From: git@ipfire.org
To: ipfire-scm@lists.ipfire.org
Subject: [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 4a6cfe51a16575c7100862e2cc6f959bc48c6628
Date: Fri, 04 Mar 2016 06:49:44 +0000 [thread overview]
Message-ID: <20160304064945.0E4A91081BC7@git01.ipfire.org> (raw)
[-- Attachment #1: Type: text/plain, Size: 14870 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via 4a6cfe51a16575c7100862e2cc6f959bc48c6628 (commit)
via 75ad2e4e885992c9b17c2d7b722dd3ac3875a7f0 (commit)
via 353e08cd7778f2070469842ebe0f553e648f79d4 (commit)
via 5d95fd5af11e8631cbaed1e5f8c914facd0b2125 (commit)
via ac385b2f17ef142101165bdd9b31206bd86998dc (commit)
via d86a24928625c47d46d17daad18f159d28678ee4 (commit)
via 68537369b0c9fa551bc9db31ccc2d1b116badde8 (commit)
via eea5bfe4656963628c1888afe106a51875752372 (commit)
via aced5a957861710fb8b5fc94aa87fc29ceb9b3ec (commit)
via 7e90cf38cb0f3fcee6e3e4baf0d629233f769d51 (commit)
via defc321f04783b58a1a8ad45c77560d445eed6d6 (commit)
via aacab139dc272d9c1b42340100cccb15cd7a302f (commit)
via 829b0ba85156fbf3514b3f5d5b13c0f3254fae49 (commit)
via 8c065b268d8c04c48e76dde8109381823a601908 (commit)
via 2e51e8607e3b45b41a984f95c81c257a41107cff (commit)
from 64835e022c52d24432d201bd4d57f1aa962c1f90 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 4a6cfe51a16575c7100862e2cc6f959bc48c6628
Merge: 64835e0 75ad2e4
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Fri Mar 4 07:09:02 2016 +0100
Merge remote-tracking branch 'origin/master' into next
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
config/backup/include | 2 +-
config/rootfiles/common/openssh | 1 -
config/rootfiles/{oldcore/98 => core/99}/exclude | 0
.../rootfiles/{oldcore/88 => core/99}/filelists/files | 1 +
.../97 => core/99}/filelists/i586/openssl-sse2 | 0
.../{oldcore/97 => core/99}/filelists/openssh | 0
.../{oldcore/97 => core/99}/filelists/openssl | 0
config/rootfiles/{oldcore/98 => core/99}/meta | 0
config/rootfiles/{oldcore/97 => core/99}/update.sh | 7 +++++--
config/rootfiles/oldcore/98/update.sh | 5 ++++-
lfs/openssh | 6 +++---
lfs/openssl | 7 ++++---
lfs/stunnel | 2 +-
make.sh | 2 +-
src/patches/openssl-1.0.2g-disable-sslv2v3.patch | 18 ++++++++++++++++++
src/patches/openssl-disable-sslv2-sslv3.patch | 12 ------------
16 files changed, 38 insertions(+), 25 deletions(-)
copy config/rootfiles/{oldcore/98 => core/99}/exclude (100%)
copy config/rootfiles/{oldcore/88 => core/99}/filelists/files (52%)
copy config/rootfiles/{oldcore/97 => core/99}/filelists/i586/openssl-sse2 (100%)
copy config/rootfiles/{oldcore/97 => core/99}/filelists/openssh (100%)
copy config/rootfiles/{oldcore/97 => core/99}/filelists/openssl (100%)
copy config/rootfiles/{oldcore/98 => core/99}/meta (100%)
copy config/rootfiles/{oldcore/97 => core/99}/update.sh (95%)
create mode 100644 src/patches/openssl-1.0.2g-disable-sslv2v3.patch
delete mode 100644 src/patches/openssl-disable-sslv2-sslv3.patch
Difference in files:
diff --git a/config/backup/include b/config/backup/include
index 6ecb930..eb76ebf 100644
--- a/config/backup/include
+++ b/config/backup/include
@@ -33,7 +33,7 @@
/var/log/ip-acct/*
/var/log/rrd/*
/var/log/rrd/collectd
-/var/log/rrd/vnstat
+/var/log/vnstat
/etc/sysconfig/firewall.local
/etc/sysconfig/rc.local
/root/.gitconfig
diff --git a/config/rootfiles/common/openssh b/config/rootfiles/common/openssh
index 1b6ded3..c33003f 100644
--- a/config/rootfiles/common/openssh
+++ b/config/rootfiles/common/openssh
@@ -14,7 +14,6 @@ etc/ssh/ssh_config
etc/ssh/sshd_config
usr/bin/scp
usr/bin/sftp
-usr/bin/slogin
usr/bin/ssh
usr/bin/ssh-add
usr/bin/ssh-agent
diff --git a/config/rootfiles/core/99/exclude b/config/rootfiles/core/99/exclude
new file mode 100644
