oldidssettings{'AUTOUPDATE_INTERVAL'}) { + # Call suricatactrl to set the new interval. + &IDS::call_suricatactrl("cron", $cgiparams{'AUTOUPDATE_INTERVAL'}); + } + # Generate file to store the home net. &IDS::generate_home_net_file();
@@ -634,8 +658,8 @@ if ($cgiparams{'RULESET'} eq $Lang::tr{'save'}) {
# Check if "MONITOR_TRAFFIC_ONLY" has been changed. if($cgiparams{'MONITOR_TRAFFIC_ONLY'} ne $oldidssettings{'MONITOR_TRAFFIC_ONLY'}) { - # Check if a ruleset exists. - if (%idsrules) { + # Check if at least one provider is enabled. + if (@enabled_providers) { # Lock the webpage and print message. &working_notice("$Lang::tr{'ids working'}");
@@ -667,295 +691,698 @@ if ($cgiparams{'RULESET'} eq $Lang::tr{'save'}) { # Perform a reload of the page. &reload(); } -} - -# Read-in idssettings and rulesetsettings -&General::readhash("$IDS::ids_settings_file", %idssettings); -&General::readhash("$IDS::rules_settings_file", %rulessettings);
-# If no autoupdate intervall has been configured yet, set default value. -unless(exists($rulessettings{'AUTOUPDATE_INTERVAL'})) { - # Set default to "weekly". - $rulessettings{'AUTOUPDATE_INTERVAL'} = 'weekly'; -} +# Toggle Enable/Disable autoupdate for a provider +} elsif ($cgiparams{'AUTOUPDATE'} eq $Lang::tr{'toggle enable disable'}) { + my %used_providers = ();
-# Read-in ignored hosts. -&General::readhasharray("$IDS::settingsdir/ignored", %ignored); - -$checked{'ENABLE_IDS'}{'off'} = ''; -$checked{'ENABLE_IDS'}{'on'} = ''; -$checked{'ENABLE_IDS'}{$idssettings{'ENABLE_IDS'}} = "checked='checked'"; -$checked{'MONITOR_TRAFFIC_ONLY'}{'off'} = ''; -$checked{'MONITOR_TRAFFIC_ONLY'}{'on'} = ''; -$checked{'MONITOR_TRAFFIC_ONLY'}{$idssettings{'MONITOR_TRAFFIC_ONLY'}} = "checked='checked'"; -$selected{'RULES'}{'nothing'} = ''; -$selected{'RULES'}{'community'} = ''; -$selected{'RULES'}{'emerging'} = ''; -$selected{'RULES'}{'registered'} = ''; -$selected{'RULES'}{'subscripted'} = ''; -$selected{'RULES'}{$rulessettings{'RULES'}} = "selected='selected'"; -$selected{'AUTOUPDATE_INTERVAL'}{'off'} = ''; -$selected{'AUTOUPDATE_INTERVAL'}{'daily'} = ''; -$selected{'AUTOUPDATE_INTERVAL'}{'weekly'} = ''; -$selected{'AUTOUPDATE_INTERVAL'}{$rulessettings{'AUTOUPDATE_INTERVAL'}} = "selected='selected'"; + # Only go further, if an ID has been passed. + if ($cgiparams{'ID'}) { + # Assign the given ID. + my $id = $cgiparams{'ID'};
-&Header::openpage($Lang::tr{'intrusion detection system'}, 1, ''); + # Undef the given ID. + undef($cgiparams{'ID'});
-### Java Script ### -print"<script>\n"; + # Read-in providers settings file. + &General::readhasharray($IDS::providers_settings_file, %used_providers);
-# Java script variable declaration for show and hide. -print"var show = "$Lang::tr{'ids show'}";\n"; -print"var hide = "$Lang::tr{'ids hide'}";\n"; + # Grab the configured status of the corresponding entry. + my $status_autoupdate = $used_providers{$id}[2];
-print <<END - // Java Script function to show/hide the text input field for - // Oinkcode/Subscription code. - var update_code = function() { - if($('#RULES').val() == 'registered') { - $('#code').show(); - } else if($('#RULES').val() == 'subscripted') { - $('#code').show(); - } else if($('#RULES').val() == 'emerging_pro') { - $('#code').show(); + # Switch the status. + if ($status_autoupdate eq "disabled") { + $status_autoupdate = "enabled"; } else { - $('#code').hide(); + $status_autoupdate = "disabled"; } - };
- // JQuery function to call corresponding function when - // the ruleset is changed or the page is loaded for showing/hiding - // the code area. - $(document).ready(function() { - $('#RULES').change(update_code); - update_code(); - }); + # Modify the status of the existing entry. + $used_providers{$id} = ["$used_providers{$id}[0]", "$used_providers{$id}[1]", "$status_autoupdate", "$used_providers{$id}[3]"];
- // Tiny java script function to show/hide the rules - // of a given category. - function showhide(tblname) { - $("#" + tblname).toggle(); + # Write the changed hash to the providers settings file. + &General::writehasharray($IDS::providers_settings_file, %used_providers); + }
- // Get current content of the span element. - var content = document.getElementById("span_" + tblname); +# Add/Edit a provider to the list of used providers. +# +} elsif (($cgiparams{'PROVIDERS'} eq "$Lang::tr{'add'}") || ($cgiparams{'PROVIDERS'} eq "$Lang::tr{'update'}")) { + my %used_providers = ();
- if (content.innerHTML === show) { - content.innerHTML = hide; - } else { - content.innerHTML = show; - } - } -</script> -END -; + # Read-in providers settings file. + &General::readhasharray("$IDS::providers_settings_file", %used_providers);
-&Header::openbigbox('100%', 'left', '', $errormessage); + # Assign some nice human-readable values. + my $provider = $cgiparams{'PROVIDER'}; + my $subscription_code = $cgiparams{'SUBSCRIPTION_CODE'}; + my $status_autoupdate;
-if ($errormessage) { - &Header::openbox('100%', 'left', $Lang::tr{'error messages'}); - print "<class name='base'>$errormessage\n"; - print " </class>\n"; - &Header::closebox(); -} + # Handle autoupdate checkbox. + if ($cgiparams{'ENABLE_AUTOUPDATE'} eq "on") { + $status_autoupdate = "enabled"; + } else { + $status_autoupdate = "disabled"; + }
-# Draw current state of the IDS -&Header::openbox('100%', 'left', $Lang::tr{'intrusion detection system'}); + # Check if we are going to add a new provider. + if ($cgiparams{'PROVIDERS'} eq "$Lang::tr{'add'}") { + # Loop through the hash of used providers. + foreach my $id ( keys %used_providers) { + # Check if the choosen provider is already in use. + if ($used_providers{$id}[0] eq "$provider") { + # Assign error message. + $errormessage = "$Lang::tr{'ids the choosen provider is already in use'}"; + } + } + }
-# Check if the IDS is running and obtain the process-id. -my $pid = &IDS::ids_is_running(); + # Check if the provider requires a subscription code. + if ($IDS::Ruleset::Providers{$provider}{'requires_subscription'} eq "True") { + # Check if an subscription code has been provided. + if ($subscription_code) { + # Check if the code contains unallowed chars. + unless ($subscription_code =~ /^[a-z0-9]+$/) { + $errormessage = $Lang::tr{'invalid input for subscription code'}; + } + } else { + # Print an error message, that an subsription code is required for this + # provider. + $errormessage = $Lang::tr{'ids subscription code required'}; + } + }
-# Display some useful information, if suricata daemon is running. -if ($pid) { - # Gather used memory. - my $memory = &get_memory_usage($pid); + # Go further if there was no error. + if ($errormessage eq '') { + my $id; + my $status;
- print <<END; - <table width='95%' cellspacing='0' class='tbl'> - <tr> - <th bgcolor='$color{'color20'}' colspan='3' align='left'><strong>$Lang::tr{'intrusion detection'}</strong></th> - </tr> + # Check if we should edit an existing entry and got an ID. + if (($cgiparams{'PROVIDERS'} eq $Lang::tr{'update'}) && ($cgiparams{'ID'})) { + # Assin the provided id. + $id = $cgiparams{'ID'};
- <tr> - <td class='base'>$Lang::tr{'guardian daemon'}</td> - <td align='center' colspan='2' width='75%' bgcolor='${Header::colourgreen}'><font color='white'><strong>$Lang::tr{'running'}</strong></font></td> - </tr> + # Undef the given ID. + undef($cgiparams{'ID'});
- <tr> - <td class='base'></td> - <td bgcolor='$color{'color20'}' align='center'><strong>PID</strong></td> - <td bgcolor='$color{'color20'}' align='center'><strong>$Lang::tr{'memory'}</strong></td> - </tr> + # Grab the configured status of the corresponding entry. + $status = $used_providers{$id}[3]; + } else { + # Each newly added entry automatically should be enabled. + $status = "enabled";
- <tr> - <td class='base'></td> - <td bgcolor='$color{'color22'}' align='center'>$pid</td> - <td bgcolor='$color{'color22'}' align='center'>$memory KB</td> - </tr> - </table> -END -} else { - # Otherwise display a hint that the service is not launched. - print <<END; - <table width='95%' cellspacing='0' class='tbl'> - <tr> - <th bgcolor='$color{'color20'}' colspan='3' align='left'><strong>$Lang::tr{'intrusion detection'}</strong></th> - </tr> + # Generate the ID for the new entry. + # + # Sort the keys by their ID and store them in an array. + my @keys = sort { $a <=> $b } keys %used_providers;
- <tr> - <td class='base'>$Lang::tr{'guardian daemon'}</td> - <td align='center' width='75%' bgcolor='${Header::colourred}'><font color='white'><strong>$Lang::tr{'stopped'}</strong></font></td> - </tr> - </table> -END -} + # Reverse the key array. + my @reversed = reverse(@keys);
-# Only show this area, if a ruleset is present. -if (%idsrules) { + # Obtain the last used id. + my $last_id = @reversed[0];
- print <<END + # Increase the last id by one and use it as id for the new entry. + $id = ++$last_id; + }
- <br><br><h2>$Lang::tr{'settings'}</h2> + # Add/Modify the entry to/in the used providers hash.. + $used_providers{$id} = ["$provider", "$subscription_code", "$status_autoupdate", "$status"];
- <form method='post' action='$ENV{'SCRIPT_NAME'}'> - <table width='100%' border='0'> - <tr> - <td class='base' colspan='2'> - <input type='checkbox' name='ENABLE_IDS' $checked{'ENABLE_IDS'}{'on'}> $Lang::tr{'ids enable'} - </td> + # Write the changed hash to the providers settings file. + &General::writehasharray($IDS::providers_settings_file, %used_providers);
- <td class='base' colspan='2'> - <input type='checkbox' name='MONITOR_TRAFFIC_ONLY' $checked{'MONITOR_TRAFFIC_ONLY'}{'on'}> $Lang::tr{'ids monitor traffic only'} - </td> - </tr> + # Check if a new provider will be added. + if ($cgiparams{'PROVIDERS'} eq $Lang::tr{'add'}) { + # Check if the red device is active. + unless (-e "${General::swroot}/red/active") { + $errormessage = "$Lang::tr{'ids could not add provider'} - $Lang::tr{'system is offline'}"; + }
- <tr> - <td><br><br></td> - <td><br><br></td> - <td><br><br></td> - <td><br><br></td> - </tr> + # Check if enough free disk space is availabe. + if(&IDS::checkdiskspace()) { + $errormessage = "$Lang::tr{'ids could not add provider'} - $Lang::tr{'not enough disk space'}"; + }
- <tr> - <td colspan='4'><b>$Lang::tr{'ids monitored interfaces'}</b><br></td> - </tr> + # Check if any errors happend. + unless ($errormessage) { + # Lock the webpage and print notice about downloading + # a new ruleset. + &working_notice("$Lang::tr{'ids working'}");
- <tr> -END -; + # Download the ruleset. + if(&IDS::downloadruleset($provider)) { + $errormessage = "$Lang::tr{'ids could not add provider'} - $Lang::tr{'ids unable to download the ruleset'}"; + + # Call function to store the errormessage. + &IDS::_store_error_message($errormessage);
- # Loop through the array of available networks and print config options. - foreach my $zone (@network_zones) { - my $checked_input; - my $checked_forward; + # Remove the configured provider again. + &remove_provider($id); + } else { + # Extract the ruleset + &IDS::extractruleset($provider);
- # Convert current zone name to upper case. - my $zone_upper = uc($zone); + # Move the ruleset. + &IDS::move_tmp_ruleset();
- # Set zone name. - my $zone_name = $zone; + # Cleanup temporary directory. + &IDS::cleanup_tmp_directory();
- # Dirty hack to get the correct language string for the red zone. - if ($zone eq "red") { - $zone_name = "red1"; - } + # Create new empty file for used rulefiles + # for this provider. + &IDS::write_used_provider_rulefiles_file($provider); + }
- # Grab checkbox status from settings hash. - if ($idssettings{"ENABLE_IDS_$zone_upper"} eq "on") { - $checked_input = "checked = 'checked'"; + # Perform a reload of the page. + &reload(); + } }
- print "<td class='base' width='20%'>\n"; - print "<input type='checkbox' name='ENABLE_IDS_$zone_upper' $checked_input>\n"; - print " $Lang::tr{'enabled on'}<font color='$colourhash{$zone}'> $Lang::tr{$zone_name}</font>\n"; - print "</td>\n"; }
-print <<END - </tr> - </table> + # Undefine providers flag. + undef($cgiparams{'PROVIDERS'});
- <br><br> +## Toggle Enabled/Disabled for an existing provider. +# +} elsif ($cgiparams{'PROVIDERS'} eq $Lang::tr{'toggle enable disable'}) { + my %used_providers = (); + my $provider_includes_action;
- <table width='100%'> - <tr> - <td align='right'><input type='submit' name='IDS' value='$Lang::tr{'save'}' /></td> - </tr> - </table> - </form> -END -; + # Value if oinkmaster has to be executed. + my $oinkmaster = "False";
-} + # Only go further, if an ID has been passed. + if ($cgiparams{'ID'}) { + # Assign the given ID. + my $id = $cgiparams{'ID'};
-&Header::closebox(); + # Undef the given ID. + undef($cgiparams{'ID'});
-# Draw elements for ruleset configuration. -&Header::openbox('100%', 'center', $Lang::tr{'ids ruleset settings'}); + # Read-in file which contains the provider settings. + &General::readhasharray($IDS::providers_settings_file, %used_providers);
-print <<END -<form method='post' action='$ENV{'SCRIPT_NAME'}'> - <table width='100%' border='0'> - <tr> - <td><b>$Lang::tr{'ids rules update'}</b></td> - <td><b>$Lang::tr{'ids automatic rules update'}</b></td> - </tr> + # Grab the configured status of the corresponding entry. + my $status = $used_providers{$id}[3];
- <tr> - <td><select name='RULES' id='RULES'> - <option value='emerging' $selected{'RULES'}{'emerging'} >$Lang::tr{'emerging rules'}</option> - <option value='emerging_pro' $selected{'RULES'}{'emerging_pro'} >$Lang::tr{'emerging pro rules'}</option> - <option value='community' $selected{'RULES'}{'community'} >$Lang::tr{'community rules'}</option> - <option value='registered' $selected{'RULES'}{'registered'} >$Lang::tr{'registered user rules'}</option> - <option value='subscripted' $selected{'RULES'}{'subscripted'} >$Lang::tr{'subscripted user rules'}</option> - </select> - </td> - - <td> - <select name='AUTOUPDATE_INTERVAL'> - <option value='off' $selected{'AUTOUPDATE_INTERVAL'}{'off'} >- $Lang::tr{'Disabled'} -</option> - <option value='daily' $selected{'AUTOUPDATE_INTERVAL'}{'daily'} >$Lang::tr{'Daily'}</option> - <option value='weekly' $selected{'AUTOUPDATE_INTERVAL'}{'weekly'} >$Lang::tr{'Weekly'}</option> - </select> - </td> - </tr> + # Grab the provider handle. + my $provider_handle = $used_providers{$id}[0];
- <tr> - <td colspan='2'><br><br></td> - </tr> + # Switch the status. + if ($status eq "enabled") { + $status = "disabled";
- <tr style='display:none' id='code'> - <td colspan='2'>Oinkcode: <input type='text' size='40' name='OINKCODE' value='$rulessettings{'OINKCODE'}'></td> - </tr> + # Set the provider includes action to "remove" for removing the entry. + $provider_includes_action = "remove"; + } else { + $status = "enabled";
- <tr> - <td> </td> + # Set the provider includes action to "add". + $provider_includes_action = "add"; + + # This operation requires to launch oinkmaster. + $oinkmaster = "True"; + } + + # Modify the status of the existing entry. + $used_providers{$id} = ["$used_providers{$id}[0]", "$used_providers{$id}[1]", "$used_providers{$id}[2]", "$status"]; + + # Write the changed hash to the providers settings file. + &General::writehasharray($IDS::providers_settings_file, %used_providers); + + # Get all enabled providers. + my @enabled_providers = &IDS::get_enabled_providers(); + + # Write the main providers include file. + &IDS::write_main_used_rulefiles_file(@enabled_providers); + + # Call function to alter the oinkmasters provider includes file and + # add or remove the provider. + &IDS::alter_oinkmaster_provider_includes_file($provider_includes_action, $provider_handle); + + # Check if oinkmaster has to be executed. + if ($oinkmaster eq "True") { + # Lock the webpage and print message. + &working_notice("$Lang::tr{'ids apply ruleset changes'}"); + + # Launch oinkmaster. + &IDS::oinkmaster(); + } + + # Check if the IDS is running. + if(&IDS::ids_is_running()) { + # Gather the amount of enabled providers (elements in the array). + my $amount = @enabled_providers; + + # Check if there are still enabled ruleset providers. + if ($amount >= 1) { + # Call suricatactrl to perform a restart. + &IDS::call_suricatactrl("restart"); + + # No active ruleset provider, suricata has to be stopped. + } else { + # Stop suricata. + &IDS::call_suricatactrl("stop"); + } + } + + # Undefine providers flag. + undef($cgiparams{'PROVIDERS'}); + + # Reload page. + &reload(); + } + +## Remove provider from the list of used providers. +# +} elsif ($cgiparams{'PROVIDERS'} eq $Lang::tr{'remove'}) { + # Assign a nice human-readable variable. + my $id = $cgiparams{'ID'}; + + # Grab the provider name bevore deleting. + my $provider = &get_provider_handle($id); + + # Remove the provider. + &remove_provider($id); + + # Undef the given ID. + undef($cgiparams{'ID'}); + + # Lock the webpage and print message. + &working_notice("$Lang::tr{'ids apply ruleset changes'}"); + + # Drop the stored ruleset file. + &IDS::drop_dl_rulesfile($provider); + + # Get the name of the provider rulessets include file. + my $provider_used_rulefile = &IDS::get_used_provider_rulesfile_file($provider); + + # Drop the file, it is not longer needed. + unlink("$provider_used_rulefile"); + + # Call function to get the path and name for the given providers + # oinkmaster modified sids file. + my $provider_modified_sids_file = &IDS::get_oinkmaster_provider_modified_sids_file($provider); + + # Check if the file exists. + if (-f $provider_modified_sids_file) { + # Remove the file, which is not longer needed. + unlink("$provider_modified_sids_file"); + } + + # Alter the oinkmaster provider includes file and remove the provider. + &IDS::alter_oinkmaster_provider_includes_file("remove", $provider); + + # Regenerate ruleset. + &IDS::oinkmaster(); + + # Gather all enabled providers. + my @enabled_providers = &IDS::get_enabled_providers(); + + # Regenerate main providers include file. + &IDS::write_main_used_rulefiles_file(@enabled_providers); + + # Check if the IDS is running. + if(&IDS::ids_is_running()) { + # Get amount of enabled providers. + my $amount = @enabled_providers; + + # Check if at least one enabled provider remains. + if ($amount >= 1) { + # Call suricatactrl to perform a reload. + &IDS::call_suricatactrl("restart"); + + # Stop suricata if no enabled provider remains. + } else { + # Call suricatactrel to perform the stop. + &IDS::call_suricatactrl("stop"); + } + } + + # Undefine providers flag. + undef($cgiparams{'PROVIDERS'}); + + # Reload page. + &reload(); +} + +&Header::openpage($Lang::tr{'intrusion detection system'}, 1, ''); + +&Header::openbigbox('100%', 'left', '', $errormessage); + +&show_display_error_message(); + +if ($cgiparams{'RULESET'} eq "$Lang::tr{'ids customize ruleset'}" ) { + &show_customize_ruleset(); +} elsif ($cgiparams{'PROVIDERS'} ne "") { + &show_add_provider(); +} else { + &show_mainpage(); +} + +&Header::closebigbox(); +&Header::closepage(); + +# +## Tiny function to show if a error message happened. +# +sub show_display_error_message() { + if ($errormessage) { + &Header::openbox('100%', 'left', $Lang::tr{'error messages'}); + print "<class name='base'>$errormessage\n"; + print " </class>\n"; + &Header::closebox(); + } +} + +# +## Function to display the main IDS page. +# +sub show_mainpage() { + # Read-in idssettings and provider settings. + &General::readhash("$IDS::ids_settings_file", %idssettings); + &General::readhasharray("$IDS::providers_settings_file", %used_providers); + + # If no autoupdate intervall has been configured yet, set default value. + unless(exists($idssettings{'AUTOUPDATE_INTERVAL'})) { + # Set default to "weekly". + $idssettings{'AUTOUPDATE_INTERVAL'} = 'weekly'; + } + + # Read-in ignored hosts. + &General::readhasharray("$IDS::settingsdir/ignored", %ignored); + + $checked{'ENABLE_IDS'}{'off'} = ''; + $checked{'ENABLE_IDS'}{'on'} = ''; + $checked{'ENABLE_IDS'}{$idssettings{'ENABLE_IDS'}} = "checked='checked'"; + $checked{'MONITOR_TRAFFIC_ONLY'}{'off'} = ''; + $checked{'MONITOR_TRAFFIC_ONLY'}{'on'} = ''; + $checked{'MONITOR_TRAFFIC_ONLY'}{$idssettings{'MONITOR_TRAFFIC_ONLY'}} = "checked='checked'"; + $selected{'AUTOUPDATE_INTERVAL'}{'off'} = ''; + $selected{'AUTOUPDATE_INTERVAL'}{'daily'} = ''; + $selected{'AUTOUPDATE_INTERVAL'}{'weekly'} = ''; + $selected{'AUTOUPDATE_INTERVAL'}{$idssettings{'AUTOUPDATE_INTERVAL'}} = "selected='selected'"; + + # Draw current state of the IDS + &Header::openbox('100%', 'left', $Lang::tr{'intrusion detection system'}); + + # Check if the IDS is running and obtain the process-id. + my $pid = &IDS::ids_is_running(); + + # Display some useful information, if suricata daemon is running. + if ($pid) { + # Gather used memory. + my $memory = &get_memory_usage($pid); + + print <<END; + <table width='95%' cellspacing='0' class='tbl'> + <tr> + <th bgcolor='$color{'color20'}' colspan='3' align='left'><strong>$Lang::tr{'intrusion detection'}</strong></th> + </tr> + + <tr> + <td class='base'>$Lang::tr{'guardian daemon'}</td> + <td align='center' colspan='2' width='75%' bgcolor='${Header::colourgreen}'><font color='white'><strong>$Lang::tr{'running'}</strong></font></td> + </tr> + + <tr> + <td class='base'></td> + <td bgcolor='$color{'color20'}' align='center'><strong>PID</strong></td> + <td bgcolor='$color{'color20'}' align='center'><strong>$Lang::tr{'memory'}</strong></td> + </tr> + + <tr> + <td class='base'></td> + <td bgcolor='$color{'color22'}' align='center'>$pid</td> + <td bgcolor='$color{'color22'}' align='center'>$memory KB</td> + </tr> + </table> +END + } else { + # Otherwise display a hint that the service is not launched. + print <<END; + <table width='95%' cellspacing='0' class='tbl'> + <tr> + <th bgcolor='$color{'color20'}' colspan='3' align='left'><strong>$Lang::tr{'intrusion detection'}</strong></th> + </tr>
- <td align='right'> + <tr> + <td class='base'>$Lang::tr{'guardian daemon'}</td> + <td align='center' width='75%' bgcolor='${Header::colourred}'><font color='white'><strong>$Lang::tr{'stopped'}</strong></font></td> + </tr> + </table> +END + } + + # Only show this area, if at least one ruleset provider is configured. + if (%used_providers) { + +print <<END + + <br><br><h2>$Lang::tr{'settings'}</h2> + + <form method='post' action='$ENV{'SCRIPT_NAME'}'> + <table width='100%' border='0'> + <tr> + <td class='base' colspan='2'> + <input type='checkbox' name='ENABLE_IDS' $checked{'ENABLE_IDS'}{'on'}> $Lang::tr{'ids enable'} + </td> + + <td class='base' colspan='2'> + <input type='checkbox' name='MONITOR_TRAFFIC_ONLY' $checked{'MONITOR_TRAFFIC_ONLY'}{'on'}> $Lang::tr{'ids monitor traffic only'} + </td> + </tr> + + <tr> + <td><br><br></td> + <td><br><br></td> + <td><br><br></td> + <td><br><br></td> + </tr> + + <tr> + <td colspan='4'><b>$Lang::tr{'ids monitored interfaces'}</b><br></td> + </tr> + + <tr> END ; - # Show the "Update Ruleset"-Button only if a ruleset has been downloaded yet and automatic updates are disabled. - if ((%idsrules) && ($rulessettings{'AUTOUPDATE_INTERVAL'} eq "off")) { - # Display button to update the ruleset. - print"<input type='submit' name='RULESET' value='$Lang::tr{'update ruleset'}'>\n"; + + # Loop through the array of available networks and print config options. + foreach my $zone (@network_zones) { + my $checked_input; + my $checked_forward; + + # Convert current zone name to upper case. + my $zone_upper = uc($zone); + + # Set zone name. + my $zone_name = $zone; + + # Dirty hack to get the correct language string for the red zone. + if ($zone eq "red") { + $zone_name = "red1"; + } + + # Grab checkbox status from settings hash. + if ($idssettings{"ENABLE_IDS_$zone_upper"} eq "on") { + $checked_input = "checked = 'checked'"; + } + + print "<td class='base' width='20%'>\n"; + print "<input type='checkbox' name='ENABLE_IDS_$zone_upper' $checked_input>\n"; + print " $Lang::tr{'enabled on'}<font color='$colourhash{$zone}'> $Lang::tr{$zone_name}</font>\n"; + print "</td>\n"; } -print <<END; - <input type='submit' name='RULESET' value='$Lang::tr{'save'}'> - </td>
- </tr> - </table> -</form> +print <<END + </tr> + + <tr> + <td><br><br></td> + <td><br><br></td> + <td><br><br></td> + <td><br><br></td> + </tr> + + <tr> + <td colspan='4'><b>$Lang::tr{'ids automatic rules update'}</b></td> + </tr> + + <tr> + <td> + <select name='AUTOUPDATE_INTERVAL'> + <option value='off' $selected{'AUTOUPDATE_INTERVAL'}{'off'} >- $Lang::tr{'Disabled'} -</option> + <option value='daily' $selected{'AUTOUPDATE_INTERVAL'}{'daily'} >$Lang::tr{'Daily'}</option> + <option value='weekly' $selected{'AUTOUPDATE_INTERVAL'}{'weekly'} >$Lang::tr{'Weekly'}</option> + </select> + </td> + </tr> + </table> + + <br><br> + + <table width='100%'> + <tr> + <td align='right'><input type='submit' name='IDS' value='$Lang::tr{'save'}' /></td> + </tr> + </table> + </form> END ;
-&Header::closebox(); + }
-# -# Whitelist / Ignorelist -# -&Header::openbox('100%', 'center', $Lang::tr{'ids ignored hosts'}); + &Header::closebox(); + + # + # Used Ruleset Providers section. + # + &Header::openbox('100%', 'center', $Lang::tr{'ids ruleset settings'});
print <<END; + <table width='100%' border='0'> + <tr> + <td class='base' bgcolor='$color{'color20'}'><b>$Lang::tr{'ids provider'}</b></td> + <td class='base' bgcolor='$color{'color20'}'><b>$Lang::tr{'date'}</b></td> + <td class='base' bgcolor='$color{'color20'}' align='center'><b>$Lang::tr{'ids autoupdates'}</b></td> + <td class='base' bgcolor='$color{'color20'}'></td> + <td class='base' colspan='3' bgcolor='$color{'color20'}'></td> + </tr> +END + my $line = 1; + + # Check if some providers has been configured. + if (keys (%used_providers)) { + my $col = ""; + + # Loop through all entries of the hash. + foreach my $id (sort keys(%used_providers)) { + # Assign data array positions to some nice variable names. + my $provider = $used_providers{$id}[0]; + my $provider_name = &get_provider_name($provider); + my $rulesetdate = &IDS::get_ruleset_date($provider); + + my $subscription_code = $used_providers{$id}[1]; + my $autoupdate_status = $used_providers{$id}[2]; + my $status = $used_providers{$id}[3]; + + # Check if the item number is even or not. + if ($line % 2) { + $col="bgcolor='$color{'color22'}'"; + } else { + $col="bgcolor='$color{'color20'}'"; + } + + # Choose icons for the checkboxes. + my $status_gif; + my $status_gdesc; + my $autoupdate_status_gif; + my $autoupdate_status_gdesc; + + # Check if the status is enabled and select the correct image and description. + if ($status eq 'enabled' ) { + $status_gif = 'on.gif'; + $status_gdesc = $Lang::tr{'click to disable'}; + } else { + $status_gif = 'off.gif'; + $status_gdesc = $Lang::tr{'click to enable'}; + } + + # Check if the autoupdate status is enabled and select the correct image and description. + if ($autoupdate_status eq 'enabled') { + $autoupdate_status_gif = 'on.gif'; + $autoupdate_status_gdesc = $Lang::tr{'click to disable'}; + } else { + $autoupdate_status_gif = 'off.gif'; + $autoupdate_status_gdesc = $Lang::tr{'click to enable'}; + } + +print <<END; + <tr> + <td width='33%' class='base' $col>$provider_name</td> + <td width='30%' class='base' $col>$rulesetdate</td> + + <td align='center' $col> + <form method='post' action='$ENV{'SCRIPT_NAME'}'> + <input type='hidden' name='AUTOUPDATE' value='$Lang::tr{'toggle enable disable'}' /> + <input type='image' name='$Lang::tr{'toggle enable disable'}' src='/images/$autoupdate_status_gif' alt='$autoupdate_status_gdesc' title='$autoupdate_status_gdesc' /> + <input type='hidden' name='ID' value='$id' /> + </form> + </td> + + <td align='center' $col> + <form method='post' action='$ENV{'SCRIPT_NAME'}'> + <input type='hidden' name='PROVIDERS' value='$Lang::tr{'toggle enable disable'}'> + <input type='image' name='$Lang::tr{'toggle enable disable'}' src='/images/$status_gif' alt='$status_gdesc' title='$status_gdesc'> + <input type='hidden' name='ID' value='$id'> + </form> + </td> + + <td align='center' $col> + <form method='post' action='$ENV{'SCRIPT_NAME'}'> + <input type='hidden' name='PROVIDERS' value='$Lang::tr{'edit'}'> + <input type='image' name='$Lang::tr{'edit'}' src='/images/edit.gif' alt='$Lang::tr{'edit'}' title='$Lang::tr{'edit'}'> + <input type='hidden' name='ID' value='$id'> + </form> + </td> + + <td align='center' $col> + <form method='post' name='$provider' action='$ENV{'SCRIPT_NAME'}'> + <input type='image' name='$Lang::tr{'remove'}' src='/images/delete.gif' title='$Lang::tr{'remove'}' alt='$Lang::tr{'remove'}'> + <input type='hidden' name='ID' value='$id'> + <input type='hidden' name='PROVIDERS' value='$Lang::tr{'remove'}'> + </form> + </td> + </tr> +END + # Increment lines value. + $line++; + + } + + } else { + # Print notice that currently no hosts are ignored. + print "<tr>\n"; + print "<td class='base' colspan='2'>$Lang::tr{'guardian no entries'}</td>\n"; + print "</tr>\n"; + } + + print "</table>\n"; + + # Section to add new elements or edit existing ones. +print <<END; + <br> + <hr> + <br> + + <div align='right'> + <table width='100%'> + <form method='post' action='$ENV{'SCRIPT_NAME'}'> + <tr> +END + + # Only show this button if a ruleset provider is configured. + if (%used_providers) { + print "<input type='submit' name='RULESET' value='$Lang::tr{'ids customize ruleset'}'>\n"; + } +print <<END; + <input type='submit' name='PROVIDERS' value='$Lang::tr{'ids add provider'}'> + </tr> + </form> + </table> + </div> +END + + &Header::closebox(); + + # + # Whitelist / Ignorelist + # + &Header::openbox('100%', 'center', $Lang::tr{'ids ignored hosts'}); + + print <<END; <table width='100%'> <tr> <td class='base' bgcolor='$color{'color20'}'><b>$Lang::tr{'ip address'}</b></td> @@ -1003,17 +1430,17 @@ print <<END;
<td align='center' $col> <form method='post' action='$ENV{'SCRIPT_NAME'}'> - <input type='hidden' name='WHITELIST' value='$Lang::tr{'toggle enable disable'}' /> - <input type='image' name='$Lang::tr{'toggle enable disable'}' src='/images/$gif' alt='$gdesc' title='$gdesc' /> - <input type='hidden' name='ID' value='$key' /> + <input type='hidden' name='WHITELIST' value='$Lang::tr{'toggle enable disable'}'> + <input type='image' name='$Lang::tr{'toggle enable disable'}' src='/images/$gif' alt='$gdesc' title='$gdesc'> + <input type='hidden' name='ID' value='$key'> </form> </td>
<td align='center' $col> <form method='post' action='$ENV{'SCRIPT_NAME'}'> - <input type='hidden' name='WHITELIST' value='$Lang::tr{'edit'}' /> - <input type='image' name='$Lang::tr{'edit'}' src='/images/edit.gif' alt='$Lang::tr{'edit'}' title='$Lang::tr{'edit'}' /> - <input type='hidden' name='ID' value='$key' /> + <input type='hidden' name='WHITELIST' value='$Lang::tr{'edit'}'> + <input type='image' name='$Lang::tr{'edit'}' src='/images/edit.gif' alt='$Lang::tr{'edit'}' title='$Lang::tr{'edit'}'> + <input type='hidden' name='ID' value='$key'> </form> </td>
@@ -1023,83 +1450,96 @@ print <<END; <input type='hidden' name='ID' value='$key'> <input type='hidden' name='WHITELIST' value='$Lang::tr{'remove'}'> </form> - </td> - </tr> + </td> + </tr> END + } + } else { + # Print notice that currently no hosts are ignored. + print "<tr>\n"; + print "<td class='base' colspan='2'>$Lang::tr{'guardian no entries'}</td>\n"; + print "</tr>\n"; } - } else { - # Print notice that currently no hosts are ignored. - print "<tr>\n"; - print "<td class='base' colspan='2'>$Lang::tr{'guardian no entries'}</td>\n"; - print "</tr>\n"; - }
- print "</table>\n"; + print "</table>\n";
- # Section to add new elements or edit existing ones. + # Section to add new elements or edit existing ones. print <<END; - <br> - <hr> - <br> - - <div align='center'> - <table width='100%'> + <br> + <hr> + <br> + + <div align='center'> + <table width='100%'> END
- # Assign correct headline and button text. - my $buttontext; - my $entry_address; - my $entry_remark; + # Assign correct headline and button text. + my $buttontext; + my $entry_address; + my $entry_remark;
- # Check if an ID (key) has been given, in this case an existing entry should be edited. - if ($cgiparams{'ID'} ne '') { - $buttontext = $Lang::tr{'update'}; - print "<tr><td class='boldbase' colspan='3'><b>$Lang::tr{'update'}</b></td></tr>\n"; + # Check if an ID (key) has been given, in this case an existing entry should be edited. + if ($cgiparams{'ID'} ne '') { + $buttontext = $Lang::tr{'update'}; + print "<tr><td class='boldbase' colspan='3'><b>$Lang::tr{'update'}</b></td></tr>\n";
- # Grab address and remark for the given key. - $entry_address = $ignored{$cgiparams{'ID'}}[0]; - $entry_remark = $ignored{$cgiparams{'ID'}}[1]; - } else { - $buttontext = $Lang::tr{'add'}; - print "<tr><td class='boldbase' colspan='3'><b>$Lang::tr{'dnsforward add a new entry'}</b></td></tr>\n"; - } + # Grab address and remark for the given key. + $entry_address = $ignored{$cgiparams{'ID'}}[0]; + $entry_remark = $ignored{$cgiparams{'ID'}}[1]; + } else { + $buttontext = $Lang::tr{'add'}; + print "<tr><td class='boldbase' colspan='3'><b>$Lang::tr{'dnsforward add a new entry'}</b></td></tr>\n"; + }
print <<END; - <form method='post' action='$ENV{'SCRIPT_NAME'}'> - <input type='hidden' name='ID' value='$cgiparams{'ID'}'> - <tr> - <td width='30%'>$Lang::tr{'ip address'}: </td> - <td width='50%'><input type='text' name='IGNORE_ENTRY_ADDRESS' value='$entry_address' size='24' /></td> + <form method='post' action='$ENV{'SCRIPT_NAME'}'> + <input type='hidden' name='ID' value='$cgiparams{'ID'}'> + <tr> + <td width='30%'>$Lang::tr{'ip address'}: </td> + <td width='50%'><input type='text' name='IGNORE_ENTRY_ADDRESS' value='$entry_address' size='24' /></td>
- <td width='30%'>$Lang::tr{'remark'}: </td> - <td wicth='50%'><input type='text' name=IGNORE_ENTRY_REMARK value='$entry_remark' size='24' /></td> - <td align='center' width='20%'><input type='submit' name='WHITELIST' value='$buttontext' /></td> - </tr> - </form> - </table> - </div> + <td width='30%'>$Lang::tr{'remark'}: </td> + <td wicth='50%'><input type='text' name=IGNORE_ENTRY_REMARK value='$entry_remark' size='24' /></td> + <td align='center' width='20%'><input type='submit' name='WHITELIST' value='$buttontext' /></td> + </tr> + </form> + </table> + </div> END
-&Header::closebox(); - -# Only show the section for configuring the ruleset if one is present. -if (%idsrules) { - # Load neccessary perl modules for file stat and to format the timestamp. - use File::stat; - use POSIX qw( strftime ); + &Header::closebox(); +}
- # Call stat on the rulestarball. - my $stat = stat("$IDS::rulestarball"); +# +## Function to show the customize ruleset section. +# +sub show_customize_ruleset() { + ### Java Script ### + print"<script>\n";
- if (defined $stat) { - # Get timestamp the file creation. - my $mtime = $stat->mtime; + # Java script variable declaration for show and hide. + print"var show = "$Lang::tr{'ids show'}";\n"; + print"var hide = "$Lang::tr{'ids hide'}";\n";
- # Convert into human read-able format. - my $rulesdate = strftime('%Y-%m-%d %H:%M:%S', localtime($mtime)); +print <<END + // Tiny java script function to show/hide the rules + // of a given category. + function showhide(tblname) { + $("#" + tblname).toggle();
- &Header::openbox('100%', 'LEFT', "$Lang::tr{'intrusion detection system rules'} ($rulesdate)" ); + // Get current content of the span element. + var content = document.getElementById("span_" + tblname);
+ if (content.innerHTML === show) { + content.innerHTML = hide; + } else { + content.innerHTML = show; + } + } + </script> +END +; + &Header::openbox('100%', 'LEFT', "$Lang::tr{'intrusion detection system rules'}" ); print"<form method='POST' action='$ENV{'SCRIPT_NAME'}'>\n";
# Output display table for rule files @@ -1193,7 +1633,10 @@ if (%idsrules) { print <<END <table width='100%'> <tr> - <td width='100%' align='right'><input type='submit' name='RULESET' value='$Lang::tr{'ids apply'}'></td> + <td width='100%' align='right'> + <input type='submit' value='$Lang::tr{'fwhost back'}'> + <input type='submit' name='RULESET' value='$Lang::tr{'ids apply'}'> + </td> </tr> </table> </form> @@ -1203,8 +1646,270 @@ END } }
-&Header::closebigbox(); -&Header::closepage(); +# +## Function to show section for add/edit a provider. +# +sub show_add_provider() { + my %used_providers = (); + my @subscription_providers; + + # Read -in providers settings file. + &General::readhasharray("$IDS::providers_settings_file", %used_providers); + + # Get all supported ruleset providers. + my @ruleset_providers = &IDS::get_ruleset_providers(); + + ### Java Script ### + print "<script>\n"; + + # Generate Java Script Object which contains the URL of the providers. + print "\t// Object, which contains the webpages of the ruleset providers.\n"; + print "\tvar url = {\n"; + + # Loop through the array of supported providers. + foreach my $provider (@ruleset_providers) { + # Check if the provider requires a subscription. + if ($IDS::Ruleset::Providers{$provider}{'requires_subscription'} eq "True") { + # Add the provider to the array of subscription_providers. + push(@subscription_providers, $provider); + } + + # Grab the URL for the provider. + my $url = $IDS::Ruleset::Providers{$provider}{'website'}; + + # Print the URL to the Java Script Object. + print "\t\t$provider: "$url",\n"; + } + + # Close the Java Script Object declaration. + print "\t};\n\n"; + + # Generate Java Script Array which contains the provider that requires a subscription. + my $line = ""; + $line = join("', '", @subscription_providers); + + print "\t// Array which contains the providers that requires a subscription.