index 0000000..d87f175
--- /dev/null
+++ b/config/rootfiles/core/99/exclude
@@ -0,0 +1,25 @@
+boot/config.txt
+etc/alternatives
+etc/collectd.custom
+etc/ipsec.conf
+etc/ipsec.secrets
+etc/ipsec.user.conf
+etc/ipsec.user.secrets
+etc/localtime
+etc/shadow
+etc/snort/snort.conf
+etc/ssh/ssh_config
+etc/ssh/sshd_config
+etc/ssl/openssl.cnf
+etc/sudoers
+etc/sysconfig/firewall.local
+etc/sysconfig/rc.local
+etc/udev/rules.d/30-persistent-network.rules
+srv/web/ipfire/html/proxy.pac
+var/ipfire/dma
+var/ipfire/time
+var/ipfire/ovpn
+var/lib/alternatives
+var/log/cache
+var/state/dhcp/dhcpd.leases
+var/updatecache
diff --git a/config/rootfiles/core/99/filelists/files b/config/rootfiles/core/99/filelists/files
new file mode 100644
index 0000000..76b5b4e
--- /dev/null
+++ b/config/rootfiles/core/99/filelists/files
@@ -0,0 +1,3 @@
+etc/system-release
+etc/issue
+var/ipfire/backup/include
diff --git a/config/rootfiles/core/99/filelists/i586/openssl-sse2 b/config/rootfiles/core/99/filelists/i586/openssl-sse2
new file mode 120000
index 0000000..f424713
--- /dev/null
+++ b/config/rootfiles/core/99/filelists/i586/openssl-sse2
@@ -0,0 +1 @@
+../../../../common/i586/openssl-sse2
\ No newline at end of file
diff --git a/config/rootfiles/core/99/filelists/openssh b/config/rootfiles/core/99/filelists/openssh
new file mode 120000
index 0000000..d8c77fd
--- /dev/null
+++ b/config/rootfiles/core/99/filelists/openssh
@@ -0,0 +1 @@
+../../../common/openssh
\ No newline at end of file
diff --git a/config/rootfiles/core/99/filelists/openssl b/config/rootfiles/core/99/filelists/openssl
new file mode 120000
index 0000000..e011a92
--- /dev/null
+++ b/config/rootfiles/core/99/filelists/openssl
@@ -0,0 +1 @@
+../../../common/openssl
\ No newline at end of file
diff --git a/config/rootfiles/core/99/meta b/config/rootfiles/core/99/meta
new file mode 100644
index 0000000..d547fa8
--- /dev/null
+++ b/config/rootfiles/core/99/meta
@@ -0,0 +1 @@
+DEPS=""
diff --git a/config/rootfiles/core/99/update.sh b/config/rootfiles/core/99/update.sh
new file mode 100644
index 0000000..b57d0a7
--- /dev/null
+++ b/config/rootfiles/core/99/update.sh
@@ -0,0 +1,62 @@
+#!/bin/bash
+############################################################################
+# #
+# This file is part of the IPFire Firewall. #
+# #
+# IPFire is free software; you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation; either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# IPFire is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with IPFire; if not, write to the Free Software #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
+# #
+# Copyright (C) 2016 IPFire-Team <info(a)ipfire.org>. #
+# #
+############################################################################
+#
+. /opt/pakfire/lib/functions.sh
+/usr/local/bin/backupctrl exclude >/dev/null 2>&1
+
+# Remove old core updates from pakfire cache to save space...
+core=99
+for (( i=1; i<=$core; i++ ))
+do
+ rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire
+done
+
+# Stop services
+
+# remove slogin which is not included in new OpenSSH
+rm /usr/bin/slogin
+
+# Extract files
+extract_files
+
+# Update Language cache
+# /usr/local/bin/update-lang-cache
+
+# Start services
+/etc/init.d/sshd restart
+/etc/init.d/apache restart
+
+# This update need a reboot...
+touch /var/run/need_reboot
+
+# Finish
+/etc/init.d/fireinfo start
+sendprofile
+# Update grub config to display new core version
+if [ -e /boot/grub/grub.cfg ]; then
+ grub-mkconfig -o /boot/grub/grub.cfg
+fi
+sync
+
+# Don't report the exitcode last command
+exit 0
diff --git a/config/rootfiles/oldcore/98/update.sh b/config/rootfiles/oldcore/98/update.sh