\n"; + print "\tsubscription_provider = ['$line'];\n\n"; + +print <<END + // Java Script function to swap the text input field for + // entering a subscription code. + var update_provider = function() { + if(inArray($('#PROVIDER').val(), subscription_provider)) { + $('.subscription_code').show(); + } else { + $('.subscription_code').hide(); + } + + // Call function to change the website url. + change_url($('#PROVIDER').val()); + }; + + // Java Script function to check if a given value is part of + // an array. + function inArray(value,array) { + var count=array.length; + + for(var i=0;i<count;i++) { + if(array[i]===value){ + return true; + } + } + + return false; + } + + // Tiny function to change the website url based on the selected element in the "PROVIDERS" + // dropdown menu. + function change_url(provider) { + // Get and change the href to the corresponding url. + document.getElementById("website").href = url[provider]; + } + + // JQuery function to call corresponding function when + // the ruleset provider is changed or the page is loaded for showing/hiding + // the subscription_code area. + $(document).ready(function() { + $('#PROVIDER').change(update_provider); + update_provider(); + }); + + </script> +END +; + + # Check if an existing provider should be edited. + if($cgiparams{'PROVIDERS'} eq "$Lang::tr{'edit'}") { + # Check if autoupdate is enabled for this provider. + if ($used_providers{$cgiparams{'ID'}}[2] eq "enabled") { + # Set the checkbox to be checked. + $checked{'ENABLE_AUTOUPDATE'} = "checked='checked'"; + } + + # Display section to force an rules update and to reset the provider. + &show_additional_provider_actions(); + + } elsif ($cgiparams{'PROVIDERS'} eq "$Lang::tr{'ids add provider'}") { + # Set the autoupdate to true as default. + $checked{'ENABLE_AUTOUPDATE'} = "checked='checked'"; + } + + &Header::openbox('100%', 'center', $Lang::tr{'ids provider settings'}); + +print <<END + <form method='post' action='$ENV{'SCRIPT_NAME'}'> + <table width='100%' border='0'> + <tr> + <td colspan='2'><b>$Lang::tr{'ids provider'}</b></td> + </tr> + + <tr> + <td width='40%'> + <input type='hidden' name='ID' value='$cgiparams{'ID'}'> +END +; + # Value to allow disabling the dropdown menu. + my $disabled; + + # Check if we are in edit mode. + if ($cgiparams{'PROVIDERS'} eq "$Lang::tr{'edit'}") { + $disabled = "disabled"; + + # Add hidden input with the provider because the disable select does not provider + # this. + print "<input type='hidden' name='PROVIDER' value='$used_providers{$cgiparams{'ID'}}[0]'>\n"; + } + + print "<select name='PROVIDER' id='PROVIDER' $disabled>\n"; + # Temporary hash to store the provier names and their handles. + my %tmphash = (); + + # Loop through the array of ruleset providers. + foreach my $handle (@ruleset_providers) { + # Get the provider name. + my $name = &get_provider_name($handle); + + # Add the grabbed provider name and handle to the + # temporary hash. + $tmphash{$name} = "$handle"; + } + + # Sort and loop through the temporary hash. + foreach my $provider_name ( sort keys %tmphash ) { + # Grab the provider handle. + my $provider = $tmphash{$provider_name}; + + # Pre-select the provider if one is given. + if (($used_providers{$cgiparams{'ID'}}[0] eq "$provider") || ($cgiparams{'PROVIDER'} eq "$provider")) { + $selected{$provider} = "selected='selected'"; + } + + # Add the provider to the dropdown menu. + print "<option value='$provider' $selected{$provider}>$provider_name</option>\n"; + } +print <<END + </select> + </td> + + <td width='60%'> + <b><a id="website" target="_blank" href="#">$Lang::tr{'ids visit provider website'}</a></b> + </td> + </tr> + + <tr> + <td colspan='2'><br><br></td> + </tr> + + <tr class='subscription_code' style='display:none' id='subscription_code'> + <td colspan='2'> + <table border='0'> + <tr> + <td> + <b>$Lang::tr{'subscription code'}</b> + </td> + </tr> + + <tr> + <td> + <input type='text' size='40' name='SUBSCRIPTION_CODE' value='$used_providers{$cgiparams{'ID'}}[1]'> + </td> + </tr> + + <tr> + <td><br><br></td> + </tr> + </table> + </td> + </tr> + + <tr> + <td colspan='2'> + <input type='checkbox' name='ENABLE_AUTOUPDATE' $checked{'ENABLE_AUTOUPDATE'}> $Lang::tr{'ids enable automatic updates'} + </td> + </tr> + + <tr> + <td colspan='2' align='right'> + <input type='submit' value='$Lang::tr{'back'}'> +END +; + # Check if a provider should be added or edited. + if ($cgiparams{'PROVIDERS'} eq "$Lang::tr{'edit'}") { + # Display button for updating the existing provider. + print "<input type='submit' name='PROVIDERS' value='$Lang::tr{'update'}'>\n"; + } else { + # Display button to add the new provider. + print "<input type='submit' name='PROVIDERS' value='$Lang::tr{'add'}'>\n"; + } +print <<END + </td> + </tr> + </table> + </form> +END +; + &Header::closebox(); +} + +# +## Function to show the area where additional provider actions can be done. +# +sub show_additional_provider_actions() { + my $disabled; + my %used_providers = (); + + # Read-in providers settings file. + &General::readhasharray("$IDS::providers_settings_file", %used_providers); + + # Assign variable for provider handle. + my $provider = "$used_providers{$cgiparams{'ID'}}[0]"; + + # Call function to get the path and name for the given providers + # oinkmaster modified sids file. + my $provider_modified_sids_file = &IDS::get_oinkmaster_provider_modified_sids_file($provider); + + # Disable the reset provider button if no provider modified sids file exists. + unless (-f $provider_modified_sids_file) { + $disabled = "disabled"; + } + + &Header::openbox('100%', 'center', ""); + print <<END + <form method='post' action='$ENV{'SCRIPT_NAME'}'> + <table width='100%' border="0"> + <tr> + <td align='center'> + <input type='hidden' name='PROVIDER' value='$provider'> + <input type='submit' name='PROVIDERS' value='$Lang::tr{'ids reset provider'}' $disabled> + <input type='submit' name='PROVIDERS' value='$Lang::tr{'ids force ruleset update'}'> + </td> + </tr> + </table> + </form> +END +; + &Header::closebox(); +}
# ## A function to display a notice, to lock the webpage and @@ -1270,7 +1975,7 @@ sub readrulesfile ($) { my $msg;
# Gather rule sid and message from the ruleline. - if ($line =~ m/.*msg:"(.*?)"; .* sid:(.*?); /) { + if ($line =~ m/.*msg:\s*"(.*?)";.*sid:\s*(.*?); /) { $msg = $1; $sid = $2;
@@ -1332,54 +2037,62 @@ sub get_memory_usage($) { }
# -## Function to read-in the given enabled or disables sids file. +## Function to get the provider handle by a given ID. # -sub read_enabled_disabled_sids_file($) { - my ($file) = @_; - - # Temporary hash to store the sids and their state. It will be - # returned at the end of this function. - my %temphash; - - # Open the given filename. - open(FILE, "$file") or die "Could not open $file. $!\n"; - - # Loop through the file. - while(<FILE>) { - # Remove newlines. - chomp $_; - - # Skip blank lines. - next if ($_ =~ /^\s*$/); - - # Skip coments. - next if ($_ =~ /^#/); - - # Splitt line into sid and state part. - my ($state, $sid) = split(" ", $_); - - # Skip line if the sid is not numeric. - next unless ($sid =~ /\d+/ ); - - # Check if the sid was enabled. - if ($state eq "enablesid") { - # Add the sid and its state as enabled to the temporary hash. - $temphash{$sid} = "enabled"; - # Check if the sid was disabled. - } elsif ($state eq "disablesid") { - # Add the sid and its state as disabled to the temporary hash. - $temphash{$sid} = "disabled"; - # Invalid state - skip the current sid and state. - } else { - next; - } +sub get_provider_handle($) { + my ($id) = @_; + + my %used_providers = (); + + # Read-in provider settings file. + &General::readhasharray($IDS::providers_settings_file, %used_providers); + + # Obtain the provider handle for the given ID. + my $provider_handle = $used_providers{$cgiparams{'ID'}}[0]; + + # Return the handle. + return $provider_handle; +} + +# +## Function to get the provider name from the language file or providers file for a given handle. +# +sub get_provider_name($) { + my ($handle) = @_; + my $provider_name; + + # Get the required translation string for the given provider handle. + my $tr_string = $IDS::Ruleset::Providers{$handle}{'tr_string'}; + + # Check if the translation string is available in the language files. + if ($Lang::tr{$tr_string}) { + # Use the translated string from the language file. + $provider_name = $Lang::tr{$tr_string}; + } else { + # Fallback and use the provider summary from the providers file. + $provider_name = $IDS::Ruleset::Providers{$handle}{'summary'}; }
- # Close filehandle. - close(FILE); + # Return the obtained provider name. + return $provider_name; +} + +# +## Function to remove a provider by a given ID. +# +sub remove_provider($) { + my ($id) = @_; + + my %used_providers = (); + + # Read-in provider settings file. + &General::readhasharray($IDS::providers_settings_file, %used_providers); + + # Drop entry from the hash. + delete($used_providers{$id});
- # Return the hash. - return %temphash; + # Write the changed hash to the provider settings file. + &General::writehasharray($IDS::providers_settings_file, %used_providers); }
# diff --git a/html/cgi-bin/optionsfw.cgi b/html/cgi-bin/optionsfw.cgi index 1ecf4f180..481d5bdbd 100644 --- a/html/cgi-bin/optionsfw.cgi +++ b/html/cgi-bin/optionsfw.cgi @@ -2,7 +2,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2014-2020 IPFire Team info@ipfire.org # +# Copyright (C) 2014-2021 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -110,6 +110,12 @@ $checked{'DROPWIRELESSINPUT'}{$settings{'DROPWIRELESSINPUT'}} = "checked='checke $checked{'DROPWIRELESSFORWARD'}{'off'} = ''; $checked{'DROPWIRELESSFORWARD'}{'on'} = ''; $checked{'DROPWIRELESSFORWARD'}{$settings{'DROPWIRELESSFORWARD'}} = "checked='checked'"; +$checked{'DROPSPOOFEDMARTIAN'}{'off'} = ''; +$checked{'DROPSPOOFEDMARTIAN'}{'on'} = ''; +$checked{'DROPSPOOFEDMARTIAN'}{$settings{'DROPSPOOFEDMARTIAN'}} = "checked='checked'"; +$checked{'DROPHOSTILE'}{'off'} = ''; +$checked{'DROPHOSTILE'}{'on'} = ''; +$checked{'DROPHOSTILE'}{$settings{'DROPHOSTILE'}} = "checked='checked'"; $checked{'DROPPROXY'}{'off'} = ''; $checked{'DROPPROXY'}{'on'} = ''; $checked{'DROPPROXY'}{$settings{'DROPPROXY'}} = "checked='checked'"; @@ -195,24 +201,82 @@ END <br>
<table width='95%' cellspacing='0'> -<tr bgcolor='$color{'color20'}'><td colspan='2' align='left'><b>$Lang::tr{'fw logging'}</b></td></tr> -<tr><td align='left' width='60%'>$Lang::tr{'drop newnotsyn'}</td><td align='left'>$Lang::tr{'on'} <input type='radio' name='DROPNEWNOTSYN' value='on' $checked{'DROPNEWNOTSYN'}{'on'} />/ - <input type='radio' name='DROPNEWNOTSYN' value='off' $checked{'DROPNEWNOTSYN'}{'off'} /> $Lang::tr{'off'}</td></tr> -<tr><td align='left' width='60%'>$Lang::tr{'drop input'}</td><td align='left'>$Lang::tr{'on'} <input type='radio' name='DROPINPUT' value='on' $checked{'DROPINPUT'}{'on'} />/ - <input type='radio' name='DROPINPUT' value='off' $checked{'DROPINPUT'}{'off'} /> $Lang::tr{'off'}</td></tr> -<tr><td align='left' width='60%'>$Lang::tr{'drop forward'}</td><td align='left'>$Lang::tr{'on'} <input type='radio' name='DROPFORWARD' value='on' $checked{'DROPFORWARD'}{'on'} />/ - <input type='radio' name='DROPFORWARD' value='off' $checked{'DROPFORWARD'}{'off'} /> $Lang::tr{'off'}</td></tr> -<tr><td align='left' width='60%'>$Lang::tr{'drop outgoing'}</td><td align='left'>$Lang::tr{'on'} <input type='radio' name='DROPOUTGOING' value='on' $checked{'DROPOUTGOING'}{'on'} />/ - <input type='radio' name='DROPOUTGOING' value='off' $checked{'DROPOUTGOING'}{'off'} /> $Lang::tr{'off'}</td></tr> -<tr><td align='left' width='60%'>$Lang::tr{'drop portscan'}</td><td align='left'>$Lang::tr{'on'} <input type='radio' name='DROPPORTSCAN' value='on' $checked{'DROPPORTSCAN'}{'on'} />/ - <input type='radio' name='DROPPORTSCAN' value='off' $checked{'DROPPORTSCAN'}{'off'} /> $Lang::tr{'off'}</td></tr> -<tr><td align='left' width='60%'>$Lang::tr{'drop wirelessinput'}</td><td align='left'>$Lang::tr{'on'} <input type='radio' name='DROPWIRELESSINPUT' value='on' $checked{'DROPWIRELESSINPUT'}{'on'} />/ - <input type='radio' name='DROPWIRELESSINPUT' value='off' $checked{'DROPWIRELESSINPUT'}{'off'} /> $Lang::tr{'off'}</td></tr> -<tr><td align='left' width='60%'>$Lang::tr{'drop wirelessforward'}</td><td align='left'>$Lang::tr{'on'} <input type='radio' name='DROPWIRELESSFORWARD' value='on' $checked{'DROPWIRELESSFORWARD'}{'on'} />/ - <input type='radio' name='DROPWIRELESSFORWARD' value='off' $checked{'DROPWIRELESSFORWARD'}{'off'} /> $Lang::tr{'off'}</td></tr> + <tr bgcolor='$color{'color20'}'> + <td colspan='2' align='left'><b>$Lang::tr{'fw logging'}</b></td> + </tr> + <tr> + <td align='left' width='60%'>$Lang::tr{'drop newnotsyn'}</td> + <td align='left'> + $Lang::tr{'on'} <input type='radio' name='DROPNEWNOTSYN' value='on' $checked{'DROPNEWNOTSYN'}{'on'} />/ + <input type='radio' name='DROPNEWNOTSYN' value='off' $checked{'DROPNEWNOTSYN'}{'off'} /> $Lang::tr{'off'} + </td> + </tr> + <tr> + <td align='left' width='60%'>$Lang::tr{'drop input'}</td> + <td align='left'> + $Lang::tr{'on'} <input type='radio' name='DROPINPUT' value='on' $checked{'DROPINPUT'}{'on'} />/ + <input type='radio' name='DROPINPUT' value='off' $checked{'DROPINPUT'}{'off'} /> $Lang::tr{'off'} + </td> + </tr> + <tr> + <td align='left' width='60%'>$Lang::tr{'drop forward'}</td> + <td align='left'> + $Lang::tr{'on'} <input type='radio' name='DROPFORWARD' value='on' $checked{'DROPFORWARD'}{'on'} />/ + <input type='radio' name='DROPFORWARD' value='off' $checked{'DROPFORWARD'}{'off'} /> $Lang::tr{'off'} + </td> + </tr> + <tr> + <td align='left' width='60%'>$Lang::tr{'drop outgoing'}</td> + <td align='left'> + $Lang::tr{'on'} <input type='radio' name='DROPOUTGOING' value='on' $checked{'DROPOUTGOING'}{'on'} />/ + <input type='radio' name='DROPOUTGOING' value='off' $checked{'DROPOUTGOING'}{'off'} /> $Lang::tr{'off'} + </td> + </tr> + <tr> + <td align='left' width='60%'>$Lang::tr{'drop portscan'}</td> + <td align='left'> + $Lang::tr{'on'} <input type='radio' name='DROPPORTSCAN' value='on' $checked{'DROPPORTSCAN'}{'on'} />/ + <input type='radio' name='DROPPORTSCAN' value='off' $checked{'DROPPORTSCAN'}{'off'} /> $Lang::tr{'off'} + </td> + </tr> + <tr> + <td align='left' width='60%'>$Lang::tr{'drop wirelessinput'}</td> + <td align='left'> + $Lang::tr{'on'} <input type='radio' name='DROPWIRELESSINPUT' value='on' $checked{'DROPWIRELESSINPUT'}{'on'} />/ + <input type='radio' name='DROPWIRELESSINPUT' value='off' $checked{'DROPWIRELESSINPUT'}{'off'} /> $Lang::tr{'off'} + </td> + </tr> + <tr> + <td align='left' width='60%'>$Lang::tr{'drop wirelessforward'}</td> + <td align='left'> + $Lang::tr{'on'} <input type='radio' name='DROPWIRELESSFORWARD' value='on' $checked{'DROPWIRELESSFORWARD'}{'on'} />/ + <input type='radio' name='DROPWIRELESSFORWARD' value='off' $checked{'DROPWIRELESSFORWARD'}{'off'} /> $Lang::tr{'off'} + </td> + </tr> + <tr> + <td align='left' width='60%'>$Lang::tr{'drop spoofed martians'}</td> + <td align='left'> + $Lang::tr{'on'} <input type='radio' name='DROPSPOOFEDMARTIAN' value='on' $checked{'DROPSPOOFEDMARTIAN'}{'on'} />/ + <input type='radio' name='DROPSPOOFEDMARTIAN' value='off' $checked{'DROPSPOOFEDMARTIAN'}{'off'} /> $Lang::tr{'off'} + </td> + </tr> </table> <br/>
+<table width='95%' cellspacing='0'> + <tr bgcolor='$color{'color20'}'> + <td colspan='2' align='left'><b>$Lang::tr{'fw red'}</b></td> + </tr> + <tr> + <td align='left' width='60%'>$Lang::tr{'drop hostile'}</td> + <td align='left'> + $Lang::tr{'on'} <input type='radio' name='DROPHOSTILE' value='on' $checked{'DROPHOSTILE'}{'on'} />/ + <input type='radio' name='DROPHOSTILE' value='off' $checked{'DROPHOSTILE'}{'off'} /> $Lang::tr{'off'} + </td> + </tr> +</table> +<br> + <table width='95%' cellspacing='0'> <tr bgcolor='$color{'color20'}'><td colspan='2' align='left'><b>$Lang::tr{'fw blue'}</b></td></tr> <tr><td align='left' width='60%'>$Lang::tr{'drop proxy'}</td><td align='left'>$Lang::tr{'on'} <input type='radio' name='DROPPROXY' value='on' $checked{'DROPPROXY'}{'on'} />/ diff --git a/html/cgi-bin/pakfire.cgi b/html/cgi-bin/pakfire.cgi index f2381f031..51f586aa2 100644 --- a/html/cgi-bin/pakfire.cgi +++ b/html/cgi-bin/pakfire.cgi @@ -20,6 +20,7 @@ ###############################################################################
use strict; +use List::Util qw(any);
# enable only the following on debugging purpose #use warnings; @@ -36,31 +37,155 @@ my %color = (); my %pakfiresettings = (); my %mainsettings = ();
-&Header::showhttpheaders(); +# Load general settings +&General::readhash("${General::swroot}/main/settings", %mainsettings); +&General::readhash("/srv/web/ipfire/html/themes/ipfire/include/colors.txt", %color);
+# Get CGI request data $cgiparams{'ACTION'} = ''; $cgiparams{'VALID'} = '';
$cgiparams{'INSPAKS'} = ''; $cgiparams{'DELPAKS'} = '';
-my $page_lock; +&Header::getcgihash(%cgiparams);
-sub refreshpage{&Header::openbox( 'Waiting', 1, "<meta http-equiv='refresh' content='1;'>" );print "<center><img src='/images/clock.gif' alt='' /><br/><font color='red'>$Lang::tr{'pagerefresh'}</font></center>";&Header::closebox();} +### Process AJAX/JSON request ### +if($cgiparams{'ACTION'} eq 'json-getstatus') { + # Send HTTP headers + _start_json_output();
-&Header::getcgihash(%cgiparams); + # Read /var/log/messages backwards until a "Pakfire started" header is found, + # to capture all messages of the last (i.e. current) Pakfire run + my @messages = `tac /var/log/messages | sed -n '/pakfire:/{p;/Pakfire.*started/q}'`;
-&General::readhash("${General::swroot}/main/settings", %mainsettings); -&General::readhash("/srv/web/ipfire/html/themes/ipfire/include/colors.txt", %color); + # Test if the log contains an error message (fastest implementation, stops at first match) + my $failure = any{ index($_, 'ERROR') != -1 } @messages; + + # Collect Pakfire status + my %status = ( + 'running' => &_is_pakfire_busy() || "0", + 'running_since' => &General::age("$Pakfire::lockfile") || "0s", + 'reboot' => (-e "/var/run/need_reboot") || "0", + 'failure' => $failure || "0" + ); + + # Start JSON file + print "{\n"; + + foreach my $key (keys %status) { + my $value = $status{$key}; + print qq{\t"$key": "$value",\n}; + } + + # Print sanitized messages in reverse order to undo previous "tac" + print qq{\t"messages": [\n}; + for my $index (reverse (0 .. $#messages)) { + my $line = $messages[$index]; + $line =~ s/[[:cntrl:]<>&\]+//g; + + print qq{\t\t"$line"}; + print ",\n" unless $index < 1; + } + print "\n\t]\n"; + + # Finalize JSON file & stop + print "}"; + exit; +} + +### Start pakfire page ### +&Header::showhttpheaders(); + +###--- HTML HEAD ---### +my $extraHead = <<END +<style> + /* Main screen */ + table#pfmain { + width: 100%; + border-style: hidden; + table-layout: fixed; + } + + #pfmain td { + padding: 5px 20px 0; + text-align: center; + } + #pfmain tr:not(:last-child) > td { + padding-bottom: 1.5em; + } + #pfmain tr > td.heading { + padding: 0; + font-weight: bold; + background-color: $color{'color20'}; + } + + .pflist { + width: 100%; + text-align: left; + margin-bottom: 0.8em; + } + + /* Pakfire log viewer */ + section#pflog-header { + width: 100%; + display: flex; + text-align: left; + align-items: center; + column-gap: 20px; + } + #pflog-header > div:last-child { + margin-left: auto; + margin-right: 20px; + } + #pflog-header span { + line-height: 1.3em; + } + #pflog-header span:empty::before { + content: "\200b"; /* zero width space */ + } + + pre#pflog-messages { + margin-top: 0.7em; + padding-top: 0.7em; + border-top: 0.5px solid $Header::bordercolour;
-&Header::openpage($Lang::tr{'pakfire configuration'}, 1); + text-align: left; + min-height: 15em; + overflow-x: auto; + } +</style> + +<script src="/include/pakfire.js"></script> +<script> + // Translations + pakfire.i18n.load({ + 'working': '$Lang::tr{'pakfire working'}', + 'finished': '$Lang::tr{'pakfire finished'}', + 'finished error': '$Lang::tr{'pakfire finished error'}', + 'since': '$Lang::tr{'since'}', + + 'link_return': '<a href="$ENV{'SCRIPT_NAME'}">$Lang::tr{'pakfire return'}</a>', + 'link_reboot': '<a href="/cgi-bin/shutdown.cgi">$Lang::tr{'needreboot'}</a>' + }); + + // AJAX auto refresh interval (in ms, default: 1000) + //pakfire.refreshInterval = 1000; + + // Enable returning to main screen (delay in ms) + pakfire.setupPageReload(true, 3000); +</script> +END +; +###--- END HTML HEAD ---### + +&Header::openpage($Lang::tr{'pakfire configuration'}, 1, $extraHead); &Header::openbigbox('100%', 'left', '', $errormessage);
-if (($cgiparams{'ACTION'} eq 'install') && (! -e $Pakfire::lockfile)) { +# Process Pakfire commands +if (($cgiparams{'ACTION'} eq 'install') && (! &_is_pakfire_busy())) { my @pkgs = split(/|/, $cgiparams{'INSPAKS'}); if ("$cgiparams{'FORCE'}" eq "on") { - # Lock the page. - $page_lock = "1"; &General::system_background("/usr/local/bin/pakfire", "install", "--non-interactive", "--no-colors", @pkgs); } else { &Header::openbox("100%", "center", $Lang::tr{'request'}); @@ -74,20 +199,23 @@ END print "$_\n"; } print <<END; - </pre> - <tr><td colspan='2'>$Lang::tr{'pakfire accept all'} - <tr><td colspan='2'> + </pre></td></tr> + <tr><td colspan='2'>$Lang::tr{'pakfire accept all'}</td></tr> + <tr><td colspan='2'> </td></tr> <tr><td align='right'><form method='post' action='$ENV{'SCRIPT_NAME'}'> <input type='hidden' name='INSPAKS' value='$cgiparams{'INSPAKS'}' /> <input type='hidden' name='FORCE' value='on' /> <input type='hidden' name='ACTION' value='install' /> <input type='image' alt='$Lang::tr{'install'}' title='$Lang::tr{'install'}' src='/images/go-next.png' /> </form> + </td> <td align='left'> <form method='post' action='$ENV{'SCRIPT_NAME'}'> <input type='hidden' name='ACTION' value='' /> <input type='image' alt='$Lang::tr{'abort'}' title='$Lang::tr{'abort'}' src='/images/dialog-error.png' /> </form> + </td> + </tr> </table> END &Header::closebox(); @@ -95,11 +223,9 @@ END &Header::closepage(); exit; } -} elsif (($cgiparams{'ACTION'} eq 'remove') && (! -e $Pakfire::lockfile)) { +} elsif (($cgiparams{'ACTION'} eq 'remove') && (! &_is_pakfire_busy())) { my @pkgs = split(/|/, $cgiparams{'DELPAKS'}); if ("$cgiparams{'FORCE'}" eq "on") { - # Lock the page. - $page_lock = "1"; &General::system_background("/usr/local/bin/pakfire", "remove", "--non-interactive", "--no-colors", @pkgs); } else { &Header::openbox("100%", "center", $Lang::tr{'request'}); @@ -113,20 +239,23 @@ END print "$_\n"; } print <<END; - </pre> - <tr><td colspan='2'>$Lang::tr{'pakfire uninstall all'} - <tr><td colspan='2'> + </pre></td></tr> + <tr><td colspan='2'>$Lang::tr{'pakfire uninstall all'}</td></tr> + <tr><td colspan='2'> </td></tr> <tr><td align='right'><form method='post' action='$ENV{'SCRIPT_NAME'}'> <input type='hidden' name='DELPAKS' value='$cgiparams{'DELPAKS'}' /> <input type='hidden' name='FORCE' value='on' /> <input type='hidden' name='ACTION' value='remove' /> <input type='image' alt='$Lang::tr{'uninstall'}' title='$Lang::tr{'uninstall'}' src='/images/go-next.png' /> </form> + </td> <td align='left'> <form method='post' action='$ENV{'SCRIPT_NAME'}'> <input type='hidden' name='ACTION' value='' /> <input type='image' alt='$Lang::tr{'abort'}' title='$Lang::tr{'abort'}' src='/images/dialog-error.png' /> </form> + </td> + </tr> </table> END &Header::closebox(); @@ -135,13 +264,9 @@ END exit; }
-} elsif (($cgiparams{'ACTION'} eq 'update') && (! -e $Pakfire::lockfile)) { - # Set variable to lock the page. - $page_lock = "1"; +} elsif (($cgiparams{'ACTION'} eq 'update') && (! &_is_pakfire_busy())) { &General::system_background("/usr/local/bin/pakfire", "update", "--force", "--no-colors"); -} elsif (($cgiparams{'ACTION'} eq 'upgrade') && (!-e $Pakfire::lockfile)) { - # Lock the page. - $page_lock = "1"; +} elsif (($cgiparams{'ACTION'} eq 'upgrade') && (! &_is_pakfire_busy())) { &General::system_background("/usr/local/bin/pakfire", "upgrade", "-y", "--no-colors"); } elsif ($cgiparams{'ACTION'} eq "$Lang::tr{'save'}") { $pakfiresettings{"TREE"} = $cgiparams{"TREE"}; @@ -177,70 +302,35 @@ if ($errormessage) { &Header::closebox(); }
-# Check if a page lock is required. -if ($page_lock) { - &Header::openbox('Waiting', 1, ,); - print <<END; - <table> - <tr> - <td> - <img src='/images/indicator.gif' alt='$Lang::tr{'active'}' title='$Lang::tr{'active'}'> - </td> +# Show log output while Pakfire is running +if(&_is_pakfire_busy()) { + &Header::openbox("100%", "center", "Pakfire"); + + print <<END +<section id="pflog-header"> + <div><img src="/images/indicator.gif" alt="$Lang::tr{'active'}" title="$Lang::tr{'pagerefresh'}"></div> + <div> + <span id="pflog-status">$Lang::tr{'pakfire working'}</span><br> + <span id="pflog-time"></span><br> + <span id="pflog-action"></span> + </div> + <div><a href="$ENV{'SCRIPT_NAME'}"><img src="/images/view-refresh.png" alt="$Lang::tr{'refresh'}" title="$Lang::tr{'refresh'}"></a></div> +</section> + +<!-- Pakfire log messages --> +<pre id="pflog-messages"></pre> +<script> + // Start automatic log refresh + pakfire.running = true; +</script>
- <td> - $Lang::tr{'pakfire working'} - </td> - </tr> - </table> END - &Header::closebox(); - - # Infinite loop to lock the page until pakfire lockfile is present. - while($page_lock) { - unless (-e $Pakfire::lockfile) { - sleep(1); - } else { - # Release page lock. - undef($page_lock); - - # Break loop. - last; - } - } - - # Perform page reload. - print "<meta http-equiv='refresh' content='1;'>\n"; - exit; -} +;
-# Check if pakfire is already running. In this case a lockfile is present. -if (-e $Pakfire::lockfile) { - &Header::openbox( 'Waiting', 1, "<meta http-equiv='refresh' content='10;'>" ); - print <<END; - <table> - <tr><td> - <img src='/images/indicator.gif' alt='$Lang::tr{'active'}' title='$Lang::tr{'active'}' /> - <td> - $Lang::tr{'pakfire working'} - <tr><td colspan='2' align='center'> - <form method='post' action='$ENV{'SCRIPT_NAME'}'> - <input type='image' alt='$Lang::tr{'reload'}' title='$Lang::tr{'reload'}' src='/images/view-refresh.png' /> - </form> - <tr><td colspan='2' align='left'><code> -END - my @output = `grep pakfire /var/log/messages | tail -20`; - foreach (@output) { - print "$_<br>"; - } - print <<END; - </code> - </table> -END &Header::closebox(); &Header::closebigbox(); &Header::closepage(); exit; - refreshpage(); }
my $core_release = `cat /opt/pakfire/db/core/mine 2>/dev/null`; @@ -253,70 +343,69 @@ my $packages_update_age = &General::age("/opt/pakfire/db/lists/packages_list.db" &Header::openbox("100%", "center", "Pakfire");
print <<END; - <table width='95%' cellpadding='5'> + <table id="pfmain"> END if ( -e "/var/run/need_reboot") { - print "<tr><td align='center' colspan='2'><font color='red'>$Lang::tr{'needreboot'}!</font></td></tr>"; - print "<tr><td colspan='2'> </font></td></tr>" + print "\t\t<tr><td colspan='2'><a href='/cgi-bin/shutdown.cgi'>$Lang::tr{'needreboot'}!</a></td></tr>\n"; } print <<END; - <tr><td width="50%" bgcolor='$color{'color20'}' align="center"><b>$Lang::tr{'pakfire system state'}:</b> - - <td width="50%" bgcolor='$color{'color20'}' align="center"><b>$Lang::tr{'available updates'}:</b></tr> - - <tr><td align="center">$Lang::tr{'pakfire core update level'}: $core_release<hr /> - $Lang::tr{'pakfire last update'} $core_update_age $Lang::tr{'pakfire ago'}<br /> - $Lang::tr{'pakfire last serverlist update'} $server_update_age $Lang::tr{'pakfire ago'}<br /> - $Lang::tr{'pakfire last core list update'} $corelist_update_age $Lang::tr{'pakfire ago'}<br /> + <tr><td class="heading">$Lang::tr{'pakfire system state'}:</td> + <td class="heading">$Lang::tr{'available updates'}:</td></tr> + + <tr><td><strong>$Lang::tr{'pakfire core update level'}: $core_release</strong> + <hr> + <div class="pflist"> + $Lang::tr{'pakfire last update'} $core_update_age $Lang::tr{'pakfire ago'}<br> + $Lang::tr{'pakfire last serverlist update'} $server_update_age $Lang::tr{'pakfire ago'}<br> + $Lang::tr{'pakfire last core list update'} $corelist_update_age $Lang::tr{'pakfire ago'}<br> $Lang::tr{'pakfire last package update'} $packages_update_age $Lang::tr{'pakfire ago'} - <form method='post' action='$ENV{'SCRIPT_NAME'}'> - <input type='hidden' name='ACTION' value='update' /><br /> - <input type='submit' value='$Lang::tr{'calamaris refresh list'}' /><br /> - </form> -<br /> - <td align="center"> + </div> <form method='post' action='$ENV{'SCRIPT_NAME'}'> - <select name="UPDPAKS" size="5" disabled> + <input type='hidden' name='ACTION' value='update' /> + <input type='submit' value='$Lang::tr{'calamaris refresh list'}' /> + </form> + </td> + <td> + <form method='post' action='$ENV{'SCRIPT_NAME'}'> + <select name="UPDPAKS" class="pflist" size="5" disabled> END - &Pakfire::dblist("upgrade", "forweb"); + + &Pakfire::dblist("upgrade", "forweb"); print <<END; </select> - <br /> <input type='hidden' name='ACTION' value='upgrade' /> <input type='image' alt='$Lang::tr{'upgrade'}' title='$Lang::tr{'upgrade'}' src='/images/document-save.png' /> </form> + </td> + </tr> + <tr><td class="heading">$Lang::tr{'pakfire available addons'}</td> + <td class="heading">$Lang::tr{'pakfire installed addons'}</td></tr>
- <tr><td colspan="2"><!-- Just an empty line --> - <tr><td bgcolor='$color{'color20'}' align="center"><b>$Lang::tr{'pakfire available addons'}</b> - <td bgcolor='$color{'color20'}' align="center"><b>$Lang::tr{'pakfire installed addons'}</b> - <tr><td style="padding:5px 10px 20px 20px" align="center"> - <p>$Lang::tr{'pakfire install description'}</p> - <form method='post' action='$ENV{'SCRIPT_NAME'}'> - <select name="INSPAKS" size="10" multiple> + <tr><td><p>$Lang::tr{'pakfire install description'}</p> + <form method='post' action='$ENV{'SCRIPT_NAME'}'> + <select name="INSPAKS" class="pflist" size="10" multiple> END - &Pakfire::dblist("notinstalled", "forweb");
-print <<END; - </select> - <br /> - <input type='hidden' name='ACTION' value='install' /> - <input type='image' alt='$Lang::tr{'install'}' title='$Lang::tr{'install'}' src='/images/list-add.png' /> - </form> - - <td style="padding:5px 10px 20px 20px" align="center"> - <p>$Lang::tr{'pakfire uninstall description'}</p> - <form method='post' action='$ENV{'SCRIPT_NAME'}'> - <select name="DELPAKS" size="10" multiple> + &Pakfire::dblist("notinstalled", "forweb"); + print <<END; + </select> + <input type='hidden' name='ACTION' value='install' /> + <input type='image' alt='$Lang::tr{'install'}' title='$Lang::tr{'install'}' src='/images/list-add.png' /> + </form> + </td> + <td><p>$Lang::tr{'pakfire uninstall description'}</p> + <form method='post' action='$ENV{'SCRIPT_NAME'}'> + <select name="DELPAKS" class="pflist" size="10" multiple> END
- &Pakfire::dblist("installed", "forweb"); - -print <<END; - </select> - <br /> - <input type='hidden' name='ACTION' value='remove' /> - <input type='image' alt='$Lang::tr{'remove'}' title='$Lang::tr{'remove'}' src='/images/list-remove.png' /> - </form> + &Pakfire::dblist("installed", "forweb"); + print <<END; + </select> + <input type='hidden' name='ACTION' value='remove' /> + <input type='image' alt='$Lang::tr{'remove'}' title='$Lang::tr{'remove'}' src='/images/list-remove.png' /> + </form> + </td> + </tr> </table> END
@@ -351,3 +440,32 @@ END &Header::closebox(); &Header::closebigbox(); &Header::closepage(); + +###--- Internal functions ---### + +# Check if pakfire is already running (extend test here if necessary) +sub _is_pakfire_busy { + # Return immediately if lockfile is present + if(-e "$Pakfire::lockfile") { + return 1; + } + + # Check if a PID of a running pakfire instance is found + # (The system backpipe command is safe, because no user input is computed.) + my $pakfire_pid = `pidof -s /usr/local/bin/pakfire`; + chomp($pakfire_pid); + + if($pakfire_pid) { + return 1; + } + + # Pakfire isn't running + return 0; +} + +# Send HTTP headers +sub _start_json_output { + print "Cache-Control: no-cache, no-store\n"; + print "Content-Type: application/json\n"; + print "\n"; # End of HTTP headers +} diff --git a/html/html/include/pakfire.js b/html/html/include/pakfire.js new file mode 100644 index 000000000..44a40c75f --- /dev/null +++ b/html/html/include/pakfire.js @@ -0,0 +1,327 @@ +/*############################################################################# +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007-2021 IPFire Team info@ipfire.org # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +#############################################################################*/ + +"use strict"; + +// Pakfire Javascript functions (requires jQuery) +class PakfireJS { + constructor() { + //--- Public properties --- + // Translation strings + this.i18n = new PakfireI18N(); + + //--- Private properties --- + // Status flags (access outside constructor only with setter/getter) + this._states = Object.create(null); + this._states.running = false; + this._states.reboot = false; + this._states.failure = false; + + // Status refresh helper + this._autoRefresh = { + delay: 1000, //Delay between requests (minimum: 500, default: 1s) + jsonAction: 'getstatus', //CGI POST action parameter + timeout: 5000, //XHR timeout (0 to disable, default: 5s) + + delayTimer: null, //setTimeout reference + jqXHR: undefined, //jQuery.ajax promise reference + get runningDelay() { //Waiting for end of delay + return (this.delayTimer !== null); + }, + get runningXHR() { //Waiting for CGI response + return (this.jqXHR && (this.jqXHR.state() === 'pending')); + }, + get isRunning() { + return (this.runningDelay || this.runningXHR); + } + }; + + // Return to main screen helper + this._pageReload = { + delay: 1000, //Delay before page reload (default: 1s) + enabled: false, //Reload disabled by default + + delayTimer: null, //setTimeout reference + get isTriggered() { //Reload timer started + return (this.delayTimer !== null); + } + }; + } + + //### Public properties ### + + // Note on using the status flags + // running: Pakfire is performing a task. + // Writing "true" activates the periodic AJAX/JSON status polling, writing "false" stops polling. + // When the task has been completed, status polling stops and this returns to "false". + // The page can then be reloaded to go back to the main screen. Writing "false" does not trigger a reload. + // "refreshInterval" and "setupPageReload" can be used to adjust the respective behaviour. + // reboot: An update requires a reboot. + // If set to "true", a link to the reboot menu is shown after the task is completed. + // failure: An error has occured. + // To display the error log, the page does not return to the main screen. + + // Pakfire is running (true/false) + set running(state) { + if(this._states.running !== state) { + this._states.running = state; + this._states_onChange('running'); + } + } + get running() { + return this._states.running; + } + + // Reboot needed (true/false) + set reboot(state) { + if(this._states.reboot !== state) { + this._states.reboot = state; + this._states_onChange('reboot'); + } + } + get reboot() { + return this._states.reboot; + } + + // Error encountered (true/false) + set failure(state) { + if(this._states.failure !== state) { + this._states.failure = state; + this._states_onChange('failure'); + } + } + get failure() { + return this._states.failure; + } + + // Status refresh interval in ms + set refreshInterval(delay) { + if(delay < 500) { + delay = 500; //enforce reasonable minimum + } + this._autoRefresh.delay = delay; + } + get refreshInterval() { + return this._autoRefresh.delay; + } + + // Configure page reload after successful task (returns to main screen) + // delay: In ms + setupPageReload(enabled, delay) { + if(delay < 0) { + delay = 0; + } + this._pageReload.delay = delay; + this._pageReload.enabled = enabled; + } + + // Document loaded (call once from jQuery.ready) + documentReady() { + // Status refresh late start + if(this.running && (! this._autoRefresh.isRunning)) { + this._autoRefresh_runNow(); + } + } + + // Reload entire CGI page (clears POST/GET data from history) + documentReload() { + let url = window.location.origin + window.location.pathname; + window.location.replace(url); + } + + //### Private properties ### + + // Pakfire status change handler + // property: Affected status (running, reboot, ...) + _states_onChange(property) { + // Always update UI + if(this.running) { + $('#pflog-status').text(this.i18n.get('working')); + $('#pflog-action').empty(); + } else { + if(this.failure) { + $('#pflog-status').text(this.i18n.get('finished error')); + } else { + $('#pflog-status').text(this.i18n.get('finished')); + } + if(this.reboot) { //Enable return or reboot links in UI + $('#pflog-action').html(this.i18n.get('link_return') + " • " + this.i18n.get('link_reboot')); + } else { + $('#pflog-action').html(this.i18n.get('link_return')); + } + } + + // Start/stop status refresh if Pakfire started/stopped + if(property === 'running') { + if(this.running) { + this._autoRefresh_runNow(); + } else { + this._autoRefresh_clearSchedule(); + } + } + + // Always stay in the log viewer if Pakfire failed + if(property === 'failure') { + if(this.failure) { + this._pageReload_cancel(); + } + } + } + + //--- Status refresh scheduling functions --- + + // Immediately perform AJAX status refresh request + _autoRefresh_runNow() { + if(this._autoRefresh.runningXHR) { + return; // Don't send multiple requests + } + this._autoRefresh_clearSchedule(); // Stop scheduled refresh, will send immediately + + // Send AJAX request, attach listeners + this._autoRefresh.jqXHR = this._JSON_get(this._autoRefresh.jsonAction, this._autoRefresh.timeout); + this._autoRefresh.jqXHR.done(function() { // Request succeeded + if(this.running) { // Keep refreshing while Pakfire is running + this._autoRefresh_scheduleRun(); + } + }); + this._autoRefresh.jqXHR.fail(function() { // Request failed + this._autoRefresh_scheduleRun(); // Try refreshing until valid status is received + }); + } + + // Schedule next refresh + _autoRefresh_scheduleRun() { + if(this._autoRefresh.runningDelay || this._autoRefresh.runningXHR) { + return; // Refresh already scheduled or in progress + } + this._autoRefresh.delayTimer = window.setTimeout(function() { + this._autoRefresh.delayTimer = null; + this._autoRefresh_runNow(); + }.bind(this), this._autoRefresh.delay); + } + + // Stop scheduled refresh (can still be refreshed up to 1x if XHR is already sent) + _autoRefresh_clearSchedule() { + if(this._autoRefresh.runningDelay) { + window.clearTimeout(this._autoRefresh.delayTimer); + this._autoRefresh.delayTimer = null; + } + } + + // Start delayed page reload to return to main screen + _pageReload_trigger() { + if((! this._pageReload.enabled) || this._pageReload.isTriggered) { + return; // Disabled or already started + } + this._pageReload.delayTimer = window.setTimeout(function() { + this._pageReload.delayTimer = null; + this.documentReload(); + }.bind(this), this._pageReload.delay); + } + + // Stop scheduled reload + _pageReload_cancel() { + if(this._pageReload.isTriggered) { + window.clearTimeout(this._pageReload.delayTimer); + this._pageReload.delayTimer = null; + } + } + + //--- JSON request & data handling --- + + // Load JSON data from Pakfire CGI, using a POST request + // action: POST paramter "json-[action]" + // maxTime: XHR timeout, 0 = no timeout + _JSON_get(action, maxTime = 0) { + return $.ajax({ + url: '/cgi-bin/pakfire.cgi', + method: 'POST', + timeout: maxTime, + context: this, + data: {'ACTION': `json-${action}`}, + dataType: 'json' //automatically check and convert result + }) + .done(function(response) { + this._JSON_process(action, response); + }); + } + + // Process successful response from Pakfire CGI + // action: POST paramter "json-[action]" used to send request + // data: JSON data object + _JSON_process(action, data) { + // Pakfire status refresh + if(action === this._autoRefresh.jsonAction) { + // Update status flags + this.running = (data['running'] != '0'); + this.reboot = (data['reboot'] != '0'); + this.failure = (data['failure'] != '0'); + + // Update timer display + if(this.running && data['running_since']) { + $('#pflog-time').text(this.i18n.get('since') + " " + data['running_since']); + } else { + $('#pflog-time').empty(); + } + + // Print log messages + let messages = ""; + data['messages'].forEach(function(line) { + messages += `${line}\n`; + }); + $('#pflog-messages').text(messages); + + // Pakfire finished without errors, return to main screen + if((! this.running) && (! this.failure)) { + this._pageReload_trigger(); + } + } + } +} + +// Simple translation strings helper +// Format: {key: "translation"} +class PakfireI18N { + constructor() { + this._strings = Object.create(null); //Object without prototypes + } + + // Get translation + get(key) { + if(Object.prototype.hasOwnProperty.call(this._strings, key)) { + return this._strings[key]; + } + return `(undefined string '${key}')`; + } + + // Load key/translation object + load(translations) { + if(translations instanceof Object) { + Object.assign(this._strings, translations); + } + } +} + +//### Initialize Pakfire ### +const pakfire = new PakfireJS(); + +$(function() { + pakfire.documentReady(); +}); diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index c81b28fea..cf34fd86e 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -1,4 +1,4 @@ -%tr = ( +%tr = ( %tr,
'24 hours' => '24 Stunden', @@ -909,12 +909,14 @@ 'drop action1' => 'Standardverhalten der (Outgoing) Firewall in Modus "Blocked"', 'drop action2' => 'Standardverhalten der (Input) Firewall', 'drop forward' => 'Verworfene, von der Firewall weitergeleitete Pakete protokollieren', +'drop hostile' => 'Pakete von und zu bösartigen Netzen (Spamhaus DROP-Listing, etc.) verwerfen', 'drop input' => 'Verworfene eingehende Pakete protokollieren', 'drop newnotsyn' => 'Verworfene neue Pakete ohne SYN-Markierung protokollieren (NewNotSYN)', 'drop outgoing' => 'Verworfene, von der Firewall ausgehende Pakete protokollieren', 'drop portscan' => 'Verworfene Portscan Pakete protokollieren', 'drop proxy' => 'Alle Pakete verwerfen, die nicht direkt an den Proxy gerichtet sind', 'drop samba' => 'Alle Pakete an Microsoftdienste verwerfen (Ports 135, 137, 138, 139, 445 und 1025)', +'drop spoofed martians' => 'Verworfene gefälschte Pakete und Marsianer protokollieren', 'drop wirelessforward' => 'Verworfene weitergeleitete Wireless-Pakete protokollieren', 'drop wirelessinput' => 'Verworfene eingehende Wireless-Pakete protokollieren', 'dst port' => 'Zielport', @@ -1106,7 +1108,7 @@ 'from email server' => 'Von E-Mail-Server', 'from email user' => 'Von E-Mail-Benutzer', 'from warn email bad' => 'Von E-Mail-Adresse ist nicht gültig', -'fw blue' => 'Firewalloptionen für das Blaue Interface', +'fw blue' => 'Firewalloptionen für das blaue Interface', 'fw default drop' => 'Firewallrichtlinie', 'fw logging' => 'Firewallprotokollierung', 'fw settings' => 'Firewalleinstellungen', @@ -1114,6 +1116,7 @@ 'fw settings dropdown' => 'Alle Netzwerke auf Regelerstellungsseite anzeigen', 'fw settings remark' => 'Anmerkungen in Regeltabelle anzeigen', 'fw settings ruletable' => 'Leere Regeltabellen anzeigen', +'fw red' => 'Firewalloptionen für das rote Interface', 'fwdfw ACCEPT' => 'Akzeptieren (ACCEPT)', 'fwdfw DROP' => 'Verwerfen (DROP)', 'fwdfw MODE1' => 'Alle Pakete verwerfen', @@ -1355,6 +1358,7 @@ 'host deny' => 'Liste der nicht Zugriffsberechtigten', 'host ip' => 'Host IP-Adresse', 'host to net vpn' => 'Host-zu-Netz Virtual Private Network (RoadWarrior)', +'hostile networks' => 'Bösartige Netze', 'hostname' => 'Hostname', 'hostname and domain already in use' => 'Hostname und Domain werden bereits benutzt.', 'hostname cant be empty' => 'Hostname darf nicht leer bleiben.', @@ -1372,11 +1376,17 @@ 'idle' => 'Leerlauf', 'idle timeout' => 'Leerlaufwartezeit in Minuten (0 zum Deaktivieren):', 'idle timeout not set' => 'Leerlaufwartezeit nicht angegeben.', +'ids add provider' => 'Provider hinzufügen', 'ids apply' => 'Übernehmen', 'ids apply ruleset changes' => 'Regeländerungen werden übernommen. Bitte warten Sie, bis dieser Vorgang erfolgreich beendet wurde...', +'ids autoupdates' => 'Automatische Updates', 'ids automatic rules update' => 'Automatische Regelaktualisierung', -'ids download new ruleset' => 'Das neue Regelsatz wird heruntergeladen und entpackt. Bitte warten Sie, bis dieser Vorgang erfolgreich beendet wurde...', +'ids could not add provider' => 'Provider konnte nicht hinzugefügt werden', +'ids customize ruleset' => 'Regelset anpassen', +'ids download new ruleset' => 'Das neue Regelset wird heruntergeladen und entpackt. Bitte warten Sie, bis dieser Vorgang erfolgreich beendet wurde...', 'ids enable' => 'Einbruchsverhinderungssystem aktivieren', +'ids enable automatic updates' => 'Automatische Updates aktivieren', +'ids force ruleset update' => 'Regelset jetzt aktualisieren', 'ids hide' => 'Verstecken', 'ids ignored hosts' => 'Ausnahmeliste', 'ids log hits' => 'Gesamtanzahl der Regeltreffer für', @@ -1385,12 +1395,18 @@ 'ids monitor traffic only' => 'Netzwerkpakete nur überprüfen (nicht verwerfen)', 'ids monitored interfaces' => 'Überwachte Netzwerkzonen', 'ids no network zone' => 'Bitte wählen Sie mindestens eine zu überwachende Netzwerkzone aus', -'ids no ruleset available' => 'Es ist kein Regelsatz verfügbar. Bitte laden Sie einen Regelsatz herunter.', +'ids no enabled ruleset provider' => 'Es ist kein aktivierter Provider verfügbar. Bitte aktivieren Sie einen oder fügen Sie einen Provider hinzu.', 'ids oinkcode required' => 'Für den ausgewählten Regelsatz wird ein Abonnement oder ein Oinkcode benötigt', +'ids provider' => 'Regelset-Anbieter', +'ids provider settings' => 'Regelset-Anbieter-Einstellungen', +'ids reset provider' => 'Providereinstellungen zurücksetzen', 'ids rules update' => 'Regelsatz', 'ids ruleset autoupdate in progress' => 'Der Regelsatz wird gerade aktualisiert. Bitte warten Sie, bis dieser Vorgang erfolgreich beendet wurde...', 'ids ruleset settings' => 'Regelsatzeinstellungen', 'ids show' => 'Anzeigen', +'ids the choosen provider is already in use' => 'Der gewhählte Provider wird bereits verwendet.', +'ids unable to download the ruleset' => 'Das Regelset konnte nicht heruntergeladen werden.', +'ids visit provider website' => 'Anbieter-Webseite besuchen', 'ids working' => 'Änderungen werden übernommen. Bitte warten Sie, bis dieser Vorgang erfolgreich beendet wurde.', 'iface' => 'Iface', 'ignore filter' => '"Ignorieren"-Filter', @@ -1974,6 +1990,8 @@ 'pakfire configuration' => 'Pakfire Konfiguration', 'pakfire core update auto' => 'Core- und Addon-Updates automatisch installieren:', 'pakfire core update level' => 'Core-Update-Level', +'pakfire finished' => 'Pakfire ist fertig! Kehre zurück...', +'pakfire finished error' => 'Pakfire ist fertig! Fehler sind aufgetreten, bitte überprüfen Sie die Log-Ausgabe, bevor Sie fortfahren.', 'pakfire health check' => 'Mirrors auf Erreichbarkeit prüfen (Ping):', 'pakfire install description' => 'Wählen Sie ein oder mehrere Pakete zur Installation aus und drücken Sie auf das plus-Symbol.', 'pakfire install package' => 'Sie möchten folgende Pakete installieren: ', @@ -1985,6 +2003,7 @@ 'pakfire last update' => 'Letztes Update ist', 'pakfire possible dependency' => ' Möglicherweise haben diese Pakete Abhängigkeiten, d.h. andere Pakete müssen zusätzlich installiert werden. Dazu sehen Sie unten eine Liste.', 'pakfire register' => 'Registrierung am Pakfire-Server:', +'pakfire return' => 'Zurück zu Pakfire', 'pakfire system state' => 'System Status', 'pakfire tree' => 'Zu verwendendes Pakfire-Repository:', 'pakfire tree stable' => 'Veröffentlichte Versionen (stable)', @@ -2268,6 +2287,7 @@ 'spectre variant 1' => 'Spectre-Variante 1', 'spectre variant 2' => 'Spectre-Variante 2', 'spectre variant 4' => 'Spectre-Variante 4', +'spoofed or martians' => 'Gefälscht/Marsianer', 'squid extension methods' => 'Ihre <tt>extension_methods</tt> Liste', 'squid extension methods invalid' => 'Ihre 'extension_methods' Liste darf nur Worte aus Großbuchstaben und Ziffer enthalten, die mittels eines Leerzeichens getrennt werden.', 'squid fix cache' => 'Zwischenspeicher reparieren', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 46092534f..b17064713 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -1,4 +1,4 @@ -%tr = ( +%tr = ( %tr,
'24 hours' => '24 Hours', @@ -949,12 +949,14 @@ 'drop action1' => 'Default behaviour of (outgoing) firewall in mode "Blocked"', 'drop action2' => 'Default behaviour of (input) firewall', 'drop forward' => 'Log dropped forward packets', +'drop hostile' => 'Drop packets from and to hostile networks (listed at Spamhaus DROP, etc.)', 'drop input' => 'Log dropped input packets', 'drop newnotsyn' => 'Log dropped new not SYN packets', 'drop outgoing' => 'Log dropped outgoing packets', 'drop portscan' => 'Log dropped portscan packets', 'drop proxy' => 'Drop all packets not addressed to proxy', 'drop samba' => 'Drop all Microsoft ports 135,137,138,139,445,1025', +'drop spoofed martians' => 'Log dropped spoofed packets and marsians', 'drop wirelessforward' => 'Log dropped wireless forward packets', 'drop wirelessinput' => 'Log dropped wireless input packets', 'dst port' => 'Dst Port', @@ -1156,6 +1158,7 @@ 'fw settings dropdown' => 'Show all networks on rulecreation site', 'fw settings remark' => 'Show remarks in ruletable', 'fw settings ruletable' => 'Show empty ruletables', +'fw red' => 'Firewall options for RED interface', 'fwdfw ACCEPT' => 'ACCEPT', 'fwdfw DROP' => 'DROP', 'fwdfw MODE1' => 'Drop all packets', @@ -1399,6 +1402,7 @@ 'host deny' => 'list with denied hosts', 'host ip' => 'Host IP address', 'host to net vpn' => 'Host-to-Net Virtual Private Network (RoadWarrior)', +'hostile networks' => 'Hostile networks', 'hostname' => 'Hostname', 'hostname and domain already in use' => 'Hostname and domain already in use.', 'hostname cant be empty' => 'Hostname cannot be empty.', @@ -1416,11 +1420,17 @@ 'idle' => 'Idle', 'idle timeout' => 'Idle timeout (mins; 0 to disable):', 'idle timeout not set' => 'Idle timeout not set.', +'ids add provider' => 'Add provider', 'ids apply' => 'Apply', 'ids apply ruleset changes' => 'The ruleset changes are being applied. Please wait until all operations have completed successfully...', +'ids autoupdates' => 'Automatic updates', 'ids automatic rules update' => 'Automatic Rule Update', +'ids could not add provider' => 'Could not add provider', +'ids customize ruleset' => 'Customize ruleset', 'ids download new ruleset' => 'Downloading and unpacking new ruleset. Please wait until all operations have completed successfully...', 'ids enable' => 'Enable Intrusion Prevention System', +'ids enable automatic updates' => 'Enable automatic updates', +'ids force ruleset update' => 'Force ruleset update', 'ids hide' => 'Hide', 'ids ignored hosts' => 'Whitelisted Hosts', 'ids log hits' => 'Total of number of activated rules for', @@ -1429,12 +1439,18 @@ 'ids monitor traffic only' => 'Monitor traffic only', 'ids monitored interfaces' => 'Monitored Interfaces', 'ids no network zone' => 'Please select at least one network zone to be monitored', -'ids no ruleset available' => 'No ruleset is available. Please download one first', -'ids oinkcode required' => 'The selected ruleset requires a subscription or an Oinkcode', +'ids no enabled ruleset provider' => 'No enabled ruleset is available. Please activate or add one first.', +'ids subscription code required' => 'The selected ruleset requires a subscription code', +'ids provider' => 'Provider', +'ids provider settings' => 'Provider settings', +'ids reset provider' => 'Reset provider', 'ids rules update' => 'Ruleset', 'ids ruleset autoupdate in progress' => 'Ruleset update in progress. Please wait until all operations have completed successfully...', 'ids ruleset settings' => 'Ruleset Settings', 'ids show' => 'Show', +'ids the choosen provider is already in use' => 'The choosen provider is already in use.', +'ids unable to download the ruleset' => 'Unable to download the ruleset', +'ids visit provider website' => 'Visit provider website', 'ids working' => 'Changes are being applied. Please wait until all operations have completed successfully...', 'iface' => 'Iface', 'ignore filter' => 'Ignore filter', @@ -1512,7 +1528,7 @@ 'invalid input for max clients' => 'Invalid input for Max Clients. The maximum of 1024 clients has been exceeded', 'invalid input for mode' => 'Invalid input for mode', 'invalid input for name' => 'Invalid input for user's full name or system hostname', -'invalid input for oink code' => 'Invalid input for Oink code', +'invalid input for subscription code' => 'Invalid input for subscription code', 'invalid input for organization' => 'Invalid input for organization', 'invalid input for remote host/ip' => 'Invalid input for remote host/ip.', 'invalid input for state or province' => 'Invalid input for state or province.', @@ -2025,6 +2041,8 @@ 'pakfire configuration' => 'Pakfire Configuration', 'pakfire core update auto' => 'Install core and addon updates automatically:', 'pakfire core update level' => 'Core-Update-Level', +'pakfire finished' => 'Pakfire has finished! Returning...', +'pakfire finished error' => 'Pakfire has finished! Errors occurred, please check the log output before proceeding.', 'pakfire health check' => 'Check if mirror is reachable (ping):', 'pakfire install description' => 'Please choose one or more items from the list below and click the plus to install.', 'pakfire install package' => 'You want to install the following packages: ', @@ -2036,6 +2054,7 @@ 'pakfire last update' => 'Last update made', 'pakfire possible dependency' => ' There may be depending packages, here is a list of packages that need to be installed.', 'pakfire register' => 'Register at pakfire-server:', +'pakfire return' => 'Return to Pakfire', 'pakfire system state' => 'System Status', 'pakfire tree' => 'Repository', 'pakfire tree stable' => 'Stable', @@ -2325,6 +2344,7 @@ 'spectre variant 1' => 'Spectre Variant 1', 'spectre variant 2' => 'Spectre Variant 2', 'spectre variant 4' => 'Spectre Variant 4', +'spoofed or martians' => 'Spoofed/Martians', 'squid extension methods' => 'Your <tt>extension_methods</tt> list', 'squid extension methods invalid' => 'Your 'extension_methods' list can only contain uppercase words of letters and digits, separated with a space. ', 'squid fix cache' => 'Repair cache', @@ -2387,6 +2407,7 @@ 'subnet is invalid' => 'Netmask is invalid', 'subnet mask' => 'Subnet Mask', 'subscripted user rules' => 'Talos VRT rules with subscription', +'subscription code' => 'Subscription code', 'successfully refreshed updates list' => 'Successfully refreshed updates list.', 'summaries kept' => 'Keep summaries for', 'sunday' => 'Sunday', diff --git a/lfs/clamav b/lfs/clamav index 69e5d8c0f..1fffd99d9 100644 --- a/lfs/clamav +++ b/lfs/clamav @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2021 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2022 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 0.104.1 +VER = 0.104.2
THISAPP = clamav-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = clamav -PAK_VER = 58 +PAK_VER = 59
DEPS =
@@ -46,7 +46,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 49b9bb94d5b2cafc761f8fbe660d3bfa +$(DL_FILE)_MD5 = ad099675f2c09c07850e36496b06c552
install : $(TARGET)
diff --git a/lfs/configroot b/lfs/configroot index e0156c746..9f3188aab 100644 --- a/lfs/configroot +++ b/lfs/configroot @@ -114,7 +114,7 @@ $(TARGET) : echo "ENABLED=off" > $(CONFIG_ROOT)/vpn/settings echo "01" > $(CONFIG_ROOT)/certs/serial echo "nameserver 1.2.3.4" > $(CONFIG_ROOT)/ppp/fake-resolv.conf - echo "DROPNEWNOTSYN=on" >> $(CONFIG_ROOT)/optionsfw/settings + echo "DROPNEWNOTSYN=on" >> $(CONFIG_ROOT)/optionsfw/settings echo "DROPINPUT=on" >> $(CONFIG_ROOT)/optionsfw/settings echo "DROPFORWARD=on" >> $(CONFIG_ROOT)/optionsfw/settings echo "FWPOLICY=DROP" >> $(CONFIG_ROOT)/optionsfw/settings @@ -130,6 +130,8 @@ $(TARGET) : echo "SHOWDROPDOWN=off" >> $(CONFIG_ROOT)/optionsfw/settings echo "DROPWIRELESSINPUT=on" >> $(CONFIG_ROOT)/optionsfw/settings echo "DROPWIRELESSFORWARD=on" >> $(CONFIG_ROOT)/optionsfw/settings + echo "DROPSPOOFEDMARTIAN=on" >> $(CONFIG_ROOT)/optionsfw/settings + echo "DROPHOSTILE=on" >> $(CONFIG_ROOT)/optionsfw/settings echo "POLICY=MODE2" >> $(CONFIG_ROOT)/firewall/settings echo "POLICY1=MODE2" >> $(CONFIG_ROOT)/firewall/settings echo "USE_ISP_NAMESERVERS=on" >> $(CONFIG_ROOT)/dns/settings @@ -138,6 +140,7 @@ $(TARGET) : # Install snort to suricata converter. cp $(DIR_SRC)/config/suricata/convert-snort /usr/sbin/convert-snort cp $(DIR_SRC)/config/suricata/convert-ids-modifysids-file /usr/sbin/convert-ids-modifysids-file + cp $(DIR_SRC)/config/suricata/convert-ids-multiple-providers /usr/sbin/convert-ids-multiple-providers
# set converters executable chmod 755 /usr/sbin/convert-* diff --git a/lfs/dnsdist b/lfs/dnsdist index 8aaca9524..a0d8a20b1 100644 --- a/lfs/dnsdist +++ b/lfs/dnsdist @@ -24,7 +24,7 @@
include Config
-VER = 1.6.1 +VER = 1.7.0
THISAPP = dnsdist-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = dnsdist -PAK_VER = 10 +PAK_VER = 11
SUP_ARCH = x86_64 aarch64
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = fc314583a33d1256fecb41dac64a77e3 +$(DL_FILE)_MD5 = 51cca04895eb04278ba01491a5f24984
install : $(TARGET)
diff --git a/lfs/expat b/lfs/expat index 7627447f3..b2df59ca3 100644 --- a/lfs/expat +++ b/lfs/expat @@ -24,7 +24,7 @@
include Config
-VER = 2.4.1 +VER = 2.4.2
THISAPP = expat-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 476cdf4b5e40280316fff36b2086a390 +$(DL_FILE)_MD5 = 58780ad6944d02f6cf6ba332838694b2
install : $(TARGET)
diff --git a/lfs/freetype b/lfs/freetype index 4dbf41eb5..a34de3722 100644 --- a/lfs/freetype +++ b/lfs/freetype @@ -24,7 +24,7 @@
include Config
-VER = 2.11.0 +VER = 2.11.1
THISAPP = freetype-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = f931582653774e310ed3a7e49b7167a3 +$(DL_FILE)_MD5 = 24e79233d607ded439ef36ff1f3ab68f
install : $(TARGET)
diff --git a/lfs/gdbm b/lfs/gdbm index 23d17dad1..6f96d2f3c 100644 --- a/lfs/gdbm +++ b/lfs/gdbm @@ -24,7 +24,7 @@
include Config
-VER = 1.8.3 +VER = 1.20
THISAPP = gdbm-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 1d1b1d5c0245b1c00aff92da751e9aa1 +$(DL_FILE)_MD5 = 006c19b8b60828fd6916a16f3496bd3c
install : $(TARGET)
@@ -71,9 +71,18 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) $(UPDATE_AUTOMAKE) - cd $(DIR_APP) && ./configure --prefix=/usr --disable-nls + cd $(DIR_APP) && ./configure \ + --prefix=/usr \ + --disable-nls \ + --disable-static + cd $(DIR_APP) && make $(MAKETUNING) + cd $(DIR_APP) && make BINOWN=root BINGRP=root install + cd $(DIR_APP) && ./configure \ + --prefix=/usr \ + --disable-nls \ + --disable-static \ + --enable-libgdbm-compat cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make BINOWN=root BINGRP=root install - cd $(DIR_APP) && make BINOWN=root BINGRP=root install-compat @rm -rf $(DIR_APP) @$(POSTBUILD) diff --git a/lfs/hdparm b/lfs/hdparm index 87d961d15..ecb8fc96f 100644 --- a/lfs/hdparm +++ b/lfs/hdparm @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2022 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 9.55 +VER = 9.63
THISAPP = hdparm-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = adae46e9564075ae288af8082d5ad9fd +$(DL_FILE)_MD5 = cea97ea2aa164f66817adc98c6814280
install : $(TARGET)
diff --git a/lfs/kmod b/lfs/kmod index 3d9acd899..5499002b6 100644 --- a/lfs/kmod +++ b/lfs/kmod @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2022 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 28 +VER = 29
THISAPP = kmod-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 0a2b887b1b3dfb8c0b3f41f598203e56 +$(DL_FILE)_MD5 = e81e63acd80697d001c8d85c1acb38a0
install : $(TARGET)
diff --git a/lfs/libusb b/lfs/libusb index 4b99a6d18..6af376943 100644 --- a/lfs/libusb +++ b/lfs/libusb @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2020 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2022 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 1.0.23 +VER = 1.0.24
THISAPP = libusb-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 1e29700f6a134766d32b36b8d1d61a95 +$(DL_FILE)_MD5 = 5bc27df16155302f308d409e73589872
install : $(TARGET)
diff --git a/lfs/libvirt b/lfs/libvirt index 701528c1d..a8fb0af1b 100644 --- a/lfs/libvirt +++ b/lfs/libvirt @@ -24,7 +24,7 @@
include Config
-VER = 6.5.0 +VER = 7.10.0
THISAPP = libvirt-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -33,7 +33,7 @@ DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) SUP_ARCH = x86_64 PROG = libvirt -PAK_VER = 26 +PAK_VER = 27
DEPS = ebtables libpciaccess libtirpc libyajl ncat qemu
@@ -45,7 +45,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 19ea5c0d18bed1515c23a9e9c7427dc0 +$(DL_FILE)_MD5 = 435d27a73b25c936e0451cc4397ab986
install : $(TARGET) check : $(patsubst %,$(DIR_CHK)/%,$(objects)) @@ -80,45 +80,39 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/libvirt/0001-Change-default-behavior-of-libvirt-guests.sh-for-IPF.patch
- mkdir -p -v $(DIR_APP)/build_libvirt && cd $(DIR_APP)/build_libvirt - - cd $(DIR_APP)/build_libvirt && ../autogen.sh --no-git - - cd $(DIR_APP)/build_libvirt && ../configure \ + cd $(DIR_APP) && meson \ --prefix=/usr \ --localstatedir=/var \ --sysconfdir=/etc \ - --without-sasl \ - --without-vbox \ - --without-lxc \ - --without-esx \ - --without-vmware \ - --without-openvz \ - --without-firewalld \ - --without-network \ - --with-interface \ - --with-virtualport \ - --with-macvtap \ - --without-wireshark-dissector \ - --disable-nls \ - --without-test-suite \ - --without-dbus \ - --with-qemu-user=nobody \ - --with-qemu-group=kvm \ - --with-storage-dir \ - --with-storage-fs \ - --with-storage-lvm \ - --without-storage-iscsi \ - --without-storage-scsi \ - --without-storage-mpath \ - --without-storage-disk \ - --without-storage-rbd \ - --without-storage-sheepdog \ - --without-storage-gluster \ - --without-storage-zfs - - cd $(DIR_APP)/build_libvirt && make $(MAKETUNING) $(EXTRA_MAKE) - cd $(DIR_APP)/build_libvirt && make install + -D docs=disabled \ + -D sasl=disabled \ + -D driver_vbox=disabled \ + -D driver_lxc=disabled \ + -D driver_esx=disabled \ + -D driver_vmware=disabled \ + -D driver_openvz=disabled \ + -D firewalld=disabled \ + -D driver_network=disabled \ + -D driver_interface=enabled \ + -D wireshark_dissector=disabled \ + -D nls=disabled \ + -D tests=disabled \ + -D qemu_user=nobody \ + -D qemu_group=kvm \ + -D storage_dir=enabled \ + -D storage_fs=enabled \ + -D storage_lvm=enabled \ + -D storage_iscsi=disabled \ + -D storage_scsi=disabled \ + -D storage_mpath=disabled \ + -D storage_disk=disabled \ + -D storage_rbd=disabled \ + -D storage_sheepdog=disabled \ + -D storage_gluster=disabled \ + -D storage_zfs=disabled \ + builddir/ + cd $(DIR_APP) && ninja -C builddir/ $(MAKETUNING) $(EXTRA_MAKE) + cd $(DIR_APP) && ninja -C builddir/ install
#install initscripts $(call INSTALL_INITSCRIPT,libvirtd) diff --git a/lfs/libxml2 b/lfs/libxml2 index fd4b5e577..adf3ab0a0 100644 --- a/lfs/libxml2 +++ b/lfs/libxml2 @@ -24,7 +24,7 @@
include Config
-VER = 2.9.10 +VER = 2.9.12
THISAPP = libxml2-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -42,7 +42,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 10942a1dc23137a8aa07f0639cbfece5 +$(DL_FILE)_MD5 = f433a39be087a9f0b197eb2307ad9f75
install : $(TARGET)
diff --git a/lfs/libxslt b/lfs/libxslt index 159956b1a..78a569501 100644 --- a/lfs/libxslt +++ b/lfs/libxslt @@ -24,7 +24,7 @@
include Config
-VER = 1.1.28 +VER = 1.1.34
THISAPP = libxslt-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 9667bf6f9310b957254fdcf6596600b7 +$(DL_FILE)_MD5 = db8765c8d076f1b6caafd9f2542a304a
install : $(TARGET)
diff --git a/lfs/linux b/lfs/linux index 85d44137c..dee79a933 100644 --- a/lfs/linux +++ b/lfs/linux @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2021 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2022 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 5.15.6 +VER = 5.15.16 ARM_PATCHES = 5.15-ipfire2
THISAPP = linux-$(VER) @@ -73,7 +73,7 @@ objects =$(DL_FILE) \ $(DL_FILE) = $(URL_IPFIRE)/$(DL_FILE) arm-multi-patches-$(ARM_PATCHES).patch.xz = $(URL_IPFIRE)/arm-multi-patches-$(ARM_PATCHES).patch.xz
-$(DL_FILE)_MD5 = b4e333919e9fddfdd46308cc38ceda1d +$(DL_FILE)_MD5 = be0a904c58655c74c0986ad62500bcca arm-multi-patches-$(ARM_PATCHES).patch.xz_MD5 = 9cab549a71b19b07e0c5c103ccf3c321
install : $(TARGET) diff --git a/lfs/lvm2 b/lfs/lvm2 index 9b19c1d14..fc87e333a 100644 --- a/lfs/lvm2 +++ b/lfs/lvm2 @@ -24,7 +24,7 @@
include Config
-VER = 2.02.187 +VER = 2.02.188
THISAPP = LVM2.$(VER) DL_FILE = $(THISAPP).tgz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 7941cbe16126ef334b4aa8fcb5c985b5 +$(DL_FILE)_MD5 = 6f942117cad9c18b0e38af08b72d86b6
install : $(TARGET)
diff --git a/lfs/monit b/lfs/monit index 044fe560f..51b7e0101 100644 --- a/lfs/monit +++ b/lfs/monit @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2021 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2022 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 5.29.0 +VER = 5.30.0
THISAPP = monit-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = monit -PAK_VER = 16 +PAK_VER = 17
DEPS =
@@ -44,7 +44,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 8a0546d0d52216b22ebd57acc0bb1e03 +$(DL_FILE)_MD5 = d1a1b2349e8d0f833b3057c7b102b09d
install : $(TARGET)
diff --git a/lfs/pcre2 b/lfs/pcre2 index fd9548a73..00bea9203 100644 --- a/lfs/pcre2 +++ b/lfs/pcre2 @@ -24,7 +24,7 @@
include Config
-VER = 10.37 +VER = 10.39
THISAPP = pcre2-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -54,7 +54,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = a0b59d89828f62d2e1caac04f7c51e0b +$(DL_FILE)_MD5 = 7389e3524de2cda3d21fde8c224febf1
install : $(TARGET)
diff --git a/lfs/libwww-perl b/lfs/perl-libwww similarity index 97% rename from lfs/libwww-perl rename to lfs/perl-libwww index 536a49769..f6811fc5a 100644 --- a/lfs/libwww-perl +++ b/lfs/perl-libwww @@ -24,7 +24,7 @@
include Config
-VER = 5.803 +VER = 6.60
THISAPP = libwww-perl-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 3345d5f15a4f42350847254141725c8f +$(DL_FILE)_MD5 = ce5180358d9279b2843a6518bf2de200
install : $(TARGET)
diff --git a/lfs/poppler-data b/lfs/poppler-data index 761dd17d5..f107296be 100644 --- a/lfs/poppler-data +++ b/lfs/poppler-data @@ -24,7 +24,7 @@
include Config
-VER = 0.4.10 +VER = 0.4.11
THISAPP = poppler-data-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = a7f15fb2f26c60a7a92093cfdf2378d5 +$(DL_FILE)_MD5 = 506eeed773f3ed8684d8c45961c025d4
install : $(TARGET)
diff --git a/lfs/python3-setuptools b/lfs/python3-setuptools index 3c765d2a8..3aac89207 100644 --- a/lfs/python3-setuptools +++ b/lfs/python3-setuptools @@ -24,7 +24,7 @@
include Config
-VER = 56.2.0 +VER = 58.0.4
THISAPP = setuptools-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = python3-setuptools -PAK_VER = 3 +PAK_VER = 4
DEPS =
@@ -44,7 +44,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = e8caf0f129f585a887bb3cbb528149d1 +$(DL_FILE)_MD5 = 17245af34e1a7d54976bca8c1bf092b7
install : $(TARGET)
diff --git a/lfs/qemu b/lfs/qemu index 9ece6ea7d..bc36bb4d7 100644 --- a/lfs/qemu +++ b/lfs/qemu @@ -24,6 +24,7 @@
include Config
+# If you update the version also qemu-ga !!! VER = 6.1.0
THISAPP = qemu-$(VER) diff --git a/lfs/qemu-ga b/lfs/qemu-ga new file mode 100644 index 000000000..2130b57f3 --- /dev/null +++ b/lfs/qemu-ga @@ -0,0 +1,60 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007-2022 IPFire Team info@ipfire.org # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include Config + +VER = 6.1.0 +THISAPP = qemu-ga-$(VER) +TARGET = $(DIR_INFO)/$(THISAPP) +SUP_ARCH = x86_64 +PROG = qemu-ga +PAK_VER = 1 + +DEPS = + +############################################################################### +# Top-level Rules +############################################################################### + +install : $(TARGET) + +download : + +md5 : + +dist: + @$(PAK) + +############################################################################### +# Installation Details +############################################################################### + +$(TARGET) : + @$(PREBUILD) + + #install initscripts + $(call INSTALL_INITSCRIPT,qemu-ga) + + @rm -rf $(DIR_APP) + @$(POSTBUILD) diff --git a/lfs/shadow b/lfs/shadow index a82de374a..1505e5ade 100644 --- a/lfs/shadow +++ b/lfs/shadow @@ -24,7 +24,7 @@
include Config
-VER = 4.2.1 +VER = 4.11.1
THISAPP = shadow-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 2bfafe7d4962682d31b5eba65dba4fc8 +$(DL_FILE)_MD5 = 5a95ec069aa91508167d02fecafaa912
install : $(TARGET)
@@ -70,12 +70,14 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/shadow-4.2.1-suppress_installation_of_groups.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/shadow-4.11.1-suppress_installation_of_groups.patch $(UPDATE_AUTOMAKE) cd $(DIR_APP) && ./configure \ --libdir=/lib \ --sysconfdir=/etc \ + --with-yescrypt \ --enable-shared \ + --disable-static \ --without-selinux \ --disable-nls \ --with-group-name-max-length=32 diff --git a/lfs/squid b/lfs/squid index d6570b80d..b25f594a9 100644 --- a/lfs/squid +++ b/lfs/squid @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2021 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2022 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 4.16 +VER = 5.2
THISAPP = squid-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -46,7 +46,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = d200064f7050969680f628d26b8c704d +$(DL_FILE)_MD5 = 102984f3ea382a1fa5bd917c2ee155ec
install : $(TARGET)
@@ -127,7 +127,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) --enable-icap-client \ --enable-zph-qos \ --with-dl \ - --with-filedescriptors=$$(( 16384 * 64 )) \ --with-large-files \ --without-gnutls \ --without-netfilter-conntrack diff --git a/lfs/suricata b/lfs/suricata index 6a24a02ab..a870e3668 100644 --- a/lfs/suricata +++ b/lfs/suricata @@ -100,15 +100,19 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) # Install yaml file for loading default rules. install -m 0664 $(DIR_SRC)/config/suricata/suricata-default-rules.yaml /var/ipfire/suricata
+ # Set correct ownership for the default rules file. + chown nobody:nobody /var/ipfire/suricata/suricata-default-rules.yaml + # Create emtpy rules directory. -mkdir -p /var/lib/suricata
# Move config files for references, threshold and classification # to the rules directory. - mv /etc/suricata/*.config /var/lib/suricata + rm -rfv /etc/suricata/*.config
- # Set correct permissions for the files. - chmod 644 /var/lib/suricata/*.config + # Set correct ownership for the classifiction config file. + # (File has to be writeable for the nobody user) + chown nobody:nobody /usr/share/suricata/classification.config
# Set correct ownership for /var/lib/suricata and the # contained files diff --git a/lfs/tcl b/lfs/tcl index e4b15c7fb..b9026a89c 100644 --- a/lfs/tcl +++ b/lfs/tcl @@ -24,7 +24,7 @@
include Config
-VER = 8.6.11 +VER = 8.6.12
THISAPP = tcl$(VER) DL_FILE = $(THISAPP)-src.tar.gz @@ -45,7 +45,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 8a4c004f48984a03a7747e9ba06e4da4 +$(DL_FILE)_MD5 = 87ea890821d2221f2ab5157bc5eb885f
install : $(TARGET)
diff --git a/lfs/usbutils b/lfs/usbutils index 9e919cbec..5ac2e6574 100644 --- a/lfs/usbutils +++ b/lfs/usbutils @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2021 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 007 +VER = 013
THISAPP = usbutils-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = c9df5107ae9d26b10a1736a261250139 +$(DL_FILE)_MD5 = 91b0c9a3382d6f4c382df7a98462de2e
install : $(TARGET)
@@ -71,6 +71,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) $(UPDATE_AUTOMAKE) + cd $(DIR_APP) && ./autogen.sh cd $(DIR_APP) && ./configure --prefix=/usr \ --datadir=/usr/share/hwdata \ --disable-zlib diff --git a/lfs/zstd b/lfs/zstd index 773d0df57..982c98791 100644 --- a/lfs/zstd +++ b/lfs/zstd @@ -24,7 +24,7 @@
include Config
-VER = 1.5.0 +VER = 1.5.1
THISAPP = zstd-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -49,7 +49,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = a6eb7fb1f2c21fa80030a47993853e92 +$(DL_FILE)_MD5 = b97d53547220355907dedec7de9a4f29
install : $(TARGET)
diff --git a/make.sh b/make.sh index 7568ee232..74dd06be8 100755 --- a/make.sh +++ b/make.sh @@ -26,7 +26,7 @@ NAME="IPFire" # Software name SNAME="ipfire" # Short name # If you update the version don't forget to update backupiso and add it to core update VERSION="2.27" # Version number -CORE="163" # Core Level (Filename) +CORE="164" # Core Level (Filename) SLOGAN="www.ipfire.org" # Software slogan CONFIG_ROOT=/var/ipfire # Configuration rootdir MAX_RETRIES=1 # prefetch/check loop @@ -1301,7 +1301,7 @@ buildipfire() { lfsmake2 Digest lfsmake2 Digest-SHA1 lfsmake2 Digest-HMAC - lfsmake2 libwww-perl + lfsmake2 perl-libwww lfsmake2 Net-DNS lfsmake2 Net-IPv4Addr lfsmake2 Net_SSLeay @@ -1599,6 +1599,7 @@ buildipfire() { lfsmake2 libcdada lfsmake2 pmacct lfsmake2 squid-asnbl + lfsmake2 qemu-ga }
buildinstaller() { @@ -1957,7 +1958,7 @@ check-manualpages) fi ;; *) - echo "Usage: $0 {build|changelog|clean|gettoolchain|downloadsrc|shell|sync|toolchain|update-contributors|find-dependencies|check-manualpages}" + echo "Usage: $0 [OPTIONS] {build|changelog|clean|gettoolchain|downloadsrc|shell|sync|toolchain|update-contributors|find-dependencies|check-manualpages}" cat doc/make.sh-usage ;; esac diff --git a/src/initscripts/packages/qemu-ga b/src/initscripts/packages/qemu-ga new file mode 100755 index 000000000..68863f86f --- /dev/null +++ b/src/initscripts/packages/qemu-ga @@ -0,0 +1,38 @@ +#!/bin/sh +# Begin $rc_base/init.d/qemu-guest-agent + + +. /etc/sysconfig/rc +. $rc_functions + +case "$1" in + start) + boot_mesg "Starting QEMU Guest Agent..." + /usr/bin/qemu-ga -m virtio-serial -p /dev/virtio-ports/org.qemu.guest_agent.0 -f /run/qemu-ga.pid -d + evaluate_retval + ;; + + stop) + boot_mesg "Stopping QEMU Guest Agent..." + killproc /usr/bin/qemu-ga + ;; + + restart) + $0 stop + sleep 3 + $0 start + ;; + + status) + statusproc /usr/bin/qemu-ga + ;; + + + *) + echo "Usage: $0 {start|stop|restart|status}" + exit 1 + ;; +esac + + +# End $rc_base/init.d/qemu-guest-agent diff --git a/src/initscripts/system/firewall b/src/initscripts/system/firewall index 75ea8abdf..ebc8168ae 100644 --- a/src/initscripts/system/firewall +++ b/src/initscripts/system/firewall @@ -80,6 +80,14 @@ iptables_init() { fi iptables -A NEWNOTSYN -j DROP -m comment --comment "DROP_NEWNOTSYN"
+ # Log and subsequently drop spoofed packets or "martians", arriving from sources + # on interfaces where we don't expect them + iptables -N SPOOFED_MARTIAN + if [ "$DROPSPOOFEDMARTIAN" == "on" ]; then + iptables -A SPOOFED_MARTIAN -m limit --limit 10/second -j LOG --log-prefix "DROP_SPOOFED_MARTIAN " + fi + iptables -A SPOOFED_MARTIAN -j DROP -m comment --comment "DROP_SPOOFED_MARTIAN" + # Chain to contain all the rules relating to bad TCP flags iptables -N BADTCP
@@ -110,7 +118,7 @@ iptables_init() { # Connection tracking chains iptables -N CONNTRACK iptables -A CONNTRACK -m conntrack --ctstate ESTABLISHED -j ACCEPT - iptables -A CONNTRACK -m conntrack --ctstate INVALID -j DROP + iptables -A CONNTRACK -m conntrack --ctstate INVALID -j LOG_DROP iptables -A CONNTRACK -p icmp -m conntrack --ctstate RELATED -j ACCEPT
# Restore any connection marks @@ -131,12 +139,26 @@ iptables_init() { iptables -t nat -N CUSTOMPOSTROUTING iptables -t nat -A POSTROUTING -j CUSTOMPOSTROUTING
+ # Log and drop any traffic from and to networks known as being hostile, posing + # a technical threat to our users (i. e. listed at Spamhaus DROP et al.) + if [ "$DROPHOSTILE" == "on" ]; then + iptables -N DROP_HOSTILE + iptables -A DROP_HOSTILE -m limit --limit 10/second -j LOG --log-prefix "DROP_HOSTILE " + + iptables -A INPUT -i $IFACE -m geoip --src-cc XD -j DROP_HOSTILE + iptables -A FORWARD -i $IFACE -m geoip --src-cc XD -j DROP_HOSTILE + iptables -A FORWARD -o $IFACE -m geoip --dst-cc XD -j DROP_HOSTILE + iptables -A OUTPUT -o $IFACE -m geoip --src-cc XD -j DROP_HOSTILE + + iptables -A DROP_HOSTILE -j DROP -m comment --comment "DROP_HOSTILE" + fi + # P2PBLOCK iptables -N P2PBLOCK iptables -A INPUT -j P2PBLOCK iptables -A FORWARD -j P2PBLOCK iptables -A OUTPUT -j P2PBLOCK - + # IPS (Guardian) chains iptables -N GUARDIAN iptables -A INPUT -j GUARDIAN @@ -177,14 +199,18 @@ iptables_init() { iptables -A INPUT -j ICMPINPUT iptables -A ICMPINPUT -p icmp --icmp-type 8 -j ACCEPT
- # Accept everything on loopback + # Accept everything on loopback if source/destination is loopback space... iptables -N LOOPBACK - iptables -A LOOPBACK -i lo -j ACCEPT - iptables -A LOOPBACK -o lo -j ACCEPT + iptables -A LOOPBACK -i lo -s 127.0.0.0/8 -j ACCEPT + iptables -A LOOPBACK -o lo -d 127.0.0.0/8 -j ACCEPT
- # Filter all packets with loopback addresses on non-loopback interfaces. - iptables -A LOOPBACK -s 127.0.0.0/8 -j DROP - iptables -A LOOPBACK -d 127.0.0.0/8 -j DROP + # ... and drop everything else on the loopback interface, since no other traffic should appear there + iptables -A LOOPBACK -i lo -j SPOOFED_MARTIAN + iptables -A LOOPBACK -o lo -j SPOOFED_MARTIAN + + # Filter all packets with loopback addresses on non-loopback interfaces (spoofed) + iptables -A LOOPBACK -s 127.0.0.0/8 -j SPOOFED_MARTIAN + iptables -A LOOPBACK -d 127.0.0.0/8 -j SPOOFED_MARTIAN
for i in INPUT FORWARD OUTPUT; do iptables -A ${i} -j LOOPBACK @@ -227,6 +253,10 @@ iptables_init() { iptables -A OUTPUT -o "${BLUE_DEV}" -j DHCPBLUEOUTPUT fi
+ # Tor (inbound) + iptables -N TOR_INPUT + iptables -A INPUT -j TOR_INPUT + # Location Block iptables -N LOCATIONBLOCK iptables -A INPUT -j LOCATIONBLOCK @@ -260,12 +290,10 @@ iptables_init() { iptables -N OVPNINPUT iptables -A INPUT -j OVPNINPUT
- # Tor (inbound and outbound) - iptables -N TOR_INPUT - iptables -A INPUT -j TOR_INPUT + # Tor (outbound) iptables -N TOR_OUTPUT iptables -A OUTPUT -j TOR_OUTPUT - + # Jump into the actual firewall ruleset. iptables -N INPUTFW iptables -A INPUT -j INPUTFW @@ -360,6 +388,17 @@ iptables_red_up() { iptables -F REDFORWARD iptables -t nat -F REDNAT
+ # Prohibit spoofing our own IP address on RED + if [ -f /var/ipfire/red/active ]; then + REDIP="$( cat /var/ipfire/red/local-ipaddress )"; + + if [ "$IFACE" != "" ]; then + iptables -A REDINPUT -s $REDIP -i $IFACE -j SPOOFED_MARTIAN + elif [ "$DEVICE" != "" ]; then + iptables -A REDINPUT -s $REDIP -i $DEVICE -j SPOOFED_MARTIAN + fi + fi + # PPPoE / PPTP Device if [ "$IFACE" != "" ]; then # PPPoE / PPTP diff --git a/src/initscripts/system/squid b/src/initscripts/system/squid index 7255c0aca..09e7a0443 100644 --- a/src/initscripts/system/squid +++ b/src/initscripts/system/squid @@ -48,6 +48,7 @@ transparent() {
case "$1" in start) + ulimit -n 32768 getpids "squid"
if [ -n "${pidlist}" ]; then diff --git a/src/paks/qemu-ga/install.sh b/src/paks/qemu-ga/install.sh new file mode 100644 index 000000000..6980820ba --- /dev/null +++ b/src/paks/qemu-ga/install.sh @@ -0,0 +1,34 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 2 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2022 IPFire-Team info@ipfire.org. # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh +extract_files +restore_backup ${NAME} + +# add symlinks for qemu-ga + +ln -s /etc/rc.d/init.d/qemu-ga /etc/rc.d/rc0.d/K00qemu-ga +ln -s /etc/rc.d/init.d/qemu-ga /etc/rc.d/rc3.d/S99qemu-ga +ln -s /etc/rc.d/init.d/qemu-ga /etc/rc.d/rc6.d/K00qemu-ga + +start_service --background ${NAME} diff --git a/src/paks/qemu-ga/uninstall.sh b/src/paks/qemu-ga/uninstall.sh new file mode 100644 index 000000000..cc1115b99 --- /dev/null +++ b/src/paks/qemu-ga/uninstall.sh @@ -0,0 +1,32 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 2 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2022 IPFire-Team info@ipfire.org. # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh +stop_service ${NAME} +make_backup ${NAME} + +# remove symlinks + +rm -f /etc/rc.d/rc0.d/K00qemu-ga /etc/rc.d/rc3.d/S99qemu-ga /etc/rc.d/rc6.d/K00qemu-ga + +remove_files diff --git a/src/paks/qemu-ga/update.sh b/src/paks/qemu-ga/update.sh new file mode 100644 index 000000000..ea2505f2a --- /dev/null +++ b/src/paks/qemu-ga/update.sh @@ -0,0 +1,27 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 2 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2007-2022 IPFire-Team info@ipfire.org. # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh +extract_backup_includes +./uninstall.sh +./install.sh diff --git a/src/patches/libvirt/0001-Change-default-behavior-of-libvirt-guests.sh-for-IPF.patch b/src/patches/libvirt/0001-Change-default-behavior-of-libvirt-guests.sh-for-IPF.patch index 12af9a5f3..774f52e04 100644 --- a/src/patches/libvirt/0001-Change-default-behavior-of-libvirt-guests.sh-for-IPF.patch +++ b/src/patches/libvirt/0001-Change-default-behavior-of-libvirt-guests.sh-for-IPF.patch @@ -1,30 +1,15 @@ -From a50fa0195e36773d57593006152828ce2c0523fd Mon Sep 17 00:00:00 2001 -From: Jonatan Schlag jonatan.schlag@ipfire.org -Date: Fri, 6 May 2016 11:38:08 +0200 -Subject: [PATCH] Change default behavior of libvirt-guests.sh for IPFire - -Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org ---- - tools/libvirt-guests.sh.in | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/tools/libvirt-guests.sh.in b/tools/libvirt-guests.sh.in -index 7f74b85..87aceb7 100644 ---- a/tools/libvirt-guests.sh.in -+++ b/tools/libvirt-guests.sh.in -@@ -30,9 +30,9 @@ test ! -r "$sysconfdir"/rc.d/init.d/functions || +--- libvirt-7.10.0/tools/libvirt-guests.sh.in.orig 2021-12-01 10:51:11.942943000 +0100 ++++ libvirt-7.10.0/tools/libvirt-guests.sh.in 2022-01-11 12:32:37.765715377 +0100 +@@ -30,9 +30,9 @@
export TEXTDOMAIN="@PACKAGE@" TEXTDOMAINDIR="@localedir@"
--URIS=default --ON_BOOT=start --ON_SHUTDOWN=suspend -+URIS=qemu:///system -+ON_BOOT=ignore -+ON_SHUTDOWN=shutdown +-URIS="default" +-ON_BOOT="start" +-ON_SHUTDOWN="suspend" ++URIS="qemu:///system" ++ON_BOOT="ignore" ++ON_SHUTDOWN="shutdown" SHUTDOWN_TIMEOUT=300 PARALLEL_SHUTDOWN=0 START_DELAY=0 --- -2.1.4 - diff --git a/src/patches/shadow-4.11.1-suppress_installation_of_groups.patch b/src/patches/shadow-4.11.1-suppress_installation_of_groups.patch new file mode 100644 index 000000000..cee41abac --- /dev/null +++ b/src/patches/shadow-4.11.1-suppress_installation_of_groups.patch @@ -0,0 +1,279 @@ +diff -Naur shadow-4.11.1-orig/man/cs/Makefile.in shadow-4.11.1/man/cs/Makefile.in +--- shadow-4.11.1-orig/man/cs/Makefile.in 2022-01-03 04:09:23.000000000 +0100 ++++ shadow-4.11.1/man/cs/Makefile.in 2022-01-17 13:04:13.758312001 +0100 +@@ -326,12 +326,12 @@ + man8/groupadd.8 \ + man8/groupdel.8 \ + man8/groupmod.8 \ +- man1/groups.1 \ ++ man1/ \ + man8/grpck.8 \ + man5/gshadow.5 \ + man8/lastlog.8 \ + man8/nologin.8 \ +- man5/passwd.5 \ ++ man5/ \ + man5/shadow.5 \ + man1/su.1 \ + man8/vipw.8 +diff -Naur shadow-4.11.1-orig/man/da/Makefile.in shadow-4.11.1/man/da/Makefile.in +--- shadow-4.11.1-orig/man/da/Makefile.in 2022-01-03 04:09:23.000000000 +0100 ++++ shadow-4.11.1/man/da/Makefile.in 2022-01-17 13:05:29.513200259 +0100 +@@ -323,7 +323,7 @@ + top_srcdir = @top_srcdir@ + + # 2012.01.28 - activate manpages with more than 50% translated messages +-man_MANS = man1/chfn.1 man8/groupdel.8 man1/groups.1 man5/gshadow.5 \ ++man_MANS = man1/chfn.1 man8/groupdel.8 man1/ man5/gshadow.5 \ + man8/logoutd.8 man1/newgrp.1 man8/nologin.8 man1/sg.1 \ + man8/vigr.8 man8/vipw.8 $(am__append_1) + man_nopam = +diff -Naur shadow-4.11.1-orig/man/de/Makefile.in shadow-4.11.1/man/de/Makefile.in +--- shadow-4.11.1-orig/man/de/Makefile.in 2022-01-03 04:09:23.000000000 +0100 ++++ shadow-4.11.1/man/de/Makefile.in 2022-01-17 13:06:43.188118562 +0100 +@@ -324,11 +324,11 @@ + top_srcdir = @top_srcdir@ + man_MANS = man1/chage.1 man1/chfn.1 man8/chgpasswd.8 man8/chpasswd.8 \ + man1/chsh.1 man1/expiry.1 man5/faillog.5 man8/faillog.8 \ +- man3/getspnam.3 man1/gpasswd.1 man8/groupadd.8 man8/groupdel.8 \ +- man8/groupmems.8 man8/groupmod.8 man1/groups.1 man8/grpck.8 \ ++ man3/ man1/gpasswd.1 man8/groupadd.8 man8/groupdel.8 \ ++ man8/groupmems.8 man8/groupmod.8 man1/ man8/grpck.8 \ + man8/grpconv.8 man8/grpunconv.8 man5/gshadow.5 man8/lastlog.8 \ + man1/login.1 man5/login.defs.5 man8/logoutd.8 man1/newgrp.1 \ +- man8/newusers.8 man8/nologin.8 man1/passwd.1 man5/passwd.5 \ ++ man8/newusers.8 man8/nologin.8 man1/passwd.1 man5/ \ + man8/pwck.8 man8/pwconv.8 man8/pwunconv.8 man1/sg.1 \ + man3/shadow.3 man5/shadow.5 man1/su.1 man5/suauth.5 \ + man8/useradd.8 man8/userdel.8 man8/usermod.8 man8/vigr.8 \ +diff -Naur shadow-4.11.1-orig/man/es/Makefile.in shadow-4.11.1/man/es/Makefile.in +--- shadow-4.11.1-orig/man/es/Makefile.in 2022-01-03 04:09:23.000000000 +0100 ++++ shadow-4.11.1/man/es/Makefile.in 2022-01-17 13:07:24.967505172 +0100 +@@ -292,7 +292,7 @@ + # man1/login.1 \ + # man1/newgrp.1 \ + # man1/passwd.1 \ +-# man5/passwd.5 \ ++# man5/ \ + # man1/su.1 \ + # man8/vigr.8 \ + # man8/vipw.8 +diff -Naur shadow-4.11.1-orig/man/fr/Makefile.in shadow-4.11.1/man/fr/Makefile.in +--- shadow-4.11.1-orig/man/fr/Makefile.in 2022-01-03 04:09:23.000000000 +0100 ++++ shadow-4.11.1/man/fr/Makefile.in 2022-01-17 13:08:52.850214886 +0100 +@@ -326,11 +326,11 @@ + top_srcdir = @top_srcdir@ + man_MANS = man1/chage.1 man1/chfn.1 man8/chgpasswd.8 man8/chpasswd.8 \ + man1/chsh.1 man1/expiry.1 man5/faillog.5 man8/faillog.8 \ +- man3/getspnam.3 man1/gpasswd.1 man8/groupadd.8 man8/groupdel.8 \ +- man8/groupmems.8 man8/groupmod.8 man1/groups.1 man8/grpck.8 \ ++ man3/ man1/gpasswd.1 man8/groupadd.8 man8/groupdel.8 \ ++ man8/groupmems.8 man8/groupmod.8 man1/ man8/grpck.8 \ + man8/grpconv.8 man8/grpunconv.8 man5/gshadow.5 man8/lastlog.8 \ + man1/login.1 man5/login.defs.5 man8/logoutd.8 man1/newgrp.1 \ +- man8/newusers.8 man8/nologin.8 man1/passwd.1 man5/passwd.5 \ ++ man8/newusers.8 man8/nologin.8 man1/passwd.1 man5/ \ + man8/pwck.8 man8/pwconv.8 man8/pwunconv.8 man1/sg.1 \ + man3/shadow.3 man5/shadow.5 man1/su.1 man5/suauth.5 \ + man8/useradd.8 man8/userdel.8 man8/usermod.8 man8/vigr.8 \ +diff -Naur shadow-4.11.1-orig/man/hu/Makefile.in shadow-4.11.1/man/hu/Makefile.in +--- shadow-4.11.1-orig/man/hu/Makefile.in 2022-01-03 04:09:23.000000000 +0100 ++++ shadow-4.11.1/man/hu/Makefile.in 2022-01-17 13:09:43.917465155 +0100 +@@ -321,12 +321,12 @@ + man_MANS = \ + man1/chsh.1 \ + man1/gpasswd.1 \ +- man1/groups.1 \ ++ man1/ \ + man8/lastlog.8 \ + man1/login.1 \ + man1/newgrp.1 \ + man1/passwd.1 \ +- man5/passwd.5 \ ++ man5/ \ + man1/sg.1 \ + man1/su.1 + +diff -Naur shadow-4.11.1-orig/man/it/Makefile.in shadow-4.11.1/man/it/Makefile.in +--- shadow-4.11.1-orig/man/it/Makefile.in 2022-01-03 04:09:23.000000000 +0100 ++++ shadow-4.11.1/man/it/Makefile.in 2022-01-17 13:10:43.664587974 +0100 +@@ -324,11 +324,11 @@ + top_srcdir = @top_srcdir@ + man_MANS = man1/chage.1 man1/chfn.1 man8/chgpasswd.8 man8/chpasswd.8 \ + man1/chsh.1 man1/expiry.1 man5/faillog.5 man8/faillog.8 \ +- man3/getspnam.3 man1/gpasswd.1 man8/groupadd.8 man8/groupdel.8 \ +- man8/groupmems.8 man8/groupmod.8 man1/groups.1 man8/grpck.8 \ ++ man3/ man1/gpasswd.1 man8/groupadd.8 man8/groupdel.8 \ ++ man8/groupmems.8 man8/groupmod.8 man1/ man8/grpck.8 \ + man8/grpconv.8 man8/grpunconv.8 man5/gshadow.5 man8/lastlog.8 \ + man1/login.1 man5/login.defs.5 man8/logoutd.8 man1/newgrp.1 \ +- man8/newusers.8 man8/nologin.8 man1/passwd.1 man5/passwd.5 \ ++ man8/newusers.8 man8/nologin.8 man1/passwd.1 man5/ \ + man8/pwck.8 man8/pwconv.8 man8/pwunconv.8 man1/sg.1 \ + man3/shadow.3 man5/shadow.5 man1/su.1 man5/suauth.5 \ + man8/useradd.8 man8/userdel.8 man8/usermod.8 man8/vigr.8 \ +diff -Naur shadow-4.11.1-orig/man/ja/Makefile.in shadow-4.11.1/man/ja/Makefile.in +--- shadow-4.11.1-orig/man/ja/Makefile.in 2022-01-03 04:09:23.000000000 +0100 ++++ shadow-4.11.1/man/ja/Makefile.in 2022-01-17 13:11:27.991937191 +0100 +@@ -322,10 +322,10 @@ + top_srcdir = @top_srcdir@ + man_MANS = man1/chage.1 man1/chfn.1 man8/chpasswd.8 man1/chsh.1 \ + man1/expiry.1 man5/faillog.5 man8/faillog.8 man1/gpasswd.1 \ +- man8/groupadd.8 man8/groupdel.8 man8/groupmod.8 man1/groups.1 \ ++ man8/groupadd.8 man8/groupdel.8 man8/groupmod.8 man1/ \ + man8/grpck.8 man8/grpconv.8 man8/grpunconv.8 man8/lastlog.8 \ + man1/login.1 man5/login.defs.5 man8/logoutd.8 man1/newgrp.1 \ +- man8/newusers.8 man1/passwd.1 man5/passwd.5 man8/pwck.8 \ ++ man8/newusers.8 man1/passwd.1 man5/ man8/pwck.8 \ + man8/pwconv.8 man8/pwunconv.8 man1/sg.1 man5/shadow.5 \ + man1/su.1 man5/suauth.5 man8/useradd.8 man8/userdel.8 \ + man8/usermod.8 man8/vigr.8 man8/vipw.8 $(am__append_1) +diff -Naur shadow-4.11.1-orig/man/ko/Makefile.in shadow-4.11.1/man/ko/Makefile.in +--- shadow-4.11.1-orig/man/ko/Makefile.in 2022-01-03 04:09:23.000000000 +0100 ++++ shadow-4.11.1/man/ko/Makefile.in 2022-01-17 13:12:18.603194118 +0100 +@@ -321,9 +321,9 @@ + man_MANS = \ + man1/chfn.1 \ + man1/chsh.1 \ +- man1/groups.1 \ ++ man1/ \ + man1/login.1 \ +- man5/passwd.5 \ ++ man5/ \ + man1/su.1 \ + man8/vigr.8 \ + man8/vipw.8 +diff -Naur shadow-4.11.1-orig/man/Makefile.in shadow-4.11.1/man/Makefile.in +--- shadow-4.11.1-orig/man/Makefile.in 2022-01-03 04:09:23.000000000 +0100 ++++ shadow-4.11.1/man/Makefile.in 2022-01-17 13:13:43.341950016 +0100 +@@ -392,11 +392,11 @@ + @USE_NLS_TRUE@SUBDIRS = po cs da de es fi fr hu id it ja ko pl pt_BR ru sv tr zh_CN zh_TW + man_MANS = man1/chage.1 man1/chfn.1 man8/chgpasswd.8 man8/chpasswd.8 \ + man1/chsh.1 man1/expiry.1 man5/faillog.5 man8/faillog.8 \ +- man3/getspnam.3 man1/gpasswd.1 man8/groupadd.8 man8/groupdel.8 \ +- man8/groupmems.8 man8/groupmod.8 man1/groups.1 man8/grpck.8 \ ++ man3/ man1/gpasswd.1 man8/groupadd.8 man8/groupdel.8 \ ++ man8/groupmems.8 man8/groupmod.8 man1/ man8/grpck.8 \ + man8/grpconv.8 man8/grpunconv.8 man5/gshadow.5 man8/lastlog.8 \ + man1/login.1 man5/login.defs.5 man8/logoutd.8 man1/newgrp.1 \ +- man8/newusers.8 man8/nologin.8 man1/passwd.1 man5/passwd.5 \ ++ man8/newusers.8 man8/nologin.8 man1/passwd.1 man5/ \ + man8/pwck.8 man8/pwconv.8 man8/pwunconv.8 man1/sg.1 \ + man3/shadow.3 man5/shadow.5 man5/suauth.5 man8/useradd.8 \ + man8/userdel.8 man8/usermod.8 man8/vigr.8 man8/vipw.8 \ +diff -Naur shadow-4.11.1-orig/man/pl/Makefile.in shadow-4.11.1/man/pl/Makefile.in +--- shadow-4.11.1-orig/man/pl/Makefile.in 2022-01-03 04:09:23.000000000 +0100 ++++ shadow-4.11.1/man/pl/Makefile.in 2022-01-17 13:14:42.781077363 +0100 +@@ -325,8 +325,8 @@ + + # 2012.01.28 - activate manpages with more than 50% translated messages + man_MANS = man1/chage.1 man1/chsh.1 man1/expiry.1 man5/faillog.5 \ +- man8/faillog.8 man3/getspnam.3 man8/groupadd.8 man8/groupdel.8 \ +- man8/groupmems.8 man8/groupmod.8 man1/groups.1 man8/grpck.8 \ ++ man8/faillog.8 man3/ man8/groupadd.8 man8/groupdel.8 \ ++ man8/groupmems.8 man8/groupmod.8 man1/ man8/grpck.8 \ + man8/lastlog.8 man8/logoutd.8 man1/newgrp.1 man1/sg.1 \ + man3/shadow.3 man8/userdel.8 man8/usermod.8 man8/vigr.8 \ + man8/vipw.8 $(am__append_1) +diff -Naur shadow-4.11.1-orig/man/pt_BR/Makefile.in shadow-4.11.1/man/pt_BR/Makefile.in +--- shadow-4.11.1-orig/man/pt_BR/Makefile.in 2022-01-03 04:09:23.000000000 +0100 ++++ shadow-4.11.1/man/pt_BR/Makefile.in 2022-01-17 13:15:09.668682617 +0100 +@@ -323,7 +323,7 @@ + man8/groupadd.8 \ + man8/groupdel.8 \ + man8/groupmod.8 \ +- man5/passwd.5 \ ++ man5/ \ + man5/shadow.5 + + EXTRA_DIST = $(man_MANS) +diff -Naur shadow-4.11.1-orig/man/ru/Makefile.in shadow-4.11.1/man/ru/Makefile.in +--- shadow-4.11.1-orig/man/ru/Makefile.in 2022-01-03 04:09:23.000000000 +0100 ++++ shadow-4.11.1/man/ru/Makefile.in 2022-01-17 13:16:07.647831387 +0100 +@@ -324,11 +324,11 @@ + top_srcdir = @top_srcdir@ + man_MANS = man1/chage.1 man1/chfn.1 man8/chgpasswd.8 man8/chpasswd.8 \ + man1/chsh.1 man1/expiry.1 man5/faillog.5 man8/faillog.8 \ +- man3/getspnam.3 man1/gpasswd.1 man8/groupadd.8 man8/groupdel.8 \ +- man8/groupmems.8 man8/groupmod.8 man1/groups.1 man8/grpck.8 \ ++ man3/ man1/gpasswd.1 man8/groupadd.8 man8/groupdel.8 \ ++ man8/groupmems.8 man8/groupmod.8 man1/ man8/grpck.8 \ + man8/grpconv.8 man8/grpunconv.8 man5/gshadow.5 man8/lastlog.8 \ + man1/login.1 man5/login.defs.5 man8/logoutd.8 man1/newgrp.1 \ +- man8/newusers.8 man8/nologin.8 man1/passwd.1 man5/passwd.5 \ ++ man8/newusers.8 man8/nologin.8 man1/passwd.1 man5/ \ + man8/pwck.8 man8/pwconv.8 man8/pwunconv.8 man1/sg.1 \ + man3/shadow.3 man5/shadow.5 man1/su.1 man5/suauth.5 \ + man8/useradd.8 man8/userdel.8 man8/usermod.8 man8/vigr.8 \ +diff -Naur shadow-4.11.1-orig/man/sv/Makefile.in shadow-4.11.1/man/sv/Makefile.in +--- shadow-4.11.1-orig/man/sv/Makefile.in 2022-01-03 04:09:23.000000000 +0100 ++++ shadow-4.11.1/man/sv/Makefile.in 2022-01-17 13:16:58.503084748 +0100 +@@ -325,10 +325,10 @@ + + # 2012.01.28 - activate manpages with more than 50% translated messages + man_MANS = man1/chage.1 man1/chsh.1 man1/expiry.1 man5/faillog.5 \ +- man8/faillog.8 man3/getspnam.3 man8/groupadd.8 man8/groupdel.8 \ +- man8/groupmems.8 man8/groupmod.8 man1/groups.1 man8/grpck.8 \ ++ man8/faillog.8 man3/ man8/groupadd.8 man8/groupdel.8 \ ++ man8/groupmems.8 man8/groupmod.8 man1/ man8/grpck.8 \ + man5/gshadow.5 man8/lastlog.8 man8/logoutd.8 man1/newgrp.1 \ +- man8/nologin.8 man1/passwd.1 man5/passwd.5 man8/pwck.8 \ ++ man8/nologin.8 man1/passwd.1 man5/ man8/pwck.8 \ + man1/sg.1 man3/shadow.3 man5/suauth.5 man8/userdel.8 \ + man8/vigr.8 man8/vipw.8 $(am__append_1) + man_nopam = \ +diff -Naur shadow-4.11.1-orig/man/tr/Makefile.in shadow-4.11.1/man/tr/Makefile.in +--- shadow-4.11.1-orig/man/tr/Makefile.in 2022-01-03 04:09:24.000000000 +0100 ++++ shadow-4.11.1/man/tr/Makefile.in 2022-01-17 13:17:28.478644677 +0100 +@@ -326,7 +326,7 @@ + man8/groupmod.8 \ + man1/login.1 \ + man1/passwd.1 \ +- man5/passwd.5 \ ++ man5/ \ + man5/shadow.5 \ + man1/su.1 \ + man8/useradd.8 \ +diff -Naur shadow-4.11.1-orig/man/zh_CN/Makefile.in shadow-4.11.1/man/zh_CN/Makefile.in +--- shadow-4.11.1-orig/man/zh_CN/Makefile.in 2022-01-03 04:09:24.000000000 +0100 ++++ shadow-4.11.1/man/zh_CN/Makefile.in 2022-01-17 13:18:26.633790862 +0100 +@@ -324,11 +324,11 @@ + top_srcdir = @top_srcdir@ + man_MANS = man1/chage.1 man1/chfn.1 man8/chgpasswd.8 man8/chpasswd.8 \ + man1/chsh.1 man1/expiry.1 man5/faillog.5 man8/faillog.8 \ +- man3/getspnam.3 man1/gpasswd.1 man8/groupadd.8 man8/groupdel.8 \ +- man8/groupmems.8 man8/groupmod.8 man1/groups.1 man8/grpck.8 \ ++ man3/ man1/gpasswd.1 man8/groupadd.8 man8/groupdel.8 \ ++ man8/groupmems.8 man8/groupmod.8 man1/ man8/grpck.8 \ + man8/grpconv.8 man8/grpunconv.8 man5/gshadow.5 man8/lastlog.8 \ + man1/login.1 man5/login.defs.5 man8/logoutd.8 man1/newgrp.1 \ +- man8/newusers.8 man8/nologin.8 man1/passwd.1 man5/passwd.5 \ ++ man8/newusers.8 man8/nologin.8 man1/passwd.1 man5/ \ + man8/pwck.8 man8/pwconv.8 man8/pwunconv.8 man1/sg.1 \ + man3/shadow.3 man5/shadow.5 man1/su.1 man5/suauth.5 \ + man8/useradd.8 man8/userdel.8 man8/usermod.8 man8/vigr.8 \ +diff -Naur shadow-4.11.1-orig/man/zh_TW/Makefile.in shadow-4.11.1/man/zh_TW/Makefile.in +--- shadow-4.11.1-orig/man/zh_TW/Makefile.in 2022-01-03 04:09:24.000000000 +0100 ++++ shadow-4.11.1/man/zh_TW/Makefile.in 2022-01-17 13:18:55.225371102 +0100 +@@ -328,7 +328,7 @@ + man8/groupadd.8 \ + man8/groupdel.8 \ + man8/groupmod.8 \ +- man5/passwd.5 \ ++ man5/ \ + man1/su.1 \ + man8/useradd.8 \ + man8/userdel.8 \ +diff -Naur shadow-4.11.1-orig/src/Makefile.in shadow-4.11.1/src/Makefile.in +--- shadow-4.11.1-orig/src/Makefile.in 2022-01-03 04:09:24.000000000 +0100 ++++ shadow-4.11.1/src/Makefile.in 2022-01-17 13:20:19.360135889 +0100 +@@ -88,8 +88,7 @@ + POST_UNINSTALL = : + build_triplet = @build@ + host_triplet = @host@ +-bin_PROGRAMS = groups$(EXEEXT) login$(EXEEXT) $(am__EXEEXT_1) \ +- $(am__EXEEXT_2) ++bin_PROGRAMS = login$(EXEEXT) $(am__EXEEXT_1) + sbin_PROGRAMS = nologin$(EXEEXT) + ubin_PROGRAMS = faillog$(EXEEXT) lastlog$(EXEEXT) chage$(EXEEXT) \ + chfn$(EXEEXT) chsh$(EXEEXT) expiry$(EXEEXT) gpasswd$(EXEEXT) \ diff --git a/src/patches/shadow-4.2.1-suppress_installation_of_groups.patch b/src/patches/shadow-4.2.1-suppress_installation_of_groups.patch deleted file mode 100644 index f9f09c4ec..000000000 --- a/src/patches/shadow-4.2.1-suppress_installation_of_groups.patch +++ /dev/null @@ -1,446 +0,0 @@ -diff -crB shadow-4.2.1-a/man/cs/Makefile.in shadow-4.2.1-b/man/cs/Makefile.in -*** shadow-4.2.1-a/man/cs/Makefile.in 2014-05-09 16:49:46.000000000 +0000 ---- shadow-4.2.1-b/man/cs/Makefile.in 2016-03-13 10:47:55.924166976 +0000 -*************** -*** 300,311 **** - man8/groupadd.8 \ - man8/groupdel.8 \ - man8/groupmod.8 \ -! man1/groups.1 \ - man8/grpck.8 \ - man5/gshadow.5 \ - man8/lastlog.8 \ - man8/nologin.8 \ -! man5/passwd.5 \ - man5/shadow.5 \ - man1/su.1 \ - man8/vipw.8 ---- 300,311 ---- - man8/groupadd.8 \ - man8/groupdel.8 \ - man8/groupmod.8 \ -! man1/ \ - man8/grpck.8 \ - man5/gshadow.5 \ - man8/lastlog.8 \ - man8/nologin.8 \ -! man5/ \ - man5/shadow.5 \ - man1/su.1 \ - man8/vipw.8 -diff -crB shadow-4.2.1-a/man/da/Makefile.in shadow-4.2.1-b/man/da/Makefile.in -*** shadow-4.2.1-a/man/da/Makefile.in 2014-05-09 16:49:46.000000000 +0000 ---- shadow-4.2.1-b/man/da/Makefile.in 2016-03-13 10:47:55.928166977 +0000 -*************** -*** 298,304 **** - top_srcdir = @top_srcdir@ - - # 2012.01.28 - activate manpages with more than 50% translated messages -! man_MANS = man1/chfn.1 man8/groupdel.8 man1/groups.1 man5/gshadow.5 \ - man8/logoutd.8 man1/newgrp.1 man8/nologin.8 man1/sg.1 \ - man8/vigr.8 man8/vipw.8 $(am__append_1) - man_nopam = ---- 298,304 ---- - top_srcdir = @top_srcdir@ - - # 2012.01.28 - activate manpages with more than 50% translated messages -! man_MANS = man1/chfn.1 man8/groupdel.8 man1/ man5/gshadow.5 \ - man8/logoutd.8 man1/newgrp.1 man8/nologin.8 man1/sg.1 \ - man8/vigr.8 man8/vipw.8 $(am__append_1) - man_nopam = -diff -crB shadow-4.2.1-a/man/de/Makefile.in shadow-4.2.1-b/man/de/Makefile.in -*** shadow-4.2.1-a/man/de/Makefile.in 2014-05-09 16:49:46.000000000 +0000 ---- shadow-4.2.1-b/man/de/Makefile.in 2016-03-13 10:47:55.916166976 +0000 -*************** -*** 299,309 **** - top_srcdir = @top_srcdir@ - man_MANS = man1/chage.1 man1/chfn.1 man8/chgpasswd.8 man8/chpasswd.8 \ - man1/chsh.1 man1/expiry.1 man5/faillog.5 man8/faillog.8 \ -! man3/getspnam.3 man1/gpasswd.1 man8/groupadd.8 man8/groupdel.8 \ -! man8/groupmems.8 man8/groupmod.8 man1/groups.1 man8/grpck.8 \ - man8/grpconv.8 man8/grpunconv.8 man5/gshadow.5 man8/lastlog.8 \ - man1/login.1 man5/login.defs.5 man8/logoutd.8 man1/newgrp.1 \ -! man8/newusers.8 man8/nologin.8 man1/passwd.1 man5/passwd.5 \ - man8/pwck.8 man8/pwconv.8 man8/pwunconv.8 man1/sg.1 \ - man3/shadow.3 man5/shadow.5 man1/su.1 man5/suauth.5 \ - man8/useradd.8 man8/userdel.8 man8/usermod.8 man8/vigr.8 \ ---- 299,309 ---- - top_srcdir = @top_srcdir@ - man_MANS = man1/chage.1 man1/chfn.1 man8/chgpasswd.8 man8/chpasswd.8 \ - man1/chsh.1 man1/expiry.1 man5/faillog.5 man8/faillog.8 \ -! man3/ man1/gpasswd.1 man8/groupadd.8 man8/groupdel.8 \ -! man8/groupmems.8 man8/groupmod.8 man1/ man8/grpck.8 \ - man8/grpconv.8 man8/grpunconv.8 man5/gshadow.5 man8/lastlog.8 \ - man1/login.1 man5/login.defs.5 man8/logoutd.8 man1/newgrp.1 \ -! man8/newusers.8 man8/nologin.8 man1/passwd.1 man5/ \ - man8/pwck.8 man8/pwconv.8 man8/pwunconv.8 man1/sg.1 \ - man3/shadow.3 man5/shadow.5 man1/su.1 man5/suauth.5 \ - man8/useradd.8 man8/userdel.8 man8/usermod.8 man8/vigr.8 \ -diff -crB shadow-4.2.1-a/man/es/Makefile.in shadow-4.2.1-b/man/es/Makefile.in -*** shadow-4.2.1-a/man/es/Makefile.in 2014-05-09 16:49:46.000000000 +0000 ---- shadow-4.2.1-b/man/es/Makefile.in 2016-03-13 10:47:55.872166975 +0000 -*************** -*** 266,272 **** - # man1/login.1 \ - # man1/newgrp.1 \ - # man1/passwd.1 \ -! # man5/passwd.5 \ - # man1/su.1 \ - # man8/vigr.8 \ - # man8/vipw.8 ---- 266,272 ---- - # man1/login.1 \ - # man1/newgrp.1 \ - # man1/passwd.1 \ -! # man5/ \ - # man1/su.1 \ - # man8/vigr.8 \ - # man8/vipw.8 -diff -crB shadow-4.2.1-a/man/fr/Makefile.in shadow-4.2.1-b/man/fr/Makefile.in -*** shadow-4.2.1-a/man/fr/Makefile.in 2014-05-09 16:49:46.000000000 +0000 ---- shadow-4.2.1-b/man/fr/Makefile.in 2016-03-13 10:47:55.984166978 +0000 -*************** -*** 301,311 **** - top_srcdir = @top_srcdir@ - man_MANS = man1/chage.1 man1/chfn.1 man8/chgpasswd.8 man8/chpasswd.8 \ - man1/chsh.1 man1/expiry.1 man5/faillog.5 man8/faillog.8 \ -! man3/getspnam.3 man1/gpasswd.1 man8/groupadd.8 man8/groupdel.8 \ -! man8/groupmems.8 man8/groupmod.8 man1/groups.1 man8/grpck.8 \ - man8/grpconv.8 man8/grpunconv.8 man5/gshadow.5 man8/lastlog.8 \ - man1/login.1 man5/login.defs.5 man8/logoutd.8 man1/newgrp.1 \ -! man8/newusers.8 man8/nologin.8 man1/passwd.1 man5/passwd.5 \ - man8/pwck.8 man8/pwconv.8 man8/pwunconv.8 man1/sg.1 \ - man3/shadow.3 man5/shadow.5 man1/su.1 man5/suauth.5 \ - man8/useradd.8 man8/userdel.8 man8/usermod.8 man8/vigr.8 \ ---- 301,311 ---- - top_srcdir = @top_srcdir@ - man_MANS = man1/chage.1 man1/chfn.1 man8/chgpasswd.8 man8/chpasswd.8 \ - man1/chsh.1 man1/expiry.1 man5/faillog.5 man8/faillog.8 \ -! man3/ man1/gpasswd.1 man8/groupadd.8 man8/groupdel.8 \ -! man8/groupmems.8 man8/groupmod.8 man1/ man8/grpck.8 \ - man8/grpconv.8 man8/grpunconv.8 man5/gshadow.5 man8/lastlog.8 \ - man1/login.1 man5/login.defs.5 man8/logoutd.8 man1/newgrp.1 \ -! man8/newusers.8 man8/nologin.8 man1/passwd.1 man5/ \ - man8/pwck.8 man8/pwconv.8 man8/pwunconv.8 man1/sg.1 \ - man3/shadow.3 man5/shadow.5 man1/su.1 man5/suauth.5 \ - man8/useradd.8 man8/userdel.8 man8/usermod.8 man8/vigr.8 \ -diff -crB shadow-4.2.1-a/man/hu/Makefile.in shadow-4.2.1-b/man/hu/Makefile.in -*** shadow-4.2.1-a/man/hu/Makefile.in 2014-05-09 16:49:46.000000000 +0000 ---- shadow-4.2.1-b/man/hu/Makefile.in 2016-03-13 10:47:55.972166978 +0000 -*************** -*** 295,306 **** - man_MANS = \ - man1/chsh.1 \ - man1/gpasswd.1 \ -! man1/groups.1 \ - man8/lastlog.8 \ - man1/login.1 \ - man1/newgrp.1 \ - man1/passwd.1 \ -! man5/passwd.5 \ - man1/sg.1 \ - man1/su.1 - ---- 295,306 ---- - man_MANS = \ - man1/chsh.1 \ - man1/gpasswd.1 \ -! man1/ \ - man8/lastlog.8 \ - man1/login.1 \ - man1/newgrp.1 \ - man1/passwd.1 \ -! man5/ \ - man1/sg.1 \ - man1/su.1 - -diff -crB shadow-4.2.1-a/man/it/Makefile.in shadow-4.2.1-b/man/it/Makefile.in -*** shadow-4.2.1-a/man/it/Makefile.in 2014-05-09 16:49:47.000000000 +0000 ---- shadow-4.2.1-b/man/it/Makefile.in 2016-03-13 10:47:55.896166976 +0000 -*************** -*** 299,309 **** - top_srcdir = @top_srcdir@ - man_MANS = man1/chage.1 man1/chfn.1 man8/chgpasswd.8 man8/chpasswd.8 \ - man1/chsh.1 man1/expiry.1 man5/faillog.5 man8/faillog.8 \ -! man3/getspnam.3 man1/gpasswd.1 man8/groupadd.8 man8/groupdel.8 \ -! man8/groupmems.8 man8/groupmod.8 man1/groups.1 man8/grpck.8 \ - man8/grpconv.8 man8/grpunconv.8 man5/gshadow.5 man8/lastlog.8 \ - man1/login.1 man5/login.defs.5 man8/logoutd.8 man1/newgrp.1 \ -! man8/newusers.8 man8/nologin.8 man1/passwd.1 man5/passwd.5 \ - man8/pwck.8 man8/pwconv.8 man8/pwunconv.8 man1/sg.1 \ - man3/shadow.3 man5/shadow.5 man1/su.1 man5/suauth.5 \ - man8/useradd.8 man8/userdel.8 man8/usermod.8 man8/vigr.8 \ ---- 299,309 ---- - top_srcdir = @top_srcdir@ - man_MANS = man1/chage.1 man1/chfn.1 man8/chgpasswd.8 man8/chpasswd.8 \ - man1/chsh.1 man1/expiry.1 man5/faillog.5 man8/faillog.8 \ -! man3/ man1/gpasswd.1 man8/groupadd.8 man8/groupdel.8 \ -! man8/groupmems.8 man8/groupmod.8 man1/ man8/grpck.8 \ - man8/grpconv.8 man8/grpunconv.8 man5/gshadow.5 man8/lastlog.8 \ - man1/login.1 man5/login.defs.5 man8/logoutd.8 man1/newgrp.1 \ -! man8/newusers.8 man8/nologin.8 man1/passwd.1 man5/ \ - man8/pwck.8 man8/pwconv.8 man8/pwunconv.8 man1/sg.1 \ - man3/shadow.3 man5/shadow.5 man1/su.1 man5/suauth.5 \ - man8/useradd.8 man8/userdel.8 man8/usermod.8 man8/vigr.8 \ -diff -crB shadow-4.2.1-a/man/ja/Makefile.in shadow-4.2.1-b/man/ja/Makefile.in -*** shadow-4.2.1-a/man/ja/Makefile.in 2014-05-09 16:49:47.000000000 +0000 ---- shadow-4.2.1-b/man/ja/Makefile.in 2016-03-13 10:47:55.932166977 +0000 -*************** -*** 296,305 **** - top_srcdir = @top_srcdir@ - man_MANS = man1/chage.1 man1/chfn.1 man8/chpasswd.8 man1/chsh.1 \ - man1/expiry.1 man5/faillog.5 man8/faillog.8 man1/gpasswd.1 \ -! man8/groupadd.8 man8/groupdel.8 man8/groupmod.8 man1/groups.1 \ - man8/grpck.8 man8/grpconv.8 man8/grpunconv.8 man8/lastlog.8 \ - man1/login.1 man5/login.defs.5 man8/logoutd.8 man1/newgrp.1 \ -! man8/newusers.8 man1/passwd.1 man5/passwd.5 man8/pwck.8 \ - man8/pwconv.8 man8/pwunconv.8 man1/sg.1 man5/shadow.5 \ - man1/su.1 man5/suauth.5 man8/useradd.8 man8/userdel.8 \ - man8/usermod.8 man8/vigr.8 man8/vipw.8 $(am__append_1) ---- 296,305 ---- - top_srcdir = @top_srcdir@ - man_MANS = man1/chage.1 man1/chfn.1 man8/chpasswd.8 man1/chsh.1 \ - man1/expiry.1 man5/faillog.5 man8/faillog.8 man1/gpasswd.1 \ -! man8/groupadd.8 man8/groupdel.8 man8/groupmod.8 man1/ \ - man8/grpck.8 man8/grpconv.8 man8/grpunconv.8 man8/lastlog.8 \ - man1/login.1 man5/login.defs.5 man8/logoutd.8 man1/newgrp.1 \ -! man8/newusers.8 man1/passwd.1 man5/ man8/pwck.8 \ - man8/pwconv.8 man8/pwunconv.8 man1/sg.1 man5/shadow.5 \ - man1/su.1 man5/suauth.5 man8/useradd.8 man8/userdel.8 \ - man8/usermod.8 man8/vigr.8 man8/vipw.8 $(am__append_1) -diff -crB shadow-4.2.1-a/man/ko/Makefile.in shadow-4.2.1-b/man/ko/Makefile.in -*** shadow-4.2.1-a/man/ko/Makefile.in 2014-05-09 16:49:47.000000000 +0000 ---- shadow-4.2.1-b/man/ko/Makefile.in 2016-03-13 10:47:55.940166977 +0000 -*************** -*** 295,303 **** - man_MANS = \ - man1/chfn.1 \ - man1/chsh.1 \ -! man1/groups.1 \ - man1/login.1 \ -! man5/passwd.5 \ - man1/su.1 \ - man8/vigr.8 \ - man8/vipw.8 ---- 295,303 ---- - man_MANS = \ - man1/chfn.1 \ - man1/chsh.1 \ -! man1/ \ - man1/login.1 \ -! man5/ \ - man1/su.1 \ - man8/vigr.8 \ - man8/vipw.8 -diff -crB shadow-4.2.1-a/man/Makefile.in shadow-4.2.1-b/man/Makefile.in -*** shadow-4.2.1-a/man/Makefile.in 2014-05-09 16:49:46.000000000 +0000 ---- shadow-4.2.1-b/man/Makefile.in 2016-03-13 10:47:55.880166976 +0000 -*************** -*** 365,375 **** - @USE_NLS_TRUE@SUBDIRS = po cs da de es fi fr hu id it ja ko pl pt_BR ru sv tr zh_CN zh_TW - man_MANS = man1/chage.1 man1/chfn.1 man8/chgpasswd.8 man8/chpasswd.8 \ - man1/chsh.1 man1/expiry.1 man5/faillog.5 man8/faillog.8 \ -! man3/getspnam.3 man1/gpasswd.1 man8/groupadd.8 man8/groupdel.8 \ -! man8/groupmems.8 man8/groupmod.8 man1/groups.1 man8/grpck.8 \ - man8/grpconv.8 man8/grpunconv.8 man5/gshadow.5 man8/lastlog.8 \ - man1/login.1 man5/login.defs.5 man8/logoutd.8 man1/newgrp.1 \ -! man8/newusers.8 man8/nologin.8 man1/passwd.1 man5/passwd.5 \ - man8/pwck.8 man8/pwconv.8 man8/pwunconv.8 man1/sg.1 \ - man3/shadow.3 man5/shadow.5 man1/su.1 man5/suauth.5 \ - man8/useradd.8 man8/userdel.8 man8/usermod.8 man8/vigr.8 \ ---- 365,375 ---- - @USE_NLS_TRUE@SUBDIRS = po cs da de es fi fr hu id it ja ko pl pt_BR ru sv tr zh_CN zh_TW - man_MANS = man1/chage.1 man1/chfn.1 man8/chgpasswd.8 man8/chpasswd.8 \ - man1/chsh.1 man1/expiry.1 man5/faillog.5 man8/faillog.8 \ -! man3/ man1/gpasswd.1 man8/groupadd.8 man8/groupdel.8 \ -! man8/groupmems.8 man8/groupmod.8 man1/ man8/grpck.8 \ - man8/grpconv.8 man8/grpunconv.8 man5/gshadow.5 man8/lastlog.8 \ - man1/login.1 man5/login.defs.5 man8/logoutd.8 man1/newgrp.1 \ -! man8/newusers.8 man8/nologin.8 man1/passwd.1 man5/ \ - man8/pwck.8 man8/pwconv.8 man8/pwunconv.8 man1/sg.1 \ - man3/shadow.3 man5/shadow.5 man1/su.1 man5/suauth.5 \ - man8/useradd.8 man8/userdel.8 man8/usermod.8 man8/vigr.8 \ -diff -crB shadow-4.2.1-a/man/pl/Makefile.in shadow-4.2.1-b/man/pl/Makefile.in -*** shadow-4.2.1-a/man/pl/Makefile.in 2014-05-09 16:49:47.000000000 +0000 ---- shadow-4.2.1-b/man/pl/Makefile.in 2016-03-13 10:47:55.912166976 +0000 -*************** -*** 300,307 **** - - # 2012.01.28 - activate manpages with more than 50% translated messages - man_MANS = man1/chage.1 man1/chsh.1 man1/expiry.1 man5/faillog.5 \ -! man8/faillog.8 man3/getspnam.3 man8/groupadd.8 man8/groupdel.8 \ -! man8/groupmems.8 man8/groupmod.8 man1/groups.1 man8/grpck.8 \ - man8/lastlog.8 man8/logoutd.8 man1/newgrp.1 man1/sg.1 \ - man3/shadow.3 man8/userdel.8 man8/usermod.8 man8/vigr.8 \ - man8/vipw.8 $(am__append_1) ---- 300,307 ---- - - # 2012.01.28 - activate manpages with more than 50% translated messages - man_MANS = man1/chage.1 man1/chsh.1 man1/expiry.1 man5/faillog.5 \ -! man8/faillog.8 man3/ man8/groupadd.8 man8/groupdel.8 \ -! man8/groupmems.8 man8/groupmod.8 man1/ man8/grpck.8 \ - man8/lastlog.8 man8/logoutd.8 man1/newgrp.1 man1/sg.1 \ - man3/shadow.3 man8/userdel.8 man8/usermod.8 man8/vigr.8 \ - man8/vipw.8 $(am__append_1) -diff -crB shadow-4.2.1-a/man/pt_BR/Makefile.in shadow-4.2.1-b/man/pt_BR/Makefile.in -*** shadow-4.2.1-a/man/pt_BR/Makefile.in 2014-05-09 16:49:47.000000000 +0000 ---- shadow-4.2.1-b/man/pt_BR/Makefile.in 2016-03-13 10:47:55.904166976 +0000 -*************** -*** 297,303 **** - man8/groupadd.8 \ - man8/groupdel.8 \ - man8/groupmod.8 \ -! man5/passwd.5 \ - man5/shadow.5 - - EXTRA_DIST = $(man_MANS) ---- 297,303 ---- - man8/groupadd.8 \ - man8/groupdel.8 \ - man8/groupmod.8 \ -! man5/ \ - man5/shadow.5 - - EXTRA_DIST = $(man_MANS) -diff -crB shadow-4.2.1-a/man/ru/Makefile.in shadow-4.2.1-b/man/ru/Makefile.in -*** shadow-4.2.1-a/man/ru/Makefile.in 2014-05-09 16:49:47.000000000 +0000 ---- shadow-4.2.1-b/man/ru/Makefile.in 2016-03-13 10:47:55.944166977 +0000 -*************** -*** 299,309 **** - top_srcdir = @top_srcdir@ - man_MANS = man1/chage.1 man1/chfn.1 man8/chgpasswd.8 man8/chpasswd.8 \ - man1/chsh.1 man1/expiry.1 man5/faillog.5 man8/faillog.8 \ -! man3/getspnam.3 man1/gpasswd.1 man8/groupadd.8 man8/groupdel.8 \ -! man8/groupmems.8 man8/groupmod.8 man1/groups.1 man8/grpck.8 \ - man8/grpconv.8 man8/grpunconv.8 man5/gshadow.5 man8/lastlog.8 \ - man1/login.1 man5/login.defs.5 man8/logoutd.8 man1/newgrp.1 \ -! man8/newusers.8 man8/nologin.8 man1/passwd.1 man5/passwd.5 \ - man8/pwck.8 man8/pwconv.8 man8/pwunconv.8 man1/sg.1 \ - man3/shadow.3 man5/shadow.5 man1/su.1 man5/suauth.5 \ - man8/useradd.8 man8/userdel.8 man8/usermod.8 man8/vigr.8 \ ---- 299,309 ---- - top_srcdir = @top_srcdir@ - man_MANS = man1/chage.1 man1/chfn.1 man8/chgpasswd.8 man8/chpasswd.8 \ - man1/chsh.1 man1/expiry.1 man5/faillog.5 man8/faillog.8 \ -! man3/ man1/gpasswd.1 man8/groupadd.8 man8/groupdel.8 \ -! man8/groupmems.8 man8/groupmod.8 man1/ man8/grpck.8 \ - man8/grpconv.8 man8/grpunconv.8 man5/gshadow.5 man8/lastlog.8 \ - man1/login.1 man5/login.defs.5 man8/logoutd.8 man1/newgrp.1 \ -! man8/newusers.8 man8/nologin.8 man1/passwd.1 man5/ \ - man8/pwck.8 man8/pwconv.8 man8/pwunconv.8 man1/sg.1 \ - man3/shadow.3 man5/shadow.5 man1/su.1 man5/suauth.5 \ - man8/useradd.8 man8/userdel.8 man8/usermod.8 man8/vigr.8 \ -diff -crB shadow-4.2.1-a/man/sv/Makefile.in shadow-4.2.1-b/man/sv/Makefile.in -*** shadow-4.2.1-a/man/sv/Makefile.in 2014-05-09 16:49:47.000000000 +0000 ---- shadow-4.2.1-b/man/sv/Makefile.in 2016-03-13 10:47:55.988166978 +0000 -*************** -*** 300,309 **** - - # 2012.01.28 - activate manpages with more than 50% translated messages - man_MANS = man1/chage.1 man1/chsh.1 man1/expiry.1 man5/faillog.5 \ -! man8/faillog.8 man3/getspnam.3 man8/groupadd.8 man8/groupdel.8 \ -! man8/groupmems.8 man8/groupmod.8 man1/groups.1 man8/grpck.8 \ - man5/gshadow.5 man8/lastlog.8 man8/logoutd.8 man1/newgrp.1 \ -! man8/nologin.8 man1/passwd.1 man5/passwd.5 man8/pwck.8 \ - man1/sg.1 man3/shadow.3 man5/suauth.5 man8/userdel.8 \ - man8/vigr.8 man8/vipw.8 $(am__append_1) - man_nopam = \ ---- 300,309 ---- - - # 2012.01.28 - activate manpages with more than 50% translated messages - man_MANS = man1/chage.1 man1/chsh.1 man1/expiry.1 man5/faillog.5 \ -! man8/faillog.8 man3/ man8/groupadd.8 man8/groupdel.8 \ -! man8/groupmems.8 man8/groupmod.8 man1/ man8/grpck.8 \ - man5/gshadow.5 man8/lastlog.8 man8/logoutd.8 man1/newgrp.1 \ -! man8/nologin.8 man1/passwd.1 man5/ man8/pwck.8 \ - man1/sg.1 man3/shadow.3 man5/suauth.5 man8/userdel.8 \ - man8/vigr.8 man8/vipw.8 $(am__append_1) - man_nopam = \ -diff -crB shadow-4.2.1-a/man/tr/Makefile.in shadow-4.2.1-b/man/tr/Makefile.in -*** shadow-4.2.1-a/man/tr/Makefile.in 2014-05-09 16:49:47.000000000 +0000 ---- shadow-4.2.1-b/man/tr/Makefile.in 2016-03-13 10:47:55.964166977 +0000 -*************** -*** 300,306 **** - man8/groupmod.8 \ - man1/login.1 \ - man1/passwd.1 \ -! man5/passwd.5 \ - man5/shadow.5 \ - man1/su.1 \ - man8/useradd.8 \ ---- 300,306 ---- - man8/groupmod.8 \ - man1/login.1 \ - man1/passwd.1 \ -! man5/ \ - man5/shadow.5 \ - man1/su.1 \ - man8/useradd.8 \ -diff -crB shadow-4.2.1-a/man/zh_CN/Makefile.in shadow-4.2.1-b/man/zh_CN/Makefile.in -*** shadow-4.2.1-a/man/zh_CN/Makefile.in 2014-05-09 16:49:47.000000000 +0000 ---- shadow-4.2.1-b/man/zh_CN/Makefile.in 2016-03-13 10:47:55.952166977 +0000 -*************** -*** 299,309 **** - top_srcdir = @top_srcdir@ - man_MANS = man1/chage.1 man1/chfn.1 man8/chgpasswd.8 man8/chpasswd.8 \ - man1/chsh.1 man1/expiry.1 man5/faillog.5 man8/faillog.8 \ -! man3/getspnam.3 man1/gpasswd.1 man8/groupadd.8 man8/groupdel.8 \ -! man8/groupmems.8 man8/groupmod.8 man1/groups.1 man8/grpck.8 \ - man8/grpconv.8 man8/grpunconv.8 man5/gshadow.5 man8/lastlog.8 \ - man1/login.1 man5/login.defs.5 man8/logoutd.8 man1/newgrp.1 \ -! man8/newusers.8 man8/nologin.8 man1/passwd.1 man5/passwd.5 \ - man8/pwck.8 man8/pwconv.8 man8/pwunconv.8 man1/sg.1 \ - man3/shadow.3 man5/shadow.5 man1/su.1 man5/suauth.5 \ - man8/useradd.8 man8/userdel.8 man8/usermod.8 man8/vigr.8 \ ---- 299,309 ---- - top_srcdir = @top_srcdir@ - man_MANS = man1/chage.1 man1/chfn.1 man8/chgpasswd.8 man8/chpasswd.8 \ - man1/chsh.1 man1/expiry.1 man5/faillog.5 man8/faillog.8 \ -! man3/ man1/gpasswd.1 man8/groupadd.8 man8/groupdel.8 \ -! man8/groupmems.8 man8/groupmod.8 man1/ man8/grpck.8 \ - man8/grpconv.8 man8/grpunconv.8 man5/gshadow.5 man8/lastlog.8 \ - man1/login.1 man5/login.defs.5 man8/logoutd.8 man1/newgrp.1 \ -! man8/newusers.8 man8/nologin.8 man1/passwd.1 man5/ \ - man8/pwck.8 man8/pwconv.8 man8/pwunconv.8 man1/sg.1 \ - man3/shadow.3 man5/shadow.5 man1/su.1 man5/suauth.5 \ - man8/useradd.8 man8/userdel.8 man8/usermod.8 man8/vigr.8 \ -diff -crB shadow-4.2.1-a/man/zh_TW/Makefile.in shadow-4.2.1-b/man/zh_TW/Makefile.in -*** shadow-4.2.1-a/man/zh_TW/Makefile.in 2014-05-09 16:49:48.000000000 +0000 ---- shadow-4.2.1-b/man/zh_TW/Makefile.in 2016-03-13 10:47:55.956166977 +0000 -*************** -*** 302,308 **** - man8/groupadd.8 \ - man8/groupdel.8 \ - man8/groupmod.8 \ -! man5/passwd.5 \ - man1/su.1 \ - man8/useradd.8 \ - man8/userdel.8 \ ---- 302,308 ---- - man8/groupadd.8 \ - man8/groupdel.8 \ - man8/groupmod.8 \ -! man5/ \ - man1/su.1 \ - man8/useradd.8 \ - man8/userdel.8 \ -diff -crB shadow-4.2.1-a/src/Makefile.in shadow-4.2.1-b/src/Makefile.in -*** shadow-4.2.1-a/src/Makefile.in 2014-05-09 16:49:48.000000000 +0000 ---- shadow-4.2.1-b/src/Makefile.in 2016-03-13 10:47:38.824166600 +0000 -*************** -*** 78,84 **** - POST_UNINSTALL = : - build_triplet = @build@ - host_triplet = @host@ -! bin_PROGRAMS = groups$(EXEEXT) login$(EXEEXT) su$(EXEEXT) - sbin_PROGRAMS = nologin$(EXEEXT) - ubin_PROGRAMS = faillog$(EXEEXT) lastlog$(EXEEXT) chage$(EXEEXT) \ - chfn$(EXEEXT) chsh$(EXEEXT) expiry$(EXEEXT) gpasswd$(EXEEXT) \ ---- 78,84 ---- - POST_UNINSTALL = : - build_triplet = @build@ - host_triplet = @host@ -! bin_PROGRAMS = login$(EXEEXT) su$(EXEEXT) - sbin_PROGRAMS = nologin$(EXEEXT) - ubin_PROGRAMS = faillog$(EXEEXT) lastlog$(EXEEXT) chage$(EXEEXT) \ - chfn$(EXEEXT) chsh$(EXEEXT) expiry$(EXEEXT) gpasswd$(EXEEXT) \ diff --git a/src/scripts/update-ids-ruleset b/src/scripts/update-ids-ruleset index dbe5b6849..10a270907 100644 --- a/src/scripts/update-ids-ruleset +++ b/src/scripts/update-ids-ruleset @@ -2,7 +2,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2018 IPFire Team info@ipfire.org # +# Copyright (C) 2018-2021 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -26,6 +26,9 @@ require '/var/ipfire/general-functions.pl'; require "${General::swroot}/ids-functions.pl"; require "${General::swroot}/lang.pl";
+# Hash to store the configured providers. +my %providers = (); + # The user and group name as which this script should be run. my $run_as = 'nobody';
@@ -39,6 +42,17 @@ if ( $> == 0 ) { POSIX::setuid( $uid ); }
+# Check if the IDS lock file exists. +# In this case the WUI or another instance currently is altering the +# ruleset. +if (-f "$IDS::ids_page_lock_file") { + # Store notice to the syslog. + &IDS::_log_to_syslog("Another process currently is altering the IDS ruleset."); + + # Exit. + exit 0; +} + # Check if the red device is active. unless (-e "${General::swroot}/red/active") { # Store notice in the syslog. @@ -63,20 +77,36 @@ if(&IDS::checkdiskspace()) { # Lock the IDS page. &IDS::lock_ids_page();
-# Call the download function and gather the new ruleset. -if(&IDS::downloadruleset()) { - # Store error message for displaying in the WUI. - &IDS::_store_error_message("$Lang::tr{'could not download latest updates'}"); +# Grab the configured providers. +&General::readhasharray("$IDS::providers_settings_file", %providers);
- # Unlock the IDS page. - &IDS::unlock_ids_page(); +# Loop through the array of available providers. +foreach my $id (keys %providers) { + # Assign some nice variabled. + my $provider = $providers{$id}[0]; + my $autoupdate_status = $providers{$id}[3];
- # Exit. - exit 0; -} + # Skip the provider if autoupdate is not enabled. + next unless($autoupdate_status eq "enabled"); + + # Call the download function and gather the new ruleset for the current processed provider. + if(&IDS::downloadruleset($provider)) { + # Store error message for displaying in the WUI. + &IDS::_store_error_message("$provider: $Lang::tr{'could not download latest updates'}"); + + # Unlock the IDS page. + &IDS::unlock_ids_page();
-# Set correct ownership for the downloaded tarball. -&IDS::set_ownership("$IDS::rulestarball"); + # Exit. + exit 0; + } + + # Get path and name of the stored rules file or archive. + my $stored_file = &IDS::_get_dl_rulesfile($provider); + + # Set correct ownership for the downloaded tarball. + &IDS::set_ownership("$stored_file"); +}
# Call oinkmaster to alter the ruleset. &IDS::oinkmaster();
hooks/post-receive -- IPFire 2.x development tree