index ec9c1aa..7e0cc2d 100644
--- a/config/rootfiles/oldcore/98/update.sh
+++ b/config/rootfiles/oldcore/98/update.sh
@@ -39,7 +39,10 @@ extract_files
# Bugfixes for core96 updater bugs...
if [ -e /boot/grub/grub.conf ]; then
# legacy grub config on xen or citrix conflicts with grub2 config
- rm /boot/grub/grub.cfg
+ # and core96 contains an empty file
+ if [ ! -s /boot/grub/grub.cfg ]; then
+ rm /boot/grub/grub.cfg
+ fi
fi
if [ -e /boot/grub/grub.cfg ]; then
diff --git a/lfs/openssh b/lfs/openssh
index 546bc7e..ab25d62 100644
--- a/lfs/openssh
+++ b/lfs/openssh
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2015 IPFire Team <info(a)ipfire.org> #
+# Copyright (C) 2007-2016 IPFire Team <info(a)ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,7 +24,7 @@
include Config
-VER = 7.1p2
+VER = 7.2p1
THISAPP = openssh-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 4d8547670e2a220d5ef805ad9e47acf2
+$(DL_FILE)_MD5 = b984775f0cfff1f7ff18b8797fce8a28
install : $(TARGET)
diff --git a/lfs/openssl b/lfs/openssl
index c5b71f7..eb7352f 100644
--- a/lfs/openssl
+++ b/lfs/openssl
@@ -24,7 +24,7 @@
include Config
-VER = 1.0.2f
+VER = 1.0.2g
THISAPP = openssl-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -53,6 +53,7 @@ CONFIGURE_OPTIONS = \
zlib-dynamic \
enable-camellia \
enable-md2 \
+ enable-ssl2 \
enable-seed \
enable-tlsext \
enable-rfc3779 \
@@ -86,7 +87,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = b3bf73f507172be9292ea2a8c28b659d
+$(DL_FILE)_MD5 = f3c710c045cdee5fd114feb69feba7aa
install : $(TARGET)
@@ -119,7 +120,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.0-beta5-enginesdir.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2a-rpmbuild.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.1m-weak-ciphers.patch
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-disable-sslv2-sslv3.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2g-disable-sslv2v3.patch
# i586 specific patches
ifeq "$(MACHINE)" "i586"
diff --git a/lfs/stunnel b/lfs/stunnel
index f6f27e0..4585151 100644
--- a/lfs/stunnel
+++ b/lfs/stunnel
@@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = stunnel
-PAK_VER = 1
+PAK_VER = 2
DEPS = ""
diff --git a/make.sh b/make.sh
index bed9230..8392e30 100755
--- a/make.sh
+++ b/make.sh
@@ -26,7 +26,7 @@ NAME="IPFire" # Software name
SNAME="ipfire" # Short name
VERSION="2.17" # Version number
CORE="100" # Core Level (Filename)
-PAKFIRE_CORE="98" # Core Level (PAKFIRE)
+PAKFIRE_CORE="99" # Core Level (PAKFIRE)
GIT_BRANCH=`git rev-parse --abbrev-ref HEAD` # Git Branch
SLOGAN="www.ipfire.org" # Software slogan
CONFIG_ROOT=/var/ipfire # Configuration rootdir
diff --git a/src/patches/openssl-1.0.2g-disable-sslv2v3.patch b/src/patches/openssl-1.0.2g-disable-sslv2v3.patch
new file mode 100644
index 0000000..06f5132
--- /dev/null
+++ b/src/patches/openssl-1.0.2g-disable-sslv2v3.patch
@@ -0,0 +1,18 @@
+diff -up openssl-1.0.2g/ssl/ssl_lib.c.v2v3 openssl-1.0.2g/ssl/ssl_lib.c
+--- openssl-1.0.2g/ssl/ssl_lib.c.v2v3 2016-03-01 16:38:26.879142021 +0100
++++ openssl-1.0.2g/ssl/ssl_lib.c 2016-03-01 16:41:32.977353769 +0100
+@@ -2055,11 +2055,11 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
+ ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
+
+ /*
+- * Disable SSLv2 by default, callers that want to enable SSLv2 will have to
+- * explicitly clear this option via either of SSL_CTX_clear_options() or
++ * Disable SSLv2 and SSLv3 by default, callers that want to enable these will have to
++ * explicitly clear these options via either of SSL_CTX_clear_options() or
+ * SSL_clear_options().
+ */
+- ret->options |= SSL_OP_NO_SSLv2;
++ ret->options |= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
+
+ return (ret);
+ err:
diff --git a/src/patches/openssl-disable-sslv2-sslv3.patch b/src/patches/openssl-disable-sslv2-sslv3.patch
deleted file mode 100644
index e42dfac..0000000
--- a/src/patches/openssl-disable-sslv2-sslv3.patch
+++ /dev/null
@@ -1,12 +0,0 @@
---- openssl-1.0.1m/ssl/ssl_lib.c.old 2015-03-19 15:56:40.966287977 +0100
-+++ openssl-1.0.1m/ssl/ssl_lib.c 2015-03-19 15:57:07.976160846 +0100
-@@ -1892,6 +1892,9 @@
- */
- ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
-
-+ /* Disable SSLv2 and SSLv3 by default (affects the SSLv23_method() only) */
-+ ret->options |= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
-+
- return (ret);
- err:
- SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE);
hooks/post-receive
--
IPFire 2.x development tree
reply other threads:[~2016-03-04 6:49 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160304064945.0E4A91081BC7@git01.ipfire.org \
--to=git@ipfire.org \
--cc=ipfire-scm@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox